Privacy policy
Privacy Policy
- Information about the collection of personal data and contact details of the controller
- Data collection when visiting our website
- Contacting us
- Cookies
- Data processing for order fulfilment
- Data processing when opening a customer account and for contract performance
- Use of your data for direct marketing
- Use of social media: Video
- Online marketing
- Web analytics services
- Use of a live chat system
- Tools and other items
- Rights of the data subject
- Duration of storage of personal data
- Use of the withdrawal button
1. Information about the collection of personal data and contact details of the controller
1.1. Thank you for visiting our website. In the following, we would like to inform you about how we handle your personal data when you use our website. Personal data is any data by which you can be personally identified.
1.2. The controller responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Weßling & Budde Rasenspecht GbR / Christian Weßling & Melanie Budde-Weßling Hafenstr. 9-13 49565 Bramsche Germany Tel.: +49 5461 9080211 E-mail: shop@rasenspecht.de
1.3. To protect the security of your data during transmission, we use encryption methods (e.g. SSL or TLS) that correspond to the current state of the art, via HTTPS.
2. Data collection when visiting our website
Each time our website is accessed, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Source/referrer from which you reached the page
- Operating system used
- Browser used
- IP address used (where applicable, in anonymised form)
The legal basis for the processing is Art. 6(1)(f) GDPR, based on our legitimate interest in improving the stability and maintaining the functionality of our website. The data is not passed on or used in any other way. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
We reserve the right to subsequently review the server log files if there are concrete indications of unlawful use. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended. In the case of data stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or altered so that it is no longer possible to assign the calling client. The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no possibility to object.
3. Contacting us
When you contact us via the contact form, the data entered in the input mask is transmitted to us and stored. The data collected can be seen from the respective input mask. When contacting us by e-mail, only the data you enter there is transmitted to us. The data is used exclusively for processing the conversation and your request. The legal basis for processing the data is Art. 6(1)(a) GDPR where the user has given consent. The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and provided that there are no statutory retention obligations to the contrary. For the personal data from the input mask of the contact form and the data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be concluded from the circumstances that the matter in question has been conclusively clarified. The user can withdraw their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
3.1. WhatsApp Business
Visitors to our website have the option of communicating with us via WhatsApp (a service of Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA). We use the so-called "Business version" of WhatsApp. If you contact us via WhatsApp in connection with a specific contract, we store and use the mobile phone number you use with WhatsApp and, if published and/or transmitted, your first and last name (Art. 6(1)(b) GDPR) for the purpose of processing your request. Where applicable, you will be asked to provide further data if this is necessary to process your request (Art. 6(1)(b) GDPR).
If contact via WhatsApp Business is used for general enquiries that do not relate to a specific contract, we store and use the mobile phone number you use with WhatsApp and, if published and/or provided, your first and last name (pursuant to Art. 6(1)(f) GDPR) for the purpose of processing your request. Our legitimate interest here lies in responding promptly to questions from our customers or prospective customers. The data is not passed on to third parties. WhatsApp Business is granted access to the address book of the mobile device used for this purpose. Phone numbers stored there are automatically transferred to a Facebook server in the USA. The mobile device we use for WhatsApp Business only contains the WhatsApp contact details of those users who have already contacted us via WhatsApp.
For data transfers from the European Economic Area to the USA, WhatsApp relies on the EU Commission's standard contractual clauses. For further details on how WhatsApp handles data, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
4. Cookies
Our website uses cookies.
Cookies are text files that are stored on the user's device. When a user accesses a website, a cookie may be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. The above purposes also constitute our legitimate interest in processing the personal data pursuant to Art. 6(1)(f) GDPR.
In addition, our website may use cookies that allow an analysis of the user's browsing behaviour (so-called third-party cookies). More detailed information on scope, purpose, legal basis and options to object can be found in the respective sections of the respective chapter of this privacy policy.
