1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is HISTORIA GmbH, Berta-Ottenstein-Str. 19, 79106 Freiburg, Germany, Tel.: +49-(0)761-79 02 79 00, e-mail: [email protected]. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer, who can be reached as follows: "Martin Behrens, Eugen-Martin-Straße 4, 79106 Freiburg, 07641/4 52 45 45, [email protected]"

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect those data that your browser transmits to the server of the site (so-called „server log files“). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

• The website visited on our domain
• Date and time at the moment of access
• Amount of data sent in bytes
• Source/referrer from which you reached the site
• Browser used
• Operating system used
• IP address used (where applicable: in anonymized form)

Processing takes place pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or otherwise used. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to us), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string „https://“ and the lock symbol in your browser’s address bar.

3) Hosting & Content-Delivery Network

3.1 Amazon Web Services

For hosting our website and displaying the site content, we use the system of the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA

All data collected on our website are processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

3.2 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after you close the browser (so-called „session cookies“), while others remain on your device for longer and allow us to save your page settings (so-called „persistent cookies“). In the latter case, you can see the storage duration in the cookie settings overview of your web browser.

If personal data are also processed by individual cookies we use, the processing takes place pursuant to Art. 6 para. 1 lit. b GDPR either for the performance of a contract, pursuant to Art. 6 para. 1 lit. a GDPR if consent has been given, or pursuant to Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contacting Us

5.1 Userlike

This website uses a live chat system from the following provider: Userlike UG (limited liability), Deisterweg 7, 51109 Cologne, Germany

The processing of personal data transmitted via the chat is carried out either pursuant to Art. 6 para. 1 lit. b GDPR because it is necessary for contract initiation or execution, or pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in effectively supporting our site visitors. The data you transmit in this way will be deleted, subject to statutory retention periods, once the matter concerned has been conclusively clarified.

Additionally, for the purpose of creating pseudonymized usage profiles, further information may be collected and evaluated with the help of cookies, which, however, do not serve to personally identify you and are not combined with other data sets. If this information is personal, processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented by appropriate browser settings. However, the functionality of our website may be restricted in this case. You may object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with effect for the future.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

5.2 When contacting us (e.g. via contact form or e-mail), personal data are processed – exclusively for the purpose of processing and responding to your request and only to the extent necessary for this –.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted once it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided there are no statutory retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

Pursuant to Art. 6 para. 1 lit. b GDPR, personal data are collected and processed to the extent necessary if you provide them to us when opening a customer account. Which data are required for opening the account can be found in the input mask of the corresponding form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention obligations to the contrary, and there is no legitimate interest on our part in continuing to store the data.

7) Use of Customer Data for Direct Advertising

7.1 Subscription to Our E-Mail Newsletter

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your e-mail address. Providing further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive a newsletter once you have expressly confirmed your consent to receiving newsletters by clicking on a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6 para. 1 lit. a GDPR. In doing so, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, which is permitted by law and about which we inform you in this policy.

7.2 Sending the E-Mail Newsletter to Existing Customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by e-mail. For this purpose, we do not need to obtain separate consent from you pursuant to § 7 para. 3 UWG. Data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6 para. 1 lit. f GDPR. If you have initially objected to the use of your e-mail address for this purpose, no e-mail will be sent by us.

You are entitled to object to the use of your e-mail address for the above-mentioned advertising purpose at any time with effect for the future by notifying the controller mentioned at the beginning. You will only incur transmission costs according to the basic rates. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.

7.3 SALESmanago

The sending of our e-mail newsletters is carried out via this provider: BENHAUER Sp. z o.o., Stanisława Klimeckiego 4, 30-705 Krakow, Poland

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we forward the data you provided when registering for the newsletter to this provider pursuant to Art. 6 para. 1 lit. f GDPR so that they can handle newsletter delivery on our behalf.

Subject to your express consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also carries out statistical success evaluations of newsletter campaigns by means of web beacons or tracking pixels in the e-mails sent, which can measure opening rates and specific interactions with the contents of the newsletter. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and analyzed, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits disclosure to third parties.

