Data protection

Data protection

Unless otherwise stated below, the provision of your personal data is neither required by law nor contractually, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This only applies if no other information is provided during subsequent processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.


Server log files
You can visit our websites without providing any personal information.
Every time you access our website, usage data is transmitted to us or our web host/IT service provider through your Internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR out of our overriding legitimate interest in ensuring trouble-free operation of our website and in improving our offering.
Your data will be transmitted to Canada, among other places. There is an adequacy decision from the EU Commission for data transfers to Canada.

Contact

Responsible person
Contact us if you wish. The contact details of the person responsible for data processing can be found in our legal notice.



Initiative contact from the customer via email
If you initiate business contact with us via email, we will only collect your personal data (name, email address, message text) to the extent provided by you. The data processing serves to process and answer your contact request.
If the contact is used to carry out pre-contractual measures (e.g. advice if you are interested in buying, making an offer) or concerns a contract that has already been concluded between you and us, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Article 6 (1) (f) GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR.
We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we only collect your personal data (name, email address, message text) to the extent provided by you. The data processing serves the purpose of establishing contact.
If the contact is used to carry out pre-contractual measures (e.g. advice if you are interested in buying, making an offer) or concerns a contract that has already been concluded between you and us, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. If contact is made for other reasons, this data processing is carried out on the basis of Article 6 (1) (f) GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR. We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.


Orders


Collection, processing and transfer of personal data when placing orders
When you place an order, we only collect and process your personal data to the extent that this is necessary to fulfill and process your order and to process your inquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR and is necessary for the fulfillment of a contract with you.
Your data will be passed on, for example, to the shipping companies and dropshipping providers you have chosen, payment service providers, service providers for order processing and IT service providers. In all cases we strictly observe the legal requirements. The amount of data transmission is limited to a minimum.
Your data will be transmitted to Canada, among other places. There is an adequacy decision from the EU Commission for data transfers to Canada.


Advertising

Use of your personal data to send you postal advertising
We use your personal data (name, address), which we have received in the context of selling a good or service, to send you postal advertising, unless you have objected to this use. The provision of this data is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded.
The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your address data at any time by notifying us. The contact details for exercising your objection can be found in the legal notice.

Use of the email address to send newsletters
Regardless of the contract processing, we use your email address exclusively for our own advertising purposes to send newsletters, provided you have expressly agreed to this. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.

Your data will be passed on to a service provider for email marketing as part of order processing. It will not be passed on to other third parties.

Use of the email address to send direct mail
We use your email address, which we received as part of the sale of a good or service, to electronically send advertising for our own goods or services that are similar to those that you have already purchased from us, to the extent that you do so have not objected to use. Providing the email address is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. The contact details for exercising your objection can be found in the legal notice. You can also use the link provided in the promotional email. There are no costs for this other than the transmission costs according to the basic tariffs.


Payment service provider credit report

Use of PayPal
All PayPal transactions are subject to the PayPal Privacy Policy. You can find these at https://www.paypal.com/de/webapps/mpp/ua/privacy-full (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

Using PayPal Express
We use the PayPal Express payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the PayPal Express payment service. In order to integrate this payment service, it is necessary for PayPal to collect, store and analyze data (e.g. IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies can also be used for this purpose. The cookies enable your browser to be recognized.
The use of cookies or comparable technologies is based on Section 15 Paragraph 3 Sentence 1 TMG. Your personal data is processed on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of various payment methods. You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. Further information on data processing when using the PayPal Express payment service can be found in the associated data protection declaration at  www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS (http://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS).

Use of personal data when selecting Klarna payment options
In order to be able to offer you Klarna's payment options, we will transmit personal data, such as contact details and order details, to Klarna. In this way, Klarna can assess whether you can use the payment options offered through Klarna and adapt the payment options to your needs. General information about Klarna can be found at: https://www.klarna.com/de/ (https://www.klarna.com/de/). Your personal information will be used by Klarna in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy (https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy).



Cookies

Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on a user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them and prevent the storage of the cookies and the transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all functions of this website to their full extent.

You can find out how you can manage cookies in the most important browsers (including deactivating them) using the links below:
Chrome: https://support.google.com/accounts/answer/61416?hl=de (https://support.google.com/accounts/answer/61416?hl=de)
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies (https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies)
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-allow-and-reject (https://support.mozilla.org/de/kb/cookies-allow-and-reject)
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac (https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac)


Technically necessary cookies
Unless otherwise stated in the data protection declaration below, we only use these technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Cookies also enable our systems to recognize your browser even after you change pages and to offer you services. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The use of cookies or comparable technologies is based on Section 15 Paragraph 3 Sentence 1 TMG. Your personal data is processed on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offering.
You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation.

