Privacy Policy
1. Data protection at a glance
General information
The following information provides a brief overview of what happens to your personal data when you visit this website or place an order with us, e.g. via an order form. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed below this text.
Data collection by our company
Who is responsible for data collection?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information on the data controller” in this privacy policy.
How do we collect your data?
Your data is collected, on the one hand, because you provide it to us. This may include, for example, data that you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This consists primarily of technical data (e.g. internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter this website. Data relating to orders placed via order forms is collected using AI-supported text recognition.
What do we use your data for?
Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour. Where, in the course of our data processing, we disclose data to other individuals or companies, transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal authorisation, for example, where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR, you have given your consent, a legal obligation requires it, or on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Further data is used to process your orders.
What rights do you have regarding your data?
You have the right at any time to obtain information, free of charge, regarding the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority. You may contact us at any time regarding this matter or any other questions you may have about data protection.
Analytics tools and third-party tools
When you visit this website, your browsing behaviour may be statistically analysed. This is primarily done using so-called analytics tools. Detailed information on these analytics tools can be found in the following privacy policy.
2. Hosting
External hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may primarily include IP addresses, contact enquiries, meta and communication data, contractual data, contact details, names, website visits and other data generated via a website.
General information
The following information provides a brief overview of what happens to your personal data when you visit this website or place an order with us, e.g. via an order form. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed below this text.
Data collection by our company
Who is responsible for data collection?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information on the data controller” in this privacy policy.
How do we collect your data?
Your data is collected, on the one hand, because you provide it to us. This may include, for example, data that you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This consists primarily of technical data (e.g. internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter this website. Data relating to orders placed via order forms is collected using AI-supported text recognition.
What do we use your data for?
Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour. Where, in the course of our data processing, we disclose data to other individuals or companies, transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal authorisation, for example, where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR, you have given your consent, a legal obligation requires it, or on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Further data is used to process your orders.
What rights do you have regarding your data?
You have the right at any time to obtain information, free of charge, regarding the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority. You may contact us at any time regarding this matter or any other questions you may have about data protection.
Analytics tools and third-party tools
When you visit this website, your browsing behaviour may be statistically analysed. This is primarily done using so-called analytics tools. Detailed information on these analytics tools can be found in the following privacy policy.
2. Hosting
External hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may primarily include IP addresses, contact enquiries, meta and communication data, contractual data, contact details, names, website visits and other data generated via a website.
The use of the host serves the purpose of fulfilling our contractual obligations towards our prospective and existing customers (Art. 6(1)(b) GDPR) and is in the interest of securely, quickly and efficiently providing our online services through a professional provider (Art. 6(1)(f) GDPR). Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Our host will process your data only to the extent necessary to fulfil its service obligations and will follow our instructions with regard to this data.
Our host will process your data only to the extent necessary to fulfil its service obligations and will follow our instructions with regard to this data.
We use the following host:
Timme Hosting GmbH & Co. KG
Ovelgönner Weg 43
21335 Lueneburg
Data processing
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General information and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
Timme Hosting GmbH & Co. KG
Ovelgönner Weg 43
21335 Lueneburg
Data processing
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General information and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website or submit an order to us via an order form, various personal data are collected. Personal data are data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to guarantee complete protection of data against access by third parties.
Information on the controller
The controller responsible for data processing on this website and for orders via order form is:
KF Design GmbH
Nauenweg 42 e
47805 Krefeld
Telephone: +49 (0) 21 51 - 6 23 39-0
Email: service@remember.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses or similar).
Retention period
Unless a more specific retention period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.
General information on the legal basis for data processing
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed in accordance with Art. 9(1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) TDDDG. Consent may be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information on the relevant legal bases in each individual case is provided in the following sections of this privacy policy.
Data Protection Officer
We have appointed a Data Protection Officer for our company.