7.4 Cart Reminders by E-Mail

If you abandon your purchase with us before completing the order, you have the option of being reminded once by e-mail of the contents of your virtual shopping cart.

The only mandatory information required to send this reminder is your e-mail address. Providing further data is voluntary and may be used to address you personally. For sending the e-mail, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have expressly confirmed your consent to receive it by clicking on a verification link sent to the specified e-mail address.

By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6 para. 1 lit. a GDPR for sending a shopping cart reminder. In doing so, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later date. The data collected by us when registering for our e-mail notification service are used strictly for the intended purpose.

You can unsubscribe from cart reminders at any time by sending a message to the controller mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our dedicated distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, which is permitted by law and about which we inform you in this policy.

7.5 Advertising by Postal Mail
On the basis of our legitimate interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address and – if we have received these additional details from you in the course of the contractual relationship – your title, academic degree, year of birth and your professional, industry or business designation pursuant to Art. 6 para. 1 lit. f GDPR and to use them for sending you interesting offers and information about our products by postal mail.
You can object to the storage and use of your data for this purpose at any time.

8) Data Processing for Order Handling

8.1 Transmission of Image Files for Order Processing by E-Mail

On our website, we offer you the option to order product personalization by transmitting image files via e-mail. The submitted image motif will then be used as a template for the personalization of the selected product.

Via the e-mail address provided on the website, you can transmit one or more image files from the memory of the device you are using. We will collect, store and use the files transmitted in this way exclusively for producing the personalized product in accordance with the service description on our website. If the transmitted image files are forwarded to specific service providers for the production and handling of the order, you will be explicitly informed about this in the following paragraphs. No further disclosure will take place. If the transmitted files or digital motifs contain personal data (in particular images of identifiable persons), all of the processing operations mentioned will be carried out exclusively for the purpose of handling your online order pursuant to Art. 6 para. 1 lit. b GDPR.

After final processing of the order, the transmitted image files will be automatically and completely deleted.

8.2 Insofar as necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution pursuant to Art. 6 para. 1 lit. b GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we will process the contact data you provided during the order (name, address, e-mail address) in order to personally inform you within our statutory information obligations pursuant to Art. 6 para. 1 lit. c GDPR, via an appropriate means of communication (e.g. postal mail or e-mail), about upcoming updates within the legally prescribed period. Your contact data will be used strictly for communications regarding updates owed by us and will only be processed by us to the extent necessary for the respective information.

In order to process your order, we also work with the following service provider(s) who support us in whole or in part in the performance of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.3 In the case of ordering age-restricted goods, we ensure, in accordance with applicable youth protection laws, that you have reached the legally required minimum age for the goods concerned. For this purpose, we use an age verification procedure to ensure your personal identification (age check) and, if necessary, authentication. For this purpose, we use the Ident-Check service of DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, and the GO! Express-Ident service of GO! Express & Logistics (Deutschland) GmbH, Brühler Straße 9, 53119 Bonn.

For the purpose of verifying the required minimum age, some of your personal data will be transmitted to the above-mentioned service provider. This data processing takes place pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our overriding legitimate interests in ensuring a legally compliant offer under youth protection law and, furthermore, in safeguarding compliance with the statutory provisions on youth protection.

8.4 To fulfill our contractual obligations to you, we work with external shipping partners. We pass on your name as well as your delivery address and, if necessary, your telephone number, exclusively for the purpose of delivering goods pursuant to Art. 6 para. 1 lit. b GDPR, to a shipping partner selected by us.

8.5 Disclosure of Personal Data to Shipping Service Providers

- DHL

We use the following provider as a transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We pass on your e-mail address and/or telephone number pursuant to Art. 6 para. 1 lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or delivery notification to the provider, provided you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for delivery purposes pursuant to Art. 6 para. 1 lit. b GDPR. The transfer will only take place to the extent that it is necessary for the delivery of goods. In this case, it will not be possible to coordinate the delivery date in advance with the provider or to receive a delivery notification.

