data protection

Data protection

1) Information about the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how we handle your personal data when you use our website. Personal data is all data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Löwenkind GmbH Managing Director: Simone Hilble Ludwig-Bölkow-Straße 5 88471 Laupheim - Germany. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Hosting

Hosted by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services from Shopify, data can also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. as part of further processing on behalf of Shopify. In the event that data is transmitted to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on Shopify servers other than those mentioned above will only take place within the scope communicated below.

4) Content Delivery Network

Cloudflare
On our website we use a so-called content delivery network ("CDN") from the technology service provider Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). A content delivery network is an online service that is used to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of Cloudflare's content delivery network helps us to optimize the loading speeds of our website.
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in a secure and efficient provision, as well as improving the stability and functionality of our website.
We have concluded a data processing agreement with Cloudfare (Data Processing Addendum, available at https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf), which obliges Cloudfare to protect the data of our website visitors and not to pass it on to third parties. For the transmission of data from the EU to the USA, Cloudfare relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
For more information, please see Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/

5) Cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie. You can find out how long each cookie is stored for in the overview of the cookie settings in your web browser.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to execute the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the event of consent being given, or in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Please note that you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

6) Contact us

When you contact us (e.g. via contact form or email), personal data is collected. The data collected when you use a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Paragraph 1 Letter f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Paragraph 1 Letter b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention periods to the contrary.

7) Data processing when opening a customer account and for contract processing

In accordance with Art. 6 Paragraph 1 Letter b of GDPR, personal data will continue to be collected and processed if you provide it to us to execute a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Your customer account can be deleted at any time and can be done by sending a message to the above-mentioned address of the person responsible. We store and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of the data that is permitted by law.

8) Use of customer data for direct marketing

8.1 Registration for our email newsletter

If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information required to send the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter if you have expressly confirmed to us that you agree to receive the newsletter. We will then send you a confirmation email asking you to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link.

By activating the confirmation link you give us your consent to use your personal data in accordance with Art. 6 Paragraph 1 Letter a of GDPR. When you register for the newsletter, we save your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for the newsletter is used exclusively for the purposes of advertising via the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible named above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we inform you in this declaration.

8.2 Sending the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range to those you have already purchased. In accordance with Section 7 Paragraph 3 of the Unfair Competition Act, we do not need to obtain your separate consent for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Paragraph 1 Letter f of GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible named at the beginning. You will only incur transmission costs according to the basic rates. Once your objection has been received, the use of your email address for advertising purposes will be stopped immediately.

8.3 Sending newsletters via Shopify Email

Our email newsletters are sent via Shopify Email, a service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), to whom we transfer your when registering for the newsletter. This transfer takes place in accordance with Art. 6 Paragraph 1 Letter f of GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter for the purpose of subscribing to the newsletter (e.g. email address, address) are generally stored on Shopify's servers in the EU.
As part of the aforementioned Shopify services, data may also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. as part of further processing on behalf of Shopify. In the event that data is transmitted to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision.

Shopify uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the emails sent may contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Furthermore, Shopify can use this data itself in accordance with Art. 6 (1) (f) GDPR based on its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example to determine which countries the recipients come from. However, Shopify does not use the data of our newsletter recipients to write to them directly or to pass the data on to third parties.

We have concluded a data processing agreement with Shopify, which requires Shopify to protect our customers' data and not to pass it on to third parties.

You can view Shopify’s privacy policy here: https://www.shopify.de/legal/datenschutz

9) Data processing for order processing

9.1 To process your order, we work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment details to the commissioned credit institution as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b GDPR.