As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website, it may no longer be possible to use all functions of the website to their full extent. You can prevent the transmission of Flash cookies by changing the settings of the Flash Player.
You can find help on the settings in the respective help menu of your browser or under the following links: Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647 Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted again after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.
5. Data processing for order fulfilment
5.1. If you wish to place an order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we require to process your order. We process the data you provide to process your order.
In some cases, we work with external service providers to process your order. For this purpose, we must pass on the necessary personal data.
If we commission transport companies to deliver your goods, we pass on the data required for delivery of the goods to the respective transport company. For payment processing, we pass on your data to the commissioned credit institution to the extent necessary. If we use payment service providers, you will also be informed of this below. The legal basis for passing on your data is Art. 6(1)(b) GDPR.
5.2. To fulfil our contractual obligations, we work with external shipping partners. We pass on your name and your delivery address (and, where necessary, further data) exclusively for the purpose of delivering the ordered goods pursuant to Art. 6(1)(b) GDPR to a shipping partner selected by us.
5.3. Disclosure of your personal data to shipping service providers
DHL
If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we pass on only the recipient's name and the delivery address to DHL for the purpose of delivery and to the extent necessary pursuant to Art. 6(1)(b) GDPR. Only if you have given your express consent during the order process do we pass on your e-mail address to DHL pursuant to Art. 6(1)(a) GDPR prior to delivery of the goods, for the purpose of arranging a delivery date or for delivery notification. Your consent can be withdrawn at any time with effect for the future, either vis-a-vis the controller named above or vis-a-vis the transport service provider DHL.
DPD
If the goods are delivered to you by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we pass on only the recipient's name and the delivery address to DPD for the purpose of delivery and to the extent necessary pursuant to Art. 6(1)(b) GDPR. Only if you have given your express consent during the order process do we pass on your e-mail address to DPD pursuant to Art. 6(1)(a) GDPR prior to delivery of the goods, for the purpose of arranging a delivery date or for delivery notification. Your consent can be withdrawn at any time with effect for the future, either vis-a-vis the controller named above or vis-a-vis the transport service provider DPD.
GLS
If the goods are delivered to you by the transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1-7, 36286 Neuenstein), we pass on only the recipient's name and the delivery address to GLS for the purpose of delivery and to the extent necessary pursuant to Art. 6(1)(b) GDPR. Only if you have given your express consent during the order process do we pass on your e-mail address to GLS pursuant to Art. 6(1)(a) GDPR prior to delivery of the goods, for the purpose of arranging a delivery date or for delivery notification. Your consent can be withdrawn at any time with effect for the future, either vis-a-vis the controller named above or vis-a-vis the transport service provider GLS.
Hermes
If the goods are delivered to you by the transport service provider Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg), we pass on only the recipient's name and the delivery address to Hermes for the purpose of delivery and to the extent necessary pursuant to Art. 6(1)(b) GDPR. Only if you have given your express consent during the order process do we pass on your e-mail address to Hermes pursuant to Art. 6(1)(a) GDPR prior to delivery of the goods, for the purpose of arranging a delivery date or for delivery notification. Your consent can be withdrawn at any time with effect for the future, either vis-a-vis the controller named above or vis-a-vis the transport service provider Hermes.
UPS
If the goods are delivered to you by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we pass on only the recipient's name and the delivery address to UPS for the purpose of delivery and to the extent necessary pursuant to Art. 6(1)(b) GDPR. Only if you have given your express consent during the order process do we pass on your e-mail address to UPS pursuant to Art. 6(1)(a) GDPR prior to delivery of the goods, for the purpose of arranging a delivery date or for delivery notification. Your consent can be withdrawn at any time with effect for the future, either vis-a-vis the controller named above or vis-a-vis the transport service provider UPS.
5.4. Use of payment service providers
5.5. Apple Pay
If you select the "Apple Pay" payment method (a service of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), payment is processed via the "Apple Pay" function of your device running iOS, watchOS or macOS, by charging a payment card you have stored with "Apple Pay".
