Privacy Policy

Data protection declaration

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.

Server log files

You can use our websites without submitting personal data.

Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.

Proactive contact of the customer by e-mail

If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.

If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.

We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.

Collection and processing when using the contact form

When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.

Use of address validation from Endereco
We use the address validation of the provider Endereco UG (haftungsbeschränkt) (Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany; "Endereco") on our website.
The purpose of data processing is to check your entries in our address forms in real time for input and spelling errors and to complete any missing data. If data is entered incorrectly, alternative suggestions for correcting the data are displayed.
The following information may be transmitted to Endereco and processed there: postal addresses (country, city, postcode, street, house number), e-mail address, telephone number.
Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a correct data basis for the fulfilment of our contractual obligations. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
The data is processed separately by the provider and is not merged with other data. It is deleted by the provider as soon as the status of the data entered has been determined, but at the latest after 30 days.
You can find more information on Endereco’s privacy policy at: https://www.endereco.de/datenschutzerklaerung/.

Use of address validation from Google Maps API
We use the address validation of the provider Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland "Google") on our website.
The purpose of data processing is to check your entries in our address forms in real time for input and spelling errors and to complete any missing data. If data is entered incorrectly, alternative suggestions for correcting the data are displayed. For this purpose, the address data you enter is transmitted to the provider, where it is stored and analysed.
Among other things, the following information may be transmitted to Google and processed there: postal addresses (country, city, postcode, street, house number), e-mail address, telephone number.
Your data may also be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a correct data basis for the fulfilment of our contractual obligations. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
The data is processed separately by the provider and is not merged with other data. It is deleted by the provider as soon as the status of the data entered has been determined, but at the latest after 30 days.
For more information on terms of use and data protection at Google, please visit: https://cloud.google.com/maps-platform/terms or at https://www.google.de/policies/privacy/.

WhatsApp Business

If you communicate with us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited for this (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you have your residence outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).

The purpose of the data processing is to handle and respond to your contact request. For this purpose we collect and process your mobile phone number registered with WhatsApp and, if provided, your name and additional data to the extent provided by you. We use a mobile device for the service, the address book of which stores exclusively the data of users who have contacted us via WhatsApp. Disclosure of personal data to WhatsApp shall not take place unless you have already consented to this with respect to WhatsApp.

Your data are transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA.

Your data may be transferred to third countries such as the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in providing quick and easy communication as well as responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.

We will only use your personal data to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.

For more information on terms of service and privacy when using WhatsApp, please visit https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.

Use of WeTransfer
We use the WeTransfer service of WeTransfer B.V. (Willem Fenengastraat 19, 1096 BL Amsterdam, Netherlands; "WeTransfer") to send files up to 2 GB in size at your request.
The purpose of using this service is to transfer large files in high quality. For this purpose, we pass on your e-mail address and the file to be transferred to WeTransfer. WeTransfer generates a download link that is sent to you and us by e-mail. The data is encrypted during transmission and storage by WeTransfer and can only be accessed via the download link.
Your personal data may be transmitted to WeTransfer servers in the USA and temporarily stored there (partly unencrypted). For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). WeTransfer is not certified under the TADPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, viewable at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
Processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent, insofar as you have expressly consented to the use of WeTransfer.
You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal.
For more information about data protection when using WeTransfer, please visit: https://wetransfer.com/legal/privacy.

Customer account Orders

Customer account

When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.

Collection, processing, and transfer of personal data in orders

When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract with you.

Your data will be shared, for example, with shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.

Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.

Evaluations Advertising

Data collection when you post a comment or a review
When you comment on/review an article or post, we collect your personal data (name, email address, comment text) only in the scope provided by you. The processing serves to allow you to comment/review and to display comments/reviews.

By submitting the comment/review, you agree to the processing of the transmitted data. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your personal data will then be deleted.

On submission of your comment/review, your IP address will also be saved in order to prevent misuse of the comment or review function and to ensure the security of our IT systems. By submitting the comment/review, you agree to the processing of the transmitted data. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your IP address will then be deleted.

Trustami customer ratings

To display collected ratings and feedback from social media, the Trustami trust seal is embedded on this website. This serves to implement our legitimate interests in the optimal marketing of our offer on our website in accordance with Article 6(1)(1)(f) GDPR. When the Trustami trust seal is called up, the web server automatically stores data (access data) in the form of a server log file containing the name of the website accessed, the file, the date and time of access, your IP address in truncated form, the amount of data transferred, the notification of successful retrieval, the browser type, the user's operating system, the referrer URL (of the previously visited site) and the requesting provider. This access data is not analysed and is automatically overwritten no later than seven days after the end of your visit to our website. The Trustami trust seal and the services advertised with it are provided by Trustami GmbH, Schröderstraße 5, 10115 Berlin. For the processing of data collected by Trustami, Trustami's Data Protection Policy at https://www.trustami.com/privacy/ applies.

