Privacy Policy
Data Protection Declaration
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Betten Ritter GmbH, Pfinztalstr. 85, 76227 Karlsruhe, Germany, Phone.: 0721494570, e-mail: kundenservice@bettenritter.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 The controller has designated a data protection officer for this website. He can be reached as follows: heydata GmbH · Schützenstr. 5, 10117 Berlin · info@heydata.eu
2) Data Collection When You Visit Our Website
2.1 When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
For the hosting of our website and the presentation of the page content, we use a provider that provides its services itself or through selected subcontractors exclusively on servers within the European Union.
All data collected on our website is processed on these servers.
We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
4) Cookies
In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after the browser is closed (so-called “session cookies”), in other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the duration of the storage in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies set by us, the processing is carried out either in accordance with Art. 6 (1) point b GDPR for the performance of the contract, in accordance with Art. 6 (1) point a GDPR in the case of consent given or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that the functionality of our website may be limited if cookies are not accepted.
5) Contacting Us
5.1 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp news service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “Business Version” of WhatsApp.
If you contact us via WhatsApp in connection with a specific business transaction (e.g. an order placed), we will store and use the mobile telephone number you use at WhatsApp and – if provided – your first name and surname in accordance with Art. 6 (1) point b GDPR to process and answer your request. Based on the same legal basis, we will ask you via WhatsApp to provide further data (order number, customer number, address or e-mail address), if necessary, in order to allocate your enquiry to a specific transaction.
If you use our WhatsApp contact for general enquiries (e.g. about the range of services, availability or our website), we will store and use the mobile phone number you use at WhatsApp and – if provided – your first and last name in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the efficient and prompt provision of the requested information.
Your data will always be used only to answer your request via WhatsApp. Your data will not be passed on to third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book saves only the WhatsApp contact data of those users who have also contacted us via WhatsApp.
This ensures that each person whose WhatsApp contact data is stored in our address book has already consented to the transmission of his WhatsApp telephone number from the address books of his chat contacts in accordance with Art. 6 (1) point a GDPR when using the app on his device for the first time by accepting the WhatsApp terms of use. The transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and setting options for protecting your privacy, please refer to WhatsApp’s data protection information: https://www.whatsapp.com/legal/privacy-policy-eea?lang=en
In the course of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
5.2 Contact Form & E-mail
When you contact us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration.
The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary.
6) Data Processing When Opening a Customer Account and for Contract Processing
Pursuant to Art. 6 (1) point b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website.
Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed, and no legitimate interest on our part in the continued storage exists.
7) Use of Client Data for Direct Advertising
7.1 Subscribe to our E-mail Newsletter
If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters by clicking on an appropriate link.
By activating the confirmation link, you give us your consent for the use of your personal data pursuant to Art. 6 (1) point a GDPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration for the purpose of tracing any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the promotional purposes of the newsletter.
You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named at the beginning of this document. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data, or we reserve the right to use data beyond this which is legally permitted and about which we inform you in this declaration.
7.2 Sending the Newsletter to Existing Customers
If you have provided us with your e-mail address when purchasing products, we reserve the right to regularly send you offers for products similar to those already purchased by e-mail. Pursuant to Section 7 (3) German Act against Unfair Competition (UWG), we do not need to obtain separate consent from you. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6 (1) point f GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail.
You are entitled to object to the future use of your e-mail address for the aforementioned advertising purpose at any time by notifying the controller named at the beginning of this document. In this regard, you only have to pay the transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.
7.3 WhatsApp Newsletter
If you subscribe to our WhatsApp newsletter, we will regularly send you information about our offers via WhatsApp. Only your mobile phone number is required for sending the newsletter.
To send the newsletter, please add our mobile phone number to the address book of your mobile phone and send us the message “Start” via WhatsApp. By sending this WhatsApp message, you give us your consent to use your personal data in accordance with Art. 6 (1) point a GDPR for the purpose of sending the newsletter. We will then add you to our newsletter distribution list.
The data we collect when you subscribe to the newsletter will be processed exclusively for the purpose of addressing you in an advertising manner by the newsletter. You can unsubscribe from the newsletter at any time by sending us the message “Stop” via WhatsApp. After unsubscribing, your mobile phone number will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this policy.
Please note that WhatsApp obtains access to the address book of the mobile device used by us for sending the newsletter and automatically transfers telephone numbers stored in the address book to a Facebook server in the USA.