Your transaction is protected by the security functions of your device's hardware and software. To authorise a payment, it must be approved by entering a code and verifying it using the "Face ID" or "Touch ID" function of your device.
The information you provide during the order process, together with the information about your order, is transmitted to Apple in encrypted form for the purpose of payment processing. This data is then re-encrypted by Apple and transmitted to the payment service provider of the payment card stored in Apple Pay in order to carry out the payment. The encryption ensures that only the website on which the order was placed can access the payment data.
After payment, Apple sends the device account number and a transaction-specific, dynamic security code to the shop website in order to confirm the payment. Personal data may be processed during the operations described. In that case, this is done for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
When using Apple Pay on the iPhone or Apple Watch to complete a purchase that you made via Safari on the Mac, the Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple may process or store data in the process. However, this is done in a format that does not allow you to be identified.
Information on data protection at Apple Pay can be found here: https://support.apple.com/de-de/HT203027
5.6. bancontact
When paying via "bancontact" through the PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
You can find more detailed information on the PayPal Checkout in the corresponding passage below.
5.7. blik
When paying via "blik" through the PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
You can find more detailed information on the PayPal Checkout in the corresponding passage below.
5.8. Google Pay
If you select the "Google Pay" payment method (a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), payment processing is facilitated via the "Google Pay" application on your mobile device running Android (at least 4.4 "KitKat") and equipped with an NFC function. Payment is made via one of your payment cards stored with Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment of more than 25 euros via Google Pay, you must first unlock your mobile device. The information you provide during the order is passed on to Google for the purpose of payment processing. Google generates a uniquely assigned transaction number that is transmitted to the order website in order to verify the payment. This transaction number is merely a numerical token that contains no information about your data. The actual transaction is carried out between the user and the order website by charging the payment method stored with Google Pay. Personal data may be processed during the operations described. In that case, processing is carried out for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
The terms of use of Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de Further information on data protection at Google Pay can be found at the following internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de Further information on data protection at Google can be found here: https://business.safety.google/privacy/
5.9. mybank
When paying via "mybank" through the PayPal Checkout, payment is processed by the payment service provider PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
You can find more detailed information on the PayPal Checkout in the corresponding passage below.
PayPal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or, where offered, "purchase on account" or "instalment payment" via PayPal, payment is processed by PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). We pass on your personal data to PayPal pursuant to Art. 6(1)(b) GDPR to the extent necessary. For the payment methods credit card via PayPal, direct debit via PayPal or, where offered, "purchase on account" or "instalment payment" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6(1)(f) GDPR, based on PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things but not exclusively, is included in the calculation of the score values. Which further data is collected by PayPal can be found in PayPal's respective privacy policy. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
5.10. PayPal Checkout
We use the PayPal Checkout on this website (PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal")).
PayPal Checkout is an online payment solution from PayPal that serves both the PayPal payment methods and local payment methods from third-party providers.
If you select (where offered in each case) the payment methods PayPal, credit card via PayPal, direct debit via PayPal or "pay later" via PayPal, we pass on your necessary payment data to PayPal for the purpose of payment processing. This disclosure is permitted pursuant to Art. 6(1)(b) GDPR.
For the payment methods credit card via PayPal, direct debit via PayPal or "pay later" via PayPal, PayPal reserves the right to carry out a credit check in each case. For this purpose, PayPal passes on your necessary payment data to credit agencies where applicable. The processing is carried out on the legal basis of Art. 6(1)(f) GDPR. PayPal has a legitimate interest in determining your solvency. You can object to this processing of your data at any time by sending a message to PayPal, although further processing of your personal data by PayPal may still be permitted insofar as this is necessary for contractual payment processing.