Plugins and others

Use of social plug-ins
We use social network plug-ins on our website. The integration of social plug-ins and the data processing that takes place serves the purpose of optimizing advertising for our products.
When social plug-ins are integrated, a link is created between your computer and the servers of the social network providers and the plug-in is displayed on the page by notifying your browser, provided you have expressly agreed to this. Both your IP address and the information about which of our pages you have visited are transmitted to the provider servers. This applies regardless of whether you are registered or logged in to the social network. A transmission also takes place if users are not registered or logged in. If you are connected to one or more of your social network accounts at the same time, the information collected can also be assigned to your corresponding profiles. When you use the plug-in functions (e.g. by clicking the button), this information is also assigned to your user account. You can prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 15 Paragraph 3 Sentence 1 TMG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
The social networks named below are integrated into our website using social plug-ins. Further information on the scope and purpose of the collection and use of the data as well as your rights in this regard and options for protecting your privacy can be found in the linked data protection information of the providers.

Facebook of Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Facebook Ireland and we are jointly responsible for the collection of your data when you integrate the service and the transmission of this data to Facebook. The basis for this is an agreement between us and Facebook Ireland on the joint processing of personal data, in which the respective responsibilities are determined. The agreement is under https://www.facebook.com/legal/controller_addendum (https://www.facebook.com/legal/controller_addendum). Thereafter, we are in particular responsible for fulfilling the information obligations in accordance with Articles 13 and 14 of the GDPR, for compliance with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations under Article 33 , 34 GDPR, to the extent that a personal data breach affects our obligations under the joint processing agreement. Facebook Ireland is responsible for enabling the rights of those affected in accordance with Articles 15 - 20 of the GDPR, of complying with the security requirements of Article 32 of the GDPR with regard to the security of the service and of fulfilling the obligations under Articles 33 and 34 of the GDPR to the extent that there is a violation of the protection of personal data concerns Facebook Ireland's obligations under the Joint Processing Agreement.
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://www.facebook.com/legal/EU_data_transfer_addendum (https://www.facebook.com/legal/EU_data_transfer_addendum).
Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook's data protection information at https://www.facebook.com/about/privacy/ (https://www.facebook.com/about/privacy/).


Instagram of Instagram LLC. (1601 Willow Road, Menlo Park, CA 94025, USA)
https://help.instagram.com/155833707900388 (https://help.instagram.com/155833707900388)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de).
Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://about.pinterest.com/de/privacy-policy (https://about.pinterest.com/de/privacy-policy)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA.


Twitter de Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94107, EE. UU.)
https://twitter.com/privacy (https://twitter.com/privacy)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA.
Use of social plug-ins using “Shariff”
We use social network plug-ins on our website. So that you retain control over your data, we use the privacy-safe "Shariff" buttons.
Without your express consent, no links will be created to the social network servers and therefore no data will be transmitted.
"Shariff" is a development by the specialists at the computer magazine c't. It enables more privacy online and replaces the usual “share” buttons on social networks. You can find more information about the Shariff project here https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html (https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html).
If you click on the buttons, a pop-up window will appear in which you can log in with your data to the respective provider. Only after you have actively logged in will a direct connection to the social networks be established.
By logging in, you give your consent to the transfer of your data to the respective social media provider. Both your IP address and the information about which of our pages you have visited are transmitted. If you are connected to one or more of your social network accounts at the same time, the information collected will also be assigned to your corresponding profiles. You can only prevent this association by logging out of your social media accounts before visiting our website and activating the buttons. The following social networks are integrated using the “Shariff” function.
Further information on the scope and purpose of the collection and use of the data as well as your rights in this regard and options for protecting your privacy can be found in the linked data protection information of the providers.

Facebook of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA) https://www.facebook.com/policy.php (https://www.facebook.com/policy.php)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://www.facebook.com/legal/EU_data_transfer_addendum (https://www.facebook.com/legal/EU_data_transfer_addendum).

Instagram of Instagram LLC. (1601 Willow Road, Menlo Park, CA 94025, USA) https://help.instagram.com/155833707900388 (https://help.instagram.com/155833707900388)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de).

Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA) https://about.pinterest.com/de/privacy-policy (https://about.pinterest.com/de/privacy-policy )
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA.

Twitter from Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94107, USA) https://twitter.com/privacy (https://twitter.com/privacy )
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA.

Use of social plug-ins using the “2-click solution”
We use social network plug-ins on our website using the “2-click solution”. Without your express consent, no connections will be made to the social network servers and therefore no data will be transmitted.
With the standard integration of plug-ins, when you access the pages of our website that contain such a plug-in, a link is established between your computer and the servers of the social network providers and the plug-in is activated by notifying your browser shown on the page. Both your IP address and the information about which of our pages you have visited are transmitted to the provider servers. This applies regardless of whether you are registered or logged in to the social network. A transmission also takes place if users are not registered or logged in. If you are also logged in to the social network Facebook, this information will be assigned to your personal user account. When you use the plug-in functions (e.g. by clicking the button), this information is also assigned to your user account, which you can only prevent by logging out before using the plug-in. So that you retain control over your data, we have decided to initially deactivate the corresponding button. You can recognize this by the grayed out button. Without your express consent - in the form of activating the button - no link will be established to the social network server and therefore no data will be transmitted.
Only when you activate the button does the button become active (highlighted in color) and a direct connection to the social network server is established.
By activating, you give your consent to the transfer of your data to the respective social network provider. Both your IP address and the information about which of our pages you have visited are transmitted. If you are connected to one or more of your social network accounts at the same time, the information collected will also be assigned to your corresponding profiles. You can only prevent this association by logging out of your social network user accounts before visiting our website and activating the buttons.
The social networks named below are integrated using the “2-click function”. Further information on the scope and purpose of the collection and use of the data as well as your rights in this regard and options for protecting your privacy can be found in the linked data protection information of the providers.