Website logo for Google customer reviews
The website logo for Google Customer Reviews of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") is integrated into our website.
The integration serves to display the number and results of our reviews previously received from Google and to advertise participation in this program. In order to display the logo on our website and to show you personalised advertisements on Google, Google uses cookies. In so doing, among other things your IP address is processed and transmitted to Google. Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
For more information on terms of service and privacy when using Google customer reviews, please visit https://www.google.com/shopping/customerreviews/static/tos/de/1_01_tos.html and https://policies.google.com/privacy?hl=de

Use of your personal data for the sending of postal advertising

We will use your personal data (name, address) that we have received in the process of the sale of goods or services to send you postal advertising, unless you have objected to this use. The provision of these data is necessary for conclusion of an agreement. Failure to provide it will prevent the conclusion of any agreement.

The processing will be carried out on the basis of Article 6(1)(f) GDPR for the purposes of our legitimate interest in direct advertising. You can object to this use of your address information at any time by contacting us. You will find the contact details for exercising your right to object in our imprint.

Use of the e-mail address for sending newsletters
We use your e-mail address to send you information and offers by newsletter, provided you have expressly consented to this. The data processing serves the sole purpose of advertising. For this purpose, we process your e-mail address and any other data that you have voluntarily provided when registering for our newsletter.
The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by sending us a message. Your e-mail address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a blacklist to prevent you from receiving future newsletter emails from us. This storage takes place on the basis of Art. 6 para. 1 lit. f GDPR out of our and your legitimate interest in preventing the reuse of your e-mail address for sending our newsletter. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.

Use of your email address for mailing of direct marketing

We use your email address, which we obtained in the course of selling a good or service, for the electronic transmission of marketing for our own goods or services which are similar to those you have already purchased from us, unless you have objected to this use. You must provide your email address in order to conclude a contract. Failure to provide it will prevent the conclusion of any contract. The processing will be carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the contact details for exercising your right to object in our imprint. You can also use the link provided in the marketing email. This will not involve any costs other than transmission costs at basic tariffs.

Use of Klaviyo
We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") for newsletter dispatch as part of order processing.
We pass on the information provided by you during the newsletter registration (e-mail address, first and last name if applicable) to Klaviyo. The data processing serves the purpose of sending the newsletter and its statistical evaluation.
In order to evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked any integrated links. Within this context, we collect your personal data such as IP address, browser type and device as well as the time. A usage profile can be generated from this data under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical analysis to improve newsletter campaigns.
Your data is usually transmitted to Klaviyo servers in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
You can find more information on data protection at Klaviyo at https://www.klaviyo.com/legal/privacy-notice and at https://www.klaviyo.com/legal/data-processing-agreement.

Use of a mobile phone number for sending text message advertisements

We use your mobile phone number exclusively for our own advertising purposes for sending text message advertisements, irrespective of any contract processing, provided that you have expressly consented to this. The processing is carried out on the basis of Article 6 Para. 1 Letter a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your mobile phone number will then be removed from the distribution list.

Your mobile phone number will be passed on to a service provider for text message dispatch within the framework of order processing.

Use of the e-mail address for availability notifications
We offer an availability notification service on our website. If an item is temporarily unavailable, you have the option of entering your e-mail address on the item in question and being informed by e-mail when it becomes available, provided you have given your consent. You will receive a one-time e-mail notification about the availability of the respective item when the goods are available. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the availability notification at any time by notifying us. Your e-mail address will then be removed from the mailing list.

Shipping companies Merchandise management

Forwarding of your email address to shipping companies for information on shipping status

We forward your email address to the shipping company in the course of contractual processing, if you have explicitly agreed to this in the order process. The forwarding is for the purpose of informing you by email on the shipping status of your order. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us or the transport company without affecting the legality of the processing carried out with your consent up to the withdrawal.

Use of an external merchandise management system

We use a merchandise management system in the course of order processing for the purposes of contractual processing. For this purpose your personal data as collected in the course of the order will be sent to

plentysystems AG, Johanna-Waescher-Straße 7, 34131 Kassel, Germany
LSM Fulfillment GmbH Straßäcker 2 | 94330 Salching | Germany

Payment service providers Credit check

Use of Amazon Payments
We use Amazon Payments payment service on our website, from Amazon Payments Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg; "Amazon Payments").
The processing of data enables you to pay using the Amazon Payments payment service.
To integrate this payment service it is essential that Amazon Payments collects, stores, and analyses data when accessing the website (e.g. IP address, device type, operating system, browser type, device location). Cookies may be used for this purpose. Cookies allow your internet browser to be recognised.
The use of cookies or comparable technologies is based on § 15 para. 3 p. 1 TMG. The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in a customer-oriented offer of different payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
By selecting and using "Amazon Payments", the data required for payment processing will be submitted to Amazon Payments to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR.
Further information on data processing when using the Amazon Payments payment service can be found in the associated data privacy policy at: https://pay.amazon.com/de/help/201212490

Data collection and processing when registering for payment in instalments via easyCredit

Payment in instalments via easyCredit is subject to the supplementary data protection instructions on payment in instalments by easyCredit.

Use of Klarna payment options
On our website we use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; "Klarna"). By selecting and using payment via Klarna, the data required for payment processing is transmitted to Klarna in order to be able to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Cookies may be stored that enable your browser to be recognised. The resulting data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in a customer-oriented range of varying payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.

