Data Protection Policy
This Data Protection Policy refers to the nature, scope and purpose of personal data processing (hereinafter referred to as "data") relating to our websites, features and content thereof, as well as the external presence such as our social media profiles (collectively referred to as "online offer"). With regard to the terminology used, e.g. "processing" and "controller", we refer to the definitions stimulated in Article 4 of the General Data Protection Regulation (GDPR).
Collection, Processing & Use of Personal Data
Types of Processed Data:
Personal data (e.g. name, address).
Contact data (e.g. email address, telephone number).
Content data (e.g. text input, images, videos).
Usage data (e.g. websites visited, interest in content, access time).
Meta and communications data (e.g. device information, IP addresses)
Categories of Data Subjects
Visitors and users of the online offer (hereinafter referred to as "user").
Customers utilising our website (hereinafter referred to as "user").
Provision of the online offer, its functions and content.
Processing of all orders including the related physical processes, in particular, that of package dispatch and in respect to the possible reverse transaction in case of warranty.
Responding to contact requests and communication with users.
"Personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
In accordance with Article 13 of the GDPR, we provide information in regard to the legal basis of our data processing. Provided the legal basis in the data protection statement is mentioned, the following applies: The legal basis for obtaining consent is Article 6 paragraph letter 1 and Article 7 of the GDPR, the legal basis for the processing for the fulfilment of our services and the execution of contractual measures as well as the answer to inquiries is Article 6 paragraph 1 letter b of the GDPR, the legal basis for the processing in order to fulfil our legal obligations is article 6 (1) letter c of the GDPR, and the legal basis for the processing in order to safeguard our legitimate interests is Article 6 (1) letter. f of the GDPR. Processing is necessary in order to protect the vital interests of the data subject or of another natural person as stated in Article 6 paragraph 1 letter d of the GDPR.
Collaboration with Processors and Third Parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfil the contract), you have consented to a legal obligation or based on our legitimate interests (eg the use of agents, web hosters, etc.).
Your data will be processed, in particular, to order processing in respect to payment and shipping services.
If we commission third parties to process data on the basis of a so-called „contract processing contract“, this is done on the basis of Art. 28 GDPR.
Your payment data is encrypted during the order processed and transferred via the internet. We never gain access to your payment data thanks to special embedding used during the order process and are therefore not the processors of the data. The data is processed exclusively by these payment service providers:
SumUp Payments Limited
Data Transmission in Third-Party Countries
If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfil our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
You have the right to consent according to. Art. 7 para. 3 of the GDPR. This right to consent also applies to data processed in the future.
You may at any time object to the future processing of your data in accordance with Art. 21 of the GDPR. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Rights of the Data Subject
The user shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the controller shall provide a copy of the personal data undergoing processing as in accordance with Article 15 of the GDPR.
The user shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data or incomplete personal data concerning him or her in accordance with Article 16 of the GDPR.
The user shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay in accordance with Article 17. The user shall have the right to obtain from the controller restriction of processing of personal data in accordance with Article 18 of the GDPR.
The user shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided in accordance with Article 20 of the GDPR.
The user shall have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.
Data Usage for Advertising Purposes
Your personal data is used to improve your shopping experience and shape it to suit your requirements. The information used to achieve this is the data already available to us, e.g. via your internet connection, the chosen end device, the operating system, the date, the time at which our website was visited or the pages accessed as well as information that was provided to us by you. You may object to the use of your personal data for advertising purposes at any time. A notification via email, letter or fax would suffice. You can find our contact details here.
The following information is intended to inform you about the content of our newsletter, the subscription, shipping and statistical evaluation procedures, as well as your right of opting out. By subscribing to our newsletter, you agree to receive it and to the described procedures.
We send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or legal permission. Insofar as the content of the newsletter is concretely described as part of a subscription, it is relative for the consent of the users. Otherwise, our newsletters only contain information concerning our products and the relevant information thereof (e.g. safety instruction), special offers, promotions and information about our company.
