Privacy Policy

Privacy Policy of Bidabadi GmbH: controller, access data, hosting/CDN, contract processing, shipping, payments, marketing, cookies/technologies (Adobe, Google, Microsoft, Meta), Trusted Shops, social media, and your rights.

Rugeast Cover

Privacy Policy

Controller responsible for data processing:

Bidabadi GmbH

Brook, 9

20457 Hamburg

Email: [email protected]

Phone: 49(0)4036090707

We are pleased that you are interested in our online shop. Protecting your privacy is very important to us. Below we inform you in detail about how we handle your data.

1. Access Data and Hosting

You can visit our websites without providing personal information. Each time a page is accessed, the web server automatically stores a server log file (e.g., name of the requested file, your IP address, date and time of access, amount of data transferred and the requesting provider). This data is evaluated solely to ensure trouble-free operation and to improve our offering (legitimate interests, Art. 6(1)(f) GDPR). All access data is deleted no later than seven days after your visit.

1.1 Hosting

Hosting/display services are partly provided by processors on our behalf. Unless otherwise stated, all access data and data entered in forms on this website are processed on their servers.

1.2 Content Delivery Network

To reduce loading times, we use a Content Delivery Network ("CDN") for some offerings. Content (e.g., large media files) is delivered via regionally distributed servers of external CDN providers. Access data is processed on the providers' servers. Our providers may use servers outside the EU/EEA; transfers rely on Standard Contractual Clauses and/or adequacy decisions.

2. Processing for Contract Fulfilment and Contact

2.1 Contract Fulfilment

For contract fulfilment (Art. 6(1)(b) GDPR), we collect personal data you provide during ordering. Mandatory fields are marked. After completion, data is restricted and deleted after statutory retention unless you consent to further use or we are legally permitted to continue processing.

2.2 Customer Account

With your consent (Art. 6(1)(a) GDPR), we open a customer account and store data for future orders. You can delete the account at any time.

2.3 Contact

To process enquiries (e.g., via form, live chat, email) we process data under Art. 6(1)(b) GDPR. After completion, we delete the data unless you consent to further use or we are legally permitted to continue processing.

Live Chat – Userlike

We use Userlike UG, Cologne, Germany, as processor to improve customer communication (Art. 6(1)(f) GDPR).

Live Chat – Zendesk

We use Zendesk, Inc., San Francisco, USA, as processor (Art. 6(1)(f) GDPR). International transfers rely on adequacy decisions and/or Standard Contractual Clauses.

Live Chat – WhatsApp

We use WhatsApp Ireland Limited (a Meta company) for customer communication (Art. 6(1)(f) GDPR). Phone numbers may be processed on Meta servers where customers have contacted us via WhatsApp. International transfers (e.g., USA/UK/Israel; partly Singapore) rely on adequacy decisions and/or Standard Contractual Clauses.

3. Processing for Shipping

To fulfil the contract (Art. 6(1)(b) GDPR), we transfer your data to shipping providers as necessary.

Announcement Emails by Carriers

With your consent (Art. 6(1)(a) GDPR), we forward your email address to the selected carrier so they can notify you before delivery. You can withdraw consent at any time.

Examples:
GLS Germany, Neuenstein — UPS Germany, Neuss — Hermes Germany, Hamburg — DHL Paket, Bonn — DPD Germany, Aschaffenburg.

4. Processing for Payments

We cooperate with technical service providers, banks and payment providers.

4.1 Transaction Processing

Depending on the payment method, we transfer necessary data to processors/banks/payment providers (Art. 6(1)(b) GDPR); some providers collect the required data themselves. Their privacy policies apply.

4.2 Fraud Prevention & Optimisation

Additional data may be processed by our processors for fraud prevention and process optimisation (e.g., invoicing, dispute handling, accounting) (Art. 6(1)(f) GDPR).

5. Marketing by Email and Post

5.1 Newsletter with Sign-Up & Tracking

With your consent (Art. 6(1)(a) GDPR) we send our newsletter. Unsubscribe anytime. With separate consent we analyse open/click rates using web beacons/trackers.

5.2 Newsletter without Sign-Up (Existing Customers) & Objection

Under Sec. 7(3) UWG we may email similar offers to existing customers (legitimate interests, Art. 6(1)(f) GDPR). You can object at any time.

5.3 Newsletter Delivery

Delivery/tracking may be carried out by processors.

5.4 Review Requests

With consent (Art. 6(1)(a) GDPR) we send review invitations, possibly via Trusted Shops; partly joint controllership.

5.5 Postal Advertising & Objection

We may use your name and postal address for direct mail (legitimate interests, Art. 6(1)(f) GDPR). You can object at any time.

