Privacy Policy
We will process your personal data (e.g. title, name, address, e-mail address, phone number, bank details, credit card number) solely in accordance with the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are directed to other sites via links on our pages, please pay attention and be sure to review their privacy practices.
(1) Purpose of data processing
Your personal data you provide us during the ordering process are necessary for the conclusion of a contract with us. You are not obliged to provide your personal data. However, we would not be able to send you the goods without your address. For some payment methods we ask for the necessary payment data in order to pass them on to a payment service provider commissioned by us. Hence, the processing of your data collected during the ordering process is soley for the purpose of contract performance.
If you send us a request by e-mail or by using the contact form, etc. before concluding the contract, we process the obtained data to carry out pre-contractual measures and answer your questions about e.g. our products.
In the case of opening a customer account, your data (in particular name, address, payment method, e-mail and password) will be processed for registration and creation of a customer login. With the stored data, you are able to shop faster and view your previous orders at any time. By sending us a note or via a delete function you can delete the account again.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (b) of the GDPR.
(3) Recipient categories
Payment service provider, shipping service provider, hosting provider, if necessary merchandise management system, suppliers if necessary (drop-shipping).
(4) Duration of Storage
We store the data required for contract execution until the statutory warranty and, if applicable, contractual warranty periods expire.
We store the data required under commercial and tax law for the statutory periods, generally ten years (cf. § 257 German Commercial Code (HGB), § 147 Regulation of Taxation (AO)).
The data processed for the execution of pre-contractual measures will be deleted as soon as the measures have been carried out and the contract cannot be concluded.
Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected ratings) and to offer Trusted Shops products to shoppers after they have placed an order.
This serves to protect our legitimate interests, which outweigh our interests in the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany, with whom we are jointly responsible for data protection pursuant to Art. 26 DSGVO. Within the framework of this data protection notice, we inform you in the following about the essential contractual contents in accordance with Art. 26 (2) DSGVO.
The trust badge is provided within the scope of joint responsibility by an US-American CDN provider (content delivery network). An appropriate level of data protection is ensured by standard data protection clauses and further contractual measures. Further information on the data protection of Trusted Shops GmbH can be found in their privacy policy.
https://www.trustedshops.co.uk/imprint/#user-privacy-policy
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to you personally. The anonymised data is used in particular for statistical purposes and for error analysis.
After the order has been completed, your email address, which has been hashed using a cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services in accordance with Art. 6 (1) sentence 1 lit. f DSGVO. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will subsequently be given the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.
The Trusted Shops GmbH uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 lit. f DSGVO for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and further contractual measures and in the case of Israel by an adequacy decision.
Within the framework of the joint responsibility existing between us and Trusted Shops GmbH, please prefer to contact Trusted Shops GmbH with data protection questions and to assert your rights using the contact options given in the data protection information linked above. Irrespective of this, however, you can always contact the data controller of your choice. Your enquiry will then, if necessary, be passed on to the other data controller for a response.
Cloudflare
We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f DSGVO). A CDN is a network of [globally] distributed servers that is able to deliver optimised content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare. Please compare the explanations under "Hosting".
Cloudflare is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f DSGVO not to operate a content delivery network ourselves.
You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.
The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.
Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.
For more information on objection and removal options vis-à-vis Cloudflare, please visit: Cloudflare DPA
Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.cloudflare.com/gdpr/introduction/
Ipstack
We use the service IPStack (apilayer Data Products GmbH, Elisabethstrasse 15/5, 1090 Vienna, Austria). This service enables us to geo-locate the IP addresses of our website visitors. As a result, the correct country of delivery, language and VAT rate are displayed to the visitor in the shop.
Legal basis for the use of IPStack: Art. 6 para. 1 p. 1 lit. f DS-GVO.
The privacy policy of the operator ipstack.com can be found here: https://ipstack.com/privacy
DHL Express
If you choose shipping by DHL Express, it is necessary to transmit your first name, last name, address, e-mail address and telephone number to the shipping service provider DHL Express (DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany) so that it can contact you before delivery for the purpose of delivery notification or coordination. The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.
The privacy policy of the shipping service provider DHL Express can be found here: https://www.dhl.de/en/toolbar/footer/privacy-notice.html
Without the transmission of your personal data, we cannot carry out the shipment via DHL Express. You have the option of choosing a different shipping method.
Amazon Pay
We offer the option of processing the payment transaction via the payment service provider amazon pay (Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we pass on the following data to Amazon Payments, insofar as it is necessary for the fulfilment of the contract (Art. 6 para. 1 lit b. DSGVO).
First name, last name, address, email address, telephone number
The processing of the data provided under this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot carry out a payment via amazon pay. You have the option of choosing a different payment method.
Amazon Payments Europe reserves the right to carry out a credit check to ensure your willingness and ability to pay. This corresponds to the legitimate interest of Amazon Payments Europe (pursuant to Art. 6 Para. 1 lit. f DSGVO) and serves the execution of the contract (pursuant to Art. 6 Para. 1 lit. b DSGVO). For this purpose, your data will be passed on to credit agencies and online merchants. In addition, your data may be used for interest-related advertising and marketing purposes by amazon pay, provided you have consented to this in your account settings https://www.amazon.de/adprefs?currency=EUR. We have no influence on this process and only receive the result of whether the payment was made or rejected.