9.2 Transfer of personal data to shipping service providers

- German postal service
If the goods are delivered by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will pass on your e-mail address to Deutsche Post in accordance with Art. 6 Para. 1 lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Deutsche Post for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Deutsche Post or delivery notification is not possible.
Consent can be revoked at any time with future effect to the person responsible named above or to Deutsche Post.
- DHL
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will pass on your e-mail address to DHL in accordance with Art. 6 Para. 1 lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or delivery notification is not possible.
The consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider DHL.
- DHL Freight
If the goods are delivered by the transport service provider DHL (DHL Freight GmbH, Godesberger Allee 102-104, 53175 Bonn, Germany), we will pass on your e-mail address to DHL in accordance with Art. 6 Para. 1 lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or delivery notification is not possible.
The consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider DHL.
- DPD
If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will pass on your e-mail address and telephone number to DPD before the goods are delivered in accordance with Art. 6 Para. 1 lit. a GDPR for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DPD or delivery notification is not possible.
The consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider DPD.
- FedEx
If the goods are delivered by the transport service provider FedEx (FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach), we will pass on your e-mail address and telephone number to FedEx before the goods are delivered in accordance with Art. 6 Para. 1 lit. a GDPR for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to FedEx for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with FedEx or delivery notification is not possible.
Consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider FedEx.
- GLS
If the goods are delivered by the transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 - 7, 36286 Neuenstein), we will pass on your e-mail address to GLS in accordance with Art. 6 Paragraph 1 Letter a of GDPR before the goods are delivered for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to GLS for the purpose of delivery in accordance with Art. 6 Paragraph 1 Letter b of GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with GLS in advance or to transmit status information on the delivery of the shipment.
The consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider GLS.
- Hermes
If the goods are delivered by the transport service provider Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg), we will pass on your e-mail address to Hermes before the goods are delivered in accordance with Art. 6 Para. 1 lit. a GDPR for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Hermes for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with Hermes in advance or to transmit status information on the delivery of the shipment.
The consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider Hermes.
- INTEX Parcel Service GmbH
If the goods are delivered by the transport service provider INTEX (INTEX Paketdienst GmbH, In der Held 2, 66620 Nonnweiler-Otzenhausen), we will pass on your e-mail address to INTEX before the goods are delivered in accordance with Art. 6 Para. 1 lit. a GDPR for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to INTEX for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with INTEX in advance or to transmit status information on the delivery of the shipment.
The consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider INTEX.
- Austrian post
If the goods are delivered by the transport service provider Österreichische Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria), we will pass on your e-mail address to Österreichische Post prior to delivery of the goods in accordance with Art. 6 Para. 1 lit. a GDPR for the purpose of coordinating a delivery date or to notify you of delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Österreichische Post for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Österreichische Post or the transmission of status information on the delivery of the shipment is not possible.
The consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider Österreichische Post.
- Post CH
If the goods are delivered by the transport service provider Post CH (Swiss PostAG, Switzerland, Wankdorfallee 4, 3030 Bern), we will pass on your email address to Post CH before the goods are delivered for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Post CH for the purpose of delivery. The information will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with Post CH in advance or to transmit status information on the delivery of the shipment.
Consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider Post CH.
- Donor
If the goods are delivered by the transport service provider Schenker (Schenker Deutschland AG, Lyoner Straße 15, 60528 Frankfurt am Main), we will pass on your e-mail address to Schenker in accordance with Art. 6 Para. 1 lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or to provide delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Schenker for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Schenker or delivery notification is not possible. Consent can be revoked at any time with future effect to the person responsible named above or to Schenker.
- UPS
If the goods are delivered by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will pass on your e-mail address to UPS before delivery of the goods in accordance with Art. 6 Para. 1 lit. a GDPR for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to UPS for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with UPS or the transmission of status information on the shipment delivery is not possible.
Consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider UPS.

