Privacy– Atelier Hellbusch

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data has no consequences. This only applies insofar as no other indication is made in the subsequent processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.

Server log files
You can visit our web pages without providing any information about yourself.
Each time you access our website, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log files (so-called server log files). The stored data includes, for example, the name of the page accessed, date and time of access, IP address, amount of data transferred and the requesting provider.
The processing is carried out on the basis of Art. 6 (1) (f) GDPR from our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offer.
Your data may be transmitted to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s standard contractual clauses.

Contact

Controller
Contact us if you wish. The controller responsible for data processing is: Mark Hellbusch, Langendellschlag 62, 65199 Wiesbaden, Germany, 0176-21916227, markhellbusch@web.de

Customer-initiated contact by email
If you initiate business contact with us by email, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of handling and responding to your contact request.
If the contact is made for the purpose of carrying out pre-contractual measures (e.g. advice on purchase interest, preparation of an offer) or concerns an existing contract between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR from our overriding legitimate interest in handling and responding to your request. In this case, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6 (1) (f) GDPR.
We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, e-mail address, message text) only to the extent provided by you. The data processing serves the purpose of contacting you.
If the contact is made for the purpose of carrying out pre-contractual measures (e.g. advice in the event of interest in purchasing, preparation of an offer) or concerns an already existing contract between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR. If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Art. 6 (1) (f) GDPR. We use your e-mail address only to process your inquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Customer account Orders

Customer account
When you open a customer account, we collect your personal data to the extent indicated there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent up to the time of revocation. Your customer account will then be deleted.

Collection, processing and transfer of personal data for orders
When you place an order, we collect and process your personal data only insofar as this is necessary for the fulfilment and handling of your order and for processing your enquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is carried out on the basis of Art. 6 (1) (b) GDPR and is necessary for the performance of a contract with you.
Your data will be passed on, for example, to shipping companies, dropshipping or fulfilment providers, payment service providers, service providers for order processing and IT service providers. In all cases we strictly observe the legal requirements. The scope of data transmission is limited to a minimum.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. An adequacy decision of the EU Commission exists for Canada. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the standard contractual clauses of the EU Commission.

Reviews Advertising

Shopauskunft customer reviews
We use the “shopauskunft.de” review tool of Händlerbund Management AG (Kohlgartenstraße 11–13, 04315 Leipzig; “Shopauskunft”) on our website.
After your order, we would like to ask you to rate and comment on your purchase with us. For this purpose, we will contact you by e-mail, using the technical system “Rechtssichere Bewertungsanfrage (RBA)”. In doing so, we process the data relating to your order (order number/invoice number, purchase value and shipping costs) as well as your e-mail address. Where applicable, we also use this data for the purpose of verifying your review.
The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent, provided you have expressly agreed to the transfer of your data and to receiving the review request.
You can withdraw your consent at any time by using the corresponding link in the e-mail or by notifying us, without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data protection when using Shopauskunft can be found at:
https://www.shopauskunft.de/datenschutz (https://www.shopauskunft.de/datenschutz).

Shopauskunft widget
The Shopauskunft widget is integrated on our website. This serves the purpose of displaying the number and result of the reviews we have received so far via Shopauskunft and using them for advertising.
To display the widget, it is technically necessary for usage data to be transmitted by your internet browser to the Shopauskunft server and stored there in log files (so-called server log files) for 7 days. The stored data includes the name and URL of the file accessed, date and time of access, the IP address of the requesting computer, the website from which access is made (referrer URL), the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The processing is carried out on the basis of Art. 6 (1) (f) GDPR from our overriding legitimate interest in promoting our offers by displaying the customer reviews already received. This data is not stored together with other personal data.
Use of the Trusted Shops rating system (Trustbadge)
We use the rating system of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne; “Trusted Shops”) on our website.
Trusted Shops and we are joint controllers for the collection of your data and the transmission of this data to Trusted Shops that takes place when you use the service. The basis for this is an agreement between us and Trusted Shops on the joint processing of personal data.
Accordingly, both we and Trusted Shops are equally responsible for fulfilling the obligations under the GDPR, in particular for fulfilling the information obligations pursuant to Art. 13, 14 GDPR and for granting the data subject rights pursuant to Art. 15–21 GDPR. Further information on this can be found at https://help.etrusted.com/hc/de/article_attachments/4422901015569 (https://help.etrusted.com/hc/de/article_attachments/4422901015569).
Trusted Shops enables us to obtain customer reviews and display them on our website via the “Trustbadge” in order to give you an insight into the quality of our services.
After an order, you may receive an invitation from us or Trusted Shops to submit a review and then submit a review. The following data is processed by us or Trusted Shops in this context: email address, order information (order amount, order number, product purchased, if applicable). This data may also be used, where necessary, for the purpose of verifying your review.
When you access our website and the Trustbadge is displayed, the following data is also processed by us or Trusted Shops: your IP address, date and time of access, amount of data transferred and the requesting provider.
The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent, provided you have expressly agreed to the transfer of your data and to receiving the review request. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the time of revocation.
Further information on data protection at Trusted Shops can be found at: https://www.trustedshops.de/impressum-datenschutz/#datenschutz (https://www.trustedshops.de/impressum-datenschutz/#datenschutz).