Consent may be revoked at any time with effect for the future either from the controller named above or from the provider.
- Post CH

We use the following provider as a transport service provider: Post CH (Swiss Post Ltd, Switzerland, Wankdorfallee 4, 3030 Bern)

We pass on your e-mail address and/or telephone number prior to delivery of the goods for the purpose of coordinating a delivery date or delivery notification to the provider, provided you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for delivery purposes. The transfer will only take place to the extent that it is necessary for the delivery of goods. In this case, it will not be possible to coordinate the delivery date in advance with the provider or to receive a delivery notification. Consent may be revoked at any time with effect for the future either from the controller named above or from the provider.

For data transfers to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
- UPS

We use the following provider as a transport service provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany

We pass on your e-mail address and/or telephone number pursuant to Art. 6 para. 1 lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or delivery notification to the provider, provided you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for delivery purposes pursuant to Art. 6 para. 1 lit. b GDPR. The transfer will only take place to the extent that it is necessary for the delivery of goods. In this case, it will not be possible to coordinate the delivery date in advance with the provider or to receive a delivery notification.

Consent may be revoked at any time with effect for the future either from the controller named above or from the provider.

8.6 Use of payment service providers

- Apple Pay

If you choose the payment method “Apple Pay” offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” feature of your iOS, watchOS or macOS device by charging a payment card stored in Apple Pay. Apple Pay uses security features integrated in the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify via the “Face ID” or “Touch ID” function of your device.

For the purpose of processing the payment, the information you provided during the ordering process, together with the information about your order, is transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before forwarding the data to the payment service provider associated with the payment card stored in Apple Pay. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is completed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website as confirmation of successful payment.

If personal data are processed during the described transmissions, the processing is done solely for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.

If you use Apple Pay on the iPhone or Apple Watch to complete a purchase you initiated via Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a form that can identify you. You can disable the use of Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and turn off “Allow Payments on Mac.”

For further privacy information on Apple Pay, see the following web address: https://support.apple.com/de-de/HT203027

- BLIK

On this website, one or more online payment methods from the following provider are available: Polski Standard Płatności Sp. z o.o., Czerniakowska 87a, 00-718 Warsaw, Poland.

To process your payment, the payment data you provide during the order process (including name, address, bank and card information, currency and transaction number) as well as information about the contents of your order are forwarded to us in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.
- EPS bank transfer

On this website, one or more online payment methods from the following provider are available: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria.

If you select a payment method from the provider for which you pay in advance (e.g. credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency and transaction number) as well as information about your order will be forwarded to that provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.

- Google Pay

If you choose the payment method “Google Pay” by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment is processed via the “Google Pay” app on your mobile device (running at least Android 4.4 “KitKat” and equipped with NFC) by charging a payment card stored in Google Pay or another payment system verified there (e.g. PayPal). To authorize a Google Pay payment above € 25, unlocking your mobile device with the configured verification method (e.g. facial recognition, password, fingerprint or pattern) is required.

For the purpose of processing the payment, the information you provided during the order process, together with the information about your order, is forwarded to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which is used to verify that the payment was made. This transaction number contains no information about the real payment data of your payment instruments stored in Google Pay, but is generated and transmitted as a one-time numeric token. In all transactions via Google Pay, Google acts only as an intermediary in the processing of the payment. The transaction itself is carried out exclusively in the relationship between you and the originating website by charging the payment instrument stored in Google Pay.

If personal data are processed during the described transmissions, the processing is done solely for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.

Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. These include the date, time and amount of the transaction, merchant location and description, a merchant-provided description of the goods or services purchased, photos you attached to the transaction, the names and email addresses of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and any offer associated with the transaction.

According to Google, this processing is done solely in accordance with Art. 6(1)(f) GDPR on the basis of legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information collected and stored by Google through your use of other Google services.

You can find the Google Pay terms and conditions here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

For further privacy information on Google Pay, see the following web address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- iDeal

On this website, one or more online payment methods from the following provider are available: Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands.