9.3 Use of payment service providers (payment services)

- Amazon Pay
If you select the payment method "Amazon Pay", payment processing will be carried out via the payment service provider Amazon Payments Europe sca, 38 avenue JF Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we pass on the information you provided during the ordering process, together with the information about your order, in accordance with Art. 6 Paragraph 1 Letter b of GDPR. Your data will be passed on exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent that it is necessary for this purpose. You can find further information about Amazon Payments' data protection provisions at the following Internet address: https://pay.amazon.com/de/help/201751600
- Apple Pay
If you choose the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the “Apple Pay” function on your iOS, watchOS or macOS device by charging a payment card stored with “Apple Pay”. Apple Pay uses security features that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code that you have previously specified and verify it using the “Face ID” or “Touch ID” function on your device.
For the purpose of processing the payment, the information you provided during the ordering process, along with information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the payment was successful.
If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was completed successfully. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase you made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
Further information on data protection at Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the payment method “Google Pay” from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and with an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To authorize a payment via Google Pay of more than €25, your mobile device must first be unlocked using the verification measure set up in each case (e.g. facial recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the source website in the form of a unique transaction number, which is used to verify that the payment has been made. This transaction number does not contain any information about the actual payment data of your payment method stored with Google Pay, but is created and transmitted as a one-time numerical token. For all transactions via Google Pay, Google acts only as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the source website by charging the payment method stored with Google Pay.
If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made through Google Pay. This includes the date, time and amount of the transaction, the merchant location and description, a description of the goods or services purchased provided by the merchant, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) (f) GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and maintenance of the functionality of the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- giropay
When paying via "giropay", payment processing is carried out by giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to whom we pass on the information you provided during the ordering process, along with information about your order. Your data will be passed on in accordance with Art. 6 Paragraph 1 Letter b of GDPR solely for the purpose of payment processing and only to the extent that it is necessary for this purpose. You can find further information about the data protection provisions of giropay GmbH at the following internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
- Klarna
If you select a Klarna payment service, payment will be processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable payment processing, your personal data (first and last name, street, house number, postcode, city, gender, email address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, delivery method) will be passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 Para. 1 lit. a GDPR as part of the ordering process. You can see which credit agencies your data can be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual payment processing.
Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection provisions for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The data is passed on in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for the payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. For further information on data protection, including information on the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, payment processing will be carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Paragraph 1 Letter b GDPR. Your data will be passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information on Shopify Payments' data protection can be found at the following internet address: https://www.shopify.com/legal/privacy.
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
- IMMEDIATELY
If you select the payment method "SOFORT", payment processing will be carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we pass on the information you provided during the ordering process along with the information about your order in accordance with Art. 6 Paragraph 1 Letter b of GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be passed on exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can find further information about SOFORT's data protection provisions at the following internet address: https://www.klarna.com/sofort/datenschutz.
- Stripe
If you choose a payment method from the payment service provider Stripe, payment processing will be carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provided during the ordering process along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) (b) GDPR. Further information on Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation.
Stripe reserves the right to carry out a credit check based on mathematical-statistical procedures in order to protect the legitimate interest in determining the user's ability to pay. Stripe may transmit the personal data required for a credit check and received as part of the payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, these are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. Stripe uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the eligibility to use the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

10) Contacting us to remind you of your review

Own review reminder (not sent through a customer review system)
We use your email address as a one-time reminder to submit a review of your order for the rating system we use, provided that you have given us your express consent to do so during or after your order in accordance with Art. 6 (1) (a) GDPR.
You can revoke your consent at any time by sending a message to the person responsible for data processing.

Review reminder by Reviews.io
If you have given us your express consent to do so during or after your order in accordance with Art. 6 Paragraph 1 Letter a of GDPR, we will transmit your email address to the review platform "reviews.io" of REVIEWS.io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, so that it can send you a review reminder by email. You can revoke your consent at any time by sending a message to the person responsible for data processing or to the review platform.

11) Use of rating and seal of approval graphics

11.1 Provenexpert widget

We use the Provenexpert seal on our website, a widget from Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin ("Provenexpert"). When you visit our website, Provenexpert servers load dynamic content (current shop rating, certificate, etc.) into the widget. Information about the website you previously visited, the date and time of access, the amount of data transferred, the browser type used, the operating system you use and the requesting provider (referrer data) can be transmitted to the Provenexpert servers. If this also includes personal data, the processing is carried out based on our overriding legitimate interest in optimizing our offer in accordance with Art. 6 Para. 1 f GDPR.
Further information on data protection at Provenexpert can be found at: https://www.provenexpert.com/de-de/datenschutzbestimmungen/

11.2 Trusted Shops Trust Badge

The Trusted Shops Trustbadge is integrated into this website to display our Trusted Shops seal of approval and to offer Trusted Shops membership to buyers after an order.

This serves to safeguard our legitimate interests in the optimal marketing of our offer, which prevail within the framework of a balancing of interests, Art. 6 Paragraph 1 Letter f of GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When you access the Trustbadge, the web server automatically saves a so-called server log file, which contains information such as your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site.

Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement concluded between you and Trusted Shops applies.

