1. Access Data and Hosting
You can visit our websites without providing personal information. Each time a page is accessed, the web server automatically stores a server log file (e.g., name of the requested file, your IP address, date and time of access, amount of data transferred and the requesting provider). This data is evaluated solely to ensure trouble-free operation and to improve our offering (legitimate interests, Art. 6(1)(f) GDPR). All access data is deleted no later than seven days after your visit.
1.1 Hosting
Hosting/display services are partly provided by processors on our behalf. Unless otherwise stated, all access data and data entered in forms on this website are processed on their servers.
1.2 Content Delivery Network
To reduce loading times, we use a Content Delivery Network ("CDN") for some offerings. Content (e.g., large media files) is delivered via regionally distributed servers of external CDN providers. Access data is processed on the providers' servers. Our providers may use servers outside the EU/EEA; transfers rely on Standard Contractual Clauses and/or adequacy decisions.
2. Processing for Contract Fulfilment and Contact
2.1 Contract Fulfilment
For contract fulfilment (Art. 6(1)(b) GDPR), we collect personal data you provide during ordering. Mandatory fields are marked. After completion, data is restricted and deleted after statutory retention unless you consent to further use or we are legally permitted to continue processing.
2.2 Customer Account
With your consent (Art. 6(1)(a) GDPR), we open a customer account and store data for future orders. You can delete the account at any time.
2.3 Contact
To process enquiries (e.g., via form, live chat, email) we process data under Art. 6(1)(b) GDPR. After completion, we delete the data unless you consent to further use or we are legally permitted to continue processing.
Live Chat – Userlike
We use Userlike UG, Cologne, Germany, as processor to improve customer communication (Art. 6(1)(f) GDPR).
Live Chat – Zendesk
We use Zendesk, Inc., San Francisco, USA, as processor (Art. 6(1)(f) GDPR). International transfers rely on adequacy decisions and/or Standard Contractual Clauses.
Live Chat – WhatsApp
We use WhatsApp Ireland Limited (a Meta company) for customer communication (Art. 6(1)(f) GDPR). Phone numbers may be processed on Meta servers where customers have contacted us via WhatsApp. International transfers (e.g., USA/UK/Israel; partly Singapore) rely on adequacy decisions and/or Standard Contractual Clauses.
3. Processing for Shipping
To fulfil the contract (Art. 6(1)(b) GDPR), we transfer your data to shipping providers as necessary.
Announcement Emails by Carriers
With your consent (Art. 6(1)(a) GDPR), we forward your email address to the selected carrier so they can notify you before delivery. You can withdraw consent at any time.
Examples:
GLS Germany, Neuenstein — UPS Germany, Neuss — Hermes Germany, Hamburg — DHL Paket, Bonn — DPD Germany, Aschaffenburg.
4. Processing for Payments
We cooperate with technical service providers, banks and payment providers.
4.1 Transaction Processing
Depending on the payment method, we transfer necessary data to processors/banks/payment providers (Art. 6(1)(b) GDPR); some providers collect the required data themselves. Their privacy policies apply.
4.2 Fraud Prevention & Optimisation
Additional data may be processed by our processors for fraud prevention and process optimisation (e.g., invoicing, dispute handling, accounting) (Art. 6(1)(f) GDPR).
5. Marketing by Email and Post
5.1 Newsletter with Sign-Up & Tracking
With your consent (Art. 6(1)(a) GDPR) we send our newsletter. Unsubscribe anytime. With separate consent we analyse open/click rates using web beacons/trackers.
5.2 Newsletter without Sign-Up (Existing Customers) & Objection
Under Sec. 7(3) UWG we may email similar offers to existing customers (legitimate interests, Art. 6(1)(f) GDPR). You can object at any time.
5.3 Newsletter Delivery
Delivery/tracking may be carried out by processors.
5.4 Review Requests
With consent (Art. 6(1)(a) GDPR) we send review invitations, possibly via Trusted Shops; partly joint controllership.
5.5 Postal Advertising & Objection
We may use your name and postal address for direct mail (legitimate interests, Art. 6(1)(f) GDPR). You can object at any time.
6. Cookies and Further Technologies
General Information
We use necessary and — with consent — optional technologies (e.g., cookies) to provide functions, analyse usage and enable marketing. Necessary technologies do not require consent. You can withdraw consent at any time. See your browser’s cookie settings (Edge/Safari/Chrome/Firefox/Opera).
