Privacy Policy

The controller responsible for data processing is:

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access Data and Hosting

You can visit our websites without providing any personal information. With every visit to a website, the web server automatically stores what is known as a server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.

This access data is evaluated solely for the purpose of ensuring a trouble-free operation of the site and improving our services. This serves to safeguard our legitimate interests in the correct presentation of our services, which outweigh our interests within the context of a balancing of interests according to Art. 6 (1) Sentence 1 lit. f GDPR. All access data is deleted no later than seven days after your visit to the site ends.

1.1 Hosting

The services for hosting and displaying the website are partly provided by our service providers within the scope of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected via forms on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please refer to the contact details provided in this privacy policy.

1.2 Content Delivery Network

To reduce loading times, we use a content delivery network (“CDN”) for some of our offerings. This service delivers content, such as large media files, via regionally distributed servers of external CDN providers. Therefore, access data is processed on the servers of these providers. Our service providers act on our behalf as processors.

Our service providers are located and/or use servers in countries outside the EU and EEA. For these countries, there is no adequacy decision by the European Commission.

Our cooperation with them is based on standard data protection clauses issued by the European Commission. For questions about our service providers and the basis of our cooperation with them, please refer to the contact details provided in this privacy policy.

2. Data Processing for Contract Execution and Customer Contact

2.1 Data Processing for Contract Execution

For the purpose of fulfilling the contract (including handling inquiries and managing any warranty or performance issues, as well as complying with statutory update obligations) according to Art. 6 (1) Sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us in the context of your order. Mandatory fields are marked as such because we need the data in these cases for contract execution and cannot process your order without it. The specific data collected can be seen from the respective input forms.

Further information on how your data is processed, particularly concerning disclosure to our service providers for the purpose of order, payment, and shipping processing, can be found in the following sections of this privacy policy.

After the contract has been fully executed, your data will be restricted for further processing and deleted after the expiration of tax and commercial retention periods in accordance with Art. 6 (1) Sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data according to Art. 6 (1) Sentence 1 lit. a GDPR or we reserve the right to use your data for other purposes as permitted by law and as explained in this policy.

2.2 Customer Account

If you have given your consent according to Art. 6 (1) Sentence 1 lit. a GDPR by opting to open a customer account, we will use your data to open the account and store your data for future purchases on our website.

You can delete your customer account at any time by contacting us using the contact details provided in this privacy policy or via a designated function in the customer account area. After deletion, your data will be removed unless you have expressly consented to further use of your data or we are legally entitled to further use and have informed you about this in this policy.

2.3 Contacting Us

As part of customer communication, we collect personal data in order to process your inquiries, in accordance with Art. 6 (1) Sentence 1 lit. b GDPR, if you voluntarily provide this information when contacting us (e.g., via contact form, live chat tool, or email). Mandatory fields are marked as such because we need the data in these cases to process your inquiry.

The specific data collected can be seen from the respective input forms. After your request has been fully processed, your data will be deleted unless you have expressly consented to further use of your data according to Art. 6 (1) Sentence 1 lit. a GDPR or we reserve the right to use your data for other purposes as permitted by law and explained in this policy.

3. Data Processing for Shipping Fulfillment

For the purpose of contract fulfillment pursuant to Art. 6 (1) Sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of the ordered goods. If you have any questions about our service providers and the basis of our cooperation with them, please contact the point of contact specified in this privacy policy.

3.1 Disclosure of Data to Shipping Service Providers for Shipping Notification Purposes

If you have given us your express consent to do so during or after your order, we will, based on this consent pursuant to Art. 6 (1) Sentence 1 lit. a GDPR, forward your email address to the selected shipping service provider so that they can contact you prior to delivery for the purpose of delivery notification or coordination.

You may revoke your consent at any time by sending a message to the contact option specified in this privacy policy or directly to the shipping service provider at the contact address listed below. Upon revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this in ways permitted by law and about which we inform you in this policy.

4. Data Processing for Payment Handling

In processing payments in our online shop, we work with the following partners: technical service providers, credit institutions, payment service providers.

4.1 Data Processing for Transaction Handling

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers acting on our behalf, or to the designated credit institutions or the selected payment service provider, to the extent necessary for the payment process. This is done for the performance of a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

In some cases, the payment service providers collect the data required for processing the payment themselves, for example, via their own website or through technical integration in the ordering process. In this regard, the data protection policy of the respective payment service provider applies.

If you have any questions about our payment partners and the basis of our cooperation with them, please contact the point of contact specified in this privacy policy.