If you select the payment method PayPal purchase on account, we transmit your payment data pursuant to Art. 6(1)(b) GDPR initially to PayPal. PayPal then forwards your data to Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin, in order to carry out the payment. RatePay then carries out an identity and credit check in its own name. The legal basis for this is Art. 6(1)(f) GDPR, the legitimate interest in determining solvency. For this purpose, RatePay passes on your payment data to credit agencies pursuant to Art. 6(1)(f) GDPR.
RatePay can access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/
If you select the payment method of a local third-party provider, we initially pass on your payment data to PayPal pursuant to Art. 6(1)(b) GDPR. PayPal then forwards your payment data to carry out the payment (Art. 6(1)(b) GDPR) to the provider you have selected:
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
Further information can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
5.11. Riverty
When paying with a Riverty payment method (Riverty GmbH, Gütersloher Str. 123, DE-33415 Verl, Germany, hereinafter "Riverty"), we transmit your data (content of your order, name, address, date of birth where applicable, e-mail address, bank and payment card information where applicable, currency and transaction number) as well as information on the items you have ordered to Riverty.
The disclosure is made on the basis of Art. 6(1)(b) GDPR for the purpose of payment processing and only insofar as it is necessary for this.
For payment methods in which we make advance performance (purchase on account or instalment purchase or direct debit), we pass on your data to Riverty pursuant to Art. 6(1)(f) GDPR for the purpose of a credit check. Our legitimate interest lies in determining your solvency.
On this basis, Riverty can carry out a credit check and decide whether the Riverty payment method is available as a payment method for your order.
For its decision-making, Riverty may also use identity and credit information from the following credit agency pursuant to Art. 6(1)(f) GDPR:
- Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden
The credit report may contain probability values (so-called score values). Where score values influence the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things but not exclusively, is included in the calculation of the score values.
You have a right to object to this processing of your data, which you can communicate to us or to Riverty by message. In that case, however, the requested granting of the payment method can no longer take place.
Further information on data processing by Riverty can be found at the following link: http://documents.riverty.com/privacy_statement/checkout/de_de/
Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment is processed via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we pass on the information you provide during the order process together with the information about your order (name, address, account number, bank sort code, credit card number where applicable, invoice amount, currency and transaction number) pursuant to Art. 6(1)(b) GDPR. Your data is passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. More detailed information on data protection at Shopify Payments can be found at the following internet address: https://www.shopify.com/legal/privacy Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
6. Data processing when opening a customer account and for contract performance
When you open a customer account with us, personal data is collected and processed pursuant to Art. 6(1)(b) GDPR. The scope of the data can be seen from the input form. The data you enter is stored and used by us for contract performance. You can delete your customer account at any time. This can be done by sending a message to the address of the controller or, where offered, directly in the customer account. In that case, we will also block your data with regard to the retention periods under tax and commercial law and delete it after these periods have expired. This can only be prevented by your consent to permanent storage or by a further use of data permitted by law on our part.
7. Use of your data for direct marketing
7.1. Newsletter
On our website you have the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your e-mail address. If you make further voluntary entries, these are used only for personal address.
The legal basis for processing your data after registration for the newsletter is Art. 6(1)(a) GDPR where the user has given consent. We obtain this by sending you a confirmation e-mail after registration for the newsletter, which contains a confirmation link. When you click this link, you give your consent to receive the newsletter. When you submit your registration for the newsletter, we store your IP address as well as the date and time of registration. This storage serves to enable any misuse of your e-mail address to be traced.
We use the data collected when you register for the newsletter exclusively for the purpose of sending the newsletter.
You can cancel your subscription to the newsletter at any time. For this purpose, a corresponding link can be found in every newsletter. This also enables a withdrawal of consent to the storage of the personal data collected during the registration process.
