We manage our website in accordance with the principles set out below:
We undertake to comply with the legal provisions on data protection and always endeavor to observe the principles of data avoidance and data minimization.
1. Name and address of the controller and the data protection officer
a) The controller
The controller, as defined by the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations, is
b) The data protection officer
The data protection officer of the controller is:
Phone: +49 931 250 61 16
3. Legal basis for the processing of personal dataWe process your personal data such as your first and last name, your e-mail address and IP address, etc. only if there is a legal basis for doing so. According to the General Data Protection Regulation, the following rules in particular are applicable:
- Art. 6 para. 1 sentence 1 lit. a) GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Art. 6 para. 1 sentence 1 lit. b) GDPR: The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Art. 6 para. 1 sentence 1 lit. c) GDPR: The processing is necessary for compliance with a legal obligation to which the controller is subject.
- Art. 6 para. 1 sentence 1 lit. d) GDPR: The processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- Art. 6 para. 1 sentence 1 lit. e) GDPR: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Art. 6 para. 1 sentence 1 lit. f) GDPR: The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
4. Disclosure of personal dataThe transfer of personal data is also considered a form of processing in the sense of the previous paragraph 3. However, we would like to inform you here again separately on the subject of disclosure to third parties. The protection of your personal data is very important to us. For this reason, we are especially careful when it comes to sharing your information with third parties.
Disclosure to third parties therefore only takes place if a legal basis for the processing exists. For example, we pass on personal data to persons or companies who work for us as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf for us—in particular in a direction and control relationship with us.
In accordance with the provisions of the GDPR, we conclude a contract with each of our processors in order to oblige them to comply with data protection regulations and thus ensure comprehensive protection of your data.
5. Storage period and erasureYour personal data will be erased by us provided that they are no longer necessary for the purposes for which they were collected or otherwise processed, processing is not necessary for the exercise of the right of freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
6. SSL encryptionThis site uses SSL encryption for security reasons and to provide protection for the transmission of confidential content, such as the inquiries you send to us as the operators of the site. An encrypted connection can be recognized by the browser’s address line changing from “http://” to “https://” and by the padlock icon appearing in your browser line.
When SSL encryption is enabled, the information you transfer to us cannot be read by third parties.
When cookies are used, a distinction is made between technically necessary cookies and “other” cookies. Technically necessary cookies are those that are absolutely necessary in order to provide an information society service explicitly requested by you.
a) Session cookies
In order to make the use of our offer more pleasant, we use so-called session cookies (e.g. language and font selection, shopping cart, etc.). These session cookies fall under the category of technically necessary cookies and are automatically deleted after leaving our site. The legal basis for the cookies ensues from Art. 6 para. 1 sentence 1 lit. c) GDPR, a legal permission.
b) Other cookies
Other cookies include cookies used for statistical, analysis, marketing and re-targeting purposes.
We use these cookies either because we have a legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR to improve and optimize our services for you or based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
When using cookies based on a legitimate interest, you can, of course, object at any time to their continued use in the future.
We hereby inform you that the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to the withdrawal.
8. Collection and storage of personal data as well as type and purpose of their use
a) When visiting the website
When you visit our website, the browser on your device automatically sends information to the server our website is hosted on. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- The browser used and, if applicable, the operating system of your computer as well as the name of your internet access provider
The data specified will be processed by us for the following purposes:
- To ensure a trouble-free connection to the website
- To assess system security and stability
- For other administrative purposes
Data that allow an inference to your identity, such as the IP address, will be deleted after 7 days at the latest. Should we store the data beyond this period, the data will be pseudonymized so that it is no longer possible to associate it with you.
The legal basis for the data processing is Article 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest comes from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
b) Contractual relationship
(1) Conclusion of contract
As part of the establishment of the contractual relationship, only personal data that are absolutely necessary for the performance of the contract will be processed in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.
If you provide additional optional details, these will only be processed on the basis of the consent you have given us in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR4. We use this optional information to provide customer-friendly service and to constantly improve it.
(2) Customer account
You have the option of creating a customer account with us. If you choose to create an account, in addition to your personal data for contract processing, other optional information as well as purchases you have made with us in the past will be stored and processed. You can access these at any time and thus get an overview of the purchases you have made with us. These data are used so that you can easily log in for your next purchase using your login data. This will also enable you to better manage your purchasing activities.
The legal basis is based on the consent given by you in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
You have the option of changing or deleting the data in your customer account at any time and can also delete the account in its entirety. If you make use of this option, your customer account along with all the data it contains will be deleted immediately.
(3) Transfer of data for shipping purposes
The data necessary for shipping our products (first and last name, address, e-mail address, telephone number if required due to the type of products being shipped) will be passed on to the appropriate shipping service provider for notification/coordination of shipping and delivery of the goods.
