DATA PROTECTION

We explain how we handle your personal data in this data protection declaration. The applicable data protection law applies, in particular the General Data Protection Regulation (GDPR). With the exception of the service providers and third parties we name in this privacy policy, we do not pass on any data to third parties. If you have any questions, please feel free to contact us.

Contents

Responsible person

Responsible for data processing is

Cynthia-Marie Weidner
Wolfhofer Weg 41
17349 Lindetal

General information

Provision of data
There is generally no legal or contractual requirement to provide personal data when using our website. If the provision of data is necessary to conclude a contract or the user is obliged to provide personal data, we will communicate this fact and the consequences of non-provision in this data protection declaration.

Data transfer to third countries

We may use service providers and third parties located in countries outside the European Union and the European Economic Area. Unless the user has given his consent to the data transfer, the transfer of personal data to such third countries takes place on the basis of an adequacy decision by the European Commission (Art. 45 GDPR) or we have provided suitable guarantees to ensure data protection (Art. 46 GDPR). If there is an adequacy decision by the European Commission for the transfer of data to a third country, we will point this out in this data protection declaration. Furthermore, users can obtain a copy of the appropriate guarantees from us, unless they are already included in the data protection declarations of the service providers or third-party providers.

Automated decision making
If we carry out automated decision-making, including profiling, we will inform you in this data protection declaration about this circumstance, about the logic involved and the scope and intended effects of such processing. Otherwise, automated decision-making does not take place.

Processing for other purposes
Data is generally only processed for the purposes for which it was collected. If, in exceptional cases, they are to be further processed for other purposes, we will inform you about these other purposes before this further processing and provide all other relevant information (Art. 13 para. 3 GDPR).

Website hosting

Every time our website is accessed, the user's browser transmits various data. For the duration of your visit to the website, the following data will be processed:

  • Browser type and version used
  • Operating system
  • Pages and files retrieved
  • Amount of data transferred
  • Date and time of retrieval
  • User's provider
  • IP address
  • Referrer URL

The processing of this data is necessary to deliver the website to the user and to optimize it for their device. We do not store any personal data in log files.
The legal basis for processing is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in providing the website.

Our online shop is designed and operated via Shopify. Provider: Shopify International Ltd., Victoria Buildings, 2. Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

The processing of personal data takes place on our behalf. It is possible that Shopify transmits this data to other companies belonging to the group that are based outside the European Economic Area. In this case, these companies in turn process the data on behalf of Shopify International. There is an adequacy decision from the European Commission with regard to Canada. If data is transferred to other regions, appropriate safeguards for the protection of personal data have been put in place through intercompany agreements between Shopify International Ltd. and agreed with the receiving company.

Shopify Privacy Policy

Cookies, web beacons and mobile identifiers

On our website we use technologies to recognize the device used. These can be cookies, web beacons and/or mobile identifiers.

Recognizing a device can basically be done for different purposes. It may be necessary to provide functions on our website, for example to provide a shopping cart. In addition, the technologies mentioned can be used to track the behavior of users on the site, for example for advertising purposes. We describe separately in this data protection declaration which technologies we use and for what purposes.

For a better understanding, we explain in general terms how cookies, web beacons and mobile identifiers work:

  • Cookies are small text files that contain certain information and are stored on the user's device. It is usually an identification number that is assigned to a device (cookie ID).

  • A tracking pixel is a transparent graphic file that is integrated on a page and enables log file analysis.

  • A mobile identifier is a unique number (mobile ID) that is stored on a mobile device and can be read by a website.

Cookies may be necessary for our website to function properly. The legal basis for the use of such cookies is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in providing the functions of our website.

We use cookies that are not necessary for the operation of our website in order to make our offer more user-friendly or to be able to understand the use of our website. The legal basis here depends on whether the user's consent must be obtained or whether we can rely on a legitimate interest. The user can revoke their consent at any time, among other things, through the settings in their browser.

The user can prevent and object to the processing of data using cookies through the appropriate settings in their browser. In the event of an objection, not all functions of our website may be available. We provide separate information about further options for objecting to the processing of personal data through cookies in this data protection declaration. If necessary, we provide links with which a contradiction can be explained. These are labeled “Opt-Out”.

Contact

If you contact us, we process the user's details, date and time for the purpose of processing the request, including any queries.

The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in answering our users’ inquiries. Additional legal basis is Art. 6 para. 1 subpara. 1 letter. b) GDPR if the processing is necessary for the fulfillment of a contract or to carry out pre-contractual measures.

The data will be deleted as soon as the request, including any queries, has been answered. We check at regular intervals, but at least every two years, whether data collected in connection with contact must be deleted.

Competitions

We offer our users the opportunity to participate in competitions. It is possible that we refer to a separate data protection declaration for processing the data. Where this is not the case, we process the data provided by the user (e.g.b name, email address). This is done in order to be able to carry out the competition, in particular to determine the winner and, if necessary. to notify. The legal basis for processing is Art. 6 para. 1 subpara. 1 letter. b) GDPR The data will not be processed for any other purposes and will be deleted three months after the winner has been determined.