7.2. Newsletter dispatch via Klaviyo
We send our e-mail newsletter via the technical service provider "Klaviyo" (Klaviyo Inc.; 225 Franklin St, Boston, MA 02110, USA). We pass on the data you provide when registering for the newsletter to Klaviyo. Klaviyo uses this information to send the newsletter on our behalf. The data is neither used by Klaviyo itself nor passed on to third parties. This processing is carried out pursuant to Art. 6(1)(a) GDPR with your consent. We have a data processing agreement ("Data Processing Agreement") with Klaviyo, in which Klaviyo undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and in particular not to pass it on to third parties. Klaviyo is also certified under the US-European data protection agreement "EU-U.S. Data Privacy Framework", which guarantees compliance with the level of data protection applicable in the EU. You can view Klaviyo's data protection provisions here: https://www.klaviyo.com/privacy
Note for your review: In the German source, this section cites Art. 6(1)(f) GDPR together with "with your consent", which is contradictory. For a double-opt-in newsletter, consent (Art. 6(1)(a) GDPR) is the correct basis. I have rendered it as Art. 6(1)(a) GDPR here. Please confirm against the Protected Shops version.
8. Use of social media: Video
Use of YouTube videos
On this website we use the YouTube embedding function to display and play videos from the provider "YouTube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use the extended data protection mode, which, according to the provider, only triggers the storage of user information when the video(s) are played. When you start playing embedded YouTube videos, the provider "YouTube" uses cookies to collect information about your user behaviour. According to "YouTube", these serve, among other things, to record video statistics, improve user-friendliness and prevent abusive behaviour. If you are logged in to Google at the time, your data is assigned directly to your account.
If you do not want the association with your profile at YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular pursuant to Art. 6(1)(a) GDPR on the basis of your express consent.
You have a right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Regardless of whether the embedded videos are played, a connection to the Google network "DoubleClick" is established each time this website is accessed, which may trigger further data processing operations beyond our control.
Data may also be transmitted to the servers of Google LLC in the USA. Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://policies.google.com/privacy?hl=de Settings for personalised advertising are possible at: https://adssettings.google.com/authenticated
Google LLC, based in the USA, is certified under the US-European data protection agreement "EU-U.S. Data Privacy Framework", which guarantees compliance with the level of data protection applicable in the EU. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/
9. Online marketing
Use of Google Ads conversion tracking
This website uses the online advertising programme "Google Ads" and, within the framework of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
In this process, advertising media (so-called Google AdWords) are used to advertise our offers on external websites. Our legitimate interest lies in displaying advertising that is interesting for you and in achieving a fair calculation of advertising costs. The legal basis is Art. 6(1)(f) GDPR.
Google Ads uses cookies for conversion tracking, which are set when you click on a Google AdWords advertisement.
These cookies generally lose their validity after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of Ads customers.
The information obtained in this way is used to create conversion statistics for Ads customers regarding the total number of users who clicked on their advertisement and were redirected to a page provided with a conversion tracking tag.
You cannot be personally identified by this. If you want to prevent tracking, you can deactivate the Google conversion tracking cookie via your internet browser under user settings.
Google LLC, based in the USA, is certified under the US-European data protection agreement "EU-U.S. Data Privacy Framework", which guarantees compliance with the level of data protection applicable in the EU. At the following internet address you will receive further information about Google's data protection provisions: http://www.google.de/policies/privacy/ Further information on data protection at Google can be found here: https://business.safety.google/privacy/ You can permanently deactivate the conversion cookies by setting your browser accordingly, or download and install the browser plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=de
In that case, certain functions of this website may not be available or may only be available to a limited extent.
Further information on data protection at Google can be found here: https://business.safety.google/privacy/
10. Web analytics services
10.1. Google Analytics 4
On our website we use Google Analytics 4, a web analytics service of Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter "GA4").
Google Analytics uses "cookies". These are small text files that are stored on your device and that enable an analysis of your use of the website. The information generated in this way about your use of this website (including the shortened IP address) is transmitted to a Google server and stored and further processed there, whereby a transfer to the USA is possible. The IP addresses are anonymised by default. For IPv4 addresses, the last octet, and for IPv6 addresses the last 80 bits, are set to zero in memory and thus "anonymised". A personal reference is excluded. A transfer to servers of Google LLC, based in the USA, is not excluded.