6. Cookies and Further Technologies

General Information

We use necessary and — with consent — optional technologies (e.g., cookies) to provide functions, analyse usage and enable marketing. Necessary technologies do not require consent. You can withdraw consent at any time. See your browser’s cookie settings (Edge/Safari/Chrome/Firefox/Opera).

Subsequent Processing: For necessary functions (e.g., cart) we process IP, timestamps, device/browser info (Art. 6(1)(f) GDPR). Further purposes (consent management evidence, analytics, online marketing) are described below.

7. Use of Cookies and Other Technologies

Unless stated otherwise, the following third-party technologies are used based on your consent (Art. 6(1)(a) GDPR). After the purpose ceases, related data is deleted. You can withdraw consent at any time.

7.1 Adobe Services

Adobe Systems Software Ireland Ltd.; data may be transferred to Adobe Inc., USA. IP may be shortened/replaced. Transfers rely on adequacy decisions and/or Standard Contractual Clauses.

Adobe Fonts

Uniform rendering via the “Adobe Fonts” script; joint controllership under Art. 26 GDPR.

7.2 Google Services

Google Ireland Ltd.; data may be transferred to Google LLC, USA. See Google’s Privacy Policy. Transfers rely on adequacy decisions and/or Standard Contractual Clauses.

Google Analytics

Web analytics with pseudonymous profiles; IP stored in the EU for location derivation and deleted before forwarding. Optional User-ID, Google Signals and DoubleClick cookie. Without consent no cookies are set/read; only lightweight pings for modelling.

Google AdSense

Advertising space monetisation; DoubleClick cookie for interest-based ads.

Remarketing cookie for interest-based ads; Conversion Tracking for event measurement. Without consent no cookies; pings (User-Agent, consent info, screen resolution, IP, URL) may be sent for modelling.

Google Maps

IP/location data processed when using map functions.

Google reCAPTCHA

Protection against abuse/spam via JS and cookies; other Google cookies may be evaluated. No reading of form contents.

Google Fonts

Script loads fonts; transmits IP/technical data to Google.

Google Tag Manager

Manages codes/services; personal data may be processed; processor agreement with Google.

YouTube Video Plugin

In enhanced privacy mode, data is collected only when you play a video.

8. Microsoft Services

Microsoft Ireland Operations Ltd.; transfers to Microsoft Corp., USA. Transfers rely on adequacy decisions and/or Standard Contractual Clauses.

Microsoft Advertising

Remarketing cookie for interest-based ads across Bing/Yahoo/MSN and partner sites.

9. Facebook (Meta) Services

Facebook Pixel

Collection of usage data and advanced matching (hashed) to form audiences and deliver personalised/group-based ads; storage on Meta servers (incl. USA). International transfers based on adequacy decisions/Standard Contractual Clauses.

Facebook Ads (Ads Manager)

Group-based ads (Custom Audiences) based on pixel statistics; partly joint controllership with Meta (collection/transfer stage).

10. Trusted Shops Trustbadge / Other Widgets

10.1 Embedding

Trusted Shops widgets (e.g., trustmark, reviews) are embedded with your consent (Art. 6(1)(a) GDPR). Trustbadge via US CDN; adequacy decision/DPF or Standard Contractual Clauses. Server log file with IP (immediately anonymised) for statistics/error analysis.

10.2 After Order Completion

With consent, the trustbadge accesses order info and your email stored on your device, hashes the email and transmits it with order data to Trusted Shops (Art. 6(1)(a) GDPR) to check/offer services (e.g., Buyer Protection, review invites). Hosting/monitoring/logging may occur in third countries (USA/UK/Israel) under adequacy decisions/DPF or Standard Contractual Clauses.

11. Social Media

11.1 Social Buttons

Implemented as HTML links; a connection to the provider is only established when you click.

11.2 Our Online Presences

When visiting our profiles, platform operators may process data for market research/advertising (consent to the operator may apply). Details and opt-outs are available in each provider’s privacy notices (Facebook/Instagram/YouTube/Pinterest/LinkedIn/Xing/X). In some cases there is joint controllership (e.g., Facebook/Instagram Insights) under Art. 26 GDPR.

12. Contact Options and Your Rights

12.1 Your Rights

You have the rights under Arts. 15–20, 77 GDPR (access, rectification, erasure, restriction, portability, complaint).

Right to Object

Where we process data based on legitimate interests, you may object to such processing with effect for the future. If processing is for direct marketing, you may object at any time.

12.2 Contact

If you have questions regarding collection, processing or use of your personal data, or to exercise your rights, please contact us using the details in our Imprint.

Worried about maintaining your carpet?

Use the frequently asked questions and don't forget that our consultants are always at your service