If you select a payment method from the provider for which you pay in advance (e.g. credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency and transaction number) as well as information about your order will be forwarded to that provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.

- Klarna

On this website, one or more online payment methods from the following provider are available: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If you select a payment method from the provider for which you pay in advance (e.g. credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency and transaction number) as well as information about your order will be forwarded to that provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.

If you choose a payment method where the provider pays in advance (e.g. invoice or installment purchase or direct debit), you will be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data on an alternative payment method).

To safeguard our legitimate interest in determining the creditworthiness of our customers, we forward this data to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data you provided and further data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment method you selected can be granted with regard to payment and/or default risk.

In the decision process during the application review, internal provider criteria in accordance with Art. 6(1)(f) GDPR as well as identity and credit information from the following credit agencies may be used:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may include probability values (so-called score values). If score values flow into the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things (but not exclusively), address data.

You may object to this processing of your data at any time by notifying us or the provider. However, the provider may still be entitled to continue processing your personal data if it is necessary for proper payment processing under the contract.

- Mollie

On this website, one or more online payment methods from the following provider are available: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands.

If you select a payment method from the provider for which you pay in advance (e.g. credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency and transaction number) as well as information about your order will be forwarded to that provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.

- PayPal

On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method from the provider for which you pay in advance, the payment data you provide during the ordering process (including name, address, bank and card information, currency and transaction number) as well as information about your order will be forwarded to that provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.

If you choose a payment method for which we pay in advance, you will also be asked in the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data on an alternative payment method).

In such cases, to preserve our legitimate interest in assessing your creditworthiness, we forward this data to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you provided and other data (such as shopping cart, invoice amount, order history, payment experience), whether the payment method you selected can be granted with regard to payment and/or default risk.

The credit report may include probability values (so-called score values). If score values flow into the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things (but not exclusively), address data.

You may object to this processing of your data at any time by notifying PayPal. However, PayPal may still be entitled to continue processing your personal data if this is necessary for proper payment processing under the contract.

- PayPal Checkout

This website uses PayPal Checkout, an online payment system from PayPal comprised of PayPal’s own payment methods and local payment methods of third-party providers.

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later” via PayPal, we forward your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) for payment processing. The transfer is made in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.

For credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later” via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be forwarded to credit agencies in accordance with Art. 6(1)(f) GDPR on the basis of PayPal’s legitimate interest in assessing your creditworthiness. The result of the credit check in terms of the statistical default probability is used by PayPal to decide whether to provide the respective payment method. The credit check may include probability values (so-called score values). If score values flow into the result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things (but not exclusively), address data. You may object to this processing of your data at any time by notifying PayPal. However, PayPal may still be entitled to continue processing your personal data if this is necessary for proper payment processing under the contract.

If the PayPal “Purchase on Invoice” payment method is available and selected, your payment data will first be transmitted to PayPal for payment preparation, after which PayPal transfers them to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to carry out the payment. The legal basis is in each case Art. 6(1)(b) GDPR. In this case, Ratepay carries out an identity and credit check in its own name to determine creditworthiness in accordance with the principles described above, and forwards your payment data to credit agencies on the basis of its legitimate interest in assessing creditworthiness pursuant to Art. 6(1)(f) GDPR. A list of the credit agencies that Ratepay may refer to can be found here: https://www.ratepay.com/legal-payment-creditagencies/

When using a payment method of a local third-party provider, your payment data is initially transmitted to PayPal for payment preparation in accordance with Art. 6(1)(b) GDPR. Depending on your choice of a local payment method, PayPal then forwards your payment data for completion of the payment in accordance with Art. 6(1)(b) GDPR to the respective provider:

• Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
• Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
• iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
• bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
• blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
• eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
• MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
• Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further data protection information, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

- Sofortüberweisung (Instant bank transfer)

On this website, one or more online payment methods from the following provider are available: Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden.

If you select a payment method from the provider for which you pay in advance (e.g. credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency and transaction number) as well as information about your order will be forwarded to that provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.