Double opt-in and logging: Subscribing to our newsletter is part of a so-called double opt-in procedure. This means that you will receive an email after subscribing requesting you to confirm your subscription. This confirmation is necessary so that nobody can subscribe with an email address that is not their own. Subscription to the newsletter will be logged as proof of the subscription process in accordance with legal requirements. This includes the storage of the subscription and confirmation time as well as the IP address. Similarly, changes to your data stored with the emailing service provider will be logged.
Subscription details: To subscribe to the newsletter, all you have to do is enter your email address. Optionally, we ask that you provide your first and last name. These are only used to personalize the newsletter.
The dispatch of the newsletter and the associated performance measurement are based on a consent of the recipients according to Article 6 paragraph 1 letter a, Art. 7 GDPR in conjunction with section107 paragraph 2 of the Telecommunications Act, or if consent is not required, based on our legitimate interests in direct marketing according to Article 6 paragraph 1 letter f GDPR in conjunction with section 107 (2) and the like 3 of the Telecommunications Act.
The logging of the registration process is based on our legitimate interests in accordance with Article 6 paragraph 1 letter f of the GDPR. Our interest lies in the use of a user-friendly and secure newsletter system, which serves both our business interests and the expectations of the users and also allows us to prove our consent.
The user can terminate the receipt of our newsletter at any time, i.e. revoke your consent. The newsletter cancellation link can be found at the bottom of each newsletter. We may save the submitted email addresses for up to three years based on our legitimate interests before deletion thereof to provide prior consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.
Cookies are small text files that are stored on a user's computers. Different types of information can be stored within the text files. A cookie is primarily used to store information about a user (i.e. the device on which the cookie is stored) during or after their visit on a website. Session cookies are cookies that are deleted after a user leaves a website and closes the browser. In the case of session cookies, the contents of a shopping cart in an online shop or a login status are saved. Persistent cookies remain stored even after the browser has been closed. Thus, a login status, for instance, will be saved if the user visits the website after several days. Likewise, user interests can be stored which as used for range measurement or marketing purposes. A third-party cookie refers to cookies that are offered by providers that do not manage the website that is being visited. Cookies offered by the person that manages the website are called first-party cookies.
The user is requested to disable the settings in their browser if they do not want any cookies stored, Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of the website being visited.
Social Media Online Presence
We maintain a social media online presence and other platforms in order to communicate with customers, interested parties and active users, and to inform them about our services. When viewing the respective networks and platforms, the business conditions and data processing policies of the respective operators apply.
We would like to point out that the users' data may be processed outside the European Union. This may result in risks to users because e.g. the enforcement of user rights could be made more difficult. With respect to US providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards.
Furthermore, the user's data is usually processed for market research and advertising purposes. Thus, e.g. user profiles are created from user behaviour and the resulting interests of the users. The usage profiles may, in turn, be used to e.g. place advertisements inside and outside the platforms that are presumably in line with users' interests. For these purposes, cookies are usually stored on the users' computers, in which the user behaviour and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and logged in to them).
The processing of personal data linked to the user is based on our legitimate interests in effective information of users and the communication with users in accordance with. Art. 6 para. 1 lit. f. GDPR. If the users are asked by the respective providers for consent to data processing (that is, they declare their agreement, for example, by ticking a checkbox or confirmation a button), the legal basis of the processing is in accordance to Art. 6 para. a., Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the provider.
Also, in the case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can take appropriate measures directly and provide information. If you still need help, then you can contact us.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) - data privacy statement: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – data privacy statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – data privcy statement/opt-out: http://instagram.com/about/legal/privacy/.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
the pseudonymisation and encryption of personal data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Participation in Affiliate Partner Programs
Within our online services, we use, on the basis of our legitimate interests (i.e. interest in the analysis, optimising, and economic operation of our online services) pursuant to Article 6 (1) (f) GDPR, tracking measures customary in the trade, insofar as these are required for the operation of the affiliate system. In the following paragraphs, we inform users of the technical background.
The services offered by our contractual partners may be advertised and linked as well on other websites (so-called affiliate links or after buy systems, if for example links or services of third parties are offered after the conclusion of a contract). The operators of the website concerned receive a commission if the user follows the affiliate links and subsequently make use of the offers.