The legal basis for this transfer ensues from Art. 6 para. 1 sentence 1 lit. b) GDPR.
In this context, we will pass on your data to one of the following shipping service providers. They will provide you with additional information on the processing of your data:
DHL Paket GmbH, Sträßchensweg 10, Zip code/city: D-53113 Bonn, Phone: +49 228 18 20, E-mail: firstname.lastname@example.org; https://www.dhl.de/de/toolbar/footer/datenschutz.html
DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany, E-mail: email@example.com, Phone +49 6021 8430; https://www.dpd.com/de/siteutilities/data_protection
UPS Europa SA, Ave Ariane 5, Brussels, B-1200, Belgium https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page?
(4) Transfer of data when using online payment service providers
If you decide to pay using one of the online payment service providers we offer during the order process, your contact details will be transmitted to this service provider when said order is placed. The legal basis for this data transfer ensues from Art. 6 para. 1 sentence 1 lit. b) GDPR, for the execution of the method of payment chosen by you as well as our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f) GDPR to enable user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment service provider is usually first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as number of items, item number, invoice amount and taxes in percent, billing information, etc.
This transmission is necessary to process your order using the payment method you have chosen, in particular to confirm your identity, to administer your payment and the customer relationship.
Please note, however: Personal data may also be passed on by the online payment service provider to service providers, subcontractors or other affiliated companies if this is necessary to fulfill the contractual obligations arising from your order or if personal data are being processed under contract.
PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxeburg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
If you decide to pay by credit card, we shall collect and process your personal data and forward it to the organisation that issued the card for the processing of the payment and in order to fulfil legal requirements, for example for customer authentication in accordance with the EU Payment Services Directive PSD2. This relates to the following data: the exact content of the HTTP accept header, the IP address of the browser as specified in the HTTP header, the browser language, the bit depth of the colour range, the total screen height and width in pixels, the time zone shift in minutes between UTC and the local browser time of the cardholder, the exact content of the HTTP user-agent header.
That data is forwarded for the processing of the payment in accordance with Article 6(1) sentence 1 point b) GDPR, as well as for the fulfilment of our legal obligation to carry out strong customer authentication in accordance with Article 6(1) sentence 1 point c) GDPR in conjunction with Directive EU 2015/2366 (PSD 2)/the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG) for the purpose of combating money laundering and criminal prosecution.
The technical processing of the credit card payment is handled by Computop Wirtschaftsinformatik GmbH. Computop is a PCI DSS certified PSP and a leading service provider for secure payment transactions and has been commissioned to handle the technical control of payment transactions, including carrying out the 3D Secure 2.0 procedure in accordance with Article 28 GDPR. Further recipients of the data are the involved banks (on the one hand the bank that issued the card (the issuer) and on the other the merchant’s bank accepting the credit card (the acquirer).
Computop payment service provider
Computop Wirtschaftsinformatik GmbH, Schwarzenbergstraße 4, D-96050 Bamberg
c) E-mail contact
If you send us an e-mail using the e-mail address provided on our website, we will then store and process your e-mail address and the information you provided in the e-mail in accordance with Art. 6 para. 1 sentence 1 lit. b) and f) GDPR for the purpose of processing your message.
The inquiries and associated data will be erased at the latest 3 months7 after receipt, unless they are needed for another contractual relationship.
9. Analysis and tracking toolsWe use the analysis and tracking tools listed below on our website. They are used to ensure the continuous optimization of our website and to design it according to your needs.
We use these tools on the basis of the consent given by you in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You can withdraw your consent at any time by changing the cookie settings. Until withdrawal, processing remains lawful.
The data processing purposes and data categories can be found in each of the relevant tools.
a) Google Analytics
On our website we use Google Analytics, a web analysis service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”).
- Name and version of the browser used
- Operating system of your computer
- Website from which access takes place (referrer URL)
- IP address of the requesting computer
- Time of the request
will usually be transferred to and stored on a server in the USA.
Since we have enabled IP anonymization on this website, your IP address will be truncated beforehand by Google within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activities and to provide us with other services related to website and internet use. The IP address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.
The cookies are automatically deleted after 2 years.9
You may prevent the storage of cookies by selecting the appropriate settings in your browser. However, we would like to point out that in this case you may not be able to use all features of our website to their full extent.
You can also prevent the data related to your use of the website (including your IP address) generated by the cookies from being recorded by Google and Google’s processing of this data by downloading and installing the browser plugin from the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent your information from being collected by Google Analytics by clicking the link below.
b) Google Remarketing
We use the remarketing feature of Google Analytics to target advertising campaigns - including Google AdWords campaigns - to visitors to our website.
Based on your previous visits to our website, relevant advertisements are presented to you when you visit other websites in the Google Display Network.