During your visit to the website, GA4 records your user behaviour in the form of "events", such as: page views, first visit to the website, start of the session, your "click path", interaction with the website, scrolls, clicks on external links, internal searches, interaction with videos, file downloads, advertisements seen / clicked, language setting. In addition, GA4 records your approximate location (region), your IP address (in anonymised form), technical information on your browser and the devices you use (e.g. language setting, screen resolution), your internet provider, and the referrer URL (which website / which advertising medium you used to reach this website).
On our behalf, Google uses this information to evaluate your use of the website, to compile reports on website activities and to provide us with further services associated with website use and internet use. The anonymised IP address collected in this context is not merged with other data from Google.
The data collected in this context is stored for fourteen months.
The legal basis for the data processing described here and for the setting of cookies is your express consent pursuant to Art. 6(1)(a) GDPR. This consent can be withdrawn at any time with effect for the future, for example by deactivating this Google service via the cookie consent tool in which you have already given your consent.
Without your consent, Google Analytics 4 is not used during your visit to the site. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "cookie consent tool" provided on the website.
Google LLC, based in the USA, is certified under the US-European data protection agreement "EU-U.S. Data Privacy Framework", which guarantees compliance with the level of data protection applicable in the EU. We have also concluded a data processing agreement with Google. Further information on data protection by Google Analytics 4 can be found on the following websites: https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy?hl=de&gl=de
Demographic characteristics The "demographic characteristics" function of GA4 can create statistics that allow statements to be made about the age, gender and interests of site visitors. For this purpose, advertising and information from third-party providers are analysed and target groups for certain marketing activities are identified. However, no personal assignment of data takes place. The data is deleted after fourteen months.
UserIDs
If we use the extended "UserIDs" function, your activities (including conversions) can be analysed across devices. In this case, the analysis is not pseudonymous. This is possible provided that you have given your consent to the use of Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, that you have set up an account on this website, and that you log in to this account on different devices.
Google Signals
If we use the "Google Signals" extension, we can have cross-device reports compiled on your usage behaviour. However, we only receive statistics and no personal data. This analysis is only possible if you have activated personalised advertising in your Google account and have linked your devices to a Google account. Your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR must also be present. The cross-device analysis can be prevented by deactivating the "personalised advertising" function in your Google account. Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=de Further information on data protection at Google can be found here: https://business.safety.google/privacy/
10.2. Shopify Analytics
We use the web analytics service of Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).
To protect our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes, pseudonymised visitor data is collected, evaluated and stored by Shopify, from which pseudonymised usage profiles can be created and evaluated. Shopify uses cookies to recognise the browser and thus enable a more precise determination of the statistical data. Your IP address is also collected, but pseudonymised immediately after collection and before storage, so that a personal reference is excluded.
The legal basis is Art. 6(1)(f) GDPR.
Shopify does not link your IP address with other data from Shopify.
To object to the data collection and creation of pseudonymised user profiles and the setting of cookies for the future, you can generally deactivate the use of cookies on your computer by setting your internet browser so that no more cookies can be stored on your computer in future or so that cookies already stored are deleted. However, switching off all cookies may result in some functions on our websites no longer being fully usable.
Shopify's data protection guidelines can also be found at: https://www.shopify.de/legal/datenschutz
11. Use of a live chat system
Shopify Chat
On this website we use the live chat system of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
In this process, anonymised data is collected and stored for the purpose of web analysis and for operating the live chat system to answer live support requests. From this anonymised data, usage profiles can be created under a pseudonym. Cookies can also be used for this purpose. These cookies enable the internet browser to be recognised. Insofar as the information collected in this way has a personal reference, the legal basis for the processing is Art. 6(1)(f) GDPR.
Our legitimate interest lies in effective customer care and the statistical analysis of user behaviour for optimisation purposes. The data is not used to personally identify the visitor to this website without the consent of the data subject. No data is merged with personal data about the bearer of the pseudonym.
