PRIVACY POLICY
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.
2) Data Collection When Visiting Our Website
2.1 When you visit our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Used browser
- Used operating system
- Used IP address (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
3) Cookies
To make the visit to our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are deleted automatically after the browser session ends (so-called "session cookies"), while others remain on your device longer and allow us to recognize your browser on your next visit (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.
If personal data are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the execution of the contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser to inform you about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that the functionality of our website may be restricted if cookies are not accepted.
4) Contacting Us
4.1 eDesk
To process customer inquiries, we use the email ticketing system of the following provider: xSellco Limited, Two Haddington Buildings, Haddington Road, Dublin 4, D04 HE94, Ireland
If you submit inquiries via our website by email, these will be stored and organized in the ticket system to enable chronological processing and to improve the service experience. You can always check the current status of your request via the individually assigned ticket number.
To organize and process inquiries, personal data will be collected according to the scope of their provision, but in any case, name, first name, and email address will be collected, transmitted to the provider, stored, and read there.
The legal basis for the processing of these data is our legitimate interest in the efficient design of our customer service, the quickest possible response to your inquiries, and the optimization of our service offering in accordance with Art. 6(1)(f) GDPR.
We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
4.2 When contacting us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of handling and responding to your request and only to the extent required for this purpose.
The legal basis for the processing of these data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims to conclude a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations.
5) Comment Function
Within the framework of the comment function on this website, in addition to your comment, information on the time of the comment's creation and the commentator name you have chosen will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is for security reasons and in the event that the data subject violates the rights of third parties or posts illegal content through a submitted comment. We need your email address to contact you if a third party objects to your published content as unlawful.
The legal basis for storing your data is Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.
6) Data Processing for Order Handling
6.1 To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we will process the contact details you provided during the order (name, address, email address) to inform you personally about upcoming updates within the legally stipulated period via an appropriate communication channel (e.g., by post or email) within the framework of our legal duty to inform in accordance with Art. 6(1)(c) GDPR. Your contact details will be strictly used for notifications about updates owed by us and will only be processed to the extent necessary for the respective information.
For the processing of your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
6.2 Plentymarkets
Name, address, and, if applicable, other personal data will be passed on to the provider in accordance with Art. 6(1)(b) GDPR exclusively for the purpose of processing the online order. The transmission of your data takes place in this context only to the extent that it is actually necessary for the processing of the order.
6.3 Use of Payment Service Providers (Payment Services)
- Shopify Payments
One or more online payment methods of the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
If you choose a payment method of the provider where you make an advance payment (e.g., credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transmission of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
7) Tools and Other
- DATEV
We use the service of the cloud-based accounting software of the following provider to carry out the accounting: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany
The provider processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company to automatically record invoices, match them with the transactions, and generate financial accounting from them in a partially automated process.
If personal data are processed in this context, the processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in the efficient organization and documentation of our business transactions.
8) Rights of the Data Subject
8.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller concerning the processing of your personal data, whereby reference is made to the specified legal basis for the respective exercise conditions:
- Right to information according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing according to Art. 18 GDPR;
- Right to notification according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to revoke consent given according to Art. 7(3) GDPR;
- Right to lodge a complaint according to Art. 77 GDPR.
8.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
9) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the processing purpose, and - if applicable - additionally by the respective statutory retention period (e.g., commercial and tax retention periods).
When processing personal data based on explicit consent in accordance with Art. 6(1)(a) GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data processed within the scope of legal or quasi-legal obligations based on Art. 6(1)(b) GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer required for the performance or initiation of the contract and/or there is no legitimate interest in further storage on our part.
When processing personal data based on Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object according to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
When processing personal data for direct marketing purposes based on Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object according to Art. 21(2) GDPR.
Unless otherwise stated in the other information of this declaration concerning specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.