- TWINT

On this website, one or more online payment methods from the following provider are available: TWINT AG, Stauffacherstrasse 31, CH-8004 Zurich, Switzerland.

If you select a payment method from the provider for which you pay in advance (e.g. credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency and transaction number) as well as information about your order will be forwarded to that provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is done solely for the purpose of payment processing with the provider and only to the extent necessary.

When data are transmitted to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

9) Online Marketing

9.1 SALESmanago

This website uses the software-based marketing service of the following provider to deliver and synchronize various customer management services: BENHAUER Sp. z o.o., Stanisława Klimeckiego 4, 30-705 Krakow, Poland.

The service enables the automated processing of feed activities, the control of advertising in the marketing channels used, and the performance analysis of marketing measures, as well as central email marketing and contact management.

To fulfill these various functions, cookies are used—small text files that are stored locally in your web browser’s cache on your device and allow us to analyze how you use the website. The cookies collect certain information, such as the IP address, location, and the time of the page view.

All of the above processing activities, in particular the setting of cookies to read information on the device you use, will only be carried out if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the “cookie consent tool” provided on the website.

Other legal bases for data processing that apply in the context of specific service functions (such as the requirement of explicit consent under Art. 6(1)(a) GDPR for sending newsletters) remain unaffected.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

9.2 AWIN Performance Advertising Network

We participate in the affiliate program of the following provider: AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany.

In this context, we have placed links on our website that lead to offers on the provider’s or third parties’ websites (“partner sites”).

To measure the success of an affiliate link, to evaluate orders generated via such a link, and to properly account for commission payments, the provider uses cookies and/or similar technologies that are generally set on the partner sites and for which we are not responsible under data protection law. In doing so, the provider regularly also processes the IP address and, where applicable, additional device information.

All of the above processing activities, in particular the reading or storage of information on the device you use, will only occur if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by using the cookie consent management options on the partner sites.

9.3 belboon

We participate in the affiliate program of the following provider: belboon GmbH, Weinmeisterstr. 12-14, 10178 Berlin, Germany.

In this context, we have placed links on our website that lead to offers on the provider’s or third parties’ websites (“partner sites”).

To measure the success of an affiliate link, to evaluate orders generated via such a link, and to properly account for commission payments, the provider uses cookies and/or similar technologies that are generally set on the partner sites and for which we are not responsible under data protection law. In doing so, the provider regularly also processes the IP address and, where applicable, additional device information.

All of the above processing activities, in particular the reading or storage of information on the device you use, will only occur if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by using the cookie consent management options on the partner sites.

9.4 Daisycon

We participate in the affiliate program of the following provider: Daisycon B.V., P.J. Oudweg 5, 1314 CH Almere, Netherlands.

In this context, we have placed links on our website that lead to offers on the provider’s or third parties’ websites (“partner sites”).

To measure the success of an affiliate link, to evaluate orders generated via such a link, and to properly account for commission payments, the provider uses cookies and/or similar technologies that are generally set on the partner sites and for which we are not responsible under data protection law. In doing so, the provider regularly also processes the IP address and, where applicable, additional device information.

All of the above processing activities, in particular the reading or storage of information on the device you use, will only occur if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by using the cookie consent management options on the partner sites.

10) Web Analytics Services

10.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

As a rule, when visiting the website, Google Analytics 4 sets cookies that are stored as small text blocks on your device and collect certain information. This information also includes your IP address, which, however, is shortened by Google by the last digits in order to exclude a direct personal reference.

The information is transmitted to Google’s servers and further processed there. This may also involve transmission to Google LLC based in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide other services relating to website usage and internet usage. The IP address transmitted by your browser within the scope of Google Analytics and shortened will not be merged with other Google data. The data collected in the course of using Google Analytics 4 are stored for two months and then deleted.