Review reminder
After your order, we would like to ask you to review your purchase with us.
For this purpose, we use your personal data (name, email address, information about the order), independently of contract processing, to send you a review reminder by email after you have placed an order, provided you have expressly consented to this.
The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by using the corresponding link in the email or by notifying us, without affecting the lawfulness of processing based on consent before its withdrawal.
Use of your personal data for sending postal advertising
We use your personal data (name, address), which we have received in the course of selling a good or service, to send you postal advertising, provided you have not objected to this use. The provision of this data is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded.
The processing is carried out on the basis of Art. 6 (1) (f) GDPR from our overriding legitimate interest in direct advertising. You can object to this use of your address data at any time by notifying us. The contact details for exercising your right to object can be found in the imprint.

Use of the e-mail address for sending newsletters
We use your e-mail address to send you information and offers by newsletter, provided you have expressly consented to this. The data processing serves exclusively the purpose of direct advertising. For this purpose, we process your e-mail address and, where applicable, other data that you have voluntarily provided when registering for our newsletter.
The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your e-mail address in a so-called blacklist in order to prevent you from receiving newsletter e-mails from us in the future. This storage is based on Art. 6 (1) (f) GDPR, on the basis of our and your legitimate interest in preventing the renewed use of your e-mail address for sending our newsletter. You have the right to object at any time, on grounds relating to your particular situation, to this processing of personal data concerning you.

Shipping service provider Merchandise management

Disclosure of the email address to shipping companies for information about shipping status
We pass on your email address to the transport company as part of contract processing, provided you have expressly consented to this during the ordering process. The transfer serves the purpose of informing you by email about the shipping status. The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us or the transport company, without affecting the lawfulness of the processing carried out on the basis of the consent up to the time of revocation.

Use of an external merchandise management system
We use a merchandise management system within the framework of order processing. For this purpose, the personal data collected from you as part of the order is transmitted to
Atelier Hellbusch, Langendellschlag 62, 65199 Wiesbaden
.

The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 (1) (b) GDPR.

Payment service provider

Use of PayPal Check-Out
We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”) on our website. The data processing serves the purpose of being able to offer you payment via the payment service. When you select and use payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to be able to fulfil the contract with you using the payment method you have chosen. This processing is carried out on the basis of Art. 6 (1) (b) GDPR.

Cookies may be stored in the process, which enable your browser to be recognised. The resulting data processing is carried out on the basis of Art. 6 (1) (f) GDPR from our overriding legitimate interest in offering a customer-oriented range of different payment methods. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.

Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal
For individual payment methods such as credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, PayPal reserves the right, if necessary, to obtain a credit report based on mathematical and statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical and statistical methods and in whose calculation address data, among other things, are included. Your legitimate interests are taken into account in accordance with the statutory provisions. Data processing serves the purpose of checking creditworthiness for contract initiation. Processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protection against payment default when PayPal makes advance payments.
You have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Art. 6 (1) (f) GDPR by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide it will mean that the contract cannot be concluded using the payment method you have chosen.

Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. To carry out this payment method, the data may then be passed on by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. Local third-party providers may include, for example:

- Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Purchase on account via PayPal
When paying by purchase on account, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; “Ratepay”) in order to be able to fulfil the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. Ratepay may obtain a credit report on the basis of mathematical-statistical procedures (probability or score values) using credit agencies, as described above. The data processing serves the purpose of credit checking for contract initiation. The processing is carried out on the basis of Art. 6 (1) (f) GDPR from our overriding legitimate interest in protection against payment default when Ratepay makes advance payments. Further information on data protection and which credit agencies Ratepay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ (https://www.ratepay.com/legal-payment-dataprivacy/) and https://www.ratepay.com/legal-payment-creditagencies/ (https://www.ratepay.com/legal-payment-creditagencies/).

Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Use of the payment service provider Stripe

We use the Stripe payment service on our website, provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). The data processing serves the purpose of being able to offer you payment via the payment service. When you select and use Stripe, the data required for payment processing is transmitted to Stripe in order to be able to fulfil the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR.
Stripe reserves the right, where necessary, to obtain a credit report on the basis of mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical procedures and which include address data, among other things, in their calculation. Your legitimate interests are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit checking for contract initiation. The processing is carried out on the basis of Art. 6 (1) (f) GDPR from our overriding legitimate interest in protection against payment default when Stripe makes advance payments.
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6 (1) (f) GDPR by notifying Stripe. The provision of the data is necessary for the conclusion of the contract with the payment method you have chosen. Failure to provide it means that the contract cannot be concluded with the payment method you have chosen. All Stripe transactions are subject to the Stripe privacy policy. This can be found at https://stripe.com/de/privacy (https://stripe.com/de/privacy)

Use of the payment service provider Mollie
We use the payment service provider Mollie B.V. (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; “Mollie”) for payment processing on our website. The data processing serves the purpose of being able to offer you various payment methods through payment processing via the payment service provider Mollie. If you choose one of the payment options offered by Mollie, the data required for payment processing will be transmitted to Mollie. This includes your payment data (for example bank account number or credit card number), your IP address, your internet browser and device type and, in some cases, your first and last name, your address data and information about the product or service you purchased from us. This data processing is carried out on the basis of Art. 6 (1) (b) GDPR. Further information on data processing when using the payment service provider Mollie can be found in the associated privacy policy https://www.mollie.com/de/privacy (https://www.mollie.com/de/privacy)

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

Cookies are stored on your computer. This means you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide on their acceptance on a case-by-case basis, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that if you do so, you may not be able to use all the functions of this website in full.

At the links below you can find out how to manage (including deactivate) cookies in the most common browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/microsoft-edge/cookies-in-microsoft-edge-delete-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/kb/cookies-allow-and-reject
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies
Unless otherwise stated below in this privacy policy, we only use these technically necessary cookies for the purpose of making our offer more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognise your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised again even after a page change.

The use of cookies or comparable technologies is based on Section 25 (2) TDDDG. The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR, from our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our offering.
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
Use of the Shopify consent tool (Shopify Privacy & Compliance)
We use the consent tool “Shopify Privacy & Compliance” of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website. Shopify is an affiliate of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The tool enables you to grant consent to data processing via the website, in particular the setting of cookies, as well as to exercise your right of withdrawal for consent already granted. The data processing serves the purpose of obtaining and documenting the necessary consents to data processing and thus complying with legal obligations. Cookies may be used for this purpose. In the process, user information, including your IP address, is collected and transmitted to Shopify.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. An adequacy decision of the EU Commission exists for Canada. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the standard contractual clauses of the EU Commission.
The data processing is carried out for the fulfilment of a legal obligation on the basis of Art. 6 (1) (c) GDPR.
Further information on data protection at Shopify can be found at https://www.shopify.com/de/legal/datenschutz (https://www.shopify.com/de/legal/datenschutz).

Analytics Advertising tracking

Use of Shopify statistics
We use the statistics and analytics functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website as part of order processing. Shopify is an affiliated company of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data processing serves the purpose of analysing this website and its visitors. For this purpose, data is stored for marketing and optimisation and provided in reports, analyses and statistics. In particular, the following device information is collected and processed: information about the web browser, IP address, time zone and some of the cookies installed on your device. When you navigate the website, information is also collected about the web pages or products you view, the referrer URL (the website from which you accessed our website), and information about how you interact with the website. Technologies such as cookies as well as web beacons, tags and pixels (electronic files used to record information about how you navigate the website) are used for this purpose.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. An adequacy decision by the EU Commission exists for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s standard contractual clauses.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find more detailed information on data protection at Shopify at https://www.shopify.com/legal/privacy, information on the data processing agreement at https://www.shopify.com/legal/dpa and information on the cookies used at https://www.shopify.com/legal/cookies.