For sending our WhatsApp newsletter, we therefore use a mobile device whose address book saves only the WhatsApp contact data of our newsletter recipients. This ensures that each person whose WhatsApp contact data is stored in our address book has already consented to the transfer of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 (1) point a GDPR when using the app on their device for the first time by accepting the WhatsApp terms of use. A transfer of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded in this respect.
For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and setting options for protecting your privacy, please refer to the WhatsApp privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea?lang=en
In the course of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
8) Data Processing for the Purpose of Order Handling
8.1 Order Handling
Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) point b GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally by suitable means of communication (e.g. by post or e-mail) about upcoming updates within the legally stipulated period of time within the framework of our statutory duty to inform pursuant to Art. 6 (1) point c GDPR. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
8.2 Passing on Personal Data to Shipping Service Providers
– Deutsche Post
We use the following provider as a shipping service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany.
We pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 (1) point a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, if you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The transmission only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
– DHL
We use the following provider as a shipping service provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany.
We pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 (1) point a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, if you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The transmission only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
– DPD
We use the following provider as a shipping service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany.
We pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 (1) point a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, if you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The transmission only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
– GLS
We use the following provider as a shipping service provider: General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein, Germany.
We pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 (1) point a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, if you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The transmission only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
– Hermes
We use the following provider as a shipping service provider: Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg, Germany.
We pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 (1) point a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, if you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The transmission only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
– UPS
We use the following provider as a shipping service provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany.
We pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 (1) point a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, if you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The transmission only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
8.3 Use of Payment Service Providers
– Apple Pay
If you choose the payment method “Apple Pay” of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the “Apple Pay” function of your terminal device operated with iOS, watchOS or macOS by debiting a payment card deposited with “Apple Pay”. Apple Pay uses security features built into the hardware and software of your device to protect your transactions. In order to release a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the “Face ID” or “Touch ID” function of your terminal.
For the purpose of payment processing, your information provided during the ordering process, along with information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment processing. The encryption ensures that only the website from which the purchase was made can access the payment information. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the payment.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 point b GDPR.
Apple retains anonymised transaction data, including the approximate amount of the purchase, the approximate date and time and whether the transaction was completed successfully. Anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or the Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate through an encrypted channel on Apple’s servers. Apple does not process or store this information in any format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone preferences. Go to “Wallet & Apple Pay” and disable “Allow payments on Mac”.
For more information about Apple Pay privacy, please visit the following web address: https://support.apple.com/en-gb/HT203027
– Klarna
Online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If you select a payment method of the provider for which you make an advance payment (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.
When selecting a payment method of the provider with which the provider makes advance payments (such as invoice purchase or instalment purchase or direct debit), you will also be asked to provide certain personal data (first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, if applicable data on alternative means of payment) during the ordering process.
In order to safeguard our legitimate interest in determining the solvency of our customers, this data is passed on to the provider by us for the purpose of a credit check in accordance with Art. 6 (1) point f GDPR. Based on the personal data provided by you as well as further data (such as shopping cart, invoice total, order history, payment history), the provider checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.
In addition to internal provider criteria, identity and creditworthiness information from the following credit agencies may also be included in the decision-making process as part of the application review in accordance with Art. 6 (1) point f GDPR:
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
– PayPal
Online payment methods from the following provider are available on this website: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you select a payment method of the provider for which you make an advance payment, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.
When selecting a payment method of the provider with which the provider makes advance payments, you will also be asked to provide certain personal data (first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, if applicable data on alternative means of payment) during the ordering process.
In order to safeguard our legitimate interest in determining the solvency of our customers, this data is passed on to the provider by us for the purpose of a credit check in accordance with Art. 6 (1) point f GDPR. Based on the personal data provided by you as well as further data (such as shopping cart, invoice total, order history, payment history), the provider checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
– Stripe
Online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
If you select a payment method of the provider for which you make an advance payment (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.
9) Web Analysis Services
9.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google (Universal) Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transferred to a Google server and stored there and may also be transferred to the servers of Google LLC. in the USA.
This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by shortening it and excludes the possibility of direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a server of Google LLC. in the USA and shortened there.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide us with further services related to the use of the website and the Internet. The IP address transmitted by your browser within the framework of Google (Universal) Analytics is not combined with other Google data.
All the processing described above, in particular the setting of Google Analytics cookies for reading information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. Without this consent, the use of Google Analytics during your visit to our website will not take place.
You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal of consent, please deactivate this service in the “Cookie-Consent-Tool” provided on the website.