Polls

We conduct online surveys on our website. We want to get to know the interests of our users more closely in order to improve our offering as well as our products and services. It is possible that we will provide information about the associated processing of data in a separate data protection declaration, which will then take precedence.

If it is a survey that is not personalized, i.e. in which neither an individual link to participate is given nor the user provides personal data, only the data that is generally generated when using the website will be processed. In the case of a personalized survey, we use the information entered by the user to remind them if they have not completed the survey and to prevent multiple participation. We do not store answers together with data that can be used to identify users. We use the answers to create anonymous evaluations.

If we obtain the user's consent, Art. 6 para. 1 subpara. 1 letter. a) GDPR is the legal basis for processing. Furthermore, it is based on Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in improving our offering as well as our products and services.

Advertising existing customers

If the user has provided his email address when purchasing goods or services, we reserve the right to use this in accordance with Section 7 Para. 3 UWG for direct advertising in connection with similar goods or services. This does not apply if the user has objected to the use.

The legal basis for processing is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest is to promote our sales. The user can object to the use of his email address to advertise to existing customers at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic tariffs.

Registering for a user account

Users can register for our offer on our website. In this context, we process the data entered during registration. We have the email address confirmed by sending a link (double opt-in) to prevent misuse of the registration function. For this purpose, we also process the date and time and the user’s IP address. For verification purposes, we also process the date, time and IP address of the user when you click on the confirmation link.

The data will be deleted at the end of the year when the user account is deleted after three years, unless there is a longer legal retention requirement.

The legal basis for processing is Art. 6 para. 1 subpara. 1 letter. a) GDPR, insofar as we obtain the user’s consent. If the processing is necessary for the performance of a contract or to carry out pre-contractual measures, it is based on Art. 6 para. 1 subpara. 1 letter. b) GDPR The legal basis for the rest is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest is to enable users to access our offer that requires registration, to protect ourselves against misuse of the registration function and to be able to provide evidence of proper registration. After the user account has been deleted, our legitimate interest also lies in defending against possible claims.

Orders and payment processing

When you place an order in our online shop, we process the data provided when ordering, such as:b Name, bank details or payment details to process the order. We only pass on payment data to our payment service providers to the extent that this is necessary to process the payment.

The legal basis for the processing of order data is Art. 6 para. 1 subpara. 1 letter. b) GDPR If the user stores his order data in a user account, Art. 6 para. 1 subpara. 1 letter. a) GDPR is the legal basis Furthermore, the processing is based on Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in processing repayments and pursuing claims.

Order and payment data will be deleted as soon as it is necessary for processing the order including reversing the payment (e.g.b due to a revocation or withdrawal from the contract) and processing of warranty cases are no longer necessary and there are no legal retention obligations. In the event that the user has stored his order data in his user account for a repeat order, the data will be deleted together with the user account if it is not required to process a specific order.

Paypal

When paying via Paypal, the payment is processed by PayPal (Europe) S.a r.l et Cie, S.CA, 22-24 Boulevard Royal, L-2449 Luxembourg.

Paypal privacy policy

Apple Pay

When paying via Apple Pay, payment is processed by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

Stripe

When paying via Stripe, payment processing is carried out by Stripe Payments Europe Ltd., The One Building, Lower Grand Canal St, Dublin 2, Ireland.

Stripe Privacy Policy

Amazon Pay

When paying via Amazon Pay, the payment is processed by Amazon Payments Europe s.ca, 38 avenue J.F Kennedy, L-1855 Luxembourg.

Amazon Pay Privacy Policy

Other third-party services

Google Analytics

We use Google Analytics to analyze the use of our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In order to be able to track the user's activities on the website, a cookie is placed on the device. We use Google Analytics with the extension anonymize IP. The user's IP address is automatically shortened before it is transmitted to servers in the USA. Among other things, the approximate geographical location, device, screen resolution, browser and pages visited including the length of stay are evaluated.

If we obtain the user's consent, the processing of data takes place on the legal basis of Art. 6 para. 1 subpara. 1 letter. a) GDPR Furthermore, it is based on Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in optimizing our website, improving our offers and online marketing.

The data collected by Google Analytics is automatically deleted after 14 months.

Opt Out

Google Analytics privacy policy

Facebook Pixel

We use Facebook Pixel for online marketing purposes. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

With the Facebook Pixel we can display interest-based advertising based on the use of our website via Facebook. For this purpose, a cookie is placed on the user's device, through which the use can be assigned to an identification number. In addition, other advertising-relevant user data such as:b Browser information, device information, the pages visited, the time of the visit and referring URLs are processed. We only receive summary results from Facebook that allow us to understand how successful our advertising measures are. We use Facebook Pixel without advanced matching.

