Data protection declaration
Data protection declaration
Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.
Server log files
You can use our websites without submitting personal data.
Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
Contact
Responsible person
Contact us at any time. The contact details of the person responsible for data processing can be found in our legal notice.
Proactive contact of the customer by e-mail
If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.
Collection and processing when using the contact form
When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Finally your data will be deleted, unless you have agreed to further processing and use.
Customer account Orders
Customer account
When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.
Collection, processing, and transfer of personal data in orders
When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract with you.
Your data is transferred here for example to the shipping companies and dropshipping providers, payment service providers, service providers for handling the order and IT service providers that you have selected. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.
Contact Evaluations
Shopauskunft customer rating tool
Our website uses the ‘shopauskunft.de’ customer rating tool by Händlerbund Management AG (Torgauer Straße 233 B, 04347 Leipzig). Following your order, we would like to ask you to evaluate and comment on your purchase with us.
After placing your order, we would like to ask you to rate and comment on your purchase from us. For this purpose you will be from us by e-mail, whereby we use the technical system "Legally secure evaluation request (RBA)". There we process the data relating to your order (order number / invoice number, purchase value and shipping costs) and your email address.
Processing is carried out on the basis of Article 6(1)(a) GDPR with your consent, insofar as you have expressly consented to the receipt of feedback requests.
You can withdraw your consent at any time using the corresponding link in the email, without affecting the legality of the processing carried out with your consent up to the withdrawal. Your email address will then be removed from the distributor.
Further information on data protection when using Shopauskunft can be found at: https://www.shopauskunft.de/datenschutz
Shopauskunft widget
The Shopauskunft widget is integrated on our website. This serves the purpose of number and result our so far over to display and advertise the ratings received from the shop. In order to display the widget, it is technically necessary to send usage data through your internet browser to the shop information server transmitted and stored in log data (server log files) for 7 days. This stored data includes the name and URL of the retrieved file, date and time of retrieval, the IP address of the requesting computer, website from which the access was made takes place (referrer URL), the browser used and, if applicable, the operating system of your computer and the name of your access provider. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR from our predominant legitimate interest in the promotion of our offers by displaying the already received customer reviews. A storage of this data together with other personal data does not take place.
Use of your email address for mailing of newsletters
We use your email address outside of contractual processing exclusively to send you a newsletter for our own marketing purposes, if you have explicitly agreed to this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can unsubscribe from the newsletter at any time using the relevant link in the newsletter or by contacting us. Your email address will then be removed from the distributor.
Shipping companies
Forwarding of your email address to shipping companies for information on shipping status
We forward your email address to the shipping company in the course of contractual processing, if you have explicitly agreed to this in the order process. The forwarding is for the purpose of informing you by email on the shipping status of your order. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us or the transport company without affecting the legality of the processing carried out with your consent up to the withdrawal.
Payment service providers
Use of PayPal
All PayPal transaction are covered by the PayPal Data Privacy Statement. You can found this at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en
Use of PayPal Express
Our website uses the payment service PayPal Express from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; "PayPal").
The processing of data enables us to offer you the option of paying via the PayPal Express payment service.
To integrate this payment service it is essential that PayPal collects, stores, and analyses data when you access the website (e.g. IP address, device type, operating system, browser type, device location). Cookies may be used for this purpose. Cookies allow your internet browser to be recognised.
The use of cookies or comparable technologies is based on § 15 para. 3 p. 1 TMG. The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in a customer-oriented offer of different payment methods.
On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
By selecting and using "PayPal Express", the data required for payment processing will be submitted to PayPal to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR.
Further information on data processing when using the Paypal Express payment service can be found here in the associated data privacy policy.
Cookies
Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.
Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.
Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.
You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.
Plug-ins
Use of social plug-ins via the "2-click solution
We use social network plug-ins on our website using the "2 click solution", which means that no connections are made to the social network servers without your express consent and consequently no data is transmitted.
With the standard integration of plug-ins, a link is established between your computer and the servers of the social network providers when you call up the pages of our website that contain such a plug-in, and the plug-in is displayed on the page by informing your browser. In this process, both your IP address and the information about which of our pages you have visited are transmitted to the provider servers. This applies regardless of whether you are registered with or logged in to the social network. Transmission also takes place for unregistered or non-registered users. If you are also logged in to the Facebook social network, this information is assigned to your personal user account. When using the plug-in functions (e.g. by clicking the button), this information is also assigned to your user account, which you can only prevent by logging out before using the plug-in. To enable you to access the account
Only when you activate the button, the button becomes active (highlighted) and a direct connection to the social network server is established.