12) Use of social media: social plugins

12.1 Facebook Plugins with 2-click solution

Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

In order to increase the protection of your data when you visit our website, the plugins are initially deactivated and integrated into the page using a so-called "2-click" solution. You can recognize deactivated plugins by the fact that they are grayed out. This integration ensures that when you call up a page on our website that contains such plugins, no connection is established with the Facebook servers. Only when you activate the plugins and thus give your consent to the data transfer in accordance with Art. 6 Paragraph 1 Letter a of GDPR, does your browser establish a direct connection to the Facebook servers. The content of the respective plugin is sent directly to your browser and integrated into the page. The plugin then transmits data (including your IP address) to Facebook. We have no influence on the amount of data that Facebook collects using the plugins. To the best of our knowledge, Facebook receives information about which of our websites you have currently and previously visited. By integrating the plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in. The information collected (including your IP address) is transmitted from your browser directly to a Facebook Inc. server in the USA and stored there. If you interact with the plug-ins, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your contacts there.

You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation has no effect on the data that has already been transferred to Facebook.

For information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and setting options to protect your privacy, please see Facebook's privacy policy: https://www.facebook.com/policy.php

12.2 Instagram as standard plugin

Our website uses so-called social plugins ("plugins") from the online service Instagram, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plugins and what they look like can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

If you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted directly from Instagram to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transmitted from your browser directly to a Facebook Inc. server in the USA and stored there.

If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the "Instagram Camera" button, this information is also sent directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.

The data processing operations described are carried out in accordance with Art. 6 (1) (f) GDPR on the basis of Instagram's legitimate interests in displaying personalized advertising in order to inform other users of the social network about your activities on our website and to design the Instagram service to meet your needs.

If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. You can also object to the loading of the Instagram plug-in and thus the data processing operations described above in the future with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).

For information on the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights and setting options to protect your privacy, please see Instagram's privacy policy: https://help.instagram.com/155833707900388/

13) Use of social media: videos

13.1 Use of Vimeo videos

Our website contains plug-ins from the video portal Vimeo, operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. When you access a page on our website that contains such a plug-in, your browser establishes a direct connection to the Vimeo servers. The content of the plug-in is transmitted directly from Vimeo to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Vimeo account or are not currently logged into Vimeo. This information (including your IP address) is transmitted from your browser directly to a Vimeo server in the USA and stored there.
If you are logged in to Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. If you interact with the plugins (e.g. by pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.

The data processing operations described are carried out in accordance with Art. 6 (1) (f) GDPR on the basis of Vimeo’s legitimate interest in market research and the needs-based design of the Vimeo service.

If you do not want Vimeo to assign the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website.

For the purpose and scope of data collection and the further processing and use of the data by Vimeo as well as your rights and setting options to protect your privacy, please refer to Vimeo's privacy policy: https://vimeo.com/privacy

For videos from Vimeo that are embedded on our site, the tracking tool Google Analytics from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated. This is Vimeo's own tracking function, which we have no access to and which we cannot influence. Google Analytics uses so-called "cookies" for tracking purposes. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server and stored there; this may also be transmitted to the servers of Google LLC in the USA.

This processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of Vimeo’s legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.

To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

13.2 Use of YouTube videos

This website uses the YouTube embedding function to display and play videos from the provider “Youtube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

The extended data protection mode is used here, which, according to the provider, only starts saving user information when the video(s) is played. If the playback of embedded YouTube videos is started, the provider "Youtube" uses cookies to collect information about user behavior. According to information from "Youtube", these are used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want to be assigned to your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of Google's legitimate interests in displaying personalized advertising, market research and/or designing its website to meet needs. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right. When using YouTube, personal data may be transferred to Google LLC servers in the USA.
Regardless of whether the embedded videos are played, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations without our influence.

Further information on data protection at “Youtube” can be found in the YouTube terms of use at https://www.youtube.com/static?template=terms and in Google’s privacy policy at https://www.google.de/intl/de/policies/privacy.

14) Online Marketing

14.1 Facebook Pixel for creating custom audiences (with Cookie Consent Tool)
Our online offering uses the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).
If a user clicks on an ad placed by us that is displayed on Facebook, an extension is added to the URL of our linked page using Facebook Pixel. If our page allows data to be shared with Facebook via Pixel, this URL parameter is written into the user's browser using a cookie that our linked page itself sets. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to only display the Facebook ads placed by us to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear annoying. In this way, we can further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook advertisement (so-called "conversion").
The data collected is anonymous to us and does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook pixel is carried out exclusively with your express consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, remove the check mark next to the setting for the "Facebook pixel" in the "Cookie Consent Tool" integrated on the website.

