Below we give you an overview of data processing on our online shop, as well as all other services we offer. We value your personal data and would like to give you a transparent insight into how we manage them.
Here you can learn more about how and why we collect, store, use and share your information. You can also read about the technologies and data we use to make your stay at Vonmählen more secure and enjoyable. You will also learn how we protect your data and what options you have to access, correct or delete your information here.
In our FAQs you will also find our answers to frequently asked questions which also deal with the subject of data protection.
1Name and Address of Responsible Persons
As we continually develop our website and implement new technologies to improve our service to you, we may need to make changes to this privacy statement. Therefore, we encourage you to review this privacy statement from time to time.
The person responsible within the scope of the fundamental data protection regulation, other national data protection laws of the member states as well as other provisions of data protection law is the data protection authority:
Vor dem Bardowicker Tore 49
Telephone Number: +49 4131 220 95 77
E-Mail Address: email@example.com
2Your Information at Vonmählen
2.1 What Information Does Vonmählen Use?
Vonmählen offers you various services and possibilities to get in contact with us through our website. Depending on which channel you choose, i.e. through our online shop, by telephone or e-mail, we will receive data from you through these various sources. In addition to the information you provide yourself, technical device and access data can also be read, which we automatically record when you access our site. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain your consent.
If we obtain the consent of the person concerned for the processing of personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (GDPR) is used as the legal basis.
However, we process personal information of our users only to the extent necessary to provide a functioning website with our content and services. The processing of personal data of our users takes place regularly only with their consent.
Exceptions apply in cases where prior consent cannot be acquired for factual reasons and the processing of the data is authorized by law.
It is important to us to protect your personal data that has been entrusted to us from unintentional use or unauthorized disclosure.
"Personal Information" means any personal information that relates to all information that can identify you or any other person. For example, this includes your name, date of birth, your (e-mail) address, IP address or your order number.
2.1.1 Personal Data
Your personal data is profile or log-in data, which is demographic information about you. This includes your first and last name, your title, contact details, your age and place of residence.
When you place an order in the online store, we collect the related purchase information, such as the order number, the shopping cart, your chosen payment method and the various statuses of your order.
When you make a payment, however, we only collect the payment details you have provided us with - processing is done through external service providers - receiving information from external payment service providers that is necessary for the execution of the payment and passing on your payment details to the bank commissioned to process the payment, e.g. for PayPal the PayPal ID, however, we do not store any payment details ourselves, except for your preferred method of payment.
The processing of personal data required for the fulfillment of a contract to which you are a contracting party as the person concerned is governed by Art. 6 Para. 1 lit. b DSGVO. The same also applies to processing data that is necessary to carry out pre-contractual activities.
If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal framework.
When you contact us, we also collect your contact information. Depending on how you contact us, the information we collect may include your name, mailing address, telephone number, email address, or social networking account details. We also collect the content of your message and, if necessary, forward it internally to the appropriate department.
The data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. It will not be forwarded to third parties.
2.1.2 Device and Access Data
The use of online and mobile services generates technical data which we process and use. This data includes the following points:
General device information, such as device type, operating system version, IP address and operating system used by your device, configuration settings, browser type, date and time of access to each page of our online store.
When you interact with our services, we also receive data that we can analyze to determine what content you are interested in. On this basis we can optimize our online shop. This data are not stored together with other personal data of the user. The data will be deleted after a maximum of 14 days.
The legal framework for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.
2.2 What Does Vonmählen Use your Data for?
Vonmählen processes your data in compliance with all legal regulations.
The purpose of the data processing is within the scope of the contract agreed with you (including our general terms and conditions) or the service requested by you. This includes, for example, the availability of our services, the execution of sales contracts or customer service and the execution of promotions and competitions.
In addition, the temporary storage of the IP address by the system is necessary to enable delivery of the website to your PC. To do this, your IP address must remain stored for the duration of the session.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f DSGVO.