All processing described above, in particular the placement of cookies on the device used, will only take place if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with Google that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google Analytics 4 uses the special “demographic characteristics” function and can thereby create statistics that provide information on the age, gender and interests of site visitors. This is done through the analysis of advertising and information from third parties. This makes it possible to identify target groups for marketing activities. However, the collected data cannot be assigned to a specific person and will be deleted after a storage period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have activated personalized advertising and linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics pursuant to Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can deactivate the “Personalized Advertising” function in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de. Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you have consented to the use of Google Analytics 4 pursuant to Art. 6 para. 1 lit. a GDPR, created an account on this website and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

10.2 Google Tag Manager

This website uses “Google Tag Manager”, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and calibrating, controlling and linking them to conditions via a unified user interface. Google Tag Manager itself does not store or read information on user devices. Nor does the service carry out any independent data analyses. However, when the page is accessed, your IP address is transmitted to Google via Google Tag Manager and may be stored there. Transmission to Google LLC servers in the USA is also possible.

This processing will only be carried out if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. Without such consent, Google Tag Manager will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

Further legal information on Google Tag Manager can be found at https://policies.google.com/privacy?hl=de&gl=de.

10.3 Microsoft Clarity

This website uses the web analytics service of the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information on the device used such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heatmaps), which show the duration of page visits as well as interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymization generally excludes a direct personal reference. A merging with clear data collected in other ways about you does not take place.

All processing described above, in particular reading from or storing information on the device you use, will only be carried out if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

10.4 New Relic

This website uses the web analytics service of the following provider: New Relic, Inc., 188 Spear St, San Francisco, CA 94105, USA

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information on the device used such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heatmaps), which show the duration of page visits as well as interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymization generally excludes a direct personal reference. A merging with clear data collected in other ways about you does not take place.

All processing described above, in particular reading from or storing information on your device, will only be carried out if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

11) Retargeting/Remarketing and Conversion Tracking

11.1 Meta Pixel

Within our online offering, we use the "Meta Pixel" service of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta").

If you click on an advertisement we place on Facebook and/or Instagram, the URL of our linked page will be extended by a parameter using "Meta Pixel." This URL parameter is then entered into the user’s browser via a cookie set by our linked page itself after redirection.

This enables Meta, on the one hand, to determine the visitors of our online offering as a target group for the display of ads ("Ads"). Accordingly, we use the service to display the Facebook and/or Instagram Ads placed by us only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in specific topics or products determined by the websites visited), which we transmit to Meta ("Custom Audiences").

On the other hand, "Meta Pixel" can be used to track whether users were redirected to our website after clicking on an ad and what actions they take there ("conversion tracking").

The collected data are anonymous to us and therefore do not provide us with any conclusions about the identity of users. However, Meta stores and processes the data so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.

All processing described above, in particular the placement of cookies for reading information on the device used, will only take place if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is generally transmitted to a Meta server and stored there; in this context, transmission to servers of Meta Platforms Inc. in the USA may also take place.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

11.2 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in your browser, which automatically enables interest-based advertising using a pseudonymous cookie ID and on the basis of the pages you visit. Further data processing will only take place if you have agreed with Google that your internet and app browsing history will be linked by Google to your Google account and information from your Google account will be used to personalize ads you view on the web. If you are logged in to Google during your visit to our website in this case, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data are temporarily linked with Google Analytics data by Google to form target groups. In the context of the use of Google Ads Remarketing, it is also possible that personal data are transmitted to Google LLC servers in the USA.

All processing described above, in particular the placement of cookies for reading information on the device used, will only take place if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. Without such consent, the use of retargeting technology will not take place during your visit to the site.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

Details of the processing initiated by Google and Google’s handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11.3 Microsoft Advertising

This website uses retargeting technology from the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

This enables us to specifically target visitors to our website with personalized, interest-based advertising who have already shown an interest in our shop and our products. The display of the advertising materials is based on a cookie-based analysis of past and current usage behavior, but no personal data are stored. In the cases of retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymized data about your interests and thus to adapt the advertising individually to the stored information. These cookies are small text files that are stored on your computer or mobile device. You will then be shown advertising that is highly likely to correspond to your product and information interests.