Proliance GmbH
Dominik Fünkner
Leopoldstr. 21
80802 Munich
Email: datenschutzbeauftragter@datenschutzexperte.de
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. Please note that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. intelligence services) may process, analyse and permanently store your data held on US servers for surveillance purposes. We have no influence over these processing activities.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.
Right to object to data collection in particular cases and to direct marketing (Art. 21 GDPR)
Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to guarantee complete protection of data against access by third parties.
Information on the controller
The controller responsible for data processing on this website and for orders via order form is:
KF Design GmbH
Nauenweg 42 e
47805 Krefeld
Telephone: +49 (0) 21 51 - 6 23 39-0
Email: service@remember.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses or similar).
Retention period
Unless a more specific retention period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.
General information on the legal basis for data processing
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed in accordance with Art. 9(1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) TDDDG. Consent may be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information on the relevant legal bases in each individual case is provided in the following sections of this privacy policy.
Data Protection Officer
We have appointed a Data Protection Officer for our company.
Proliance GmbH
Dominik Fünkner
Leopoldstr. 21
80802 Munich
Email: datenschutzbeauftragter@datenschutzexperte.de
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. Please note that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. intelligence services) may process, analyse and permanently store your data held on US servers for surveillance purposes. We have no influence over these processing activities.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.
Right to object to data collection in particular cases and to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Information for applicants
Information for applicants can be found here.
Right to lodge a complaint with the competent supervisory authority
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract, in a commonly used, machine-readable format, either for yourself or for a third party. If you request the direct transfer of the data to another controller, this will only take place to the extent technically feasible.
Access, erasure and rectification
You have the right at any time, within the framework of the applicable legal provisions, to obtain free information about your stored personal data, its origin and recipients and the purpose of the data processing and, where applicable, a right to rectification or erasure of this data. You may contact us at any time regarding this matter or any other questions on the subject of personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a Member State.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after concluding a contract subject to a charge, there is an obligation to provide us with your payment data (e.g. account number for direct debit authorisation), this data is required for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
Objection to advertising emails
The use of contact data published as part of the legal notice obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam emails.
4. Data processing using order forms
If you submit an order to us via an order form, the information contained therein is scanned by us and then automatically read out using AI-supported text recognition (OCR). The data collected in this way is imported into our system for further processing of the order. No new content is generated. The AI is used exclusively for the digitisation of the information you have provided on the order form.
The legal basis for the processing is Art. 6(1)(b) GDPR (performance of a contract).
Recipients of the data
Google Document AI
We use Google Document AI for the AI-supported text recognition (OCR) of scanned order forms. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. All processing takes place on servers in the EU (Western Europe region). The data processed as part of text recognition is not used by Google for training AI models.
Further information can be found in Google’s privacy policy at: https://policies.google.com/privacy
Data processing
We have concluded a data processing agreement with Google in the form of the Google Cloud Data Processing and Security Terms. This is a contract required under data protection law which ensures that Google processes the personal data of data subjects only in accordance with our instructions and in compliance with the GDPR.
Supabase
We use Supabase to store order data and manage the processing workflow. The provider is Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992. Storage takes place in the EU region (Frankfurt).
Further information can be found in Supabase’s privacy policy at: https://supabase.com/privacy
Data processing
We have concluded a data processing agreement (Data Processing Agreement) with Supabase. This is a contract required under data protection law which ensures that Supabase processes the personal data of data subjects only in accordance with our instructions and in compliance with the GDPR.
Vercel
We use Vercel to host the application that controls the processing workflow. The provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. The application is hosted on servers in the EU. Vercel is certified under the EU-US Data Privacy Framework, so that an adequate level of data protection is also ensured in the event of any transfer of data to the USA.
Further information can be found in Vercel’s privacy policy at: https://vercel.com/legal/privacy-policy
Data processing
We have concluded a data processing agreement (Data Processing Agreement) with Vercel. This is a contract required under data protection law which ensures that Vercel processes the personal data of data subjects only in accordance with our instructions and in compliance with the GDPR.