If we make use of the services of third parties for the implementation and execution of processing, the provisions of the Federal Data Protection Act and the DSGVO are observed:
2.2.1 Use of Payment Service Providers
For payment processing, we pass on your personal data to the following service providers:
If you pay with PayPal, credit card through PayPal, direct debit through PayPal or - if offered - "purchase on account" through PayPal, we will forward your payment details to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") as part of the payment process. PayPal reserves the right to carry out a credit check for the payment methods; credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal. PayPal will use the result of the credit check, in relation to the statistical probability of failure to pay for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Please refer to PayPal's data protection declaration for further data protection information, including information on the credit agencies used: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
2.2.2 Forwarding to the shipping service provider
The dispatch is carried out via the dispatch portal "SendCloud". We will pass on your data to SendCloud GmbH, Kanalstr. 10, 80538 Munich, Germany, exclusively for the purpose of processing your online order in accordance with Art. 6 para. 1 lit. b DSGVO. We will only pass on your data to the extent that this is actually necessary for processing your order. Further information on data protection at SendCloud can be found here: www.sendcloud.com/privacy-policy/
To process your order we work closely with the logistics company DHL and use their service.
To keep you informed of the status of your order and to receive transactional emails about your order, we will send your name, address, email address and possibly telephone number to DHL.
The processing of your data by DHL is necessary in order to ensure our overriding legitimate interest pursuant to Art. 6 Para. 1 f DS-GVO in order to be able to provide you with the desired service. DHL is contractually obliged to use your data only for the purpose described, to use it in accordance with our instructions and to delete it after fulfilling the purpose.
The forwarding of your data takes place exclusively for the purpose of the shipping of your order with the logistics company DHL and also only to the extent necessary for shipping the goods. You can find more information about DHL's data protection at: www.dpdhl.com/en/data-protection.html.
2.3 Where does Vonmählen store your data?
Some of the servers used for hosting services are located in the data centers in Frankfurt. Space in the data center have been rented by Digital Ocean LLC, New York. Digital Ocean operates a cloud platform for virtual servers there, which we use as our hosting platform. In addition, DigitalOcean is subject to the EU-US Privacy Shield Agreement. Further information can be found at: https://www.digitalocean.com/legal/gdpr-faq/.
We use Amazon Web Services' "S3", "Cloudfront" and "Lambda" services for hosting and distributing website content. Amazon Web Services Inc, 410 Terry Avenue North, Seattle WA 98109, USA, ("AWS") is a cloud computing provider. AWS hosts the images on our website for us. When you click on an image on our website, AWS can track the IP addresses of your device.
The Hosting takes place exclusively at the AWS computer centre in Frankfurt a.M. AWS is also Privacy Shield certified and thus guarantees that personal data outside the European Economic Area is also processed in accordance with European data protection laws.
The inclusion of AWS is based on our justified interests in the secure and efficient operation and optimization of our website and online shop pursuant to Art. 6 Para. 1 lit. f. DSGVO in conjunction with Art. 28 DSGVO (order processing).
2.4 When does Vonmählen delete your data?
We will only store your personal data for as long as is necessary for the purposes stated in this data protection declaration. This is done primarily to fulfill our contractual and legal obligations, but also for other purposes if necessary, such as when the law allows us to further store for certain purposes. In the case of collecting data for the provision of the website, this is the case when your respective session has ended. To the extent that commercial and tax retention periods have to be observed, the duration of the storage of certain data can be up to 10 years.
Your data, in particular your IP address, will not be stored in log files. If you deactivate your customer account with us, we will delete any of your stored data, or if it is not possible or not necessary to completely delete your data for legal reasons, the relevant data will be prevented from being processed further..
The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
It is imperative to collect and save data in order to operate the website. Therefore, there can be no objection to this processing.
We set up password-protected personal access for users who register for a customer account. If you do not log out again after logging in with your login data, you will usually remain logged in automatically until you close your browser. We use a so-called "session cookie" for this purpose. This function allows you to use your customer account for the entire duration of your session without having to log in again each time.