4.2 Data Processing for Fraud Prevention and Optimization of Payment Processes

We may provide our service providers with additional data, which they use in combination with the necessary payment data, as processors on our behalf, for the purpose of fraud prevention and optimizing our payment processes (e.g. invoicing, handling of disputed payments, accounting support). This serves our overriding legitimate interests in fraud protection and efficient payment management pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

4.3 Credit Check

If we provide advance payment (in the case of a purchase on account), we will obtain a credit report from specialized service providers (credit agencies). For this purpose, we transmit your personal data necessary for a credit check to:

This serves our legitimate interest in assessing the creditworthiness and willingness to pay of potential customers prior to concluding the contract, in order to avoid payment defaults, and is necessary for contract conclusion pursuant to Art. 22 para. 2 lit. a GDPR.

Appropriate measures are taken to protect your rights, freedoms, and legitimate interests. You have the opportunity to express your point of view and contest the decision by contacting the contact point specified in this privacy policy.

Once the contract has been fully executed, your data processed for this purpose will be deleted unless you have expressly consented to further use of your data or we reserve the right to use your data in a way permitted by law and informed in this policy.

5. Email Marketing

5.1 Email Newsletter Subscription, Newsletter Tracking with Separate Consent

If you subscribe to our newsletter, we will use the data required for this or separately provided by you to send you our email newsletter regularly based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You can unsubscribe from the newsletter at any time either by contacting the contact option below or via a link provided in the newsletter. After unsubscribing, we will delete your email address from the mailing list unless you have expressly consented to further use of your data or we reserve the right to use your data in ways permitted by law and described in this policy.

If you also give your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to analyze our newsletters, we will analyze your interaction with the newsletter by measuring, storing, and evaluating open rates and click rates to help us optimize future campaigns ("newsletter tracking").

For this purpose, the emails sent contain one-pixel technologies (e.g., web beacons, tracking pixels) that are stored on our website. For analysis, we link especially the following "newsletter data":

• the page from which the request originated (so-called referrer URL),
• the date and time of the request,
• the description of the type of web browser used,
• the IP address of the requesting computer,
• the email address,
• the date and time of registration and confirmation,
• and the one-pixel technologies with your email address or IP address and possibly an individual ID.

Links contained in the newsletter may also include this ID.

You can unsubscribe from newsletter tracking at any time, either by contacting the specified contact point or via a link provided in the newsletter.

The information will be stored as long as you are subscribed to the newsletter.

5.2 Newsletter Delivery

The newsletter and the tracking described above may also be carried out by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact point specified in this privacy policy.

Our service providers are located in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: Canada.

Our service providers are located in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, Canada.

An adequacy decision by the European Commission exists for the USA if the relevant service provider is certified. Until certification by our service providers, data transfers will continue to rely on the following basis: standard contractual clauses of the European Commission.

Our service providers are located in and/or use servers in these countries: India. For this country, no adequacy decision by the European Commission exists. Our cooperation with them is based on the following safeguards: standard contractual clauses of the European Commission.

6. Cookies and Other Technologies

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we use various technologies, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some cookies we use are deleted after your browser session ends, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).

Protection of privacy on end devices

When using our online services, we employ technologies that are strictly necessary to provide the explicitly requested telemedia service. The storage of or access to information in your device does not require consent in this context.

For non-essential functions, the storage of or access to information already stored on your device requires your consent. Please note that if you do not grant consent, parts of the website may not be fully usable. Any consent you give remains effective until you adjust or reset the respective settings on your device.

Subsequent data processing through cookies and other technologies

We use technologies that are strictly necessary for certain features of our website (e.g., shopping cart functionality). These technologies collect and process IP addresses, visit timestamps, device and browser information, and usage data (e.g., shopping cart content). This is based on our overriding legitimate interest in an optimized presentation of our offering, as per Art. 6(1)(f) GDPR.

We also use technologies to fulfill our legal obligations (e.g., documenting consent for processing personal data) and for web analytics and online marketing. More information, including legal bases, can be found in the following sections of this Privacy Policy. Additional technologies not listed individually here may be used; further details, including legal bases, can be found via the Usercentrics platform. Access it by clicking the fingerprint icon in the bottom right or left corner of the page.

Cookie settings

You can find cookie settings for your browser here: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of technologies under Art. 6(1)(a) GDPR, you can revoke this consent at any time by contacting us using the details provided in this Privacy Policy. Alternatively, you can click the fingerprint icon at the bottom corner of the page. If cookies are not accepted, the functionality of our website may be limited.