Users can opt out of Meta's collection and use of information for interest-based advertising on the following pages: http://www.aboutads.info/choices and http://www.youronlinechoices.eu

If we obtain the user's consent, the processing of data takes place on the legal basis of Art. 6 para. 1 subpara. 1 letter. a) GDPR Furthermore, it is based on Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest is to be able to show users advertising that is relevant to them.

When using Facebook Pixel, we and Meta are jointly responsible within the meaning of Art. 26 GDPR. We have therefore reached an agreement with Meta that specifies who fulfills which obligations under the GDPR. We are then responsible for this in accordance with Art. 13 and 14 GDPR to provide information on the joint processing of personal data. It is agreed between us and Meta that Meta is responsible for enabling the rights under Articles 15 to 20 GDPR with regard to the personal data stored by Meta after joint processing.

The shared responsibility agreement can be accessed here: https://www.facebook.com/legal/controller_addendum

Information on how Meta processes personal data, the information pursuant to Art. 13 GDPR, including the legal basis on which Meta relies, as well as the user's options to exercise their rights vis-à-vis Meta, can be found in Facebook's data protection declaration.

Privacy policy from Facebook Pixel without comparison

Bugsnag

We use Bugsnag to analyze technical errors on our website. Provider: Bugsnag Inc., 939 Harrison Street, San Francisco, California 94107, USA.

Program errors are recorded by Bugsnag and reported to us. User data is also processed if it is related to a program error. The user's IP address is only transmitted in an abbreviated form, as is data on the device used and its settings as well as on the page on which an error occurred.

The legal basis for the use of Bugsnag is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in the secure and error-free operation of our website.

Bugsnag Privacy Policy

Amazon Cloudfront

We use the content delivery network (CDN) Amazon CloudFront. Provider: Amazon Web Services Inc., P.O Box 81226, Seattle, WA 98108-1226.

Content is loaded from CDN servers. In order for a connection to be established, it is technically necessary to transmit the user's IP address.

The legal basis for processing is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest is to improve the speed and availability of our website.

Amazon CloudFront Privacy Policy

Facebook Social Plugins

We integrate content and buttons from the social network Facebook on our website via a plugin. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

In order to be able to load content from Facebook, it is technically necessary to transfer the user's IP address to the company. If the user is logged in to Facebook, the visit to a page can be assigned to the account.

If we obtain the user's consent, the processing of data takes place on the legal basis of Art. 6 para. 1 subpara. 1 letter. a) GDPR Furthermore, it is based on Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest in integrating Facebook content and buttons lies in the user-friendly design of our website.

Data protection declaration of Facebook Social Plugins

Google Tag Manager

We use Google Tag Manager to manage our website tags. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

The Tag Manager is a cookieless domain that triggers tags from various providers, which in turn collect data. Google Tag Manager does not access this data. In order to trigger tags, it is technically necessary to transfer the user's IP address to Google.

The use of the Google Tag Manager is based on the legal basis of Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest is to simplify the administration of the third-party services we use.

Google Tag Manager Privacy Policy

Google Fonts

We use Google Fonts on our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Fonts are loaded from the Google server. In order to establish a connection to the server, it is technically necessary to transfer the user's IP address.

The legal basis for processing is Art. 6 para. 1 subpara. 1 letter. f) GDPR. Our legitimate interest lies in shortening loading times and ensuring a uniform display on different devices.

Google Fonts privacy policy

Profiles in social networks

We are present on one or more social networks. Specifically, these are: Facebook or Instagram. When you contact us, we process personal data as described above under Contact Us.

The providers of social networks process data in accordance with their data protection regulations, which can be accessed here:

If a user is logged in with their account, the activities on our profile in the respective social network can be assigned to them if necessary. This can be done across devices and if necessary. can also be done without logging in, for example using cookies or mobile identifiers. Social network providers use the collected data to create pseudonymized user profiles, which they can use to display personalized advertising.

Rights of data subjects

If the user's personal data is processed, he or she is the data subject within the meaning of the GDPR. Data subjects have the following rights:

Right to information: The data subject has the right to request confirmation as to whether personal data concerning him or her is being processed. If personal data is processed, the data subject has the right to free information and a copy of the personal data that is the subject of the processing.

Right to rectification: The data subject has the right to request the immediate correction of incorrect or incomplete personal data.

Right to deletion: The data subject has the right to request the immediate deletion of personal data concerning them in accordance with the legal provisions.

Right to restriction of processing: The data subject has the right to request a restriction of the processing of personal data concerning him or her in accordance with the legal provisions.

Right to data portability: The data subject has the right to receive the personal data concerning him or her in a structured, common and machine-readable format or to request transmission to another person responsible.

Right to object: The data subject has the right, for reasons arising from his or her particular situation, to object at any time to the processing of personal data concerning him or her based on Art. 6 para. 1 subpara. 1 letter. e) or f) GDPR to lodge an objection; This also applies to profiling based on these provisions. If personal data is processed for the purpose of direct advertising, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.

Right to revoke: The data subject has the right to revoke their consent at any time.

Right to complain: The data subject has the right to complain to a supervisory authority.

Status of the data protection declaration: 10. June 2024