You can find further information on objection and removal options vis-à-vis Amazon Payments Europe at: https://pay.amazon.de/help/201212490.
Your data will be stored by us until the completion of the payment processing. This includes the period required for processing refunds, claims management and fraud prevention. In accordance with § 147 AO / § 257 HGB, we have a statutory retention period of 10 years for the following documents: invoices.
Sofortüberweisung
We offer the option of processing the payment transaction via Sofortüberweisung of the payment service provider Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany (Klarna). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we pass on the following data to Klarna insofar as it is necessary for the performance of the contract (Art. 6 para. 1 lit b. DSGVO).
First name, last name, transfer amount
We are obliged to carry out an identity check before the payment is made to ensure that the payment is not made by a third party.
In this case, before the actual transfer, your name will be compared with the name stored in your online banking system and, if the check is successful, the instant transfer will be initiated. We have no influence on this process and only receive the result of whether the name check was successful or not.
Depending on how your bank manages online accounts, different verification steps are necessary: If your bank only accepts transfer orders if there is sufficient account coverage, then an account coverage check by Klarna does not take place. In all other cases, Klarna checks whether the sum of the account balance and the overdraft facility, minus unbooked sales, covers the amount to be transferred.
Klarna reserves the right in cases with an increased risk of misuse to check instant transfers of the last 30 days to see whether they have been successfully executed. There are no credit checks based on historical payment data.
The check is carried out either via the HBCI interface of your bank or via the user interface of your online banking - as if you were logging in yourself. If you manage multiple accounts, information about accounts you have not selected will not be stored.
Furthermore, Klarna stores your online banking user identification (login name/account number) as a hash value. PIN and TAN codes are not stored.
We have no influence on this process and only receive the result, whether the payment was made or rejected, your account number, sort code, subject, amount and date.
You can find more information on objection and removal options towards Klarna at: https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/en
Klarna stores your name, account number, sort code, subject, date and transfer amount for accounting purposes within the statutory retention periods. The basis for this is § 28 para. 1. sentence 1 no. 1 BDSG.
Your data will be stored by us until the completion of the payment processing. This includes the period required for processing refunds, claims management and fraud prevention. In accordance with § 147 AO / § 257 HGB, we have a statutory retention period of 10 years for the following documents: invoices.
easyCredit
For our website we use the service of easyCredit. The service is an online payment procedure from the company TeamBank AG Nürnberg, Beuthener Str. 25, 90471 Nürnberg, Germany. You can find out which data is used for the use of the service in the easyCredit privacy policy.
https://www.easycredit.de/datenschutz
Riverty
For our website we use the service of Riverty. The service is an online payment method from the German company Riverty Group GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany. You can find out which data is used for the use of the service in the privacy policy of Riverty.
https://www.riverty.com/en/privacy-policy/
Consent to fraud prevention measures
For extended risk assessment and fraud prevention, we continue to use so-called device tracking by our service provider Riverty Group GmbH. The data processing described below is based on your consent within the meaning of Art. 6 (1) sentence 1 lit. a) GDPR.
Insofar as you have given your consent for fraud prevention and abuse detection in the context of the ordering process in our online shop, you consent that,
1. your data for the execution of the contract (e.g. object of purchase, name, postal address, e-mail address, delivery address, payment method and bank data) and
2. your terminal device data used when visiting the websites (e.g. your screen resolution, operating system version, browser language, anonymised, i.e. shortened IP address) and a device ID, which contains this terminal device data anonymised, optionally, i.e. if permitted by you, can also be temporarily stored by means of a cookie, and via which your terminal devices used can be recognised with a certain probability during further visits, are transmitted by us to Riverty Group GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany for the purpose of fraud prevention and abuse detection. Riverty Group GmbH uses this data to automatically check whether there are indications of online fraud or other misuse of our online shop (e.g. in the form of ordering goods/services in the online shop by taking over your user account, the automated creation of fake user accounts by bots, the use of stolen identities or payment data). Insofar as there are concrete indications of online fraud or other misuse of our online shop, we reserve the right to interrupt the order process in question or to offer only secure payment methods, such as payment in advance. The described fraud prevention and abuse detection measures also help to protect your user account against fraud and abuse of your data.
You warrant that you may give this consent in respect of all terminal devices used by you when visiting our online shop, and that you will inform third parties to whom you entrust your terminal devices used for this purpose of this consent and ensure that they also agree to the measures described or otherwise do not visit our online shop with your terminal devices. We would like to point out that Riverty Group GmbH has commissioned informa solutions GmbH, Rheinstraße 99, 76532 Baden-Baden as an order processor to carry out fraud prevention and abuse detection.
You can revoke the consent listed above at any time with effect for the future. A notification in text form (e.g. e-mail, letter) to us is sufficient for this; you can find current contact details in the imprint of our online shop.