6.2 Use of the Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform ("Usercentrics") to inform you about cookies and other technologies used on our website and to collect, manage, and document your legally required consent for the processing of your personal data by these technologies. This is required under Art. 6(1)(c) GDPR in order to comply with our legal obligation per Art. 7(1) GDPR to demonstrate your consent.

Usercentrics is a service provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes your data on our behalf. When visiting our website, the Usercentrics web server stores a server log file, which includes your anonymized IP address, timestamp, device and browser information, and your consent behavior.

Your data will be deleted after three years unless you have expressly consented to further use under Art. 6(1)(a) GDPR or we reserve a further use that is legally permitted and which we inform you about in this policy.

Our service providers are located in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA. The adequacy decision for the USA is the basis for third-country transfers, provided the respective service provider is certified. Certification is present.

7. Use of Cookies and Other Technologies

We use the following cookies and other technologies from third-party providers on our website. Unless otherwise stated for individual technologies, data processing is based on your consent in accordance with Art. 6(1)(a) GDPR. Once the purpose of use ceases and the respective technology is no longer used, the data collected in connection with it will be deleted. You may revoke your consent at any time with effect for the future. For more information on how to revoke consent, please see the section “Cookies and Other Technologies.” Further information, including the legal basis for our cooperation with each provider, can be found under each listed technology. If you have questions regarding the providers or the legal basis for our cooperation, please contact us using the details provided in this Privacy Policy.

7.1 Use of Google Services

We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google's technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there.

Unless otherwise stated for a specific technology, data processing is carried out based on a joint controllership agreement in accordance with Art. 26 GDPR. For further information on data processing by Google, please refer to Google's privacy policy.

Our service providers are located in and/or use servers in countries outside the EU and EEA for which the European Commission has recognized an adequate level of data protection.

Our service providers are also located in and/or use servers in countries outside the EU and EEA without an adequacy decision by the European Commission. In these cases, our cooperation is based on Standard Contractual Clauses of the European Commission.

Google Tag Manager

Google Tag Manager allows us to manage various codes and services on our website. During the implementation of individual tags, Google may also process personal data (e.g., IP address, online identifiers such as cookies). Data processing is based on a data processing agreement with Google.

The use of Google Tag Manager enables the integration of various services/technologies. If you have disabled certain tracking services individually, this deactivation will remain in effect for all tracking tags implemented through Google Tag Manager.

7.2 Other Web Analytics and Online Marketing Providers

Use of Matomo as a Self-Hosted Web Analytics Tool

For the purpose of website analytics, we use Matomo software provided by InnoCraft Ltd., 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. Data such as your IP address, visit timestamp, device and browser information, and usage data is automatically collected and stored, and pseudonymous usage profiles are created. Cookies may also be used.

The pseudonymized usage profiles are not merged with personal data of the profile holder without explicit, separate consent. The data processing with Matomo is carried out on our own servers.

Use of Vimeo Video Plugin to Embed Third-Party Content

To embed third-party content, we use the video plugin from Vimeo Inc., 330 West 34th Street, 5th Floor, New York, NY 10011, USA ("Vimeo"). Data such as your IP address, timestamp, and device/browser information are collected and transmitted to Vimeo, where it is processed.

The data processing is based on a joint controllership agreement in accordance with Art. 26 GDPR. The Vimeo plugin automatically includes Google Analytics.

For website analytics purposes, Google Analytics collects and stores data (IP address, timestamp, device/browser information, and usage data), from which pseudonymous usage profiles are created. Cookies may be used for this purpose. Google Analytics is provided by Google Ireland Ltd.

If you visit our website from within the EU, your IP address is stored on a server located in the EU for geolocation purposes and is then immediately deleted before further processing on other Google servers. We have no influence or access to Vimeo’s data processing or the configuration/results of Google Analytics used within it.

Our service providers are located in and/or use servers in countries outside the EU and EEA for which the European Commission has recognized an adequate level of data protection.

Our service providers are also located in and/or use servers in countries without an adequacy decision. Our cooperation in those cases is based on the European Commission’s Standard Contractual Clauses.

8. Integration of the Trusted Shops Trustbadge / Other Widgets

To display Trusted Shops services (e.g., trustmark, collected reviews) and to offer Trusted Shops products to buyers after an order, Trusted Shops widgets are embedded on this website.