3.1 Scope of Data Processing
You will be given the option in our online shop to register by providing personal data. This data is entered into an entry form and transmitted to us and stored. During the registration process, the following data will be collected:
· First name and surname
· Email address
· and if applicable your phone number and your birthday (optional)
At the time of registration, the date and time of registration are also stored. As part of the registration process, your consent to the process this data will be requested.
If you have given your consent, the legal basis for processing the data is Art. 6 Para. 1 lit. a DSGVO.
3.2 Purpose of Data Processing
Registering or providing data on your part is necessary to fulfill a contract, as we require information because regarding your billing or delivery address. In addition, your e-mail address is necessary for sending the order confirmation and the delivery confirmation.
3.3 Duration of Storage, Revocation and Deletion
Data will be deleted as soon as they are no longer required for the purpose for which they were collected.
During the registration process, data is used to fulfil a contract or to carry out pre-contractual measures if the data is no longer required for the performance of the contract. Even after the contract has been concluded, it may be necessary to store your personal data in order to comply with contractual or legal obligations.
As a user you have the right to cancel the user registration at any time. The data stored about you can be changed or deleted at any time in our online shop under your profile.
4.1 Scope of Data Processing
You can subscribe to a free newsletter on our website. When you subscribe to the newsletter, your e-mail and date of birth will be sent to us from the entry form.
In addition, the date and time will be collected when you register.
If you purchase products on our website and enter your e-mail address, this may subsequently be used by us to send you a newsletter. Should this be the case, the newsletter will only be used to promote our own products.
By entering your date of birth, we can send you birthday wishes by email.
In addition, there is also a newsletter of the VIP Club, which is an integral part of these special services. You will only receive this newsletter if you are a member of the Vonmählen VIP Club. When using our newsletter, we also collect device and access data.
No data will be passed on to third parties in connection with data processing for the purpose of sending newsletters. The data will be used exclusively for the mailing of the newsletter.
The legal basis for the processing of your data after registration for the newsletter is Art. 6 Para. 1 lit. a DSGVO. The legal basis for sending of the newsletter as a result of the sale of goods or services is § 7 Abs. 3 UWG.
4.2 Purpose of Data Processing
The collection of your e-mail address is used to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
The collection of the date of birth is used for the transmission of personal birthday wishes.
Our newsletters also contain so-called tracking pixels. A pixel-code is a miniature graphic embedded in emails sent in HTML format in order to enable log file recording and analysis. This allows us to evaluate the success of our online marketing campaigns.
The embedded pixel-code tells us if and when you opened an email and which links in the email you viewed. Such personal data collected via the tracking pixels contained in the newsletters will be stored and evaluated by the person responsible for the analyzing data to improve the performance of the newsletter and to adapt the content of future newsletters to better fit your interests.
This personal data will not be passed on to third parties.
4.3 How do I log in?
We use the so-called double opt-in procedure when you register for the Vonmählen newsletter, i.e. we activate this service for you only after your express consent and confirm your e-mail address.
To do this, you will receive a notification email from us asking you to click on a link in that email to confirm that you are the owner of the email address provided. We will not take this step if you have already confirmed to us for another purpose that you are the owner of this e-mail address.
4.4 Mailing of the newsletter by Mailchimp
Our newsletter is sent by "Mailchimp", the mail service provider of the US Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as the other data described in this notice, are stored on Mailchimp's servers in the United States. Mailchimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, Mailchimp may use this data to optimize or improve its own services, e.g. for the technical optimization of the sending and viewing of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, Mailchimp does not use the data of our newsletter recipients to contact them or pass them on to third parties.
Mailchimp has implemented compliance measures for international data transfers. In addition, MailChimp uses Standard Contractual Clauses approved by the EU Commission Art. 46 para.2 and para. 3 GDPR. You can find more information here: https://mailchimp.com/de/help/mailchimp-european-data-transfers/
4.5 Duration of Storage, Revocation and Deletion
If you do not want to receive our newsletter later, you can unsubscribe at any time. For this purpose you will find a link in each newsletter with the purpose to unsubscribe from the double opt-in procedure. Unsubscribing from the newsletter will automatically be considered as a revocation.
