Privacy Policy

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.

The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data.

1.3 This website uses Secure Sockets Layer or Transport Layer Security encryption for security reasons and to protect the transmission of personal data and other confidential content (for example, orders or inquiries to the controller). You can recognise an encrypted connection by the character sequence “https://” and the lock symbol in your browser bar.

2. Data Collection When Visiting Our Website

When you use our website for informational purposes only, meaning when you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website

  • Date and time at the moment of access

  • Amount of data sent in bytes

  • Source or reference from which you accessed the page

  • Browser used

  • Operating system used

  • Internet Protocol address used (if applicable, in anonymised form)

The processing is carried out in accordance with Article 6 paragraph 1 letter f of the General Data Protection Regulation on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to subsequently check the server log files if concrete indications of unlawful use arise.

3. Hosting and Content Delivery Network

Hosting by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, Second Floor, 1–2 Haddington Road, Dublin Four, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of the services described, data may also be transferred for further processing on behalf of Shopify to Shopify Incorporated, 150 Elgin Street, Ottawa, Ontario K2P 1L4, Canada, Shopify Data Processing (United States of America) Incorporated, Shopify Payments (United States of America) Incorporated or Shopify (United States of America) Incorporated. In the event of the transfer of data to Shopify Incorporated in Canada, an adequate level of data protection is ensured through an adequacy decision by the European Commission. Further information on Shopify’s data protection can be found at the following internet address:
https://www.shopify.com/legal/privacy

Further processing on servers other than those previously mentioned by Shopify takes place only within the framework outlined below.

4. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called session cookies), while others remain on your device for a longer period and allow storage of page settings (so-called persistent cookies). In the latter case, you can find the storage duration in the overview of your browser’s cookie settings.

If personal data is processed through individual cookies we use, the processing occurs in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation for the fulfilment of the contract, in accordance with Article 6 paragraph 1 letter a of the General Data Protection Regulation in the case of consent, or in accordance with Article 6 paragraph 1 letter f of the General Data Protection Regulation to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the website visit.

You can set your browser to inform you about the setting of cookies and to decide individually about their acceptance, or to exclude the acceptance of cookies for specific cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5. Contacting Us

When contacting us (for example, via contact form or electronic mail), personal data is processed exclusively for the purpose of handling and answering your request and only to the extent necessary. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 paragraph 1 letter f of the General Data Protection Regulation. If your contact aims at concluding a contract, an additional legal basis for processing is Article 6 paragraph 1 letter b of the General Data Protection Regulation. Your data will be deleted once the circumstances indicate that the matter concerned is conclusively clarified, provided that no statutory retention obligations exist.

6. Data Processing When Opening a Customer Account

In accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation, personal data is collected and processed to the extent necessary when you provide it to us when opening a customer account. The data required for opening the account can be found in the input fields of the respective form on our website. You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted unless all contracts concluded through it are fully processed, no statutory retention periods oppose deletion, and we no longer have a legitimate interest in further storage.

7. Use of Customer Data for Direct Advertising

Registration for our electronic mail newsletter

If you register for our electronic mail newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your electronic mail address. The provision of additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters once you have expressly confirmed your consent to the newsletter subscription by activating a verification link sent to the provided electronic mail address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 paragraph 1 letter a of the General Data Protection Regulation. We store your Internet Service Provider’s registered Internet Protocol address as well as the date and time of registration to be able to trace potential misuse of your electronic mail address at a later date. The data we collect during newsletter registration is used strictly for the intended purpose. You may unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller mentioned above. After unsubscribing, your electronic mail address will be deleted from our newsletter distribution list immediately unless you have expressly agreed to further use of your data or we are allowed to use your data beyond this in ways permitted by law and informed about in this declaration.

8. Data Processing for Order Handling

8.1 To the extent necessary for contract fulfilment for delivery and payment purposes, the personal data collected by us is passed on to the commissioned transport company and the commissioned credit institution in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided during the order (name, address, electronic mail address) to inform you personally about upcoming updates within the legally required period via a suitable communication method (for example, postal or electronic mail) in accordance with our legal information obligations under Article 6 paragraph 1 letter c of the General Data Protection Regulation. Your contact details will be used exclusively for notifications about updates owed by us and will be processed only to the extent necessary for this purpose.

To fulfil your order, we also work with the following service providers who support us wholly or partially in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the information below.

8.2 To fulfil our contractual obligations to our customers, we work with external shipping partners. We pass on your name as well as your delivery address and, if required for delivery, your telephone number exclusively for the purpose of delivering the goods in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation to a shipping partner selected by us.

