What is personal data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
Scope of the processing of personal data
As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g., when you register on our website or log in to an existing customer account or when you place an order with us.
Relevant legal basis
In accordance with the DPA and GDPR, the following legal basis, unless specifically described below apply to the processing of your personal data:
- the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR,
- the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR,
- the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR, and
- the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR.
You may be entitled to enforce the following rights which are standardized in the DPA and GDPR:
- the right to information,
- the right to erasure,
- the right to rectification,
- the right to data portability,
- the right to restriction of data processing,
- the right to object to data processing.
To assert these rights, please contact us at any time using firstname.lastname@example.org.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal Personal Data about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.
We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your Personal Data.
You also have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.
Purposes of data processing
We want to improve our service for you. Therefore, we process your data not only to process your actual purchase from us. We also use your data to inform you by e-mail about similar products from our range. We would also like to analyze your user behavior on the basis of your input. This is the only way we can optimally design our website for you and continuously improve it.
Duration of data storage
We only stores information for a certain period of time. Have you ordered something from us? Then the retention periods under tax and commercial law are decisive: by law, we must store order-related data and the associated addresses for up to 10 years. We delete your data that we have stored for marketing purposes when you request us to do so, revoke your consent to store it or the purpose for storing the data no longer applies. We retain applicant data for the duration of the application process and then delete it, usually after a maximum of 6 months.
Data collection on our website
If you visit our website for information purposes only, without providing personal data via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:
- Access to the website (date, time and frequency)
- How you arrived at the website (previous page, hyperlink etc.)
- Amount of data sent
- Which browser and browser version you are using
- The operating system you are using
- Which internet service provider you use
- Your IP address, which your Internet access provider assigns to your computer when you connect to the Internet
The legal basis for this data processing is the performance of a contract, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly (Art. 6 (1) b) GDPR.
In addition, the data serve us to optimize our website and to ensure the security of our IT systems and the processing is based in this respect on our legitimate interest (Art. 6 (1) f) GDPR). For this reason, the data is stored for a maximum of 7 days as a technical precaution.
We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under "Your rights").
We use the store system Shopify of the service provider Shopify International Limited ("Shopify"), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's services, data may also be transferred to Shopify`s servers in Canada and the USA as part of processing on our behalf. In the event that data is transferred to Shopify`s servers in Canada and the USA, the appropriate level of data protection is guaranteed. Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below
The hosting services used by us for the purpose of operating our website is IONOS. In doing so IONOS, processes inventory data, contact data, content data, usage data, meta data and communication data of customers, interested parties and visitors of our website and services, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for our services.
We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you.
If you purchase goods on our website or forget something in your shopping cart, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest, because advertising related products by way of direct advertising represents a legitimate interest for us as a business and the provider of this website. You may object to the processing of your personal data for the purpose of direct advertising at any time without giving reasons by unsubscribing via the unsubscribe link at the end of each e-mail or by contacting us using email@example.com
Contacting us, registration or placing orders
a) Contacting us
When you contact us using via email or social media, the data you provide will be stored by us based on your consent and the preparation or initiation of a contract, insofar as it is necessary to answer your questions (Art. 6 (1) a) GDPR) and (Art. 6 (1) b) GDPR). Your inquiry is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and your inquiry has been conclusively clarified.
On our website, we offer you the opportunity to register by providing personal data. The data is entered in the registration form is transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to place orders and services. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures (Art. 6 (1) b) GDPR). You can delete your customer account at any time on our website either by using the delete function in your account or by contacting us using firstname.lastname@example.org.
c) Storage of data in the user account
For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored by us. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.
Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) GDPR) and (Art. 6 (1) b) GDPR).
d) Guest order
You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.
We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you (Art. 6 (1) b) GDPR).
e) Order confirmation/dispatch confirmation
In order to process the contract and provide you with our services, for example the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) GDPR) and (Art. 6 (1) b) GDPR).
- f) Other
Based on our legal obligation (Art. 6 (1) c) GDPR) and our legitimate interest (Art. 6 (1) f) GDPR), we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems (Art. 6 (1) f) GDPR). This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defense (Art. 6 (1) f) GDPR).
Disclosure or transfer of personal data
We do not transfer or disclose your information to third parties unless there is a legal basis for such disclosure. Example of such a basis is typically consent from you or a legal basis that requires us to disclose the data.
For the operation and optimization of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products, or order fulfillment or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of our rights and claims.
If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).
a) Google Analytics
We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is (Art. 6 (1) f) GDPR), our legitimate interest.
b) Shopify Statistics
We use the Shopify Statistics feature on our website. This allows us to measure the reach of our website and provides us with statistical analysis of visitor behavior on our website. The data is processed on servers of Shopify, which we have commissioned with the processing. The legal basis for the data processing in connection with the Shopify statistics function is our legitimate interest in the analysis of user behavior on our website. You can object to this processing at any time in the cookie settings.
c) Shopify Analytics
Shopify will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Shopify may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Shopify's behalf.
Based on our legitimate interest (Art. 6 (1) f) GDPR), we are present in various "social media" platforms (currently, Instagram, YouTube and TikTok) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or by contacting us using email@example.com. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Links to other providers
Our website also contains - clearly recognizable - links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
The person responsible within the meaning of the DPA and GDPR is:
Personal data and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Databases or data sets that include Personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.