This also enables the revocation to the consent of the storage of personal data collected during the registration process.
Your data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. Your email address will be stored as long as the newsletter subscription is active.
All other personal information collected as part of the registration process will be deleted after a maximum period of seven days.
5 Gift Vouchers
The data provided within the course of ordering a Vonmählen voucher will be used to check and process the order and to send and redeem the voucher. This also includes the logging and processing of data related to the use of the voucher, in particular to prevent fraud according to Art. 6 Para. 1 lit. f DSGVO.
For the above purposes, we also store the following data:
• Date the voucher was issued
• Voucher value
• Coupon code
• Date and Time the voucher was redeemed
• Name of the Redeemer and the Customer Account ID of the account used for the redemption.
6 Contact Forms and Email Contact
6.1 Scope of Data Processing
There is a contact form on our website which you can use to contact us electronically. If you make use of this possibility, the data entered in the entry form will be transmitted to us and stored. This includes:
· First name and surname
· Email address
· Your chosen topic
· Your contact message
· and, if applicable, your telephone number and your order number
· the date and time you message was sent
Your consent will be requested when processing data during the submission process and reference will be made to this data protection declaration.
Alternatively, you can contact us by using the e-mail address provided. If you do so, the personal data transmitted with the email will be stored by you.
The data will not be passed on to third parties in this context. The data will only be used for the processing of the conversation and occasionally for customer service evaluation surveys.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
Art. 6 para. 1 lit. f DSGVO is the legal basis for the processing of data transmitted in the course of sending an e-mail. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
The legal basis for sending you customer service evaluation surveys by e-mail is the legitimate interest in improving our customer service pursuant to Art. 6 para 1 lit. f DSGVO.
6.2 Purpose of Data Processing
The processing of the personal data from the entry form serves us solely to facilitate contact. If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems
6.3 Duration of Storage, Revocation and Deletion
The data will be deleted as soon as they are no longer necessary to achieve their intended purpose. The personal data from the entry form of the contact form and those sent by e-mail are deleted when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. If the conversation is a relevant matter for conducting business, the storage period of 6 years specified by law applies.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
It is possible to revoke your consent to processing your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, communication cannot be continued.
In this case, all personal data stored in the course of establishing contact will be deleted.
7 Your Rights
If personal data is processed by you, you are the data subject within the meaning of the DSGVO and you are entitled to the following rights in respect of Vonmählen GmbH:
7.1 Right to Information
You may request confirmation from the person responsible as to whether personal data concerning you will be processed by us.
In the event of similar use, you can ask the person responsible for the following information:
(1) Purposes for which the personal data are processed;
(2) The categories of personal data that will be processed;
(3) The recipients or categories of recipients to whom the personal information about you has been or will be disclosed to; and
(4) The planned duration of the storage of personal data concerning you or, if it is not possible to provide specific information in this regard, relevant information to determine the storage period;
(5) There is a right to correct or delete personal data concerning you, a right to limit the processing carried out by the responsible person or a right to object to such processing;
(6) The right to challenge decisions to a regulatory authority.
You have the right to request information as to whether the personal data concerning you will be disclosed to a third country or to an international organisation. Furthermore, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.
7.2 Right to Amendment
You have the right to have your personal data corrected and/or completed by the responsible person if it is incorrect or incomplete. The person in charge must carry out the amendment immediately.
7.3 Right to limitation of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
(1) If you dispute the accuracy of the personal data concerning you for a period of time that allows the responsible person to verify the accuracy of the personal data;
(2) The processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
(3) The person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims,
(4) If you have filed an appeal against the processing in accordance with Art. 21 para. 1 DSGVO and it has not yet been confirmed whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may be processed only with your consent or for the purpose of asserting, exercising or defending a right or protecting the rights of another individual or legal entity or for reasons of an important public interest of the Union or of a Member State, with the exception of their storage.
