1. Access data and hosting
You can visit our website without disclosing your personal details. For every request to a web page, the web server simply automatically saves a so-called server log file, which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transmitted, and the requesting provider (access data) and documents the request.
These access data are evaluated exclusively for the purpose of ensuring the smooth operation of the website and to improve our service. In accordance with Art. 6 (1) (1) (f) GDPR, within the overall balancing of interests, this serves to protect our legitimate interest in successfully presenting our service. All access data are deleted no later than seven days following the end of your visit to the website.
Hosting services by a third-party provider
A third-party provider performs website hosting and presentation services on our behalf. Within the overall balancing of interests, this serves to protect our legitimate interest in successfully presenting our service. Any data that are collected as part of the use of this website or in the forms provided for this purpose in the online shop, as described below, will be processed on this third-party provider's servers. Processing on other servers will only take place in the contexts described here.
This service provider is located in a country within the European Union or in the European Economic Area.
2. Collection, processing and use of personal data
We collect personal data if you voluntarily share this with us as part of your order, or if you contact us (e.g. via the contact form or an email), or if you create a customer account. Mandatory fields will be indicated as such because these data are essential for contract processing or to deal with your contact communication or to create a customer account and, if not specified, the order and/or account creation cannot be completed, or the contact information cannot be sent. The relevant data being collected is evident from the specific input form. We use the data you provide in accordance with Art. 6 (1) (1) (b) GDPR for order processing and to handle your enquiry. Following completion of the contract or deletion of your customer account, your data are restricted for further processing and will be deleted once the tax and commercial retention periods have elapsed, unless you have specifically consented to the ongoing use of your data, or insofar as we reserve the right to the ongoing use of the data as permitted in law and indicated to you in this statement. You may delete your customer account at any time, and this can be done either by sending a message to one of the contacts indicated below or by using the functionality provided for this purpose in your customer account.
For contract performance in accordance with Art. 6 (1) (1) (b) GDPR, we pass on your data to the shipping company responsible for delivery, provided this is necessary for the delivery of the ordered goods. Depending on the payment service provider you select during the ordering process, in order to process payment, we pass on your payment data to the appointed financial institution and potentially to payment service providers appointed by us or to the selected payment service. To some extent, the selected payment service providers also collect data themselves if you create an account with them. In this case, you will need to use your login details to log in to the payment service provider during the ordering process. Insofar as this is the case, the privacy statement of the relevant payment service provider will be applicable.
We use so-called cookies on different web pages to make visiting our website more attractive, to enable the use of certain functionality, to display appropriate products and to use market research. Within the overall balancing of interests, this serves to protect our legitimate interest in the best possible presentation of our service in accordance with Art. 6 (1) (1) (f) GDPR. Cookies are little text files that are automatically saved on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit (persistent cookies). The storage duration can be found in the cookie settings summary for your web browser. You can configure your browser to notify you when cookies are saved and make an individual decision whether to accept each cookie, or you can reject cookies in specific cases or in general. Every browser differs in the way it manages cookie settings. This is described in the help menu for each browser, which tells you how to modify your cookie settings. You will find this under the following links for the relevant browser:
- Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Safari™: https://support.apple.com/kb/ph21411?locale=de_DE
- Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Opera™: http://help.opera.com/Windows/10.20/de/cookies.html
If you do not accept cookies, this may limit the functionality of our website.
4. Data security
Your personal data will be encrypted when it is transmitted by us. This applies for your order and for customer login. To do this, we use the SSL encoding system (Security Socket Layer, RSA 1024 key exchange; Camellia 256-bit user data encryption) and S/MIME. We deploy technical and organisational security measures to protect the data we manage against accidental or intentional manipulation, loss, or destruction, and against access by unauthorised individuals. Access to your customer account is only possible after entering your personal password. You should always treat your access information as confidential and close the browser window when you have completed your communication with us, particularly if you share your computer with other users.