‘Pay Later’ (invoice), ‘Pay Now’ (payment by direct debit, credit card, instant bank transfer), ‘Financing’ (instalment purchase)
For individual payment methods such as ‘Pay Later’ (invoice), ‘Pay Now’ (payment by direct debit, credit card, instant bank transfer), ‘Financing’ (instalment purchase), Klarna reserves the right to obtain credit information based on mathematical-statistical procedures using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit assessment, such as first and last name, address, gender, email address, IP address and data related to the order to a credit agency for the purpose of checking the identity and creditworthiness and uses the obtained information on the statistical probability of a payment default in order to reach a well-considered decision on the establishment, performance or termination of the contractual relationship. The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical methods and include, among other things, address data. Your legitimate interests will be taken into account in accordance with the legal requirements. The data processing serves the purpose of a credit asessment for contract initiation. The processing is carried out on the basis of art. 6 Par. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default if Klarna pays in advance. For reasons that arise from your particular situation, you have the right to object to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. f GDPR by notifying Klarna. The provision of the data is necessary for the conclusion of the contract by means of the payment method of your choice. Failure to provide such data shall mean that the contract cannot be concluded with the payment method of your choice.

Further information, in particular to which credit agencies Klarna passes on your personal data, can be found for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies and for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/credit_rating_agencies.
General information about Klarna can be found for Germany at: https://www.klarna.com/de/ and for Austria at https://www.klarna.com/at/. Your personal data will be treated by Klarna in accordance with the applicable data protection regulations and as specified in Klarna's data protection policy for Germany at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy and for Austria at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.

Data collection and processing on registration to pay via Paymorrow

In the event of payment via Paymorrow, personal data will be transmitted to the payment service provider Paymorrow (InterCard AG, Alstertor 9, 20095 Hamburg) and processed further there.

For the payment procedure “purchase by invoice”, Paymorrow will check whether the customer request for purchase by invoice can be accepted in view of any payment and claim default risks (acceptance check according to risk guidelines), or whether another payment method should be used in consultation with the online shop operator. For this purpose Paymorrow will carry out an in-house acceptance check after actuation of the desired payment method purchase by invoice. This requires an identity and credit check from the credit agencies named below.

For the payment procedure “payment in instalments”, Paymorrow will check whether the customer's request to pay in instalments can be accepted in view of any payment and claim default risks (acceptance check according to risk guidelines), or whether another payment method should be used in consultation with the online shop operator. For this purpose Paymorrow will carry out an in-house acceptance check after actuation of the desired payment method payment in instalments. This requires a credit and identity check from the credit agencies named below.

The data processing is for the purpose of offering the chosen payment method as well as the credit check which is necessary for this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Within the framework of the identity check you agree to your personal data being transmitted by Paymorrow to SCHUFA (SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden). SCHUFA will then transmit back to Paymorrow the percentage degree of concordance between its stored personal data and those entered by you, as well as any previous legitimacy check carried out using identity documents by SCHUFA or another contracting partner. The transmitted concordance rates thus allow Paymorrow to determine whether a person is stored in the SCHUFA database under the address given by them. No further data exchange will take place, other addresses will not be transmitted and your data will not be stored in the SCHUFA database. Only the fact that your address has been checked with SCHUFA will be stored as evidence. The following personal data is required from you for the credit check to be carried out within the framework of the acceptance check: Title, first and last names, place of residence (street, house number, postcode, city); date of birth; phone number. The use, processing and disclosure of the personal data named above by the online shop operator and Paymorrow as well as the disclosure of this data by Paymorrow to the named credit agencies for the purpose of credit checking requires your consent.
You will therefore be asked in the course of the order process to consent to the storage, processing and use of your personal data by the online shop operator and Paymorrow for the purpose of credit checking and to consent to the disclosure of this data to third parties.

Paymorrow reserves the right to transmit personal data for the above purposes to service providers or financial partners commissioned by Paymorrow or to grant such parties access to the data where this is necessary for the fulfilment of their duties.

We will of course respect the customer’s decision not to give consent. In such a case, however, neither the online shop operator nor Paymorrow will be able to comply with the customer’s desire for purchase by invoice.

Paymorrow or partner companies commissioned by Paymorrow may transmit your address information to credit agencies for credit checking on registration for purchase by invoice, within the framework of what is legally permissible and taking into account your protection-worthy interest in prevention of transmission or use. We will obtain information on the customer’s previous purchase and payment behaviour and credit information on the basis of mathematical and statistical procedures using address information (scoring - for calculation of probability of payment) for the purpose of credit checking from the following credit agencies, which store data for the issuing of information:

Bürgel, Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstraße 18, D-22761 Hamburg, Tel.: +49 (0) 40 - 89 80 3 - 0, Fax: -777;

CEG, Creditreform Consumer GmbH, Hellersbergstr. 11, D-41460 Neuss, Tel.:+49(0)2131-109-501, Fax: -557;

Deltavista, Deltavista GmbH, Freisinger Landstr. 74, D-80939 Munich, Tel.: +49 (0)89 - 7244880, Fax: - 22;

infoscore Consumer Data GmbH, data protection department, Rheinstraße 99, D-76532 Baden-Baden, Fax: +49 (7221) 5040-3201;

"Real" Inform GmbH, Normannenweg 32, 20537 Hamburg, Fax: +49 40 23 88 14-59.