This serves to protect our legitimate interest in optimal marketing of our offering by enabling secure purchasing, pursuant to Art. 6(1)(f) GDPR. The Trustbadge and associated services are provided by Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne, Germany ("Trusted Shops"), with whom we are jointly responsible under Art. 26 GDPR. The essential contractual contents according to Art. 26(2) GDPR are summarized below.

In the context of this joint responsibility, please contact Trusted Shops for privacy questions and to exercise your rights, using the contact details provided in their privacy information. You may also contact us directly, and your request will be forwarded if necessary.

8.1 Accessing the Trustbadge

When the Trustbadge is accessed, the web server automatically stores a so-called server log file that also contains your IP address, the date and time of the request, the amount of data transferred, and the requesting provider (access data), and documents the request. The IP address is anonymised immediately after collection, so that the stored data can no longer be traced back to you. The anonymised data is used in particular for statistical analysis and error tracking.

8.2 Data Processing After Order Completion

After order completion, the Trustbadge accesses order information stored in your end device (order total, order number, possibly purchased product) as well as your email address. This is necessary in order to offer you the Trusted Shops services and, if applicable, to automatically secure your order. For this purpose, your email address is transmitted to Trusted Shops in a hashed form using a cryptographic one-way function. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR.

This serves to check whether you are already registered for services with Trusted Shops and is therefore necessary to fulfill our and Trusted Shops’ overriding legitimate interests in providing the buyer protection and transactional rating services tied to your specific order in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

If this is the case, further processing is carried out based on the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will subsequently be given the opportunity to do so. Further processing after registration is also based on your agreement with Trusted Shops. If you do not register, all transmitted data will automatically be deleted by Trusted Shops and any personal reference is then no longer possible.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 (1) lit. f GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA, United Kingdom, and Israel).

An adequate level of data protection is guaranteed in each case by an adequacy decision of the EU Commission, which is available here for the USA, here for the United Kingdom, and here for Israel. Service providers based in the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available [here]. If service providers are not certified under the DPF, standard contractual clauses have been agreed as an appropriate safeguard.

9. Social Media

9.1 Social Buttons for Facebook (by Meta), Instagram (by Meta), Pinterest

Our website uses social buttons from social networks. These are integrated into the site as HTML links only, so that no connection is established with the respective provider's servers when our website is accessed. If you click on one of the buttons, the corresponding social network’s website opens in a new window of your browser, where you can, for example, click the Like or Share button.

9.2 Our Online Presence on Facebook (by Meta), Pinterest, LinkedIn

If you have given your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR to the respective social media provider, your data will be automatically collected and stored when you visit our online presences on the above-mentioned platforms. This data is used for market research and advertising purposes, and pseudonymous user profiles are created.

These may be used to display ads inside and outside the platforms that presumably match your interests. Cookies are typically used for this purpose. For detailed information on data processing and usage by each provider, as well as your rights and settings to protect your privacy, please refer to their privacy policies.

Facebook (by Meta)

Service: Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland. Data is usually transferred to Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Based on joint controllership under Art. 26 GDPR. More info on Insights data is available [here].

Adequacy decisions apply for: USA, Canada, Japan, South Korea, New Zealand, UK, Argentina. Transfers to uncertified countries (e.g. Australia, India, Brazil, etc.) are based on Standard Contractual Clauses.

Pinterest

Service: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Data is transferred to Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA. Standard Contractual Clauses apply where no adequacy decision exists.

LinkedIn

Service: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Data is transferred to LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Transfers are based on the adequacy decision for the USA or Standard Contractual Clauses.

10. Contact Options and Your Rights

10.1 Your Rights

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR), unless further processing is required for:
  • freedom of expression and information
  • compliance with a legal obligation
  • public interest
  • establishment, exercise or defense of legal claims
• Right to restriction of processing (Art. 18 GDPR) under certain conditions
• Right to data portability (Art. 20 GDPR)
• Right to lodge a complaint (Art. 77 GDPR)

Right to Object

If we process personal data as explained above to safeguard our legitimate interests, you may object to this processing with future effect.

If the processing is for direct marketing, you may object at any time. If it serves other purposes, the right to object only applies if reasons arise from your specific situation.

If you object, we will cease processing the relevant data unless compelling legitimate grounds apply or the processing serves legal claims. This does not apply for direct marketing; in that case, we will stop the processing immediately.

10.2 Contact Options

If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request information, correction, restriction or deletion of data, revoke any consent given, or object to a specific use of data, please contact us using the details provided in our legal notice (Imprint).