5. Data collection on this website
Cookies
Our websites use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to analyse user behaviour or display advertising.
Cookies that are required for carrying out the electronic communication process, for providing certain functions requested by you (e.g. for the shopping basket function) or for optimising the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Where consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent may be withdrawn at any time.
You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately within the framework of this privacy policy and, if necessary, request your consent.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These are:
Contact form
If you send us enquiries via the contact form, your details from the enquiry form including the contact data you provide there will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass this data on without your consent.
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Information for applicants
Information for applicants can be found here.
Right to lodge a complaint with the competent supervisory authority
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract, in a commonly used, machine-readable format, either for yourself or for a third party. If you request the direct transfer of the data to another controller, this will only take place to the extent technically feasible.
Access, erasure and rectification
You have the right at any time, within the framework of the applicable legal provisions, to obtain free information about your stored personal data, its origin and recipients and the purpose of the data processing and, where applicable, a right to rectification or erasure of this data. You may contact us at any time regarding this matter or any other questions on the subject of personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
- If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a Member State.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after concluding a contract subject to a charge, there is an obligation to provide us with your payment data (e.g. account number for direct debit authorisation), this data is required for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
Objection to advertising emails
The use of contact data published as part of the legal notice obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam emails.
4. Data processing using order forms
If you submit an order to us via an order form, the information contained therein is scanned by us and then automatically read out using AI-supported text recognition (OCR). The data collected in this way is imported into our system for further processing of the order. No new content is generated. The AI is used exclusively for the digitisation of the information you have provided on the order form.
The legal basis for the processing is Art. 6(1)(b) GDPR (performance of a contract).
Recipients of the data
Google Document AI
We use Google Document AI for the AI-supported text recognition (OCR) of scanned order forms. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. All processing takes place on servers in the EU (Western Europe region). The data processed as part of text recognition is not used by Google for training AI models.
Further information can be found in Google’s privacy policy at: https://policies.google.com/privacy
Data processing
We have concluded a data processing agreement with Google in the form of the Google Cloud Data Processing and Security Terms. This is a contract required under data protection law which ensures that Google processes the personal data of data subjects only in accordance with our instructions and in compliance with the GDPR.
Supabase
We use Supabase to store order data and manage the processing workflow. The provider is Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992. Storage takes place in the EU region (Frankfurt).
Further information can be found in Supabase’s privacy policy at: https://supabase.com/privacy
Data processing
We have concluded a data processing agreement (Data Processing Agreement) with Supabase. This is a contract required under data protection law which ensures that Supabase processes the personal data of data subjects only in accordance with our instructions and in compliance with the GDPR.
Vercel
We use Vercel to host the application that controls the processing workflow. The provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. The application is hosted on servers in the EU. Vercel is certified under the EU-US Data Privacy Framework, so that an adequate level of data protection is also ensured in the event of any transfer of data to the USA.
Further information can be found in Vercel’s privacy policy at: https://vercel.com/legal/privacy-policy
Data processing
We have concluded a data processing agreement (Data Processing Agreement) with Vercel. This is a contract required under data protection law which ensures that Vercel processes the personal data of data subjects only in accordance with our instructions and in compliance with the GDPR.
5. Data collection on this website
Cookies
Our websites use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to analyse user behaviour or display advertising.
Cookies that are required for carrying out the electronic communication process, for providing certain functions requested by you (e.g. for the shopping basket function) or for optimising the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Where consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent may be withdrawn at any time.
You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately within the framework of this privacy policy and, if necessary, request your consent.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of server request
- IP address
Contact form
If you send us enquiries via the contact form, your details from the enquiry form including the contact data you provide there will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass this data on without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), where this has been requested; consent may be withdrawn at any time.
The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage or the purpose for storing the data no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of handling your request. We will not pass this data on without your consent.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of handling your request. We will not pass this data on without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), where this has been requested; consent may be withdrawn at any time.