All processing described above, in particular the placement of cookies for reading information on the device used, will only take place if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. Without such consent, the use of retargeting technology will not take place during your visit to the site.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

11.4 Microsoft Advertising Universal Event Tracking

This website uses conversion tracking technology from the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

For the use of Universal Event Tracking, a tag is implemented on each page of our website that interacts with the conversion cookie set by Microsoft. This interaction makes your user behavior on our website traceable and transmits the information collected in this way to Microsoft. This serves the purpose of statistically recording and evaluating certain predefined goals such as purchases or leads, in order to tailor the direction and content of our offerings more closely to users’ interests. The tags are not used at any time for the personal identification of users.

All processing described above, in particular the setting of cookies for reading information on the end device used, is carried out only if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. Without this consent, no retargeting technology is used during your visit to the website.

You can withdraw your consent at any time with effect for the future. To exercise your withdrawal, please disable this service in the “cookie consent tool” provided on the website.

For data transfers to the USA, the provider has joined the EU–US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

12) Site Functionalities

12.1 Facebook Plugins

Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using the so-called “2-click” or “Shariff” solution.

This integration ensures that when you call up a page of our website that contains such plugins, no connection is yet established with the provider’s servers.

Only when you activate the plugins and thereby give your consent to data transmission pursuant to Art. 6 para. 1 lit. a GDPR does your browser establish a direct connection to the provider’s servers. In this case, regardless of a login into an existing user profile, certain information about your device (including your IP address), your browser and your page history will be transmitted to the provider and may be further processed there.

If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts. You can revoke your consent at any time by deactivating the activated plugin again by clicking it once more. However, the revocation does not affect the data already transmitted to the provider.

Data may also be transmitted to: Meta Platforms Inc., USA.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

12.2 Instagram Plugins

Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using the so-called “2-click” or “Shariff” solution.

This integration ensures that when you call up a page of our website that contains such plugins, no connection is yet established with the provider’s servers.

Only when you activate the plugins and thereby give your consent to data transmission pursuant to Art. 6 para. 1 lit. a GDPR does your browser establish a direct connection to the provider’s servers. In this case, regardless of a login into an existing user profile, certain information about your device (including your IP address), your browser and your page history will be transmitted to the provider and may be further processed there.
If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin again by clicking it once more. However, the revocation does not affect the data already transmitted to the provider.

Data may also be transmitted to: Meta Platforms Inc., USA.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

12.3 Pinterest Plugins

Plugins of the social network of the following provider are used on our website: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using the so-called “2-click” or “Shariff” solution.

This integration ensures that when you call up a page of our website that contains such plugins, no connection is yet established with the provider’s servers.

Only when you activate the plugins and thereby give your consent to data transmission pursuant to Art. 6 para. 1 lit. a GDPR does your browser establish a direct connection to the provider’s servers. In this case, regardless of a login into an existing user profile, certain information about your device (including your IP address), your browser and your page history will be transmitted to the provider and may be further processed there.

If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts. You can revoke your consent at any time by deactivating the activated plugin again by clicking it once more. However, the revocation does not affect the data already transmitted to the provider.

Data may also be transmitted to: Pinterest Inc., USA.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider relies on the European Commission’s standard contractual clauses, which are intended to ensure compliance with the European level of data protection.

12.4 YouTube

This website uses plugins for displaying and playing videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. Certain information, including your IP address, is transmitted to the provider.

If playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, compile playback statistics, and prevent abusive behavior.

If you are logged into a user account with the provider during your site visit, your data will be directly assigned to your account when you click on a video. If you do not want this assignment to your account, you must log out before activating the playback button.

All processing mentioned above, in particular the use of cookies to read information on the device you are using, will only take place if you have given us your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

12.5 Trusted Shops Trustbadge

Graphic elements of the following provider are integrated on our website to display external customer reviews and/or an externally awarded trustmark: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany.

When you visit a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider’s servers in order to load the elements correctly. Certain browser information, including your IP address, is transmitted to the provider.

If personal data are also processed in this context, this is done pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the optimal marketing of our offering and the appealing presentation of our website.