By activating, you give your consent to the transfer of your data to the respective social network provider. among other things, this involves the transfer of your IP address and information about which of our pages you have visited. if you are simultaneously connected to one or more of your social network accounts, the information collected is also assigned to your corresponding profiles. you can only prevent this assignment by logging out of your social network accounts before visiting our website and before activating the buttons from your user accounts.
The social networks named below are integrated by means of the "2-click function". For more information on the scope and purpose of the collection and use of the data as well as on your rights and options for protecting your privacy, please refer to the linked data protection notices of the providers.
Facebook of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA)
https://www.facebook.com/policy.php
Your data may be transmitted to the USA. There is no adequacy decision by the EU Commission for the USA. The data is transmitted on the basis of standard contractual clauses as suitable guarantees for the protection of the personal data, available at: https://www.facebook.com/legal/EU_data_transfer_addendum.
Instagram of Instagram LLC. (1601 Willow Road, Menlo Park, CA 94025, USA): http://instagram.com/legal/privacy/
Your data may be transmitted to the USA. There is no adequacy decision by the EU Commission for the USA. The data is transmitted on the basis of standard contractual clauses as suitable guarantees for the protection of the personal data, available at:
Use of GoogleMaps
Our website uses the function for embedding Google Maps by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation.
This feature visually represents geographical information and interactive maps. Google also collects, processes and uses data on visitors to the website when they call up pages with embedded Google maps.
Your data may also be transmitted to the USA.
The data processing, particularly the placing of cookies, is carried out with your consent on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
Further information on the data collected and used by Google, your rights and privacy can be found in Google’s privacy policy at https://www.google.com/privacypolicy.html. You also have the option of changing your settings in the data protection centre, allowing you to administer and protect the data processed by Google.
Google Fonts Privacy Policy
We use Google Fonts on our website. These are the “Google fonts” from Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.
You do not need to register or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, typefaces/fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't have to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. How the data storage looks exactly, we will look at in detail.
What are Google Fonts?
Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.
Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts we can use fonts on our own website, but do not have to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for use with mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can partially distort texts or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.
Which data is stored by Google?
When you visit our website, the fonts are reloaded via a Google server. This external call transmits data to the Google servers. In this way, Google also recognizes that you or your IP address are visiting our website. The Google Fonts API was designed to reduce the use, storage and collection of end-user data to what is necessary for proper font delivery. Incidentally, API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software sector.
Google Fonts securely stores CSS and font requests on Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.
It should be noted, however, that with each Google Font request, information such as language settings, IP address, browser version, browser screen resolution and browser name are automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.
How long and where is the data stored?
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts using a Google style sheet. A style sheet is a template that you can use to quickly and easily change the design or font of a website, for example.
t on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How can I delete my data or prevent data storage?
The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. In order to be able to delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=311213225. In this case, you only prevent data storage if you do not visit our site.
Unlike other web fonts, Google allows us unlimited access to all fonts. So we have unlimited access to a sea of fonts and thus get the best out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=311213225. Although Google addresses data protection issues there, it does not contain really detailed information about data storage. It is relatively difficult to get really precise information about stored data from Google.
You can also read about what data Google collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/.
Google Fonts Local Privacy Policy
On our website we use Google Fonts from Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area. We have integrated the Google fonts locally, i.e. on our web server - not on the Google servers. As a result, there is no connection to Google servers and therefore no data transmission or storage.
What are Google Fonts?
Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides for free. With Google Fonts, you could use fonts without uploading them to your own server. However, in order to prevent any transfer of information to Google servers in this regard, we have downloaded the fonts to our server. In this way, we act in compliance with data protection and do not send any data to Google Fonts.
Unlike other web fonts, Google allows us unlimited access to all fonts. So we have unlimited access to a sea of fonts and thus get the best out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=311213225.
OpenStreetMap Privacy Policy
We have included map sections from the online map tool “OpenStreetMap” on our website. This is a so-called open source mapping, which we can call up via an API (interface). This function is offered by OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. By using this map function, your IP address will be forwarded to OpenStreetMap. In this data protection declaration, you will find out why we use functions of the OpenStreetMap tool, where which data is stored and how you can prevent this data storage.
The font files are stored by Google for one year. Google is thus pursuing the goal of fundamentally improving the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and appear immediately
Rights of persons affected and storage duration
Duration of storage
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
Right to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
Right to object
If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.
If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.
last update: 20.07.2020