8.3 Use of payment service providers

Apple Pay

If you choose the payment method “Apple Pay” of Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing takes place using the “Apple Pay” function of your device operated with iOS, watchOS or macOS by charging a payment card stored with “Apple Pay”. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorise a payment, you must enter a code previously set by you and verify the transaction using the “Face ID” or “Touch ID” function of your device.

For the purpose of payment processing, the information you provided during the order process, along with information about your order, is transmitted to Apple in encrypted form. Apple encrypts this data again with a developer-specific key before transferring the data to the payment service provider of the payment card stored with Apple Pay. The encryption ensures that only the website from which the purchase was made can access the payment data. After the payment is completed, Apple sends your device account number as well as a transaction-specific dynamic security code to the originating website to confirm the success of the payment.

If personal data is processed during the described transmissions, processing is carried out exclusively for the purpose of payment processing in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation.

Apple stores anonymised transaction data, including the approximate purchase amount, the approximate date and time, and information on whether the transaction was successfully completed. Through anonymisation, any connection to a person is completely excluded. Apple uses the anonymised data to improve “Apple Pay” and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple’s servers. Apple does not process or store this information in a format that can identify you. You may disable the option to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet and Apple Pay” and disable “Allow payments on Mac”.

Further information on data protection for Apple Pay can be found at the following internet address:
https://support.apple.com/en-us/HT203027

Klarna

When selecting a Klarna payment service, payment processing is carried out through Klarna Bank AB, Sveavägen Forty-Six, One Hundred Eleven Thirty-Four Stockholm, Sweden. To enable payment processing, your personal data (first and last name, street, house number, postal code, city, gender, electronic mail address, telephone number and Internet Protocol address) as well as data associated with your order (for example, invoice amount, items, delivery type) are transferred to Klarna for the purpose of identity and credit checks, provided you have expressly consented in accordance with Article 6 paragraph 1 letter a of the General Data Protection Regulation. You can see which credit agencies your data may be forwarded to at the following link:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are included in the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Address data is among the factors included in the calculation. Klarna uses the information obtained about the statistical probability of default to make a balanced decision on the establishment, implementation or termination of the contractual relationship.

You may withdraw your consent at any time by sending a message to the controller responsible for processing or to Klarna. However, Klarna may continue to be entitled to process your personal data if this is necessary for contractual payment processing.

Your personal data will be handled in accordance with applicable data protection regulations and as described in Klarna’s privacy notices for individuals residing in Germany:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or individuals residing in Austria:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy

PayPal

When payment is made via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “instalment payment” via PayPal, we transmit your payment data to PayPal (Europe) Société à Responsabilité Limitée et Cie, Société en Commandite par Actions, Twenty-Two to Twenty-Four Boulevard Royal, L-Two Four Four Nine Luxembourg (“PayPal”), for payment processing. Transmission takes place in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation and only to the extent necessary for payment processing.

PayPal reserves the right to conduct a credit check for payment methods such as credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “instalment payment” via PayPal. For this purpose, your payment data may be transferred to credit agencies in accordance with Article 6 paragraph 1 letter f of the General Data Protection Regulation on the basis of PayPal’s legitimate interest in determining your payment capacity. The result of the credit check, regarding the statistical probability of default, is used by PayPal for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Score values are calculated using a scientifically recognised mathematical-statistical procedure. Among other data, address data is included in the calculation. Further information on data protection, including the credit agencies used, can be found in PayPal’s privacy statement:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You may object to the processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data when necessary for contractual payment processing.

Shopify Payments

We use the payment service provider “Shopify Payments,” Third Floor, Europa House, Harcourt Building, Harcourt Street, Dublin Two. If you choose a payment method offered by Shopify Payments, payment processing is carried out through the technical service provider Stripe Payments Europe Limited, One Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We transmit the information you provided during the order process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number), to Stripe Payments Europe Limited in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation. Transmission of your data takes place exclusively for payment processing and only to the extent necessary. Further information on data protection for Shopify Payments can be found at:
https://www.shopify.com/legal/privacy

Data protection information for Stripe Payments Europe Limited can be found at:
https://stripe.com/privacy

SOFORT

When choosing the payment method “SOFORT,” payment processing is carried out via SOFORT GmbH, Theresienhöhe Twelve, Eight Zero Three Three Nine Munich, Germany (hereinafter “SOFORT”). We transmit your information provided during the order process, together with information about your order, to SOFORT in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation. SOFORT GmbH is part of the Klarna Group. Transmission of your data takes place exclusively for payment processing and only to the extent necessary. Further information can be found at:
https://www.klarna.com/sofort/privacy

9. Online Marketing

Facebook Pixel for creating Custom Audiences with extended data matching (with cookie consent tool)

Within our online offering, we use the “Facebook Pixel” of the social network Facebook in extended data matching mode, operated by Facebook Ireland Limited, Four Grand Canal Square, Dublin Two, Ireland.