If the limitation of the processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is withdrawn.
7.4 The Right to Delete
7.4.1 Obligation to Delete
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or processed in any other way.
(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 para 1 DSGVO and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para 2 DSGVO.
(4) The personal data concerning you has been processed unlawfully.
(5) It is necessary to delete personal data concerning you in order to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
(6) The personal data relating to you has been collected in relation to information society services offered in accordance with Art. 8 para. 1 DSGVO.
7.4.2 Information to Third Parties
If the person responsible has made the personal data concerning you public and is obliged to delete them pursuant to Art. 17 para. 1 DSGVO, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
This right to delete does not exist if the processing is necessary.
(1) to exercise freedom of expression and information;
(2) to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for public interest reasons in the field of public health according to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DSGVO;
(4) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes according to Art. 89 para. 1 DSGVO, as far as the law mentioned under section a) probably makes the realisation of the objectives of this processing impossible or seriously impairs it, or
(5) to assert, exercise or defend legal claims.
7.5 Right to Information
If you have exercised the right to correct, cancel or limit the processing, the data controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction, cancellation or limitation of the processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients by the person responsible.
7.6 Right to Data Transferability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another data controller without being hindered by the controller to whom the personal data was provided, provided that
(1) such processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO, and
(2) processing is carried out using automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one responsible person to another responsible person, as far as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7.7 Right of Objection
You have the right to object at any time to the processing of personal data concerning you in accordance with Art. 6 para. 1 lit. e or f DSGVO for reasons arising from their specific situation.
The controller will no longer process the personal data concerning you unless he can prove compelling reasons for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed in order to conduct direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising, insofar as it is connected with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of withdrawal in connection with the use of Information Society services - regardless of the regulation 2002/58/EC - through automated procedures using technical specifications.
7.8 Right to Revoke Consent from the Data Protection Declaration
You have the right to revoke your data protection consent at any time. The revocation of your consent does not affect the legality of the processing that took place on the basis of your consent until you revoke your consent.
7.9 Automated decision in individual cases
You have the right not to be subject to a decision based solely on automated processing which creates legal effects for you or significantly affects you in a similar manner. This does not apply if the decision:
(1) is necessary to conclude or fulfil a contract between you and the person responsible,
(2) is authorized by the laws of the Union or of the Member States to which the person responsible is subject and those laws contain adequate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data under Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the person responsible shall take reasonable steps to protect the rights and freedoms and your rightful interests, including but not limited to the right of the person responsible to intervene, to present his or her point of view, and to challenge the decision.
7.10 Right to Complain to a Regulatory Authority
Irrespective of any other administrative or judicial remedy, you have the right to complain to the Data Protection Officer of the State of Lower Saxony, in particular in the Member State of your residence, workplace or presumed place of infringement, if you consider that the processing of your personal information is contrary to the DSGVO. You can find the complaint form here: Link
The regulatory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
We employ cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. Among other things, the cookies store and transmit items in your shopping cart or your log-in information.
The data collected in this way is pseudonymized with technical measures. That is why it is no longer possible to assign your data to you. The data will not be stored in the same place as other personal data.
You can prevent cookies from being saved by adjusting your browser software accordingly: In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .
You can find further information on the processing of this data at: Google Analytics.
The legal basis for this processing of your personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO. For the processing of your personal data using cookies for analytical purposes, Art. 6 para. 1 lit. a DSGVO.
8.1 Purpose of Data Processing
We use analysis cookies to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can, thus, constantly, optimize our services. Our legitimate interest in the processing of personal data pursuant to Art. 6 Para. 1 lit. f DSGVO also lies in these purposes.
8.2 Duration of Storage, Objection and Removal
9 Analysis and Personalisation
9.1 Google Analytics
We use Google Analytics, a web analysis service, on our website. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser will not be merged with other Google data.