Use of the Meta Pixel
We use the Meta Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”) on our website.
Meta and we are joint controllers for the collection of your data that takes place when the service is integrated and for the transmission of this data to Meta. The basis for this is an agreement between us and Meta on the joint processing of personal data, which sets out the respective responsibilities. The agreement can be accessed at https://de-de.facebook.com/legal/terms/businesstools (https://de-de.facebook.com/legal/terms/businesstools). According to this, we are in particular responsible for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling data subject rights pursuant to Art. 15–20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for fulfilling the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects Meta’s obligations under the joint processing agreement.
The application serves the purpose of targeting visitors to the website with interest-based advertising in the social networks Facebook and Instagram. For this purpose, the Meta remarketing tag has been implemented on the website. When you visit the website, this tag establishes a direct connection to the Meta servers. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads.
The application also serves the purpose of creating conversion statistics. In this way, we learn the total number of users who have clicked on one of our ads and were redirected to a page provided with a conversion tracking tag, as well as which actions are taken after being redirected to this website. However, we do not receive any information that would allow users to be personally identified.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself under the TADPF and thereby committed to complying with European data protection principles.
The processing of your personal data takes place with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the revocation.
You can deactivate the “Custom Audiences” remarketing function here. Further information on the collection and use of data by Meta, your rights in this regard and options for protecting your privacy can be found in Meta’s privacy policy at https://www.facebook.com/about/privacy/ (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0).
Use of Microsoft Advertising
We use Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft”) on our website.
The data processing serves marketing and advertising purposes and the purpose of measuring the success of advertising campaigns (conversion tracking). We learn the total number of users who have clicked on one of our ads and were redirected to a page provided with a conversion tracking tag. Personal identification of these users is not possible as a result. Microsoft Advertising uses technologies such as cookies and tracking pixels that enable analysis of your use of the website. When you click on an ad placed by Microsoft Advertising, a cookie for conversion tracking is stored on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognize that you have clicked on the ad and were redirected to this page. The following information, among others, can be collected: IP address, identifiers assigned by Microsoft, information about the browser you are using and the device you are using, referrer URL (website from which you accessed our website), URL of our website.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself under the TADPF and thereby committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the revocation.
Further information on data protection and the cookies used by Microsoft can be found here (https://privacy.microsoft.com/de-de/privacystatement).

Use of the Pinterest Tag
We use the Pinterest Tag of Pinterest Europe Limited (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, “Pinterest”) on our website.
The application serves the purpose of targeting visitors to the website with interest-based advertising on the social network Pinterest. For this purpose, the Pinterest conversion tag has been implemented on the website. Via this tag, a direct connection to the Pinterest servers is established when the website is visited. This transmits to the Pinterest server which of our pages you have visited. Pinterest assigns this information to your personal Pinterest user account if you are logged into the social network. When you visit Pinterest, you will then be shown personalised, interest-based Pinterest ads.
If you arrive at our website via a pin on the social network Pinterest, a cookie for conversion tracking is placed on your computer. These cookies have a limited validity, do not contain any personal data and therefore do not serve to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, Pinterest and we can recognise that you clicked on the pin and were redirected to this page. The information collected with the help of the conversion cookie is used to create conversion statistics and thereby to optimise our website. The following information may be processed, among others: total number of users who clicked on one of our pins and were redirected to our website, subpages visited on our website (e.g. category or product pages), search queries on our website, your shopping cart contents, completed transactions.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF. Data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de).
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) (a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on the collection and use of data by Pinterest, on your related rights and options for protecting your privacy can be found in Pinterest’s privacy policy at https://policy.pinterest.com/de/privacy-policy (https://policy.pinterest.com/de/privacy-policy).

Plug-ins and other tools

Use of social plug-ins
We use plug-ins from social networks on our website. The integration of social plug-ins and the data processing that takes place in this context serve the purpose of optimising the advertising of our products.
When social plug-ins are integrated, a connection is established between your computer and the servers of the providers of the social network and the plug-in is displayed on the page by notifying your browser, provided you have given your express consent. In this process, both your IP address and information about which of our pages you have visited are transmitted to the providers’ servers. This applies regardless of whether you are registered or logged in with the social network. Data is also transmitted for users who are not registered or not logged in. If you are simultaneously connected to one or more of your social network accounts, the collected information can also be assigned to your corresponding profiles. When you use the plug-in functions (e.g. by clicking the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or comparable technologies is carried out with your consent on the basis of § 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the time of revocation.
The social networks named below are integrated into our website via social plug-ins. Further information on the scope and purpose of the collection and use of data as well as your related rights and options for protecting your privacy can be found in the linked privacy policies of the providers.

Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are joint controllers for the collection of your data and the transmission of this data to Facebook that takes place when the service is integrated. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, which sets out the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum. According to this, we are in particular responsible for fulfilling the information obligations pursuant to Art. 13 and 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for fulfilling the obligations under Art. 33 and 34 GDPR insofar as a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling data subject rights pursuant to Art. 15–20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for fulfilling the obligations under Art. 33 and 34 GDPR insofar as a personal data breach affects Meta Platforms Ireland’s obligations under the joint processing agreement.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified under the TADPF and is therefore committed to complying with European data protection principles.
Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://help.instagram.com/155833707900388 (https://help.instagram.com/155833707900388)
Your data may be transmitted to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself under the TADPF and is therefore obliged to comply with European data protection principles.
Pinterest of Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy (https://policy.pinterest.com/de/privacy-policy)
Your data may be transmitted to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF.

Use of Google Maps
We use the function for embedding Google Maps maps from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) on our website.
The function enables the visual display of geographical information and interactive maps. In doing so, Google also collects, processes and uses data of visitors to the websites on which Google Maps maps are embedded when they access those pages.
Your data may also be transmitted to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of § 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the time of revocation.
Further information on the collection and use of data by Google can be found in Google’s privacy policy at https://www.google.com/privacypolicy.html (https://www.google.com/privacypolicy.html). There you also have the option in the Privacy Center to change your settings so that you can manage and protect your data processed by Google.

Use of YouTube
We use the function for embedding YouTube videos of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website. YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The function displays videos stored on YouTube in an iFrame on the website. The “extended data protection mode” option is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video are information about it transmitted to YouTube and stored there. Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself under the TADPF and thereby committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the revocation.
Further information on the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy can be found in YouTube’s privacy policy at https://www.youtube.com/t/privacy (https://www.youtube.com/t/privacy).

Integration of the Käufersiegel logo
The Käufersiegel logo (Händlerbund Management AG, Kohlgartenstraße 11–13, 04315 Leipzig) is integrated on our website. When you access our website, the browser used on your device automatically sends information to the server of Händlerbund Management AG. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without any action on your part and stored until it is automatically deleted:

- IP address of the requesting computer,
- date and time of access,
- name and URL of the file accessed,
- website from which access is made (referrer URL),
- browser used, protocol and, if applicable, the operating system of your computer as well as the name of your access provider.
The temporary storage of the IP address by the system is necessary to enable delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. Storage in log files is carried out to ensure the functionality of the website. The data also serves to optimise the website and ensure the security of our information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Art. 6 (1) sentence 1 (f) GDPR.
Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of the uniform display of fonts on our website. To load the fonts, a connection to Google’s servers is established when the page is accessed. Cookies may be used in this process. In doing so, your IP address and information about the browser you are using, among other things, are processed and transmitted to Google. This data is not linked to your Google account.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of § 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the time of revocation.
Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ (https://www.google.de/intl/de/policies/) and at https://developers.google.com/fonts/faq (https://developers.google.com/fonts/faq).

Rights of data subjects and storage period

Duration of storage
After full performance of the contract, the data will first be stored for the duration of the statutory warranty period and then, taking into account statutory retention periods, in particular under tax and commercial law, and deleted after expiry of these periods, unless you have consented to further processing and use.

Rights of the data subject
If the legal requirements are met, you are entitled to the following rights pursuant to Art. 15 to 20 GDPR: the right of access, rectification, erasure, restriction of processing, and data portability.
In addition, pursuant to Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) (f) GDPR, as well as to processing for the purposes of direct marketing.

Right to lodge a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data is not lawful.

You can lodge a complaint, among other things, with the supervisory authority responsible for us, which you can reach using the following contact details:

Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163
65021 Wiesbaden
Tel.: +49 611 14080
Fax: +49 611 1408900 or +49 611 1408901
Email: poststelle@datenschutz.hessen.de

Right to object
If the personal data processing activities listed here are based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to this processing with effect for the future.
Once you have objected, the processing of the data concerned will be stopped, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

If the processing of personal data is carried out for the purpose of direct advertising, you may object to this processing at any time by notifying us. Once you have objected, we will cease processing the data concerned for the purpose of direct advertising.

last updated: 10/22/2024