We have concluded an order processing agreement with Google, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information about Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=en&gl=en and https://business.safety.google/privacy/
9.2 1&1 IONOS WebAnalytics
This website uses the web analytics service provided by the following provider: 1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
Using cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading end device and browser information), the service collects and stores pseudonymised visitor data, including information on the end device used such as the IP address and browser information, in order to evaluate it for statistical analyses of user behaviour on our website and to create pseudonymised user profiles. Among other things, this enables the analysis of movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymisation generally excludes the possibility of direct personal reference. Your personal data will not be combined with data collected in any other way.
All processing described above, in particular the reading or saving of information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
9.3 Google Tag Manager
This website uses the “Google Tag Manager”, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analysis services, and for calibrating, controlling, and attaching conditions to them via a uniform user interface. The Google Tag Manager itself does not store any information on user end devices or read them. The service also does not perform any independent data analyses. However, the Google Tag Manager transmits your IP address to Google when you visit a page and may store it there. Also, transmission to servers of Google LLC in the USA is possible.
All processing described above, in particular the setting of Google Tag Manager cookies for reading information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Details on the processing operations initiated by Google Tag Manager and on Google’s handling of data collected from websites can be found here: https://policies.google.com/technologies/partner-sites?hl=en
Further information about Google’s privacy standards can be found here: https://business.safety.google/privacy/ and https://www.google.com/policies/privacy/.
9.4 PayPal Marketing Solutions
This website uses the web analytics service provided by the following provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
Using cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading end device and browser information), the service collects and stores pseudonymised visitor data, including information on the end device used such as the IP address and browser information, in order to evaluate it for statistical analyses of user behaviour on our website and to create pseudonymised user profiles. Among other things, this enables the analysis of movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymisation generally excludes the possibility of direct personal reference. Your personal data will not be combined with data collected in any other way.
All processing described above, in particular the reading or saving of information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
10) Retargeting/Remarketing and Conversion-Tracking
10.1 Google Ads Remarketing
This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
To this end, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. Further data processing only takes place if you have consented to Google linking your internet and app browser history with your Google account and using information from your Google account to personalize the ads you see on the web. If you are logged into Google during your visit to our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, your personal data is temporarily linked with Google Analytics data by Google to form audience lists.
In the context of using Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. in the USA.
All processing described above, in particular the setting of cookies for reading information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. Without this consent, the use of retargeting technology during your visit to the website will not take place.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Details on the processing operations initiated by Google Ads Remarketing and on Google’s handling of data collected from websites can be found here: https://policies.google.com/technologies/partner-sites?hl=en
Further information about Google’s privacy standards can be found here: https://business.safety.google/privacy/ and https://www.google.com/policies/privacy/.
10.2 Microsoft Advertising
This website uses retargeting technology from the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
This enables us to target visitors to our website with personalized, interest-related advertising who have already shown interest in our shop and our products. The advertising material is displayed based on a cookie-based analysis of previous and current user behavior; whereby no personal data is stored. In the cases of retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymized data about your interests and thus adapt the advertising individually to the stored information. These cookies are small text files that are stored on your computer or mobile device. You are thus shown advertising that is most likely to match your product and information interests.
All processing described above, in particular the setting of cookies for reading information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. Without this consent, retargeting technology will not be used during your visit to the website.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are meant to ensure compliance with the European level of data protection.
10.3 Microsoft Advertising Universal Event Tracking
This website uses conversion tracking technology from the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If you have accessed our website from an advertisement on the provider’s domain, the success of the advertisement can be tracked with the help of cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests).
For this purpose, certain end device and browser information, including your IP address if applicable, is read via the tracking technology in order to record and evaluate user actions predefined by us (e.g., completed transactions, leads, search queries on the website, calls to product pages). This enables us to compile statistics on user behavior on our website after forwarding from an advertisement, which we use to optimize our offer.
All processing described above, in particular the setting of cookies for reading information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. Without this consent, the use of conversion tracking technology during your visit to the website will not take place.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
11) Site Functionalities
11.1 Trusted Shops Trustbadge
Graphic elements of the following provider are integrated on our website to display external customer ratings and/or externally awarded quality marks: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany.
If you access a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider’s servers to load the elements properly. This involves the transmission of certain browser information, including your IP address, to the provider.
If personal data is processed in this context, this is done in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the optimal marketing of our offer and the appealing design of our website.
In the case of an online order with us, further processing may occur.