5. Google Analytics
This website uses Google (Universal) Analytics for website analysis. This is a web analysis service offered by Google LLC (www.google.de). Within the overall balancing of interests, this serves to protect our legitimate interest in the best possible presentation of our service in accordance with Art. 6 (1) (1) (f) GDPR. Google (Universal) Analytics uses methods that enable analysis of your use of the website, for example cookies. Information about your use of the website is collected automatically and is generally transmitted to a Google server in the USA, where it is stored. IP anonymisation is enabled on this website, which means the IP address will be truncated before transmission within a member state of the European union or in another country that is part of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymised IP address transmitted by your browser as part of the Google Analytics process will never be combined with other data by Google. Once the data are no longer required and are not being used by Google Analytics, any data collected for this purpose will be deleted.
Google LLC is based in the USA and is certified under the EU-US Privacy Shield. A current certificate can be seen here. Based on this agreement between the USA and the European Commission, the EC has established an appropriate level of data security for companies certified under the Privacy Shield.
You can prevent Google from capturing or processing the data (including your IP address) created by the cookie relating to your use of the website by downloading and installing the browser plugin available from the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Instead of using the browser plugin, you can also click this link to prevent the capture of Google Analytics data on this website in future. This involves saving an opt-out cookie on your device. If you delete your cookies, you will need to click the link again.
6. Trusted Shops Trustbadge integration
To display our Trusted Shops trustmark and any ratings collected, and to offer Trusted Shops products for buyers following an order, the Trusted Shops Trustbadge is integrated in our website.
Within the overall balancing of interests, this serves to protect our legitimate interest in the best possible marketing of our service in accordance with Art. 6 (1) (1) (f) GDPR. The Trustbadge and associated services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
For every request to the Trustbadge, the web server automatically saves a so-called server log file, which contains e.g. your IP address, the date and time of the request, the volume of data transmitted, and the requesting provider (access data) and documents the request. These access data are not analysed and will be overwritten automatically no later than seven days after your visit to the website.
Other personal data are only transmitted to Trusted Shops if you have consented to this, if you have chosen to use Trusted Shops products after completing an order, or if you are already registered for their use. In this case, the contractual agreement reached between you and Trusted Shops is applicable.
7. Sending review reminders by email / review reminder via Trusted Shops
If you have explicitly consented to this during or after your order in accordance with Art. 6 (1) (1) (a) GDPR, we will send your email address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de), so they can email you a review reminder. This consent can be withdrawn at any time by sending a message to the contacts specified below or by contacting Trusted Shops directly.
8. Contact points and your rights
As the data subject, you have the following rights:
- In accordance with Art. 15 GDPR, you have the right to demand information to the extent described therein about your personal data being processed by us.
- In accordance with Art. 16 GDPR, you have the right to demand immediate correction of incorrect data or completion of missing data for any personal data stored by us.
- In accordance with Art. 17 GDPR, you have the right to demand deletion of any personal data stored by us, insofar as the ongoing processing
is not required to exercise the right to freedom of expression and information;
to fulfil a legal obligation; for reasons of public interest; or
to assert, exercise or defend legal claims.
- In accordance with Art. 18 GDPR, you have the right to demand restriction of processing of your personal data, if
the accuracy of the data is not disputed by you;
the processing is unlawful, but you refuse to have the data deleted;
we no longer require the data, but you need the data to assert, exercise or defend legal claims; or
you have filed an objection to the processing in accordance with Art. 21 GDPR.
- In accordance with Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, accessible, machine-readable format, or to demand transmission of the data to another controller;
- In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. Generally, you can contact the supervisory authority for your usual place of residence, or your place of work, or for our company head office.
For questions relating to the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and to revoke any consent issued or an objection to a particular use of the data, please contact us directly using the contact details provided in the legal information.
Right to object
Insofar as we process personal data to serve our legitimate interests within the context of balancing interests, as described above, you can object to this processing with future effect. If the processing is being done for direct marketing purposes, you can exercise this right at any time, as described above. If the processing is being done for other purposes, your right to object depends on the existence of reasons arising from your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling, legitimate reasons that prevail over your interests, rights and freedoms, or if the processing is being done to assert, exercise or defend legal claims.
This does not apply if the processing is being done for direct marketing purposes. In which case your personal data will no longer be processed for this purpose.