The data sent to us by you via contact enquiries will remain with us until you request its deletion, withdraw your consent to its storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Registration on this website
You can register on this website in order to use additional functions on the site. We use the data entered for this purpose only for the use of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
Registration on this website
You can register on this website in order to use additional functions on the site. We use the data entered for this purpose only for the use of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
For important changes, such as changes to the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, where applicable, for initiating further contracts (Art. 6(1)(b) GDPR).
The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
6. Direct marketing
We have a legitimate interest in using your data for marketing purposes. We collect the following data for our own marketing purposes and for the marketing purposes of third parties: surname, first name, address, year of birth. This data may also be transferred to third parties who send out the advertising on our behalf. The legal basis for the use of your data for marketing purposes is Art. 6(1)(f) GDPR.
6. Direct marketing
We have a legitimate interest in using your data for marketing purposes. We collect the following data for our own marketing purposes and for the marketing purposes of third parties: surname, first name, address, year of birth. This data may also be transferred to third parties who send out the advertising on our behalf. The legal basis for the use of your data for marketing purposes is Art. 6(1)(f) GDPR.
7. Social media
Facebook
Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and to other third countries.
Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and to other third countries.
An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website using your IP address. If you click the Facebook “Like button” while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This enables Facebook to associate your visit to this website with your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
If consent has been obtained, the use of the above-mentioned service is based on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent may be withdrawn at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in achieving the widest possible visibility on social media.
Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website under data protection law. Facebook is responsible for the data security of Facebook products. You may assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
Instagram
Functions of the Instagram service are integrated into this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Functions of the Instagram service are integrated into this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to associate your visit to this website with your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
If consent has been obtained, the use of the above-mentioned service is based on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent may be withdrawn at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in achieving the widest possible visibility on social media.
Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website under data protection law. Facebook is responsible for the data security of Facebook or Instagram products. You may assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
Further information on this can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
Pinterest
On this website we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
Further information on this can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
On this website we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
If you call up a page that contains such an element, your browser establishes a direct connection to Pinterest’s servers. This social media element transmits log data to Pinterest’s server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.
If consent has been obtained, the use of the above-mentioned service is based on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent may be withdrawn at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in achieving the widest possible visibility on social media.
Further information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in Pinterest’s privacy notices: https://policy.pinterest.com/de/privacy-policy.
8. Analytics tools and advertising
Econda
We use Econda Web Analytics. The provider is econda GmbH, Zimmerstraße 6, 76137 Karlsruhe.
8. Analytics tools and advertising
Econda
We use Econda Web Analytics. The provider is econda GmbH, Zimmerstraße 6, 76137 Karlsruhe.
Econda Web Analytics is a tool for analysing the use of our website and for continuously developing our website in the interests of user-friendliness. We also use the services of econda GmbH to display only relevant advertising to the user, i.e. advertising that corresponds to their presumed interest.
Usage data is not combined with data relating to natural persons. For example, technical information about browser equipment is recorded, but not personal information such as names, street names or similar that would allow conclusions to be drawn about a specific person. Due to the immediate anonymisation of the IP address, no personal data is collected, so that tracing back to individual persons is technically impossible.
The use of Econda Web Analytics is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool with the help of which we can integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or carry out any independent analyses. It merely serves to manage and deploy the tools integrated through it. However, Google Tag Manager does record your IP address, which may also be transmitted to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of stay, operating systems used and the origin of the user. This data is combined in a user ID and assigned to the respective device of the website visitor.
Furthermore, we can use Google Analytics to record, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the recorded data sets and uses machine-learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
The data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plug-in
You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the handling of user data by Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google Signals
We use Google Signals. When you visit our website, Google Analytics records, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.