14.2 Use of Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use the Google Ads service to draw attention to our attractive offers on external websites using advertising materials (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.

The cookie for conversion tracking is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

Details on the processing initiated by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

If you do not wish to participate in tracking, you can block this use by deactivating the Google Conversion Tracking cookie in your Internet browser under the keyword "User Settings". You will then not be included in the conversion tracking statistics. We use Google Ads due to our legitimate interest in targeted advertising in accordance with Art. 6 Para. 1 lit. f GDPR. When using Google Ads, personal data may also be transferred to the servers of Google LLC in the USA.

You can find further information about Google’s privacy policy at the following internet address: https://www.google.de/policies/privacy/

You can permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in from Google available under the following link:
https://www.google.com/settings/ads/plugin?hl=de

Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies.

15) Web analytics services

15.1 Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be used to analyze the use of websites.
When using Google Analytics 4, so-called "cookies" are used as standard. Cookies are text files that are stored on your device and enable an analysis of your use of a website. The information collected through cookies about your use of the website (including the IP address transmitted by your device, shortened to the last digits, see below) is usually transmitted to a Google server and stored and processed there. This may also involve the transmission of information to the servers of the company Google LLC based in the USA and further processing of the information there.
When using Google Analytics 4, the IP address transmitted by your device when you use the website is automatically and always collected and processed anonymously, so that the information collected cannot be directly linked to a person. This automatic anonymization takes place by shortening the last digits of the IP address transmitted by your device by Google within member states of the European Union (EU) or other contracting states to the Agreement on the European Economic Area (EEA).
On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports on your website activities or usage behavior, and to provide us with other services related to your website usage and internet usage. The IP address transmitted and shortened by your device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 will be stored for 2 months and then deleted.
Google Analytics 4 also uses a special function called "demographic features" to create statistics with information about the age, gender and interests of website users based on an evaluation of interest-based advertising and with the use of third-party information. This makes it possible to determine and differentiate user groups of the website for the purpose of targeting marketing measures that are optimized for specific groups. However, data collected via the "demographic features" cannot be assigned to a specific person and therefore cannot be assigned to you personally. This data collected via the "demographic features" function is stored for two months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the device you use to use the website, only takes place if you have given us your express consent to do so in accordance with Art. 6 Paragraph 1 Letter a of GDPR. Without your consent, Google Analytics 4 will not be used while you are using the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website.
In connection with this website, the “UserIDs” function is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google create cross-device reports (so-called “cross-device tracking”). This means that if you give your consent to the use of Google Analytics 4 in accordance with Art. 6 Paragraph 1 Letter a of GDPR, your usage behavior can also be analyzed across devices if you have set up a personal account by registering on this website and are logged into your personal account on various devices using your relevant login data. The data collected in this way shows, among other things, on which device you clicked on an ad for the first time and on which device the corresponding conversion took place.
In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals, we can have Google create cross-device reports (so-called “cross device tracking”). If you have activated “personalized ads” in your Google account settings and have linked your internet-enabled devices to your Google account, Google can analyze usage behavior across devices if you give your consent to the use of Google Analytics 4 in accordance with Art. 6 Paragraph 1 Letter a of GDPR and create database models based on this. This takes into account the registrations and device types of all website users who were logged into a Google account and made a conversion. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the conversion took place. We do not receive any personal data from Google, only statistics created on the basis of Google Signals. You have the option of deactivating the "personalized ads" function in the settings of your Google account and thus turning off cross-device analysis in connection with Google Signals. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de
Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de
We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, through which Google is obliged to protect the data of our website users and not to pass it on to third parties.
To ensure compliance with European data protection standards, including when data is transferred from the EU or EEA to the USA and when it is further processed there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.
Further legal information on Google Analytics 4, including a copy of the standard contractual clauses mentioned, can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de
Details on the processing initiated by Google Analytics 4 and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