Subsequent Processing: For necessary functions (e.g., cart) we process IP, timestamps, device/browser info (Art. 6(1)(f) GDPR). Further purposes (consent management evidence, analytics, online marketing) are described below.
7. Use of Cookies and Other Technologies
Unless stated otherwise, the following third-party technologies are used based on your consent (Art. 6(1)(a) GDPR). After the purpose ceases, related data is deleted. You can withdraw consent at any time.
7.1 Adobe Services
Adobe Systems Software Ireland Ltd.; data may be transferred to Adobe Inc., USA. IP may be shortened/replaced. Transfers rely on adequacy decisions and/or Standard Contractual Clauses.
Adobe Fonts
Uniform rendering via the “Adobe Fonts” script; joint controllership under Art. 26 GDPR.
7.2 Google Services
Google Ireland Ltd.; data may be transferred to Google LLC, USA. See Google’s Privacy Policy. Transfers rely on adequacy decisions and/or Standard Contractual Clauses.
Google Analytics
Web analytics with pseudonymous profiles; IP stored in the EU for location derivation and deleted before forwarding. Optional User-ID, Google Signals and DoubleClick cookie. Without consent no cookies are set/read; only lightweight pings for modelling.
Google AdSense
Advertising space monetisation; DoubleClick cookie for interest-based ads.
Google Ads
Remarketing cookie for interest-based ads; Conversion Tracking for event measurement. Without consent no cookies; pings (User-Agent, consent info, screen resolution, IP, URL) may be sent for modelling.
Google Maps
IP/location data processed when using map functions.
Google reCAPTCHA
Protection against abuse/spam via JS and cookies; other Google cookies may be evaluated. No reading of form contents.
Google Fonts
Script loads fonts; transmits IP/technical data to Google.
Google Tag Manager
Manages codes/services; personal data may be processed; processor agreement with Google.
YouTube Video Plugin
In enhanced privacy mode, data is collected only when you play a video.
8. Microsoft Services
Microsoft Ireland Operations Ltd.; transfers to Microsoft Corp., USA. Transfers rely on adequacy decisions and/or Standard Contractual Clauses.
Microsoft Advertising
Remarketing cookie for interest-based ads across Bing/Yahoo/MSN and partner sites.
9. Facebook (Meta) Services
Facebook Pixel
Collection of usage data and advanced matching (hashed) to form audiences and deliver personalised/group-based ads; storage on Meta servers (incl. USA). International transfers based on adequacy decisions/Standard Contractual Clauses.
Facebook Ads (Ads Manager)
Group-based ads (Custom Audiences) based on pixel statistics; partly joint controllership with Meta (collection/transfer stage).
10. Trusted Shops Trustbadge / Other Widgets
10.1 Embedding
Trusted Shops widgets (e.g., trustmark, reviews) are embedded with your consent (Art. 6(1)(a) GDPR). Trustbadge via US CDN; adequacy decision/DPF or Standard Contractual Clauses. Server log file with IP (immediately anonymised) for statistics/error analysis.
10.2 After Order Completion
With consent, the trustbadge accesses order info and your email stored on your device, hashes the email and transmits it with order data to Trusted Shops (Art. 6(1)(a) GDPR) to check/offer services (e.g., Buyer Protection, review invites). Hosting/monitoring/logging may occur in third countries (USA/UK/Israel) under adequacy decisions/DPF or Standard Contractual Clauses.
11. Social Media
11.1 Social Buttons
Implemented as HTML links; a connection to the provider is only established when you click.
11.2 Our Online Presences
When visiting our profiles, platform operators may process data for market research/advertising (consent to the operator may apply). Details and opt-outs are available in each provider’s privacy notices (Facebook/Instagram/YouTube/Pinterest/LinkedIn/Xing/X). In some cases there is joint controllership (e.g., Facebook/Instagram Insights) under Art. 26 GDPR.
12. Contact Options and Your Rights
12.1 Your Rights
You have the rights under Arts. 15–20, 77 GDPR (access, rectification, erasure, restriction, portability, complaint).
Right to Object Where we process data based on legitimate interests, you may object to such processing with effect for the future. If processing is for direct marketing, you may object at any time. |
12.2 Contact
If you have questions regarding collection, processing or use of your personal data, or to exercise your rights, please contact us using the details in our Imprint.