Data processing
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics E-commerce Measurement
This website uses the “E-commerce Measurement” function of Google Analytics. With the help of E-commerce Measurement, the website operator can analyse the purchasing behaviour of website visitors in order to improve its online marketing campaigns. Information such as the orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
Hotjar
This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Google Signals
We use Google Signals. When you visit our website, Google Analytics records, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.
Data processing
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics E-commerce Measurement
This website uses the “E-commerce Measurement” function of Google Analytics. With the help of E-commerce Measurement, the website operator can analyse the purchasing behaviour of website visitors in order to improve its online marketing campaigns. Information such as the orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
Hotjar
This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool for analysing your user behaviour on this website. With Hotjar, we can, among other things, record your mouse and scroll movements and clicks. Hotjar can also determine how long you remained with the mouse pointer on a certain spot. From this information, Hotjar creates so-called heat maps, which can be used to determine which areas of the website are viewed preferentially by website visitors.
Furthermore, we can determine how long you remained on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).
In addition, direct feedback can be obtained from website visitors with Hotjar. This function serves to improve the website operator’s web offerings.
Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting).
If consent has been obtained, the use of the above-mentioned service is based exclusively on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent may be withdrawn at any time.
If no consent has been obtained, the use of this service is based on Art. 6(1)(f) GDPR; the website operator has a legitimate interest in analysing user behaviour in order to optimise both its web offering and its advertising.
Deactivating Hotjar
If you would like to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/ Please note that Hotjar must be deactivated separately for each browser or each device. Further information about Hotjar and the data collected can be found in Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy
Data processing
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Deactivating Hotjar
If you would like to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/ Please note that Hotjar must be deactivated separately for each browser or each device. Further information about Hotjar and the data collected can be found in Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy
Data processing
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As website operator, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
The data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign people who interact with our online offering to certain target groups in order subsequently to display interest-based advertising to them in the Google advertising network (remarketing or retargeting).
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign people who interact with our online offering to certain target groups in order subsequently to display interest-based advertising to them in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and browsing behaviour on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).
If you have a Google account, you can object to personalised advertising via the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.
Target group formation with customer matching
To create target groups, we use, among other things, customer matching from Google Ads Remarketing. In doing so, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers concerned are Google users and are logged into their Google account, suitable advertising messages are displayed to them within the Google network (e.g. on YouTube, Gmail or in the search engine).
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Target group formation with customer matching
To create target groups, we use, among other things, customer matching from Google Ads Remarketing. In doing so, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers concerned are Google users and are logged into their Google account, suitable advertising messages are displayed to them within the Google network (e.g. on YouTube, Gmail or in the search engine).
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our advertisements and which actions they carried out. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
Further information on Google Conversion Tracking can be found in Google’s data protection provisions: https://policies.google.com/privacy?hl=de.
Google DoubleClick
This website uses functions of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter “DoubleClick”).
Google DoubleClick
This website uses functions of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter “DoubleClick”).
DoubleClick is used to show you interest-based advertisements throughout the Google advertising network. With the help of DoubleClick, the advertisements can be targeted to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners connected with DoubleClick.
In order to be able to display interest-based advertising to users, DoubleClick must be able to recognise the respective viewer and assign to them their visited websites, clicks and other information on user behaviour. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time.
Further information on options to object to the advertisements displayed by Google can be found at the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.
Pinterest Tag
We have integrated Pinterest Tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
Pinterest Tag
We have integrated Pinterest Tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
Pinterest Tag is used to record certain actions that you perform on our website. The data can then be used to show you interest-based advertising on our website or on another page of the Pinterest Tag advertising network.
For this purpose, Pinterest Tag records, among other things, a tag ID, your location and the referrer URL. Furthermore, action-specific data such as order value, order quantity, order number, category of the purchased items and video views may be recorded.
Pinterest Tag uses technologies that enable cross-page recognition of the user for analysing user behaviour (e.g. cookies or device fingerprinting).