In the case of an online order placed with us, further processing may occur.

Depending on your express consent pursuant to Art. 6 para. 1 lit. a GDPR, your order information (order amount, order number, product purchased, if applicable) as well as your e-mail address may be transmitted in encrypted form to the provider via the trustbadge after completion of an order, to verify an existing registration for the provider’s services (in particular the “buyer protection”) and, if necessary, to enable a new registration.

In the case of an existing registration or a new registration with the provider for its services (in particular the buyer protection), your order information (order amount, order number, purchased product) and your e-mail address will be transmitted to the provider on the basis of the contractual agreement with the provider pursuant to Art. 6 para. 1 lit. b GDPR and further processed by it to provide the services (in particular buyer protection).

We are jointly responsible with the provider pursuant to Art. 26 GDPR for the processing described above. The agreement on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO

12.6 Applications for Job Vacancies by E-Mail

On our website we advertise currently vacant positions in a separate section, to which you can apply by e-mail to the contact address provided.

Applicants must provide all personal data necessary for a sound assessment, including general information such as name, address and contact details, as well as performance-related evidence and, if applicable, health-related details. Details on the application can be found in the job advertisement.

Once the application has been received by e-mail, the data will be stored and evaluated exclusively for the purpose of processing the application. If there are any questions, we will use either the applicant’s e-mail address or telephone number. Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG), in the sense that going through the application process is considered to be initiating an employment contract.

If, within the application process, special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information about a disability status) are requested from applicants, the processing takes place pursuant to Art. 9 para. 2 lit. b GDPR so that we can exercise rights arising from labor law and social security and social protection law and fulfill our related obligations.

Cumulatively or alternatively, processing of the special categories of data may also be based on Art. 9 para. 2 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for assessing the applicant’s ability to work, for medical diagnosis, for health or social care or treatment, or for the management of systems and services in the health or social sector.

If the applicant is not selected or if an applicant withdraws their application prematurely, the transmitted data and all electronic correspondence including the application e-mail will be deleted at the latest after 6 months following a corresponding notification. This period is determined by our legitimate interest in being able to answer any follow-up questions regarding the application and, where applicable, to fulfill our obligations to provide evidence under regulations concerning equal treatment of applicants.

In the case of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b GDPR (in Germany in conjunction with § 26 para. 1 BDSG) for the purpose of executing the employment relationship.

13) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain valid user consents for cookies and cookie-based applications requiring consent. The “cookie consent tool” is displayed to you when you access the site in the form of an interactive user interface, by which you can give consents for certain cookies and/or cookie-based applications by ticking a box. The tool ensures that all cookies/services requiring consent are only loaded if you have given the corresponding consent by ticking a box. This guarantees that such cookies are only set on your device if you have given consent.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data are not processed as a matter of principle.

If, in exceptional cases, personal data (such as the IP address) are nevertheless processed for the purpose of storing, assigning or logging cookie settings, this processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Another legal basis for the processing is also Art. 6 para. 1 lit. c GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user’s consent.

Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

14) Rights of the Data Subject

14.1 The applicable data protection law grants you the following rights as a data subject against us, the controller, with regard to the processing of your personal data (rights of access and intervention), whereby reference is made to the stated legal basis for the respective exercise requirements:

• Right of access pursuant to Art. 15 GDPR;
• Right to rectification pursuant to Art. 16 GDPR;
• Right to erasure pursuant to Art. 17 GDPR;
• Right to restriction of processing pursuant to Art. 18 GDPR;
• Right to notification pursuant to Art. 19 GDPR;
• Right to data portability pursuant to Art. 20 GDPR;
• Right to withdraw consent given pursuant to Art. 7 para. 3 GDPR;
• Right to lodge a complaint pursuant to Art. 77 GDPR.

14.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

15) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – if relevant – additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).

If personal data are processed on the basis of your express consent pursuant to Art. 6 para. 1 lit. a GDPR, these data will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed in the context of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after expiry of the retention periods, provided that they are no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part in continuing to store them.

If personal data are processed on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If personal data are processed for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.