Google Analytics 4 (without cookies, without UserIDs, without Google Signals) => Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be used to analyze the use of websites.
When you visit this website, no cookies (text files that are stored on your device and that enable an analysis of your use of the website) are used by default as part of the so-called consent mode (beta version) of Google Analytics 4, unless you expressly consent to the setting of cookies and the reading of information from cookies after being requested to do so. Until such consent is given and - if you expressly refuse to grant such consent when requested to do so by us - even when you continue to use this website, Google Analytics 4 will not set or read any cookies. Instead, certain information about your usage behavior is collected and processed using so-called "pings".
The information collected in this case through so-called pings about your use of the website (including the IP address transmitted by your device, shortened by the last digits, see below) is usually transmitted to a Google server and stored there and further processed. This may also involve the transmission of information to the servers of the company Google LLC based in the USA and further processing there. If you expressly consent to the use of cookies, the same also applies to the information collected through cookies about your use of the website.
When using Google Analytics 4, the IP address transmitted by your device when you use the website is automatically and always collected and processed anonymously, so that the information collected cannot be directly linked to a person. This automatic anonymization takes place by shortening the last digits of the IP address transmitted by your device by Google within member states of the European Union (EU) or other contracting states to the Agreement on the European Economic Area (EEA).
On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports on your website activities or usage behavior, and to provide us with other services related to your website usage and internet usage. The IP address transmitted and shortened by your device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 will be stored for 2 months and then deleted.
Google Analytics 4 also uses a special function called "demographic features" to create statistics with information about the age, gender and interests of website users based on an evaluation of interest-based advertising and with the use of third-party information. This makes it possible to determine and differentiate user groups of the website for the purpose of targeting marketing measures that are optimized for specific groups. However, data collected via the "demographic features" cannot be assigned to a specific person and therefore cannot be assigned to you personally. This data collected via the "demographic features" function is stored for two months and then deleted.
All processing described above, including data transfers via “pings” and
the possible setting of Google Analytics cookies for the storage and possible reading of information on the device you use to use the website, only takes place if you have given us your express consent to do so in accordance with Art. 6 Paragraph 1 Letter a of GDPR. Without your consent, your use of the website will not be analyzed. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website.
We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, through which Google is obliged to protect the data of our website users and not to pass it on to third parties.
To ensure compliance with European data protection standards, including when data is transferred from the EU or EEA to the USA and when it is further processed there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.
Further legal information on Google Analytics 4, including a copy of the standard contractual clauses mentioned, can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de
Details on the processing initiated by Google Analytics 4 and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

15.2 Hotjar (hotjar Ltd.)

This website uses the web analysis service Hotjar provided by Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).
This tool can be used to track movements on the websites on which Hotjar is used (so-called heatmaps). For example, it is possible to see how far users scroll and which buttons users click and how often. The tool also makes it possible to obtain feedback directly from website users. In this way, we obtain valuable information to make our websites even faster and more customer-friendly. The above analysis is based on our legitimate interests in optimization and marketing purposes and the interest-based design of our website in accordance with Art. 6 Para. 1 lit. f GDPR. When using this tool, we pay particular attention to the protection of your personal data. This means we can only track which buttons you click and how far you scroll. Areas of the websites in which personal data from you or third parties is displayed are automatically hidden by Hotjar and are therefore never traceable.

Hotjar offers every user the option of using a "Do Not Track header" to prevent the use of the Hotjar tool so that no data about visits to the respective website is recorded. This is a setting that is supported by all common browsers in their current versions. To do this, your browser sends a request to Hotjar with the instruction to deactivate tracking of the respective user. If you use our website with different browsers/computers, you must set up the "Do Not Track header" separately for each of these browsers/computers.
Detailed instructions with information about your browser can be found at: https://www.hotjar.com/opt-out
For more information about Hotjar Ltd. and the Hotjar tool, please visit: https://www.hotjar.com
The privacy policy of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy

To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option for making an objection described above.

16) Retargeting/ Remarketing/ Recommendation Advertising

Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing, with which we advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. The processing is carried out on the basis of our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f GDPR.
Any further data processing will only take place if you have given Google your consent to link your internet and app browsing history to your Google account and to use information from your Google account to personalize ads you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google will temporarily link your personal data to Google Analytics data to create target groups. When using Google Ads Remarketing, personal data may also be transferred to Google LLC servers in the USA.
Details on the processing initiated by Google Ads Remarketing and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plug-in from Google available at the following link:
https://www.google.com/settings/ads/onweb/
Further information and the privacy policy regarding advertising and Google can be found here:
https://www.google.com/policies/technologies/ads/
To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website or, alternatively, follow the option for objecting described above.