You can find out more about Google's use of data for advertising purposes, as well as setting and objection options on Google's websites:
· Data usage by Google when you use our partners' websites or apps (https://www.google.com/intl/en/policies/privacy/partners/)
· Use of data for advertising purposes: (http://www.google.com/policies/technologies/ads)
· Manage information Google may use to display advertisements to you: (http://www.google.com/settings/ads)
· Determine which advertising Google shows you: (http://www.google.com/ads/preferences/)
On our website we use Google Analytics (with anonymization function), a web analytical service.
Web analysis is the acquisition, compilation and evaluation of data on the behaviour of visitors to websites. A web analytics service collects data on, among other things, from which website a person concerned came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
In addition, the IP address of the Internet connection of the data subject will be shortened and anonymized by Google if the access to our website is from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic to and from our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us which shows the activities on our website and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the information technology system of the targeted person. Cookies are explained above. When the cookie is set, Google is able to analyze the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis.
As part of this technical process, Google obtains knowledge of personal data, such as your IP address, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission settlements. The cookie is used to store personal information such as access time, the location from which you accessed our website and the frequency with which you visited our website. Each time you visit our website, this personal data, including the IP address of the Internet connection you use, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.
You can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently reject cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your information technology system.
In addition, a cookie already set by Google Analytics can be deleted at any time through the Internet browser or other software programs. Furthermore, you have the possibility to object to and prevent the collection of data generated by Google Analytics and relating to the use of this website and the processing of this data by Google.
You can also change your settings at any time under Privacy Settings.
For more information and to review Google's current privacy policies, please visit https://policies.google.com/privacy and https://www.google.com/analytics/terms/.
9.2 Google Tag Manager
In addition, we use the "Google Tag Manager" on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google").
Google Tag Manager allows us as marketers to manage website tags through one interface. The tool itself, which implements the tags, is a cookie-less domain and does not itself collect any personal data. Google Tag Manager takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
We use Google Tag Manager based on our legitimate interest in optimizing our online marketing pursuant to Art. 6 para. 1 lit. f. GDPR.
Further information and the applicable data protection provisions of Google can be found at https://policies.google.com/privacy.
We use the web analysis service Hotjar. The analysis service belonging to the Hotjar Ltd. group is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta).
The legal basis for the website analysis of Hotjar is our justified interest in the user-friendly and customer-oriented design of our website in accordance with Art. 6 Para. 1 lit. f GDPR.
You can prevent Hotjar from collecting this information by clicking on the following link: https://www.hotjar.com/opt-out .
We have integrated the so-called "Facebook pixel" of the social network Facebook on our website in order to analyze and optimize offers on online shop. The Facebook pixel is operated within the EU by Facebook Ireland Ltd. based at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook pixel allows Facebook to target visitors to our online offers with ads (so-called "Facebook ads"). We use the Facebook pixel to display the Facebook ads placed by us to Facebook users who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). By using the Facebook pixel, we want to ensure that our Facebook ads match the potential interest of users and are not disruptive. Facebook pixels also help us track the effectiveness of Facebook ads for market research purposes by showing us whether users have been referred to our website after clicking on a Facebook ad ("conversion").
Facebook integrates the Facebook pixel directly when you visit our website and can store a so-called cookie on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online service is noted in your profile. The data collected about you is anonymous to us and does not provide us with any information about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we transmit data to Facebook for comparison purposes, this data is encrypted locally on the browser and only then sent to Facebook using a secure https connection. This is done solely for the purpose of matching it with data that is similarly encrypted by Facebook.
The use of Facebook pixels is based on our legitimate interests in the analysis of customer behavior and our online services to optimize our online store and online marketing pursuant to Art. 6 Para. 1 lit. f. DSGVO.
You may opt in of Facebook pixel capture and use of your information to display Facebook ads. Here we offer you an opt-out option through a cookie notice. If you do not agree with this notice, you deactivate the use of the Facebook pixel.
You can also change your settings at any time under Privacy Settings.