Based on explicit consent, when a user clicks on an advertisement placed by us on Facebook, Facebook Pixel adds a parameter to the URL of our linked page. This URL parameter is then written into the user’s browser via a cookie placed by our linked site. In addition, this cookie captures specific customer data such as the electronic mail address that we collect on our website linked with the Facebook advertisement during actions such as purchases, account logins or registrations (extended data matching). This cookie is read by Facebook Pixel and enables the transfer of data, including specific customer data, to Facebook.

Using Facebook Pixel with extended data matching allows Facebook to determine visitors of our website as a target group for displaying advertisements (“Facebook Ads”). Therefore, we use Facebook Pixel with extended data matching to show Facebook Ads only to those Facebook users who have shown interest in our online offering or who exhibit certain characteristics (for example, interest in certain topics or products based on the websites visited) that we transmit to Facebook (“Custom Audiences”). Using Facebook Pixel with extended data matching also helps ensure that our Facebook Ads correspond to the potential interests of users and do not appear annoying. We further analyse the effectiveness of Facebook advertisements for statistical and market research purposes by determining whether users were redirected to our website after clicking on a Facebook advertisement (“Conversion”). Compared to the standard version of Facebook Pixel, the extended data matching function helps us measure the effectiveness of our advertising campaigns more precisely by capturing more assigned conversions.

All transmitted data is stored and processed by Facebook, enabling a connection to the respective user profile and allowing Facebook to use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy:
https://www.facebook.com/about/privacy/

Facebook and its partners may enable advertisements to be displayed on and outside of Facebook.

These processing operations occur exclusively with explicit consent in accordance with Article 6 paragraph 1 letter a of the General Data Protection Regulation.

Information generated by Facebook is usually transmitted to a Facebook server and stored there, including possible transfer to the servers of Facebook Incorporated in the United States of America. You may withdraw your consent at any time with effect for the future by deactivating this service in the cookie consent tool provided on the website.

10. Rights of the Data Subject

10.1 Applicable data protection law grants you the following rights with respect to the controller regarding the processing of your personal data (rights of access and intervention). The prerequisites for exercising these rights can be found in the referenced legal provisions:

  • Right of access in accordance with Article 15 of the General Data Protection Regulation

  • Right to rectification in accordance with Article 16 of the General Data Protection Regulation

  • Right to erasure in accordance with Article 17 of the General Data Protection Regulation

  • Right to restriction of processing in accordance with Article 18 of the General Data Protection Regulation

  • Right to notification in accordance with Article 19 of the General Data Protection Regulation

  • Right to data portability in accordance with Article 20 of the General Data Protection Regulation

  • Right to withdraw granted consent in accordance with Article 7 paragraph 3 of the General Data Protection Regulation

  • Right to lodge a complaint in accordance with Article 77 of the General Data Protection Regulation

10.2 Right to Object

WHEN WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION, TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11. Duration of the Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and, if applicable, the statutory retention period (for example, commercial and tax law retention periods).

When processing personal data based on explicit consent in accordance with Article 6 paragraph 1 letter a of the General Data Protection Regulation, the data will be stored until the data subject withdraws their consent.

If statutory retention periods apply to data processed on the basis of contractual or quasi-contractual obligations in accordance with Article 6 paragraph 1 letter b of the General Data Protection Regulation, such data will be routinely deleted after expiry of the retention periods, provided it is no longer required for fulfilment of the contract or initiation of the contract and provided that no legitimate interest on our part exists for continued storage.

When processing personal data based on Article 6 paragraph 1 letter f of the General Data Protection Regulation, the data will be stored until the data subject exercises their right to object under Article 21 paragraph 1 of the General Data Protection Regulation, unless we can demonstrate compelling legitimate reasons for processing that outweigh the interests, rights and freedoms of the data subject or if the processing serves the establishment, exercise or defence of legal claims.

When processing personal data for the purpose of direct marketing based on Article 6 paragraph 1 letter f of the General Data Protection Regulation, the data will be stored until the data subject exercises their right to object under Article 21 paragraph 2 of the General Data Protection Regulation.

Unless otherwise stated in the information of this declaration regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.