The DoubleClick cookie enables Google to show ads to ourselves and other third parties based on the interests identified from your previous visits to our website and/or other websites. This advertising may be displayed on websites of Google and/or other operators of the Google advertising network. We also use the Google Analytics advertising features to analyze the effectiveness of our own advertising campaigns.
You can personalize your Google ad settings and opt out of interest-based ads from Google. In this case, the DoubleClick cookie ID (assigned individually for each cookie) is overwritten and can no longer be associated with a particular browser.
If you delete all cookies from your device, a new DoubleClick cookie may be placed. You may then need to renew your opt-out settings. You can permanently disable the DoubleClick cookie by downloading and installing the appropriate browser plugin here: http://www.google.com/settings/ads/plugin. You can disable the use of third-party cookies for the purpose of online advertising on the US website http://www.aboutads.info/choices/ or on the EU website http://www.youronlinechoices.com/.
If you have agreed in your Google account that Google may associate your web and app browsing history with your Google account and use information from your Google account to personalize ads, Google will use information about you along with Google Analytics data to create audience lists for cross-device remarketing. For this purpose, Google Analytics first collects Google-authenticated IDs for you as a user on our website, which are linked to your Google account. Google Analytics then temporarily links these IDs to Google Analytics data to optimize our target groups.
c) Google AdWords
On our website, we use an online advertising program from Google called Google AdWords (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Conversion tracking is also used here. With this tool, Google AdWords sets a cookie on your device when you come to our website via a Google advertisement.
The cookie is no longer valid after 30 days. It is not used to trace information back to an individual person. If you visit our website as a user and the cookie is still working, together with Google we will recognize that you have clicked on the corresponding advertisement and been forwarded to our site. Each Google AdWords customer is assigned a different cookie. Cookies are thus not traceable via the websites of AdWords customers.
Conversion statistics for AdWords customers are created with the data collected by conversion cookies. As Google AdWords customers, we learn the total number of users who responded to our ad and were then redirected to a web page that was tagged with a conversion tracking tag. During this process, we do not receive any information with which we could personally identify you as a user.
If you do not wish to participate in the tracking procedure, the Google conversion tracking cookie can be deactivated via your Internet browser.
10. Embedded video
Our website uses the YouTube plugin, which is maintained by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
If you activate the YouTube plugin during your visit, a connection to the YouTube servers will be established and the YouTube server will be told which of our pages you have visited. This allows YouTube to assign your browsing patterns directly to your personal profile. You can prevent this by logging out of your member account before visiting our website.
The legal basis ensues from the consent given by you in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
11. Rights of the data subjectYou have the following rights:
In accordance with Article 15 GDPR, you have the right to request information about your personal data processed by us. This right of access includes information on
- the purpose of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom your personal data have been or will be disclosed
- the envisaged storage period or at least the criteria used to determine that period
- the existence of the right to rectification, erasure, restriction of processing or objection
- the existence of the right to lodge a complaint with a supervisory authority
- the origin of your personal data, provided that they were not collected by us
- the existence of automated decision-making, including profiling, and, where appropriate, meaningful information on its details
In accordance with Art. 16 GDPR, you are entitled to the immediate correction of incorrect or incomplete personal data stored with us.
In accordance with Art. 17 GDPR, you have the right to request the immediate erasure of your personal data from us, unless further processing is necessary for one of the following reasons:
- your personal data are still necessary in relation to the purposes for which they were collected or otherwise processed
- for exercising the right of freedom of expression and information
- for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
- for reasons of public interest in the area of public health in accordance with Article 9 para. 2 lit. h) and i) as well as Article 9 para. 3 GDPR
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 para. 1 GDPR insofar as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
- for the establishment, exercise or defense of legal claims
d) Restriction of processing
In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:
- You contest the accuracy of your personal data
- Processing is unlawful and you oppose the erasure of the personal data
- We no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims
- You object to processing pursuant to Art. 21 para. 1 GDPR.
If you have requested the correction or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 para. 1 and Art. 18 GDPR, we will inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can demand that we inform you of these recipients.
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to request the transmission of this data to a third party, provided that the processing was carried out by means of automated procedures and is based on consent in accordance with Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) or on a contract in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.
In accordance with Article 7 para. 3 GDPR, you have the right to withdraw consent from us at any time. Withdrawing consent has no effect on the lawfulness of processing based on consent prior to its withdrawal. In the future, we may no longer continue data processing based on your withdrawn consent.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in violation of the GDPR.
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is to direct marketing. In the latter case, you have a general right to object, which we will implement without the particular situation having to be specified. If you wish to exercise your right to withdraw consent or to object, simply send an e-mail to firstname.lastname@example.org.
j) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
i) is necessary for entering into, or performance of, a contract between you and us
ii) is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
iii) is based on your explicit consent
However, these decisions may not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit a) or g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (i) and (iii), we take suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.