Pinterest retargeting pixel
A pixel (Pinterest tag) from Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest") is integrated into this website. The pixel can be used to collect, store and evaluate information about the surfing behavior of website visitors in pseudonymized form. If personal data is also processed in this process, this is done on the basis of our legitimate interest in displaying personalized advertising in accordance with Art. 6 Para. 1 lit. f GDPR. The information can be assigned to the user's person with the help of other information that Pinterest has stored about the user, e.g. due to the ownership of an account on the social network "Pinterest". Pinterest uses an algorithm to analyze surfing behavior and can then display targeted product recommendations as personalized advertising banners on the user's Pinterest account. Pinterest can also combine the information collected via the pixel with other information that Pinterest has collected about other websites and / or in connection with the use of the social network "Pinterest" and thus create pseudonymized user profiles. Under no circumstances can the information collected be used to personally identify visitors to this website.
To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future by deactivating pixel tracking in the “Cookie Consent Tool” integrated on this website.
Data collected via the pixel may be transferred to Pinterest Inc. servers in the USA. You can find more information about data protection at Pinterest Europe Limited here: https://policy.pinterest.com/de/privacy-policy

Pinterest tag conversion tracking
This website uses the conversion tracking technology “Pinterest Tag” of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”).
If you have accessed our website from a pin on Pinterest, we will place a cookie on your computer that interacts with a "tag" in the form of a JavaScript code from Pinterest. Cookies are small text files that are stored on your device. These cookies expire after 180 days and are not used for personal identification.
If the user is redirected from a pin on Pinterest to pages on this website and the cookie has not yet expired, the tag records certain user actions predefined by us and can track them (e.g. completed transactions, leads, search queries on the website, visits to product pages). When such an action is carried out, your browser sends an HTTP request from the cookie to the Pinterest server via the Pinterest tag, with which certain information about the action (including type of action, time, browser type of the end device) is transmitted.
Through this transmission, Pinterest can create statistics about the usage behavior on our website after forwarding from a Pinterest pin, which we use to optimize our offering.
If personal user data is processed, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the statistical evaluation of the success of product advertisements on Pinterest and the purchasing behavior of users and thus serves to optimize our online offering.
However, we do not receive any information that can be used to personally identify users.
If you do not wish to participate in tracking, you can object to this by deactivating the Pinterest tag conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics. Alternatively, you can use the deactivation page for consumers from the EU http://www.youronlinechoices.com/de/praferenzmanagement/
Check whether Microsoft advertising cookies are set in your browser and deactivate them.
You can find further information about Pinterest’s privacy policy at the following internet address: https://policy.pinterest.com/de/privacy-policy
To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option for making an objection described above.

17) Tools and Others

17.1 beeclever
This website uses the cookie consent tool “GDPR Legal Cookie” from beeclever GmbH, Universitätsstraße 3, D-56070 Koblenz a. Rh. (“beeclever”) to obtain effective user consent for cookies that require consent and cookie-based applications.
By integrating a corresponding JavaScript code, users are shown a banner when they visit the page in which they can give their consent for certain cookies and/or cookie-based applications by ticking the appropriate boxes. The tool blocks the setting of all cookies that require consent until the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only set on the user's respective device if consent has been given.
In order for the Cookie Consent Tool to be able to clearly assign page views to individual users and to individually record, log and save the consent settings made by the user for a session duration, certain user information (including the IP address) is collected when our website is accessed by the Cookie Consent Tool, transmitted to beeclever servers and stored there.
This data processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
A further legal basis for the data processing described is Art. 6 (1) (c) GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Further information on data usage by beeclever can be found at https://beeclever.de/pages/datenschutz

17.2 - Adobe Fonts (Typekit)
This website uses so-called web fonts provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA ("Adobe") for the uniform display of fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Adobe's servers. This may also result in personal data being transmitted to Adobe's servers in the USA. In this way, Adobe becomes aware that our website was accessed via your IP address. Adobe Fonts are used in the interest of a uniform and attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font from your computer will be used.
For more information about Adobe Fonts, please visit https://fonts.adobe.com/ and Adobe’s privacy policy: https://www.adobe.com/de/privacy.html
- Google Web Fonts
This website uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This may also result in personal data being transmitted to Google LLC's servers in the USA. In this way, Google becomes aware that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font from your computer will be used.
Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

17.3 Google reCAPTCHA

On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to distinguish whether an input has been made by a natural person or has been misused by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of our legitimate interest in determining individual responsibility on the Internet and avoiding misuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the USA.