Depending on your explicit consent pursuant to Art. 6 (1) point a GDPR, after completing an order, your order information (order total, order number, purchased product) as well as your e-mail address will be transmitted encrypted to the provider to check for an existing registration for the provider’s services (especially “Buyer Protection”) and, if necessary, to enable a new registration.
In the event of an existing registration or in the event of a new registration with the provider for its services (especially Buyer Protection), your order information (order total, order number, purchased product) as well as your e-mail address will be transmitted to the provider and further processed by it pursuant to Art. 6 (1) point b GDPR based on the contractual agreement with the provider to provide the services (especially Buyer Protection).
We are jointly responsible with the provider for the above-described processing pursuant to Art. 26 GDPR. The contract on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO
11.2 TrustPilot
Graphic elements of the following provider are integrated on our website to display external customer ratings and/or externally awarded quality marks: Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark.
If you access a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider’s servers to load the elements properly. This involves the transmission of certain browser information, including your IP address, to the provider.
If personal data is processed in this context, this is done in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the optimal marketing of our offer and the appealing design of our website.
11.3 Google Maps API
To enable the real-time verification of certain entries in the address form of the order process of our webshop for input errors, we use the services of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transmitted to: Google LLC., USA.
The provider validates the entered address, verifies the spelling, and adds any missing data if necessary. In the case of unclear addresses, correct alternative suggestions are displayed. For this purpose, the address data you enter is transmitted to the provider, stored there, and evaluated.
This processing is carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the proper capture of the customer’s correct address data for the diligent fulfillment of our contractual delivery obligations and the prevention of contract execution problems.
The provider processes the affected data separately and does not combine it with other data sets, and deletes them once their status or correctness has been confirmed, but no later than after 30 days.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information on Google’s privacy standards can be found here: https://business.safety.google/privacy/
11.4 Google Web Fonts
This site uses so-called web fonts from the following provider to display fonts in a uniform manner: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data is also transferred to: Google LLC, USA.
When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly and establishes a direct connection to the provider’s servers. In this process, certain browser information, including your IP address, is transmitted to the provider.
The processing of personal data while establishing the connection with the provider of the fonts is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the “cookie consent tool” provided on the website. If your browser does not support web fonts, a standard font will be used by your computer.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information on Google’s privacy standards can be found here: https://business.safety.google/privacy/
11.5 Cloudflare Turnstile
On this website, we use the CAPTCHA service of the following provider: Cloudflare, Inc., 101 Townsend St. San Francisco, CA 94107, USA.
The service checks whether an input is made by a natural person or abusively by machine and automated processing with the aim of blocking spam, DDoS attacks and similar automated malicious attacks. To ensure whether an action is performed by a human being and not by an automated bot, Cloudflare Turnstile collects the IP address of the end device used, the recognition data of the browser, the operating system type, and the date and duration of the visit and transmits these data to the provider’s servers to be evaluated.
This processing is carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in determining individual responsibility when using the Internet and in preventing abuse and spam.
We have concluded an order processing contract with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
12) Tools and Miscellaneous
12.1 DATEV
For handling our accounting, we use the service of the cloud-based accounting software provided by the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany.
The provider processes incoming and outgoing invoices as well as, if applicable, our company’s bank transactions to automatically capture invoices, match them with transactions, and thus create financial accounting in a semi-automated process.
If personal data is also processed in this context, the processing is carried out based on our legitimate interest in an efficient organization and documentation of our business processes.
12.2 Cookie-Consent-Tool
This website uses a so-called “Cookie-Consent-Tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “Cookie-Consent-Tool” is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box.
Using the tool, all cookies/services requiring consent are only loaded if the respective user provides the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
Further legal basis for the processing is Art. 6 (1) point c GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
13) Rights of the Data Subject
13.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data:
- Right of access by the data subject pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to be informed pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw a given consent pursuant to Art. 7 (3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
13.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVIDE COMPULSORY WORTHY GROUNDS FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
14) Duration of Storage of Personal Data
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and – if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).
If personal data is processed on the basis of an express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until you revoke your consent.
If there are legal retention periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after expiry of the retention periods if it is no longer necessary for the fulfillment of the contract or the initiation of the contract and/or if we no longer have a legitimate interest in the continued storage.
When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until you exercise your right of objection pursuant to Art. 21 (1) GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed for the purpose of direct marketing based on Art. 6 (1) point f GDPR, this data is stored until you exercise your right of objection pursuant to Art. 21 (2) GDPR.
Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.