If consent has been obtained, the use of the above-mentioned service is based exclusively on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent may be withdrawn at any time. If no consent has been obtained, the use of this service is based on Art. 6(1)(f) GDPR; the website operator has a legitimate interest in marketing measures that are as effective as possible.
Pinterest is a globally operating company, so data may also be transferred to the USA. According to Pinterest, this data transfer is based on the EU Commission’s standard contractual clauses. Details can be found here: https://policy.pinterest.com/de/privacy-policy.
Further information on Pinterest Tag can be found here: https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.
Data processing
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
9. Newsletter
Data processing
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
9. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the stated email address and that you agree to receive the newsletter. No further data is collected or is collected only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties. The processing of the data entered into the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal.
The data stored by you with us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the framework of our legitimate interest pursuant to Art. 6(1)(f) GDPR.
Data stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.
Sending the email newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers by email for similar goods or services from our range to those already purchased. For this purpose, pursuant to Section 7(3) UWG, we do not need to obtain any separate consent from you. Data processing is carried out in this respect solely on the basis of our legitimate interest in personalised direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning. For this you will incur only transmission costs according to the basic tariffs. After receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.
10. Plugins and tools
YouTube with enhanced privacy
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the enhanced privacy mode does not necessarily exclude the transfer of data to YouTube partners. Thus YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection is established to YouTube’s servers. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts.
Where applicable, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
Google Web Fonts (local hosting)
Google Web Fonts (local hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. No connection to Google servers takes place.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
11. Orders and payment providers
Processing customer and contract data
We collect, process and use personal customer and contract data for the establishment, content arrangement and modification of our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The legal basis for this is Art. 6(1)(b) GDPR.
11. Orders and payment providers
Processing customer and contract data
We collect, process and use personal customer and contract data for the establishment, content arrangement and modification of our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The legal basis for this is Art. 6(1)(b) GDPR.
The collected customer data is deleted after completion of the order or termination of the business relationship and expiry of any statutory retention periods. Statutory retention periods remain unaffected.
Data transfer upon conclusion of contract for online shops, retailers and goods dispatch
If you order goods from us, we pass on your personal data to the transport company entrusted with delivery and to the payment service provider commissioned with payment processing. Only such data is disclosed as the respective service provider requires for fulfilment of its task. The legal basis for this is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given corresponding consent pursuant to Art. 6(1)(a) GDPR, we will hand over your email address to the transport company entrusted with delivery so that it can inform you by email about the dispatch status of your order; you may withdraw the consent at any time.
Credit checks
In the case of a purchase on account or another payment method in which we make advance performance, we may carry out a credit check procedure (scoring). For this purpose, we transmit the data you have entered (e.g. name, address, age or bank data) to a credit agency. On the basis of this data, the probability of a payment default is determined. In the event of an excessive risk of payment default, we may refuse the respective payment method.
Data transfer upon conclusion of contract for online shops, retailers and goods dispatch
If you order goods from us, we pass on your personal data to the transport company entrusted with delivery and to the payment service provider commissioned with payment processing. Only such data is disclosed as the respective service provider requires for fulfilment of its task. The legal basis for this is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given corresponding consent pursuant to Art. 6(1)(a) GDPR, we will hand over your email address to the transport company entrusted with delivery so that it can inform you by email about the dispatch status of your order; you may withdraw the consent at any time.
Credit checks
In the case of a purchase on account or another payment method in which we make advance performance, we may carry out a credit check procedure (scoring). For this purpose, we transmit the data you have entered (e.g. name, address, age or bank data) to a credit agency. On the basis of this data, the probability of a payment default is determined. In the event of an excessive risk of payment default, we may refuse the respective payment method.
The credit check is carried out on the basis of contract fulfilment (Art. 6(1)(b) GDPR) as well as to avoid payment defaults (legitimate interest pursuant to Art. 6(1)(f) GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6(1)(a) GDPR); consent may be withdrawn at any time.