PAYONE
For our website we use the service of PAYONE. The service is an online payment procedure from the company PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany. You can find out which data is used for the use of the service in the PAYONE privacy policy.
https://www.payone.com/DE-en/gdpr
Scalapay
For our website we use the service of Scalapay. The service is an online payment procedure from the company Scalapay SRL, Corso Italia 8, Milan 20122, Italy. You can find out which data is used for the use of the service in the Scalapay privacy policy.
https://www.scalapay.com/de/privacy
(1) Purpose of data processing
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland ("Google"). Google Analytics uses so-called “cookies”, small text files, which are placed on your computer to analyze how you use the website. The information generated by the cookie about your use of this website will be transmitted and saved on server in the United States by Google. If the anonymizeIP function is activated on this website, Google will shorten your IP address in advance within the member states of the European Union or in other states which are parties to the Agreement on the European Economic Area. Only in exceptional cases Google will transmit the full IP address on server in the United States and will shorten there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activities and providing other services related to website and internet usage for the website operators.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.
(3) Recipient categories
Google and its partners.
(4) Transfer to a third country
Google Ireland Limited is an affiliate of Google LLC. Google LLC is based in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043).
(5) Duration of Storage
Unlimited
(6) Right of objection
You can prevent the installation of the cookies in your browser settings. If you choose to change your settings you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: optout
You may also generate blocking by setting an opt-out cookie. If you want to prevent the future collection of your data when you visit this website, please click here: Disable Google Analytics
Please note that all PayPal transactions are subject to the PayPal Privacy Policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Please note the following data protection regulations: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
(1) Purpose of data processing
This website uses technically necessary cookies. These are small text files that are stored in or by your Internet browser on your computer system. These cookies are employed, for example, when several products must be inserted in a shopping cart.
Other cookies remain stored permanently and recognize your browser on your next visit. These cookies are employed, for example, to store permanently your passwords for a customer account.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.
You have expressly given your consent to the use of cookies on our website as follows:
We use cookies to give you the best possible service. If you continue browsing, you agree to the use of cookies.
(3) Duration of Storage
The technically necessary cookies are usually deleted when the browser is closed. Permanently stored cookies remain stored from a few minutes to several years.
(4) Right of revocation
If you do not wish these cookies to be stored, please deactivate the use of cookies in your Internet browser. However, this may cause a functional limitation of our website.
Your consent to persistent cookies can be withdrawn at any time by deleting the cookies in your browser settings.
(1) Purpose of data processing
When registering for the newsletter, your e-mail address will be used for advertising purposes, i.e. the newsletter will inform you in particular about products from our product range. For statistical purposes we may evaluate which links are viewed in the newsletter. However, it is not recognizable for us, which concrete person has accessed the links. You have expressly given the following consent separately or, as the case may be, in the course of the ordering process: Subscribe
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.
(3) Recipient categories
if necessary: newsletter provider
(4) Duration of Storage
Your e-mail address will only be stored for the respective duration of your registration.
(5) Right of revocation
You may revoke your consent at any time with effect for the future. If you no longer wish to receive the newsletter, you may unsubscribe as follows: By a log-out link in the newsletter
If your personal data is processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards us, the controller:
1. Right to information
You may request us to provide information about your personal data processed by us under Article 15 of the GDPR.
2. Right to rectification
If your personal data provided to us is not up to date or not accurate you have the right to ask for modifications to your personal data under Article 16 of the GDPR. You also have the right to request us to complete an incomplete data.
3. Right to erasure
You have the right to have your personal data erased and ask for deletion of your data under Article 17 of the GDPR.
4. Right to restriction of processing
You have the right to restrict the processing your personal data under Article 18 of the GDPR.
5. Right to data portability
You have the right referred to in Article 20 of the GDPR to receive your personal data provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
6. Right to revoke the consent given under data protection law
You have the right referred to in paragraph 3 of Article 7 to withdraw your given consent based on the data protection provisions at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
7. Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data relating to you infringes the GDPR, you have the right referring to in Article 77 of the GDPR to complain to the supervisory authority against the processing of your personal data (in particular in the Member State of your habitual residence, place of work or place of the alleged infringement ).
Please also note your right of objection under Article 21 GDPR:
a) In general: reasonable objection required
If the processing of personal data concerning you takes place in order
- to perform our overriding legitimate interest (legal basis: Article 6 (1f) GDPR)
or
- to safeguard the public interest (legal basis: Article 6 (1e) GDPR),
you are entitled to object to the processing at any time for reasons arising from your particular situation; this also applies to profiling based on the provisions of the GDPR.
In the event of objection, we will no longer process the personal data concerning you unless we can prove compelling grounds for processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims;
b) Special case of direct marketing: simple objection is sufficient
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing and without stating reasons; this includes profiling to the extent that it is related to such direct marketing.
-
Check the product prices from a Collection page
-
Check the prices from a Product page
-
Add a product to the cart and check the prices from the Cart page
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.