10.2 Facebook Conversion API
In addition to the Facebook Pixel, we use Facebook's Conversion API on our website. The so-called "CAPI" is operated within the EU by Facebook Ireland Ltd. with headquarters at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. CAPI is an interface that sends event data from our server directly to Facebook.
The mode of operation and processing of data within the scope of the CAPI corresponds to the mode of operation and processing within the scope of the use of the Facebook pixel, which is why we refer in this respect to the data protection information on the Facebook pixel and target group formation (Chapter 10.1).
The use of CAPI is based on our legitimate interests in the analysis of customer behavior and our online services to optimize our online store and online marketing pursuant to Art. 6 Para. 1 lit. f. GDPR.
As a basis in the case of recipients located in third countries or a data transfer to third countires, Facebook uses standard contractual clauses approved by the EU Commission (Art. 46 Para 2 and 3 GDPR). These clauses oblige Facebook to comply with the EU standards of data protection when processing data outside the EU (https://www.facebook.com/legal/EU_data_transfer_addendum).
You can object to the collection by CAPI. We offer you an opt-in option here by means of a cookie notice. You can also change your settings at any time under Privacy Settings. As a Facebook member, you can also deactivate the cookie via this link.
10.3 Google Ads Conversion
We have integrated Google Ads Conversion (formerly AdWords) on this website.
Google Ads Conversion is an Internet advertising service that allows advertisers to serve ads both in Google's search engine results and on the Google advertising network. Google Ads Conversion allows an advertiser to pre-define keywords that will be used to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant Internet pages using an automatic algorithm and taking the previously defined keywords into account.
The operating company of the Google Ads services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Ads Conversion is to promote our website by displaying interest-relevant advertisements on the websites of third-party companies and in the search, engine results of Google and by displaying third-party advertisements on our website. If a person concerned reaches our website through a Google advertisement, a so-called conversion cookie is stored on the information technology system of the person concerned by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and does not serve to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website.
Through the conversion cookie, both we and Google can track whether a person who came to our website via an Ads ad generated a turnover, i.e. completed or cancelled a purchase of goods. The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Ads, i.e. to determine the success or failure of the respective Ads ad and to optimize our Ads for the future. Neither our company nor other Google-Ads advertisers receive any information from Google that could identify you.
The conversion cookie is used to store personal information, such as websites you have visited. Accordingly, each time you visit our website, personal data, including the IP address of the Internet connection you use, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.
You can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. This setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Ads can be deleted at any time via the Internet browser or other software programs. You also have the option of opting out of interest-based advertising by Google. To do this, you must access the link https://adssettings.google.com/authenticated from any of the Internet browsers you use and customize the settings there.
10.4 Google Dynamic Remarketing
We use "Google Dynamic Remarketing" on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google").
Google Dynamic Remarketing enables us to present you with interest-based advertisements when you continue to use the internet after visiting our website. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behavior when you visit various websites. This enables Google to recognize visitors when they visit websites that belong to Google's advertising network. On these pages, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's retargeting technology. According to Google, Google does not collect any personally identifiable information during this process.
We use Google Dynamic Remarketing for marketing and optimization purposes, in particular to serve ads that are relevant and interesting to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. This is also our legitimate interest in processing the above data pursuant to Art. 6 para 1 lit. f GDPR.
You can deactivate the cookie at any time if you do not wish to use the retargeting function. However, deactivation must be carried out separately for each browser or for each end device using one of the following methods: Directly from Google at https://adssettings.google.com/authenticated or under Privacy Settings.
We use "DoubleClick" on our website, an online marketing tool of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google").
DoubleClick prevents ads from being displayed more than once. To do this, Google uses a cookie ID to record which ads are displayed in which web browser. DoubleClick can also use the cookie IDs to record so-called conversions that are related to ad requests, e.g. if you see a DoubleClick ad and later call up the advertiser's website with the same web browser and make a purchase there. According to Google's own statement, the cookies do not contain any personal data. By using DoubleClick, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of DoubleClick. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you do not have a Google user account, it may be the case that Google obtains and stores your IP address.