Facebook of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA)
https://www.facebook.com/policy.php (https://www.facebook.com/policy.php)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://www.facebook.com/legal/EU_data_transfer_addendum (https://www.facebook.com/legal/EU_data_transfer_addendum).

Instagram of Instagram LLC. (1601 Willow Road, Menlo Park, CA 94025, USA):
http://instagram.com/legal/privacy/ (http://instagram.com/legal/privacy/)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de).

Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA):
https://about.pinterest.com/de/privacy-policy (https://about.pinterest.com/de/privacy-policy)
https://help.pinterest.com/de/articles/personalization-and-data (https://help.pinterest.com/de/articles/personalization-and-data)
Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA.

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA):
https://twitter.com/privacy (https://twitter.com/privacy)
https://twitter.com/personalization (https://twitter.com/personalization)

Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA.
Using Facebook's single sign-on feature
We use the single sign-on function (formerly Facebook Connect) from Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Facebook") on our website.
Facebook Ireland and we are jointly responsible for the collection of your data when you integrate the service and the transmission of this data to Facebook. The basis for this is an agreement between us and Facebook Ireland on the joint processing of personal data, in which the respective responsibilities are determined. The agreement is under https://www.facebook.com/legal/controller_addendum (https://www.facebook.com/legal/controller_addendum). Thereafter, we are in particular responsible for fulfilling the information obligations in accordance with Articles 13 and 14 of the GDPR, for compliance with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations under Article 33 , 34 GDPR, to the extent that a personal data breach affects our obligations under the joint processing agreement. Facebook Ireland is responsible for enabling the rights of those affected in accordance with Articles 15 - 20 of the GDPR, of complying with the security requirements of Article 32 of the GDPR with regard to the security of the service and of fulfilling the obligations under Articles 33 and 34 of the GDPR to the extent that there is a violation of the protection of personal data concerns Facebook Ireland's obligations under the Joint Processing Agreement.
This feature allows website visitors to log in to the website using their existing Facebook account. The data processing serves the purpose of verification during registration, personalization and interest-based advertising.
In order to offer the function on the website, a connection to the Facebook server is established. Cookies are used for this. The following information, among others, can be collected and transmitted to Facebook: IP address, browser information, referrer URL (website through which you accessed our website), location data. This applies regardless of whether you are registered or logged in to the social network. A transmission also takes place if users are not registered or logged in. If you are connected to one or more of your social network accounts at the same time, the information collected can also be assigned to your corresponding profiles. You can prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons. Your data may be transferred to the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://www.facebook.com/legal/EU_data_transfer_addendum (https://www.facebook.com/legal/EU_data_transfer_addendum).
When using the single sign-on function, the website visitor's Facebook profile is linked to a customer account for this website. We receive the user's personal data from Facebook, as stated in the login process. This may include, but is not limited to, the following information: name, address, public profile information (e.g. name, profile picture, age, gender), email address, friend lists, "likes" information.
The use of cookies or comparable technologies is based on Section 15 Paragraph 3 Sentence 1 TMG. Your personal data is processed on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in the needs-based and targeted design of the website. You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation.
Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook's data protection information at https://www.facebook.com/about/privacy/ (https://www.facebook.com/about/privacy/).


Rights of those affected and storage period

Duration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then taking into account statutory retention periods, in particular tax and commercial law, and then deleted after the deadline has expired, unless you have agreed to further processing and use.

Rights of the data subject
If the legal requirements are met, you are entitled to the following rights in accordance with Articles 15 to 20 of the GDPR: right to information, to correction, to deletion, to restriction of processing, to data portability.
In addition, according to Art. 21 Para. 1 GDPR, you have the right to object to processing based on Art. 6 Para. 1 f GDPR, as well as to processing for the purpose of direct advertising.

Right to lodge a complaint with the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that your personal data is not being processed lawfully.

You can lodge a complaint with, among other things, the supervisory authority responsible for us, which you can reach using the following contact details:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel.: +49 981 1800930
Fax: +49 981 180093800
Email: poststelle@lda.bayern.de

Right to object
If the personal data processing listed here is based on our legitimate interest in accordance with Article 6 Paragraph 1 Letter f of the GDPR, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation.
Once you have objected, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If personal data is processed for direct advertising purposes, you can object to this processing at any time by notifying us. After an objection has been made, we will stop processing the data concerned for the purpose of direct advertising.

last updated: October 27, 2020