You can request the information stored on you by each credit agency from the above credit agencies. Data on the conclusion of contract, application, and the start and end of a contractual relationship may also be transmitted to the above credit agencies. Likewise the online shop operator/Paymorrow may share data on any breaches of contract. The credit agencies store this data in order to be able to issue your contracting partners with information on the creditworthiness of customers or on the customer’s address for tracing debtors, provided they credibly present a justified interest. Paymorrow will ensure that the above credit agencies exclusively process and/or use your personal data within the scope of the intended purpose “credit checking”.

If your request to “pay in instalments” is accepted, you have the option of applying for the payment method “payment in instalments” via Paymorrow’s partner bank. For this purpose you will be forwarded after successfully completing your order in our online shop to the “payment in instalments” offering in our customer portal. In order to use the service, you must follow the instructions in the menu item “payment in instalments”. The service “payment in instalments” is provided by our partner bank, Commerzfinanz GmbH.

On submitting your request for the payment method “payment in instalments”, you will share your first and last name, street, house number, postcode, location and date of birth as well as your phone number with Commerzfinanz GmbH for the purposes of concluding a credit agreement and the handled of payment for your online purchases in Paymorrow partner shops. This personal data is required by Commerzfinanz GmbH for the purposes of checking and deciding on your credit request for the payment method “payment in instalments”.

The provision of data is required for conclusion of contract with your desired payment method. Failure to provide it will mean that the contract cannot be concluded with your desired payment method.

Data collection and processing when paying by credit card, direct debit and invoice via secupay AG

We have integrated the components secupay.Lastschrift (direct debit), secupay.Rechnungskauf (payment by invoice) and secupay.Kreditkarte (credit card) by secupay AG (Goethstr. 6, 01896 Pulsnitz; “secupay”) into our website. secupay is a payment institute in the sense of the Zahlungsdiensteaufsichtsgesetz (Payment Services Supervision Act - ZAG) registered with the Federal Financial Supervisory Authority (Graurheindorfer Str. 108, 53117 Bonn; “BaFin” (register number: 126737) and facilitates cashless payment for products and services online. secupay forms a procedure allowing the claim for the purchase price to be assigned to secupay. This allows a retailer to deliver goods, services or downloads to the customer immediately after the order is placed. If you choose “direct debit”, “payment by invoice” or “credit card” via secupay when ordering from us, your data will automatically be transmitted to secupay. By choosing one of these payment options you agree to transmission of your personal data as necessary for handling the payment. When handling the purchase via secupay, your payment method data is transmitted to secupay. secupay then carries out a technical check on the risk of payment default. The online retailer is then automatically notified that the financial transaction has been carried out. The personal data exchanged with secupay includes first name, last name, address, email address, IP address, phone number and other data which is required for handling the payment. Data is transmitted in order to process your payment and prevent fraud. We will also transmit other personal data to secupay if there is a justified interest in doing so. The personal data exchanged between us and secupay may be transmitted by secupay to credit agencies. This transmission is for the purpose of identity and credit checking. secupay may forward the personal data to affiliated companies and service providers or subcontractors where this is necessary for the fulfilment of contractual obligations or the data is to be processed on its behalf. You have the option of withdrawing your consent for secupay to handle your data at any time. Withdrawal will not affect personal data which have to be processed, used or transmitted for (contractually compliant) payment processing. secupay’s applicable data protection provisions can be found at https://www.secupay.com/en/privacy-policy.

Credit and identity checking when paying by invoice via Novalnet

If you choose to pay by invoice, Novalnet AG (Feringastraße 4, 85774 Unterföhring) will carry out an identity and credit check. For this purpose Novalnet AG requires particular information from the customer, including personal data. This includes name and address, account number and sort code or credit card number (including period of validity), invoice amount and currency as well as transaction number. Novalnet AG checks and evaluates customer information and, if there is a justifiable reason to do so, engages in an exchange of data with other companies and credit agencies (credit check). It is entitled to use this information for the purpose of payment processing and to forward it to the provider. If you choose to pay by invoice via Novalnet, personal data will be transferred to the collection service provider Novalnet and processed further there. The data processing is for the purpose of offering purchase on account as well as the credit check required for this. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in offering various payment methods as well as our justified interest in protection from payment default. You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR by contacting us, for reasons relating to your personal situation. Novalent carries out an in-house identity and credit check. For this purpose Novalnet AG requires particular information from the customer, including personal data. This includes name and address, account number and sort code or credit card number (including period of validity), invoice amount and currency as well as transaction number. Novalnet AG checks and evaluates customer information and, if there is a justifiable reason to do so, engages in an exchange of data with other companies and credit agencies (credit check). It is entitled to use this information for the purpose of payment processing and to forward it to the provider. The provision of data is required for conclusion of contract with your desired payment method. Failure to provide it will mean that the contract cannot be concluded with your desired payment method.