Payment services
Paypal Checkout This website uses PayPal Checkout, an online payment system from PayPal, which is composed of PayPal’s own payment methods and local payment methods from third-party providers. When paying via PayPal, credit card via PayPal, direct debit via PayPal or – where offered – “Pay Later” via PayPal, we pass on your payment data within the scope of payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The disclosure is made pursuant to Art. 6(1)(b) GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right, for the payment methods credit card via PayPal, direct debit via PayPal or – where offered - “Pay Later” via PayPal – to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6(1)(f) GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data. You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing. If the PayPal payment method “Purchase on Account” is available and selected, your payment data will first be transmitted to PayPal to prepare the payment, whereupon PayPal forwards it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay"). The legal basis in each case is Art. 6(1)(b) GDPR. In this case RatePay carries out an identity and credit check in its own name to determine your ability to pay in accordance with the principle already stated above and passes your payment data on to credit agencies on the basis of the legitimate interest in determining your ability to pay pursuant to Art. 6(1)(f) GDPR. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/ If you use the payment method of a local third-party provider, your payment data is first passed on to PayPal pursuant to Art. 6(1)(b) GDPR to prepare the payment. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the corresponding provider for carrying out the payment pursuant to Art. 6(1)(b) GDPR: - Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) - Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) - iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands) - bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium) - blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland) - eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2 1200 Vienna, Austria) - MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France) - Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland) Further data protection information can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full - Ratepay On this website, one or more online payment methods of the following provider are available: Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin, Germany If you select a payment method of the provider in which you make advance performance (for example credit card payment), your payment data communicated during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information on the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. The transfer of your data in this case takes place exclusively for the purpose of payment processing with the provider and only insofar as it is necessary for this. If you select a payment method in which the provider makes advance performance (for example invoice purchase or instalment purchase or direct debit), you will also be requested during the ordering process to provide certain personal data (first and last name, street, house number, postcode, city, date of birth, email address, telephone number, and, where applicable, data on an alternative payment method). In order to safeguard our legitimate interest in determining the creditworthiness of our customers, we forward this data to the provider pursuant to Art. 6(1)(f) GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you have provided as well as further data (such as shopping basket, invoice amount, order history, payment experience), whether the payment option selected by you can be granted with regard to payment and/or bad debt risks. For the decision within the framework of the application review, in addition to provider-internal criteria pursuant to Art. 6(1)(f) GDPR, identity and creditworthiness information from the following credit agencies may also be included: cf. here https://www.ratepay.com/legal-payment-creditagencies/ The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data. You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
Payment services
Paypal Checkout This website uses PayPal Checkout, an online payment system from PayPal, which is composed of PayPal’s own payment methods and local payment methods from third-party providers. When paying via PayPal, credit card via PayPal, direct debit via PayPal or – where offered – “Pay Later” via PayPal, we pass on your payment data within the scope of payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The disclosure is made pursuant to Art. 6(1)(b) GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right, for the payment methods credit card via PayPal, direct debit via PayPal or – where offered - “Pay Later” via PayPal – to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6(1)(f) GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data. You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing. If the PayPal payment method “Purchase on Account” is available and selected, your payment data will first be transmitted to PayPal to prepare the payment, whereupon PayPal forwards it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay"). The legal basis in each case is Art. 6(1)(b) GDPR. In this case RatePay carries out an identity and credit check in its own name to determine your ability to pay in accordance with the principle already stated above and passes your payment data on to credit agencies on the basis of the legitimate interest in determining your ability to pay pursuant to Art. 6(1)(f) GDPR. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/ If you use the payment method of a local third-party provider, your payment data is first passed on to PayPal pursuant to Art. 6(1)(b) GDPR to prepare the payment. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the corresponding provider for carrying out the payment pursuant to Art. 6(1)(b) GDPR: - Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) - Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) - iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands) - bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium) - blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland) - eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2 1200 Vienna, Austria) - MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France) - Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland) Further data protection information can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full - Ratepay On this website, one or more online payment methods of the following provider are available: Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin, Germany If you select a payment method of the provider in which you make advance performance (for example credit card payment), your payment data communicated during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information on the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. The transfer of your data in this case takes place exclusively for the purpose of payment processing with the provider and only insofar as it is necessary for this. If you select a payment method in which the provider makes advance performance (for example invoice purchase or instalment purchase or direct debit), you will also be requested during the ordering process to provide certain personal data (first and last name, street, house number, postcode, city, date of birth, email address, telephone number, and, where applicable, data on an alternative payment method). In order to safeguard our legitimate interest in determining the creditworthiness of our customers, we forward this data to the provider pursuant to Art. 6(1)(f) GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you have provided as well as further data (such as shopping basket, invoice amount, order history, payment experience), whether the payment option selected by you can be granted with regard to payment and/or bad debt risks. For the decision within the framework of the application review, in addition to provider-internal criteria pursuant to Art. 6(1)(f) GDPR, identity and creditworthiness information from the following credit agencies may also be included: cf. here https://www.ratepay.com/legal-payment-creditagencies/ The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data. You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
12. Shopware Analytics
Purpose of processing:
Together with our shop software service provider, under joint responsibility, we evaluate certain information from our customer base (e.g. customer group, visited pages, click paths, date and time of the visit, information about the device used (resolution, pixel density, operating system), referrer URL, information about the browser used, locale, search queries and the time zone). This information is prepared by an external service provider and transmitted to us in near real time so that we can monitor the use of our website and improve our offers.
Legal basis:
Art. 6(1)(f) GDPR
Data categories:
Derivations from master and contact data (the customer group, no individual customer data), usage data, connection data
Recipients of the data:
shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller), IT service providers
The essence of joint responsibility:
Joint responsibility exists between us and shopware AG; the data is collected on our shop and then transferred to servers of Shopware or its service providers; with the exception of obtaining your consent for the use of cookies or comparable technologies and the fulfilment of these information obligations, all obligations, in particular the implementation of data subject rights, are incumbent on shopware AG, which can be reached at legal@shopware.com. You may also assert your data subject rights with us; we will then forward your request accordingly to shopware AG. shopware AG can derive behavioural patterns on our store from the collected data, but cannot assign this data to you as a person.
Intended transfer to third countries:
None
Do we store personal data on your device or read such data from it on the basis of your consent?
Yes, see Consent Management for details.
13. World of REMEMBER loyalty programme
For the operation of our World of REMEMBER loyalty programme, we use the service provider Yotpo Ltd. (www.yotpo.com).
For the implementation of the programme – in particular for the crediting and management of points, for the calculation of your membership level and for the provision of your personal referral link – we transmit the following personal data to Yotpo:
- First and last name
- Email address
- Order data (order value excluding shipping costs, order date, order number)
- Date of birth (if voluntarily stored by you in the customer account)
- IP address (when using the loyalty programme area)
Yotpo processes this data in order to maintain the following programme-related information: points balance, points history, membership level, participation status and your personal referral link.
The legal basis for processing is the performance of the contractual relationship (participation in the loyalty programme) pursuant to Art. 6(1)(b) GDPR as well as our legitimate interest in operating a technically reliable customer loyalty programme pursuant to Art. 6(1)(f) GDPR.
Yotpo is contractually bound as a processor pursuant to Art. 28 GDPR and may process your data exclusively for the provision of the agreed services. As Yotpo processes data outside the European Economic Area, the transfer takes place on the basis of the EU Commission’s standard contractual clauses pursuant to Art. 46(2)(c) GDPR (EU SCCs, Commission Implementing Decision 2021/914).
Yotpo’s privacy policy can be found at:
https://www.yotpo.com/privacy-policy/
The Data Processing Addendum (DPA) can be found at:
https://www.yotpo.com/data-processing-addendum/
Further information on data processing within the framework of the loyalty programme can be found in the programme terms and conditions.