Further information about Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option for making an objection described above.

17.4 Google Customer Reviews (formerly Google Certified Retailer Program)

We work with Google as part of the “Google Customer Reviews” program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program gives us the opportunity to obtain customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to take part in an email survey from Google. If you give your consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchasing experience on our website. The rating you submit will then be summarized with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your rating will also be used for Google Seller Ratings. Using Google Customer Reviews may also result in personal data being transferred to Google LLC servers in the USA.

You can revoke your consent at any time by sending a message to the data controller or to Google.

Further information on Google's data protection in connection with the Google Customer Reviews program can be found at the following link: https://support.google.com/merchants/answer/7188525?hl=de

For more information about Google Seller Ratings privacy, please visit this link: https://support.google.com/google-ads/answer/2375474

17.5 Google Translate

This website uses the translation service “Google Translate” provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) via an API integration. So that the translation is displayed automatically according to your choice of national language, the browser you use connects to Google’s servers. Google uses so-called “cookies”, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transferred to a Google server and stored there; this may also involve transmission to the servers of Google LLC in the USA.
If personal data is processed, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in barrier-free and universal accessibility of our website.
Further information about Google Translate and Google’s privacy policy can be found at: https://www.google.com/policies/privacy/
To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

17.6 - Zapier
This website uses the integration service provider Zapier, a service of Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA (hereinafter "Zapier"). We use Zapier to integrate different databases and web tools. Zapier is a web service that automatically links actions between different web tools and synchronizes their applications with each other so that they carry out the desired processes. Zapier automates our processing operations and ensures different workflows in order to efficiently design work processes in our processing system. The data processing described is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interests in the efficient design of our work processes.
We have concluded a data processing agreement with Zapier, which requires Zapier to protect the data of visitors to our website and not to pass it on to third parties.
For more information about Zapier’s use of data, please see the Zapier privacy policy at https://zapier.com/privacy.

17.7 Shopsync for Shopify

This website uses the Shopify app “Shopsync” from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the newsletter service “Mailchimp” is synchronized with our Shopify account in such a way that, on the one hand, updates in Mailchimp email lists (such as an opt-out by a newsletter recipient) are automatically stored on Shopify and, on the other hand, new contact data generated through contract conclusions on Shopify are automatically transferred to Mailchimp’s email lists.

In the first case, data processing takes place in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the effective and cross-system maintenance of the files of advertising recipients and the efficient observation of legally significant status changes.

In the second case, after a contract has been concluded on Shopify for inclusion in the Mailchimp list, the user's first and last name, address and email address together with transaction-related information (purchase amount, time and date of purchase) will be transferred to Mailchimp by ShopSync exclusively on the basis of an express consent from the user in accordance with Art. 6 (1) (a) GDPR.

Data transferred in this way is not stored or retained by ShopSync after syncing. All information synced between Shopify and Mailchimp is transferred using Secure Socket Layer (SSL) technology, and all transferred information remains encrypted during the sync process.

The synchronization process requires the transfer of information over a secure connection to servers hosted by Amazon Web Services in the United States.

Further data protection information about ShopSync can be found here: https://shopsync.io/privacy-policy

18) Rights of the data subject

18.1 The applicable data protection law grants you comprehensive rights as a data subject (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we will inform you below:

Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR when your data is forwarded to third countries;
Right to rectification in accordance with Art. 16 GDPR: You have the right to have inaccurate data concerning you rectified without delay and/or to have incomplete data stored by us completed;
Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons related to your particular situation, as long as it has not yet been determined whether our legitimate reasons outweigh yours;
Right to information in accordance with Art. 19 GDPR: If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the responsible party, this party is obliged to inform all recipients to whom the personal data concerning you was disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure. You have the right to be informed of these recipients.
Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller, where technically feasible;
Right to revoke consent granted in accordance with Art. 7 Para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;
Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

18.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

19) Duration of storage of personal data

The duration for which personal data is stored is determined based on the respective legal basis, the purpose of processing and – if applicable – also on the respective statutory retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of an explicit consent in accordance with Art. 6 (1) (a) GDPR, these data will be stored until the data subject revokes his or her consent.

If there are statutory retention periods for data that are processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, these data will be routinely deleted after expiry of the retention periods, provided that they are no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in continuing to store them.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.