Data collection and processing for the payment methods by installment purchase, by SEPA direct debit and invoice via Ratepay.

When paying via the payment methods "Ratepay purchase on account" and/or "Ratepay direct debit" and/or "Ratepay purchase on installments", your personal data provided in the order process (first and last name, address, date of birth, e-mail address, telephone number and, in the case of SEPA direct debit, the account details provided) are collected and passed on to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay"). The data transfer serves the purpose that Ratepay can perform a risk analysis for the processing of your purchase with the payment method requested by you.
The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for the overriding legitimate interest to determine whether you will be able to meet your payment obligations and to detect fraudulent intent by using your data to commit crimes.
As part of the risk analysis, Ratepay reserves the right, if necessary, to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, Ratepay transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship. An overview of credit agencies that Ratepay uses can be found at: https://www.ratepay.com/legal-payment-creditagencies/. The credit report may contain probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protection against payment default when Ratepay makes advance payments.
You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation by notifying us or Ratepay. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen.

For more information on the payment methods and data processing when using the payment service, please refer to the associated privacy policy at https://www.ratepay.com/legal-payment-terms/ and https://www.ratepay.com/legal-payment-dataprivacy/.

Cookies

Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.

Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.

The use of cookies or comparable technologies is carried out on the basis of Art. 25 para. 2 TDDDG. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.
You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

Use of the Shopify Consent Tool (Shopify Privacy & Compliance)
We use the "Shopify Privacy & Compliance" consent tool from Shopify International Ltd (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Shopify is a company affiliated with Shopify Inc (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The tool enables you to give your consent to data processing via the website, in particular the setting of cookies, and to make use of your right to withdraw consent you have already given. The purpose of data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations. Cookies may be used for this purpose. User information, including your IP address, is collected and transmitted to Shopify.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified according to the TADPF.
This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.
The data processing is carried out to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.
You can find more information on data protection at Shopify at https://www.shopify.com/ca/legal/privacy.

Analysis Advertising tracking Communication

Use of Google Analytics 4

We use the Google Analytics web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.

The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

In this context, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google may have about you.

Your IP address will first be truncated by us on our own servers. Google thus only receives pseudonymised data.

Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable an analysis of your use of the website. The use of cookies or similar technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a DSGVO.

The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

We use the extended implementation of the consent mode (Advanced Consent Mode). In this case, user data is transmitted to Google in the form of "pings" even if consent has not been granted. These pings may contain the following information, among others: IP address to derive the IP country (the IP address is not logged), date and time of the page view, URL of the pages visited, user agent, referrer URL (website from which you accessed our website) or information about the triggering of website events such as a conversion. On the basis of this information, Google models user data in order to be able to carry out a comprehensive usage analysis despite the refusal of consent.

The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
Both Google and US government agencies have access to your data.

For more information on terms of use and data protection, please visit https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy?hl=de&gl=de.

Use of Hotjar

On our website we use the analysis tool provided by Hotjar Ldt. (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; "Hotjar").

The data processing serves the purpose of designing, optimising and analysing our website according to your needs.

The tool is used to randomly record the movements of visitors to the website. This creates a protocol of mouse movements, scrolling behaviour, dwell time and clicks on the website (what is known as the heat map).

For this purpose Hotjar uses, among other things, cookies. These can involve the collection of, among other things, the following information: IP address (in anonymous form), information about the device you are using (screen size, devices, unique device identifier), information about the browser you are using, location data (country only), preferred language for displaying the website, operating system used. Detailed information on the cookies used and the function and the storage period of these can be found here:

https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies

This data is used to create user profiles under a pseudonym. The data is not used to personally identify the visitor of the website and is not merged with personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the collected data to other third parties.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Hotjar is not certified under the TAPF. The data transfer takes place on the basis of appropriate protective measures, among other things. Hotjar will provide you with further information on the measures taken upon request.

The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.

For more information about data protection when using Hotjar, please visit: https://www.hotjar.com/legal/policies/privacy/#enduserenglish

Use of Shopify Analytics
We use the statistical and analytical functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of an order processing. Shopify is an affiliated company of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The processing of data serves to analyse this website and its visitors. For this purpose, data is stored for marketing and optimisation purposes and provided in reports, analyses and statistics. In the process, the following device information is collected and processed, among others: Web browser information, IP address, time zone and some of the cookies installed on your device. When you navigate the website, information is also collected on websites or products accessed, the referrer URL (website from which you accessed our website), and information on how you interact with the website. This is done using technologies such as cookies and web beacons, tags and pixels (electronic files that collect information about how you navigate the website).
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 Para. 1 Sentence 1 TDDDG in conjunction with Art. 6 Para. 1 Letter a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz, information on the order processing agreement at https://www.shopify.com/de/legal/dpa and information on the cookies used at https://www.shopify.com/de/legal/cookies.