We use DoubleClick for marketing and optimization purposes, in particular to serve ads that are relevant and interesting to you, to improve campaign performance reports, or to prevent you from being presented with the same ads more than once. This is also our legitimate interest in processing the above data pursuant to Art. 6 para 1 lit. f GDPR.
You can deactivate the cookie at any time. However, deactivation must be done separately for each browser or for each end device using one of the following methods: Directly at Google at https://adssettings.google.com/authenticated or under Privacy Settings.
This website uses the retargeting technology of The Trade Desk, a service of The Trade Desk Inc, 42 N. Chestnut St Ventura, CA 93001 USA (hereinafter referred to as "TradeDesk"). This function is used to present interest-based advertisements to website visitors as part of the TradeDesks advertising network. The browser of the website visitor stores so-called "cookies", text files that are stored on your computer and enable the visitor to be recognized when he/she visits websites that belong to the TradeDesk advertising network. On these pages, the visitor may then be presented with advertisements that relate to content that the visitor has previously viewed on websites that use TradeDesk's retargeting technology. According to its own information, TradeDesk collects pseudonymized data during this process.
You can deactivate the cookie at any time. However, deactivation must be done separately for each browser or for each end device using one of the following methods: Directly at TradeDesk at https://www.adsrvr.org or under Privacy Settings.
This website uses the tracking technology of uppr GmbH, Linkstr. 21, 59519 Möhnesee (hereinafter referred to as "uppr") to measure the efficiency of the corresponding advertising measures. The technology also enables us to assign advertising successes for billing purposes with advertising partners.
When you click on an advertising integration, cookies are set in your browser, which are read in the event of a transaction. At each touch point, your browser sends an HTTP request to the uppr server, which transmits certain information. This information includes the URL of the website where advertising material is placed (referrer URL), the browser identifier (user agent) of your end device (including information about the device type and operating system), the IP address of the end device (this IP address is anonymized and hashed by us before storage), HTTP header (data packet with various technical information automatically transmitted by your browser), the time of the request and, if already stored on the end device before, the cookie with its content.
The tracking technology stores cookies on your end device to document actions. A 24-digit, anonymous ID is stored in the cookie. Linked to this ID, the data is stored in encrypted form in uppr's database on uppr's server.
This contains information about the last touch points (i.e. when a particular advertising medium was displayed or clicked on by an end device). If necessary, the stored touch points can be combined to form a sequence chain (user journey).
In the case of an action request, e.g. an order, the order number, the products ordered, and the shopping cart value of your order are usually also transmitted and stored. In addition, the following values can be transmitted and stored: Your customer or order number as well as a new customer feature.
The cookies stored by uppr are deleted after 30 days at the latest.
The information transmitted to us and the cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing and is justified with our legitimate interests according to Art. 6 para. 1 lit. f GDPR.
You can deactivate the cookie at any time. However, deactivation must be done separately for each browser or for each end device using one of the following methods: Directly at uppr at https://netzwerk.uppr.de/privacy-optout.do or under Privacy Settings.
10.8 Trusted Shops
We have incorporated the Trusted Shops seal of approval into our online store so that you can see our customer reviews collected, use the Trusted Shops products offered to shoppers after an order has been placed, and be sure that we meet Trusted Shops quality standards.
These measures serve to protect our legitimate interests in order to optimally market our products in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The trust badge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service providers from the USA.
When you visit the trust badge, the web server automatically saves a so-called server log file, a "log file". This also includes your IP address, the date and time of your request, the amount of data transferred and the Internet service provider making the request, and documents the request. After complete processing, your data will be restricted for further processing and deleted after expiry of the tax and commercial retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and to which we will inform you in this declaration.
Other personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products at the end of your order or if you have already registered for this use. In this case the contractual agreement between you and Trusted Shops applies. For this an automatic collection of personal data from the order data takes place.
This is necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional valuation services in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO.
You will find the data protection declaration of Trusted Shops GmbH and details of the objection at: https://www.trustedshops.de/impressum/#datenschutz