In summary, it is required for our online service that we be able to trace whether users interested in affiliate links and/or the goods available at our business, subsequently make use of the offers at the initiative of the affiliate link or our online platform. For this purpose, the affiliate links and our offers are supplemented with certain values which may be placed as a part of the link or otherwise, e.g. in a cookie. The values include in particular the referrer website, time, an online ID of the operator of the website on which the affiliate link was situated, an online ID of the offer concerned, an online ID of the user, and values specific to tracking such as advertising material ID, partner ID, and categorization.
The online IDs of users used by us are pseudonym values. This means that the online ID itself does not contain personal data such as name or e-mail address. They only assist us in determining whether the same user who clicked on an affiliate link, or who, through our website, took an interest in one of our products, made use of the offer, i.e. concluded a contract with the provider. However, the online ID is personal insofar as the online ID together with other user data are available to the partner business and also to us. Only in this way is the partner business able to inform us whether such user accepted the offer and whether we may pay out the bonus.
We collaborate with Awin (for more information klick here) and Belboon. These are so-called tracking cookies that provide our partners with order provisioning data. The data does not contain personal data or information about the order or ordered products.
Server Log Files
We automatically collect and store information in so-called server log files, which your browser automatically sends to us when enquiring about our website. The information comprises:
the type and version of the browser used
the operating system used
the hostname of the computer being accessed
time of the server request
This mainly serves as quality assurance of our services. The data cannot be assigned to specific persons. The data is not merged with other data sources. We reserve the right to check this data retrospectively if specific indications for illegal use come to our attention.
According to the legal requirements in Germany, the storage takes place for 10 years according to §§ 147 paragraph 1 AO, 257 paragraph 1 No. 1 and 4, paragraph. 4 HGB (books, records, management reports, accounting documents, trading books, for taxation relevant Documents, etc.) and 6 years in accordance with § 257 (1) no. 2 and 3, para. 4 (commercial letters).
According to legal regulations in Austria, the storage takes place in for 7 years in accordance with § 132 exp. 1 BAO (accounting documents, documents / invoices, accounts, documents, business documents, statement of income and expenses, etc.), for 22 years in connection with land and for 10 years in the case of documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.
In the event of deletion, our system will be rendered unrecognizable and unrecoverable using an irreversible pseudonymization procedure.
For questions concerning the collection, processing or use of your personal data, for information, rectification, blocking or deletion of data as well as the revocation of consent, please contact: firstname.lastname@example.org
Use of YouTube Plugins
Web Tracking Tools
In the context of retargeting and banner advertisements, we use third-party services. This is usually done using cookies or pixels. Thus, promotional offers will be more useful and interesting for you.
Use of Facebook Social Plugins
This website uses Facebook (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ) social plugins. The plugins are marked with a Facebook logo, the "Facebook Social Plugin" add on or "Facebook Social Plugin". An overview of the Facebook plugins and how they appear can be found here: https://developers.facebook.com/docs/plugins
When you visit one of our pages that displays such a plugin, your browser connects directly to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website.
By integrating plugins, Facebook is given the information that your browser has accessed, the corresponding page of our website, even if you do not have a Facebook account or are not logged into your Facebook account. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the United States and stored there.
If you are logged into Facebook, Facebook can directly associate our website visit with your Facebook account. If you interact with the plugins, for example, press the "Like" button or write a comment, the corresponding information is also sent directly to a Facebook server and stored there. The information is published on Facebook and displayed to your Facebook friends.
Facebook can use this information for the purpose of advertising, market research and the design of Facebook pages. Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements shown on Facebook, to inform other Facebook users of your activities on our website and to provide further services associated with the use of Facebook.
If you do not want Facebook to assign the data collected through our website to your Facebook account, you must log out of Facebook before you visit our website.
Your payment data will be encrypted during the order process. We secure our website and other systems by means of technical and organisational measures against the loss, destruction, access, modification and dissemination of your data by unauthorized persons. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.
We store the wording of a contract, sending you the order data and our Terms and Conditions via email. You can also read up on our Terms and Conditions here . All previous order can be viewed within your customer account.