Use of Google Ads conversion tracking
Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.
The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users. We use the extended implementation of the consent mode (Advanced Consent Mode). In this case, user data is transmitted to Google in the form of "pings" even if consent has not been granted. These pings may contain the following information, among others: IP address to derive the IP country (the IP address is not logged), date and time of the page view, URL of the pages visited, user agent, referrer URL (website from which you accessed our website) or information about the triggering of website events such as a conversion. On the basis of this information, Google models user data in order to be able to carry out a comprehensive usage analysis despite the refusal of consent.
Your data may be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You will find more information as well as Google’s data privacy policy at: https://www.google.com/policies/privacy/

Use of Google AdSense
Our website uses the AdSense function by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
The data processing serves the purpose of renting out advertising space on the website and using these to address visitors to the website with targeted, interest-related advertising.
This function displays personalised, interest-related adverts from the Google display network to visitors to the website. Google Analytics uses cookies, which make it possible to analyse your use of the website.
The information generated by the cookie regarding your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
Google may also transmit this data to third parties if this is required by law or the third party is processing the data on behalf of Google. On no account will Google associate your IP address with other Google data.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You will find more information as well as Google’s data privacy policy at: https://www.google.com/policies/technologies/ads/ and https://www.google.de/policies/privacy/

Use of the remarketing or "similar target groups" function by Google Inc.
Our website uses the remarketing or "similar target groups" function by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
This application serves to analyse visitor behaviour and visitor interests.
Google uses cookies to analyse website use, forming the basis for producing interest-related adverts. Cookies allow for the recording of website visits as well as anonymised data on the use of the website. The personal data of website visitors is not saved. If you then visit another website in the Google display network you will then be shown adverts which are more likely to take previous areas of product and information interest into account.
Your data may be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on Google remarketing as well as the associated data privacy policy at: https://www.google.com/privacy/ads/

Use of TikTok Pixel
On our website we use TikTok Pixel by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and by TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”). Both companies are the joint controllers (hereinafter referred to as “TikTok”).
The purpose of the data processing is to identify and analyze our customers' website access and to better target our customers by running targeted ads and to evaluate the effectiveness of ads on TikTok. TikTok uses technologies such as cookies and pixels that allow your browser to be recognized. Among others, the following information can be collected and transmitted to TikTok: Date and time of the visit, information about the browser and device type you are using, screen resolution, IP address. TikTok can associate this information with your personal TikTok user account. Using pseudonyms, user profiles can be created from the data collected in this way. However, it is not possible to personally identify the users in this way.
Your data may be transferred to third countries such as the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TAPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
The use of cookies or comparable technologies takes place with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1(a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1(a) GDPR. You can revoke the consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
For more information on data protection please visit: https://www.tiktok.com/legal/page/eea/privacy-policy/de and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Use of Shopify Inbox
We use the live chat system and Shopify Inbox of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of an order processing. Shopify is an affiliated company of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data processing serves the purpose of direct and efficient communication between you and us as a provider. Data is stored and processed for the operation of the system and for the purpose of optimising the service.
In order to operate the live chat system, cookies may be used to enable browser recognition. This may involve the following information being recorded and processed: IP address and personal data provided by you when using the chat system.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 para. 1 sentence 1 TDDDG in conjunction with Art. 6 para. 1 lit a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more information about data protection at Shopify at https://www.shopify.com/de/legal/datenschutz and https://www.shopify.com/de/legal/dpa.

Plug-ins

Use of the Google Tag Manager
Our website uses the Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). This application manages JavaScript tags and HTML tags which are used in particular to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimisation of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/intl/de/tagmanager/use-policy.html

Use of social plug-ins via “Shariff”

Our website uses social network plug-ins. We use data protection-compliant “Shariff” buttons to ensure that you retain control over your data.No connection is made to the social network servers and no data submitted without your explicit consent. “Shariff” was developed by specialists at the computer magazine c't. It enables more personal privacy in the network and replaces the usual social network "share" buttons. You can find more information on the Shariff project here https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

When you click the buttons a pop-up window appears, allowing you to log on with the relevant provider using your data. It is only after you actively login that a direct connection to the social network is set up. By logging in, you give your permission for the transfer of your data to the respective social media provider. At this time, information such as your IP address and which websites you have visited is transmitted. Should you be connected simultaneously with one or more of your social network accounts, the information collected is also assigned to your corresponding profiles. Therefore, you can only prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts. The social networks listed below are integrated with the “Shariff” function. You can find more detailed information on the scope and purpose of collection and use of the data, your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.

Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://www.facebook.com/policy.php
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) https://help.instagram.com/155833707900388.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

X (X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, USA)
https://twitter.com/privacy
https://twitter.com/personalization
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). X has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Use of social plug-ins via the “2-click solution”

Our website uses social network plug-ins via the “2-click solution”. No connection is made to the social network servers and no data submitted without your explicit consent.Standard integration of plug-ins set up a connection between your computer and the provider’s servers when you call up pages on our website which contain such a plugin, allowing the plug-in to be shown on the web page by a notice sent to your browser. Both your IP address and the fact that you have visited our web pages are transmitted to the provider’s servers. This happens regardless of whether you are registered with or logged into the social network. The information is transferred even if users are not registered or logged in. If you are also logged into the social network, this information is also assigned to your user profile. When you use plug-in functions (e.g. activate the button) this information is also assigned to your user account, which you can only prevent by logging out before using the plug-in. To ensure that you retain control over your data we have decided to initially deactivate the corresponding button. This is shown by the greyed-out button. No connection is made to the social network servers and no data submitted without your explicit consent - in the form of activation of the button.Only when you activate the button does it become active (highlighted) and set up a direct connection to the social network’s servers.By logging in, you give your permission for the transfer of your data to the respective social media provider. At this time, information such as your IP address and which websites you have visited is transmitted. Should you be connected simultaneously with one or more of your social network accounts, the information collected is also assigned to your corresponding profiles. Therefore, you can only prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts.

The social networks listed below are integrated with the “2-click function”. You can find more detailed information on the scope and purpose of collection and use of the data, your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.

Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):

https://www.facebook.com/policy.php

Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
http://instagram.com/legal/privacy/
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland):
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

X (X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, USA)
https://twitter.com/privacy
https://twitter.com/personalization
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). X has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Use of Facebook Connect
Our website uses the single sign-on function Facebook Connect from Meta Platforms Ireland Ltd. (Grand Canal Harbour, Dublin, D02, Ireland; "Facebook").
Meta Platforms Ireland and we are jointly responsible for the collection of your data and the transfer of this data to Facebook when the service is integrated. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible in particular for the fulfilment of the information obligations in accordance with Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations in accordance with Art. 33, 34 GDPR, insofar as a violation of the protection of personal data affects our obligations under the agreement on joint processing. Meta Platforms Ireland is responsible for enabling the rights of the data subject in accordance with articles 15-20 of the GDPR, for complying with the security requirements of article 32 of the GDPR with regard to the security of the service, and for complying with the obligations of articles 33, 34 of the GDPR, insofar as a breach of personal data protection concerns Meta Platforms Ireland's obligations under the joint processing agreement.
This function enables website visitors to log on to the website via their already existing Facebook account. The processing of data serves the purpose of verification during registration, personalisation and for interest-related advertising. To offer this function on the website a connection to the Facebook servers is established. Cookies are used for this purpose. In this process the following information, inter alia, can be collected and transmitted to Facebook: IP address, browser information, referrer URL (website via which you accessed our website), location data. This happens regardless of whether you are registered with or logged into the social network. The information is transferred even if users are not registered or logged in. Should you be connected simultaneously with one or more of your social network accounts, the collected information may also be assigned to your corresponding profiles. You can therefore prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts. Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
When using the single sign-on function the Facebook profile of the website visitor is connected with a customer account for this website. In this case we receive personal data of the user through Facebook, as stated in the login process. This can include the following information, inter alia: Name, address, public profile information (e,g, name profile picture, age, gender), email address, friends list, "Likes" information.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more detailed information on the terms and conditions of use and data protection at https://www.facebook.com/about/privacy/.

Use of Google reCAPTCHA
Our website uses the reCAPTCHA service by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). The request serves to distinguish whether the input was made by a human or automatic machine processing. For this purpose your input will be transmitted to Google and used by them further. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transferred to Google. This data will be processed by Google within the EU and potentially also in the USA.

For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para.1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.

You can find more detailed information on Google reCAPTCHA and the associated data protection declaration at: https://www.google.com/recaptcha/intro/android.html and

https://www.google.com/privacy.

Use of Google invisible reCAPTCHA
Our website uses the invisible reCAPTCHA service by reCAPTCHA der Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland; "Google"). This serves to distinguish whether the input was made by a human or automatic machine processing. In the background, Google collects and analyses usage data which is also used by invisible reCaptcha to distinguish between regular users and bots. For this purpose your input will be transmitted to Google and further used there. In addition, the IP address and, where applicable, other data required by Google for the invisible reCAPTCHA service will be transmitted to Google. This data will be processed by Google within the European Union and, where necessary, also in the USA.

You can find more detailed information on Google reCAPTCHA and the associated data privacy policy at: https://www.google.com/recaptcha/intro/android.html

and https://www.google.com/privacy.

Use of hCaptcha
We use the hCaptcha service of Intuition Machines Inc. (1065 SW 8th St #704, Miami, FL 33130, USA; ‘hCaptcha’) on our website as part of order processing.
HCaptcha serves to protect our website from spam and misuse by automated access (bots). By implementing hCaptcha, we ensure that certain actions on our website are only carried out by real people, which guarantees the security and integrity of our online services.
When hCaptcha is used, the following data may be collected and processed IP address of the user, information about the end device used (e.g. browser and operating system), mouse movements and interactions on the website, time spent on the website, input behaviour of the user. Your data may be transferred to the USA. An adequacy decision of the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). HCaptcha has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find more information on data processing and data protection at hCaptcha at https://www.hcaptcha.com/gdpr.

Use of Cloudflare

On our website, we use the Content Delivery Network, Cloudflare CDN of Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA; “Cloudflare”). This is a supraregional network of servers in different data centres with which our web server connects and via which certain contents of our website are delivered.