You can prevent the storage of cookies by setting your internet browser so that no more cookies can be stored on your computer in future or so that cookies already stored are deleted. However, this may result in some functions on our website no longer being executable.
You have the option of objecting to the collection and storage of data for the purpose of creating a pseudonymised usage profile at any time with effect for the future. Please send us your objection informally by e-mail to the e-mail address named at the beginning of the privacy policy. Further information on data processing at Shopify can be found in the Shopify privacy policy: https://www.shopify.com/legal/privacy
12. Tools and other items
Google Web Fonts
To display fonts consistently, we use so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). When you access our website, your browser loads the required web fonts into the browser cache.
For this purpose, your browser must establish a connection to Google's servers, whereby your IP address is transmitted to Google. In that case, your personal data may also be transmitted to the servers of Google LLC in the USA. The legal basis is Art. 6(1)(a) GDPR, namely your express consent.
If your browser does not support web fonts or you refuse to use them, a standard font from your computer is used.
Details on Google Web Fonts can be viewed here: https://developers.google.com/fonts/faq Google LLC, based in the USA, is certified under the US-European data protection agreement "EU-U.S. Data Privacy Framework", which guarantees compliance with the level of data protection applicable in the EU. At the following internet address you will receive further information about Google's data protection provisions: https://www.google.de/policies/privacy/ Further information on data protection at Google can be found here: https://business.safety.google/privacy/
13. Rights of the data subject
13.1. Applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-a-vis the controller with regard to the processing of your personal data, about which we inform you below:
Right of access pursuant to Art. 15 GDPR: You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have a right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage, and the existence of further rights such as rectification of the data or the existence of a right to complain to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed which guarantees pursuant to Art. 46 GDPR exist when your data is forwarded to third countries;
Right to rectification pursuant to Art. 16 GDPR: You have a right to the immediate rectification of incorrect data concerning you and/or the completion of incomplete data stored by us; the rectification or completion must take place without delay.
Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data, as long as the accuracy of your data that you dispute is being verified, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defence of legal claims after we no longer need this data once the purpose has been achieved, or if you have lodged an objection on grounds relating to your particular situation, as long as it has not yet been established whether our legitimate grounds prevail; If the processing of the personal data concerning you has been restricted, this data may, apart from being stored, only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
Right to erasure pursuant to Art. 17 GDPR: You have the right to the immediate erasure of your personal data if the requirements of Art. 17(1) GDPR are met. However, this right to erasure does not exist in particular, but not exhaustively, if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defence of legal claims.
Right to information pursuant to Art. 19 GDPR: If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
Right to data portability pursuant to Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, insofar as this is technically possible;
Right of withdrawal pursuant to Art. 7(3) GDPR: You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. You also have the right to withdraw your declaration of consent under data protection law at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of withdrawal.
Right to complain pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you infringes the GDPR.
13.2. Right to object
You have the right to object at any time, with effect for the future, to the processing of your data if we process your data on the basis of our overriding legitimate interest following a balancing of interests. If you exercise this right to object, we will end the processing of your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, or unless further processing serves the assertion or defence of legal claims.
14. Duration of storage of personal data
The duration of storage of personal data depends in each case on statutory retention periods. After these expire, we routinely delete the data if it is no longer required for the performance or initiation of a contract and/or there is no longer any legitimate interest on our part in continued storage.
15. Use of the withdrawal button
As soon as the withdrawal button is used, we process the personal data entered there: name, order data / contract data, communication data (the withdrawal declaration), the time of the withdrawal, and, where applicable, user account / IP data (in the case of the online form). The processing is carried out for the purpose of identifying your contract and documenting your withdrawal. We store the data for documentation purposes for a maximum of 10 years and delete it automatically, provided that no statutory retention obligations prevent deletion. The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (compliance with a legal obligation).