The purpose of the data processing is to optimise the loading times of our website in order to make our offer more user-friendly.

This can involve the collection of, among other things, the following information: IP address, system configuration information, information about the traffic from and to customer websites (server log files).

Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
Processing is carried out on the basis of Article 6(1)(f) GDPR for the purposes of our legitimate interest in needs-based and targeted design of the website. On grounds relating to your particular situation, you have the right to object at any time to this processing of your personal data and carried out on the basis of Article 6(1)(f) GDPR.

For more information about privacy when using Cloudflare, please visit https://www.cloudflare.com/de-de/privacypolicy/.

Use of GoogleMaps
Our website uses the function for embedding Google Maps by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google")
This feature visually represents geographical information and interactive maps. Google also collects, processes and uses data on visitors to the website when they call up pages with embedded Google maps.
Your data may also be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Further information on the data collected and used by Google, your rights and privacy can be found in Google’s privacy policy at https://www.google.com/privacypolicy.html. You also have the option of changing your settings in the data protection centre, allowing you to administer and protect the data processed by Google.

Use of YouTube
Our website uses the function for embedding YouTube videos by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube"). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
This feature shows YouTube videos in an iFrame on the website. The option "advanced privacy mode" is enabled here. This prevents YouTube from storing information on visitors to the website. It is only if you watch a video that information is transmitted to and stored by YouTube. Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
Further information on the data collected and used by YouTube and Google and your associated rights and options for protecting your privacy can be found in YouTube’s privacy policy (https://www.youtube.com/t/privacy).

Using Vimeo
Our website uses plug-ins from Vimeo Inc. (555 West 18th Street New York, New York 10011, USA; "Vimeo") to integrate videos into the "Vimeo" portal.
If you access pages on our website that contain this kind of plug-in, this will generate a connection to the Vimeo server and indicate the plug-in on the site by means of a message in your browser. Information such as your IP address and which websites you have visited will be transmitted to the Vimeo server.
If you are logged into Vimeo, Vimeo will assign this information to your personal user account. When using the plug-in functions (e.g. starting a video by pressing the appropriate button), this information will also be assigned to your Vimeo account.

Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Further information on the purpose and scope of enquiry and continued use and processing of the data by Vimeo and your associated rights and options for protecting your privacy can be found in the Vimeo data privacy policy: https://vimeo.com/privacy

Integration of the Händlerbund member logo
The Händlerbund member logo (Händlerbund e.V., Kohlgartenstraße 11 - 13, 04315 Leipzig) is integrated on our website. When you visit our website, the browser used on your device automatically sends information to the Händlerbund e.V. server. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without any action on your part and stored until it is automatically deleted:

IP address of the requesting computer,
Date and time of access,
Name and URL of the accessed file,
Website from which the access is made (referrer URL),
browser used and, if applicable, the operating system of your computer and the name of your access provider.

Temporary storage of the IP address by the system is necessary to enable delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of the information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

Embedding of the idealo logo

The logo of our partner, idealo (idealo internet GmbH, Ritterstraße 11, 10969 Berlin), is embedded on our website. When you access our website, information will automatically be sent to idealo’s server via the browser used on your device. This information will be stored temporarily in a server log file for 7 days. The following information is recorded without any action by you and stored until it is automatically deleted:

IP address of the requesting computer,
date and time of the access,
name and URL of the file retrieved,
website from which the access occurred (referrer URL),
browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The temporary storage of the IP address by the system is necessary to enable provision of the website. The IP address must therefore be stored for the duration of the session. Storage in log files takes place in order to guarantee functionality of the website. The data are also used to optimise the website and guarantee security of the information technology systems. These data are not stored together with other personal data. The legal basis for the processing of data is Article 6(1)(1)(f) GDPR.

Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
The data processing serves to facilitate the consistent display of fonts on our website. In order to load the fonts, a connection to Google servers is established when the page is accessed. Among other things, your IP address and information about the browser you are using will be processed and transmitted to Google. This data is not linked to your Google account. Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on the data processing and data protection at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq.

Use of Google Translate
We use the translation service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website via API integration. The data processing serves the purpose of presenting the information provided on the website in a different language. In order for the translation to be automatically displayed after you have selected a national language, the browser you are using connects to the Google servers. Cookies may be used for this purpose. Thereby, among other things, the following information can be collected and processed: IP address, URL of the page visited, date and time. Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more information on the collection and use of your data by Google at: https://www.google.com/policies/privacy/.

Rights of persons affected and storage duration

Duration of storage

After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.

Rights of the affected person

If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.

Right to complain to the regulatory authority

You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.

You can lodge a complaint with, among others, the supervisory authority responsible for us, which you may reach at the following contact details:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
Besuchereingang: Puttkamerstr. 16 – 18 (5. Etage)
10969 Berlin
Tel.: +49 30 138890
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de

Right to object

If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.

If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.

If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.

last update: 22.01.2025

Privacy Policy

contact

Legal information

Quick links

Sign up for the newsletter below and instantly receive a €5 voucher code: