Privacy policy

Data protection

We are pleased that you are visiting our website. The protection and security of your personal information while using our website is very important to us. Therefore, we would like to inform you at this point about which of your personal data we collect when you visit our website and for what purposes this data is used. Personal data refers to individual details about personal or factual circumstances of a specific or identifiable natural person (data subject), e.g., name, address, email addresses, user behavior. This means that these are data with which we can identify you. In addition, you will also find occasional information here about data processing processes outside of this website (e.g., video conferences or newsletters).

Responsible for data processing

Responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Trends & Lifestyle Deutschland GmbH
Burgstraße 12
41844 Wegberg
Phone: 02434-96 99 765
E-Mail: [email protected]

General information

In addition to the data you actively provide to us on this page (e.g., via our contact form), we collect some technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you enter our website (including browser, operating system, or timestamp). With the help of such data, we ensure an error-free display of our website. Additionally, we may collect data about integrated third-party services (e.g., for external media such as mapping services or analytics tools). We will inform you about the individual purposes and legal bases in the course of this privacy policy.

Storage period

"If no specific storage duration is stated within this privacy policy, we will retain your personal data for as long as the purpose of data processing is valid. If you submit a legitimate deletion request or revoke your consent, we will delete your data. Legal retention obligations remain unaffected."

Legal bases of data processing

If you have consented to the processing of data, the processing of your personal data will take place on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data will also be processed in accordance with Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. through device fingerprinting), data processing will also take place on the basis of § 25 para. 1 TDDDG. Your consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data in accordance with Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation, on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also occur based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. In the following sections of this privacy policy, you will be informed about the respective legal bases in individual cases.

Notice on Data Transfer to Third Countries and US Companies without DPF Certification

Please note that we use tools from companies that are based in data protection insecure third countries or the USA and that do not fall under the EU-US Data Privacy Framework (DPF). When using these tools, your personal data may be transferred to and processed in these countries. Please be aware that in these insecure third countries, no level of data protection comparable to that of the EU can be guaranteed.

"We would like to clarify that the USA generally offers a level of data protection that is comparable to that of the EU. The transfer of data to the USA is permitted if the recipient has a DPF certification or provides appropriate additional guarantees. Information about data transfers to third countries, including data recipients, can be found in our privacy policy."

Automated decision-making

"There is no processing of your personal data for the purpose of automated decision-making."

your rights

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

Right of access: You have the right to request confirmation from us as to whether your personal data is being processed and, if so, to obtain further information about the processing and copies of the processed data (Art. 15 GDPR).
Right to rectification: You have the right to request the immediate rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
Right to Erasure: You have the right to request the immediate deletion of your personal data when the legal requirements are met, particularly when the data is no longer necessary for the purposes pursued and the processing is unlawful (Art. 17 GDPR).
Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data from us if the legal requirements are met, in particular, if you contest the accuracy of the data, the processing is unlawful, and you refuse deletion (Art. 18 GDPR).
Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, provided that this is technically feasible (Art. 20 GDPR).
Right to object: You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, when the processing is based on Article 6(1)(e) or (f) of the GDPR (Article 21 GDPR).
Right to withdraw consent given: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal (Art. 7 para. 3 GDPR).

Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).

Further data processing processes

General Information Obligations

'This information is aimed at customers, interested parties, suppliers, and employees. Your personal data will be processed by us for the following purposes:'

"To fulfill our contractual obligations to which we are committed to you (Art. 6 para. 1 lit. b GDPR)."
For the performance of pre-contractual obligations (Art. 6 para. 1 lit. b GDPR).
To respond to inquiries (Art. 6 para. 1 lit. b GDPR).
If you have given us consent to process your personal data for specific purposes (e.g., to receive our newsletter), the data processing is based on your consent (Art. 6 para. 1 lit. a GDPR).
'To fulfill legal obligations to which our company is subject (Art. 6 para. 1 lit. c GDPR).'
As far as necessary, we also process your data to safeguard our legitimate interests, in particular to assert legal claims and to defend against legal disputes or to ensure IT security, to consult with and exchange data with credit agencies to determine creditworthiness and default risks, for direct marketing and market research as long as you have not objected to the use of your data for this purpose, in measures for business management and further development of services and products, in measures for product and sales optimization, in measures for risk management, to prevent or investigate criminal offenses (Art. 6 para. 1 lit. f GDPR).

Categories of recipients of personal data

"Within our company, only those employees have access to the data who absolutely need it to fulfill their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected and data protection compliant service providers based in the EEA. If service providers commissioned by us gain access to personal data while performing their services, data processing agreements in accordance with Art. 28 para. 3 GDPR have been concluded with them."

duration of data storage

The data we process will be stored for the duration of the existence and execution of the contractual relationship, as well as in compliance with legal retention periods. This particularly includes commercial and tax-related retention obligations under the Commercial Code (HGB) and the Fiscal Code (AO). The regular retention and documentation periods amount to up to ten years. If no contractual relationship is established, we will process the data only as long as the specific purpose requires.

Cookies

Cookies are small text files that are stored by your browser on your device to save certain information during your use of the website. Cookies allow us to improve various aspects of our website and make your visit more comfortable.

There are different types of cookies that serve different purposes. Temporary cookies, also known as session cookies, are stored only for the duration of your use of the website and are automatically deleted after you close your browser. Permanent cookies, on the other hand, remain stored on your device for a longer period and allow us to recognize you and your preferences during repeated visits to the website.

Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, while third-party cookies are set by other websites or service providers whose content is embedded on our website, such as plugins or analytics tools.

The use of cookies serves various purposes, for example, to ensure the functionality of the website, to store user settings, to create anonymous statistics about user behavior, or to display personalized content and advertisements. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest according to Art. 6 para. 1 lit. f GDPR, in order to make our website functional and user-friendly. As the website operator, we have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services. When we obtain your consent for the use of cookies, the processing is based on Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Your consent can be revoked at any time.

Data processing in detail

"Below we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective storage duration. An automated decision in individual cases, including profiling, does not take place."

Provision of the website

"When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called logfile:"

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which access is made (Referrer URL)
Used browser and, if applicable, the operating system of your computer, as well as the name of your access provider.

"Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website."

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para . 1 lit. f GDPR).

We use the following host:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32, Ireland

contact form

Type and scope of processing

If you send us inquiries (e.g. via contact form, email, or phone), we store all data that arises from this (e.g. name, email address, subject of the inquiry, etc.). We need this data to process your inquiry and to be able to answer follow-up questions. We do not share this data without your consent.

Purpose and Legal Basis

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if you have previously given it.

Storage period

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Contact form for applicants

Type and scope of processing

"We collect and process the personal data of applicants. Corresponding data processing may also take place electronically, for example, when applicants submit application documents to us via email or through a web form located on our website. On our website, we offer you the option to submit applications for advertised job openings to us via email."

Purpose and Legal Basis

"We process the personal data of applicants in accordance with legal requirements for the purpose of establishing an employment relationship (Art. 6 para. 1 lit. b GDPR). You are not obliged to provide us with this data. However, we cannot conduct an application process with you without this data."

"If the application is successful, the data you have submitted will be stored in our data processing systems based on Art. 6 para. 1 lit. b GDPR and, to the extent that you provide us with special categories of personal data such as health information, based on Art. 9 para. 2 lit. b for the purpose of carrying out the employment relationship."

"For the purpose of addressing potential applicants, we also use services from the professional networks LinkedIn and XING. The operators of the networks act as processors on our behalf in this regard, according to our instructions. The legal basis for data processing when addressing potential applicants on our behalf is Art. 6 para. 1 lit. f GDPR (our legitimate interests). If you send us your application as a result of such an approach, we process your data for the purpose of initiating an employment relationship as described above based on Art. 6 para. 1 lit. b GDPR."

Storage period

Your data will be stored for a period of 6 months beyond the conclusion of the application process. This is done to safeguard our legitimate interests in order to determine whether we need the data to defend against any claims related to the application process. Subsequently, we are obliged to delete or anonymize your data. In this case, we will only have access to the data as so-called metadata without direct personal reference for statistical evaluations (for example, the proportion of women or men in applications, the number of applications per period, etc.).

If it is apparent that further storage of the data after the expiration of the 6-month period is necessary to safeguard our legitimate interests (e.g., due to a pending or imminent legal dispute), deletion will only take place once the purpose for the extended retention no longer applies. The legal basis for this further data storage is our legitimate interests in asserting, exercising, or defending civil law claims (Art. 6 para. 1 lit. f GDPR in conjunction with § 24 para. 1 no. 2 BDSG or, where special categories of personal data are stored, Art. 9 para. 2 lit. f GDPR in conjunction with § 24 para. 2 BDSG).

Inclusion in the applicant pool

As part of the application process, we offer applicants the opportunity to be included in our "Talent Pool" for a period of 24 months based on consent in accordance with Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR. If you have provided special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our Talent Pool. However, we cannot consider you for future job postings without this data, unless you submit a new application.

The consent to the collection of application data in the talent pool is voluntary and can be revoked at any time for the future. The revocation of consent does not affect the lawfulness of the data processing carried out on the basis of consent until the revocation.

"At the latest after the expiration of the storage period or in the event of a withdrawal or acceptance of a job offer from one of the companies responsible for the talent pool, your application documents will be deleted from the talent pool."

If you receive an offer for employment with us during the application process and accept it, we or this company will store the personal data collected during the application process for the purpose of carrying out the employment relationship. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, and to the extent that you provide us with special categories of personal data such as health information, Art. 9 para. 2 lit. b.

newsletter

We offer you our newsletter on this website. If you would like to subscribe to it, we need your email address and additional data that proves it is your email address and that you agree to receive the newsletter. Furthermore, no personal data will be collected unless you provide it voluntarily (e.g., name, phone number, place of residence, etc.).

When processing the data you provide when signing up for the newsletter, we rely solely on your consent according to Art. 6 para. 1 lit. a GDPR as the legal basis. You can revoke your consent to the processing and storage of your personal data at any time (e.g., via the "Unsubscribe" link in the newsletter) for the future.

"We store your personal data that you provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter with us or the shipping service provider. This does not apply to data that we have stored for other purposes."

If you unsubscribe from the newsletter distribution list, your email address will be stored by us or the shipping service provider on a blacklist for an indefinite period. This is done to prevent future mailings to you. The data from the blacklist will be used solely for this purpose and will not be merged with other data. This is not only in your interest but also in our legitimate interest under Art. 6 para. 1 lit. f GDPR to fulfill our legal obligations when sending newsletters. You can object to the storage if your personal interests outweigh our legitimate interest.

BrevoThis website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service for organizing and analyzing newsletter distribution. The data you provide for the newsletter subscription is stored on Brevo's servers in Germany.

With Brevo, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. This way, we can determine which links were clicked the most.

Brevo also allows you to segment newsletter recipients into different categories ("cluster"). For example, newsletter recipients can be segmented by age, gender, or location. This way, newsletters can be better tailored to the respective target groups.

"If you do not wish to have analysis by Brevo, you must unsubscribe from the newsletter. In each newsletter message, we provide a corresponding link."

For more information about the features of Brevo, please see here:https://www.brevo.com/de/newsletter-software/.

The data processing is carried out based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data stored with us for the purpose of subscribing to the newsletter will be kept until you unsubscribe from the newsletter with us or the newsletter service provider, and will be deleted from the distribution list after unsubscribing from the newsletter. Data that has been stored with us for other reasons remains unaffected by this.

"After your removal from the newsletter list, your email address will be stored in a blocking list with us or the newsletter service provider, if applicable, to prevent future mailings. The data from the blocking list will only be used for this purpose and will not be merged with other data. This serves both your and our interest in complying with legal requirements when sending newsletters (legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR). The storage in the blocking list is not time-limited. You can object to the storage if your interests outweigh our legitimate interest."

Further information on data protection at Brevo can be found here:https://www.brevo.com/de/legal/privacypolicy/.

"To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider."

Registration of a customer account

Type and scope of processing

As part of the order processing, we collect your personal data for the registration of a customer account. You can choose whether to order as a guest or to register a permanent user account. The information collected during registration through the mandatory fields is identical in both cases and is necessary for processing the order in the online shop. When registering a permanent user account, we additionally collect a password set by you. Furthermore, you can voluntarily provide additional information that you consider necessary for processing the order.

"The transfer of your personal data to third parties (e.g. shipping service providers / freight forwarders) and processors in accordance with Art. 28 GDPR only takes place to the extent necessary for the processing of the order."

Purpose and Legal Basis

We process your personal data for the purpose of registering a customer account to fulfill a contract with you in accordance with Art. 6 para. 1 lit. b GDPR. There is a contractual obligation to provide your data as far as it relates to the mandatory fields, as this information is necessary for identifying you and for fulfilling the contract on our part. There is no legal obligation to provide the data. Without providing this information, ordering in our online shop and thus concluding a contract is not possible. There is no obligation to provide the additionally voluntarily provided information. Ordering in our online shop is also possible without disclosing the voluntary information.

The supplementary processing of your password for the registration of the permanent user account is carried out for the purpose of providing a customer account and displaying your previous purchases as well as storing your purchase-related data (e.g. storing billing address, various delivery addresses) based on your consent according to Art. 6 para. 1 lit. a GDPR. By deleting your customer account, you can declare your revocation at any time with effect for the future according to Art. 7 para. 3 GDPR.

Storage period

"If you order as a guest, we will store your personal data until the complete processing of your order (end of contract). When registering a permanent customer account, we will store the purchase-related data beyond the end of the contract until you withdraw your consent (deletion of the customer account). In both cases, any further storage of your data will only occur if there are legal retention obligations (for example, tax and commercial law)."

Presences on social media platforms

On our website, we operate public profiles on various social networks. More detailed information about the social networks we use can be found in the relevant sections of our privacy policy.

Social networks like Facebook, Twitter, and others can extensively analyze your user behavior when you visit their websites or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal may associate this visit with your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection occurs, for example, through cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media platforms can create user profiles that contain your preferences and interests. This allows interest-based advertising to be displayed to you both inside and outside of the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices where you are logged in or have been logged in.

Please note that we cannot trace all processing operations on the social media platforms. Depending on the provider, additional processing operations may be carried out by the operators of the social media platforms. You can find details in the terms of use and privacy policies of the respective social media platforms.

Legal basis for data processing

"Our social media appearances serve to ensure a comprehensive presence on the internet. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR)."

Responsible person and assertion of rights

When visiting our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).

Despite the shared responsibility with the social media platform operators, we do not have full influence over the data processing operations of the social media platforms. Our options are largely determined by the corporate policy of the respective provider.

duration of data storage

The data collected directly by us through our social media presence will be deleted by our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

"We have no influence on the storage duration of your data, which is stored by the operators of social networks for their own purposes. For details, please refer directly to the operators of the social networks (e.g., through their privacy policy, see below)."

Facebook page

"Our company has a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the collected data is also transferred to the USA and other third countries."

"We have entered into an agreement with Meta for joint processing (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view the agreement at the following link:"https://www.facebook.com/legal/terms/page_controller_addendum.

"You can independently adjust your advertising settings in your user account. To do this, click on the following link and log in:"https://www.facebook.com/settings?tab=ads.

The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the United States aimed at ensuring compliance with European data protection standards in data processing in the USA. Certification under the DPF requires companies to adhere to these data protection standards.

'The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:'https://www.facebook.com/legal/EU_data_transfer_addendumandhttps://de-de.facebook.com/help/566994660333381.

For more information, please refer to Facebook's privacy policy:https://www.facebook.com/about/privacy/.

Instagram page

"Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland."

'The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:'https://www.facebook.com/legal/EU_data_transfer_addendum,https://help.instagram.com/519522125107875andhttps://de-de.facebook.com/help/566994660333381.

For more information on how to handle your personal data, please refer to Instagram's privacy policy:https://help.instagram.com/519522125107875.

video conferences

Data processing

"We use online conference tools to communicate with our customers. The tools we use are listed below. When you communicate with us via video or audio conference, your personal data will be collected and processed by us and the provider of the respective tool."

The tools capture the data you provide, including your email address and phone number. They also process the duration of the conference, when you attended the conference, the number of participants, and other metadata.

Additionally, the provider of the tool processes all technical data necessary for the execution of the conference. This particularly includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, as well as the type of connection.

"If you share content in this service, it will be stored on the providers' servers. This includes cloud recordings, chat messages, voice messages, as well as photos and videos that you shared while using this service."

Please note that we do not have full control over the data processing operations of the tools used. For more information on data processing by the conference tools, please refer to the privacy policies of the respective tools used.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If you have previously given consent to data processing, the processing of your data takes place solely on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Storage period

The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

"We have no influence on the storage duration of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly."

Used video conferencing tools

"We use the following tools for video conferences:"

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the privacy policy of Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.

'The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:'https://privacy.microsoft.com/de-de/privacystatement.

Order processing

"To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider. Website visitors are processed only according to our instructions and in compliance with the GDPR."

eCommerce

Processing of customer and contract data

Our company collects, processes, and uses personal customer and contract data for the establishment, content design, and modification of our contractual relationships. We only collect, process, and use personal data regarding the use of this website (usage data) to the extent necessary to enable you to use the service or to bill you for it. The legal basis for this is Article 6(1)(b) of the GDPR.

The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any statutory retention periods. Statutory retention periods remain unaffected.

Data transmission upon conclusion of the contract

When you order goods from our company, we pass your personal data to the transport company responsible for delivery as well as to the payment service provider responsible for processing the payment. Only data that the respective service provider needs to fulfill its task will be released. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass your email address to the transport company responsible for delivery so that it can inform you via email about the shipping status of your order; you can revoke your consent at any time.

Data transmission upon conclusion of contracts for services and digital content
We only transmit personal data to third parties if this is necessary as part of contract processing, for example to the credit institution responsible for processing payments.

The data will not be transmitted further or will only be transmitted if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Article 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

Order processing via dropshipping

"When you order goods from our company, your order may be shipped directly to you by our merchants (dropshipping). In this case, we will provide your name, delivery address, and – as far as necessary for the delivery – your phone number to the shipping company. The information is shared solely for the purpose of delivering the goods."

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (contract fulfillment) and our legitimate interest in a fast and effective purchase processing in accordance with Art. 6 para. 1 lit. f GDPR.

credit checks

In the case of a purchase on account or any other payment method where our company advances payment, we may conduct a credit check (scoring). For this purpose, we will transmit your entered data (e.g., name, address, age, or bank details) to a credit agency. Based on this data, the likelihood of a payment default will be assessed. In the event of a high risk of payment default, we may refuse the relevant payment method.

The credit check is carried out on the basis of contract fulfillment (Art. 6 Para. 1 lit. b GDPR) and to avoid payment defaults (legitimate interest according to Art. 6 Para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 Para. 1 lit. GDPR); consent can be revoked at any time.

payment services

In our company, we integrate payment services from third-party providers on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contractual processing) as well as in the interest of a smooth, comfortable, and secure payment process (Art. 6 para. 1 lit. f GDPR). As far as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents can be revoked at any time for the future.

PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
You can find details in the PayPal privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay
The provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. You can find Apple's privacy policy at: https://www.apple.com/legal/privacy/de-ww/.

Google Pay
Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy of Google can be found here: https://policies.google.com/privacy.

Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g., installment purchase). If you choose to pay with Klarna (Klarna Checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna Checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can read the details in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

UnionPay
The provider of the payment service is UnionPay International Co., Ltd., No. 1899 Guozhan Road, Pudong New District, Shanghai, China. For details, please refer to the privacy policy of UnionPay: https://m.unionpayintl.com/en/privacyNotice/.

Sofortüberweisung
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as "Sofort GmbH"). Using the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real-time and can immediately begin fulfilling our obligations. If you have chosen the payment method "Sofortüberweisung", you will transmit the PIN and a valid TAN to Sofort GmbH, which will allow them to log into your online banking account. Sofort GmbH automatically checks your account balance after logging in and carries out the transfer to us using the TAN you provided. Subsequently, they will promptly send us a transaction confirmation. After logging in, your transactions, the credit limit of the overdraft, and the existence of other accounts as well as their balances will also be checked automatically. In addition to the PIN and TAN, the payment data you entered and personal data will also be transmitted to Sofort GmbH. The personal data includes first and last names, address, phone number(s), email address, IP address, and possibly other data necessary for payment processing. The transmission of this data is necessary to unequivocally establish your identity and to prevent fraud attempts. For details on payment with Sofortüberweisung, please refer to the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. You can find details here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA
The provider of this payment service is Visa Europe Services Inc., branch office London, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").
The United Kingdom is considered a data protection safe third country. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fuer-den-ewr.html.
For more information, please refer to the privacy policy of VISA: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Google Analytics

"We use services and functions from Google Analytics on this website, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland."

Type and scope of data processing

With the help of Google Analytics, we as website operators can determine how our website is used. As part of the analysis, we learn how often our website is accessed, how long visitors stay on the page, and which devices or systems they use to access the website. Furthermore, we can track your mouse movements and clicks. Google Analytics uses machine learning and other technologies to analyze and enhance your data. The processing of the collected data usually takes place on servers of Google in the USA.

Legal basis

"When using Google Analytics, we rely on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with §25 para. 1 TDDDG. You can revoke your consent at any time."

The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://privacy.google.com/businesses/controllerterms/mccs/.

Order processing

"To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider."

Storage period

Google stores data linked to cookies, user IDs, or advertising IDs for two months, after which they are anonymized or deleted. For more information on the storage duration or deletion of your data, please visit https://support.google.com/analytics/answer/7667196?hl=de.

Google Drive

We have integrated Google Drive on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Drive allows us to embed an upload area on our website where you can upload content. Content that you upload there is stored on Google Drive's servers. When you enter our website, a connection to Google Drive is also established so that Google Drive can determine that you have visited our website.

Purpose and Legal Basis

The use of Google Drive is based on our legitimate interest in having a reliable upload area on its website in accordance with Art. 6 para. 1 lit. f GDPR. If you have previously given consent to data processing, the processing of your data will take place solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDG; consent can be revoked at any time.

"To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider."

Google Fonts

This website uses web fonts for a consistent display of fonts provided by Google. When you access the page, your browser loads the required web fonts into your browser cache so that texts and fonts are displayed correctly. To do this, the browser you are using establishes a connection to Google's servers. Google thereby gains knowledge of your IP address.

Legal basis

The use of Google Web Fonts is based on our legitimate interest in a uniform presentation of the typography of our website (Art. 6 para. 1 lit. f GDPR). If consent has been requested (e.g., consent for the storage of cookies), the processing of data is carried out exclusively on the basis of your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG. This can be revoked at any time. If your browser does not support Web Fonts, a standard font from your computer will be used. More information about Google Web Fonts can be found here:https://developers.google.com/fonts/faq. You can find Google's privacy policy here: https://policies.google.com/privacy?hl=de.

Google Tag Manager

"We use services and functions from the Google Tag Manager on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland."

The Google Tag Manager is a tool that allows us to use other tools on our website. It does not create user profiles, it does not store cookies, and it does not conduct independent analyses. However, your IP address is recorded and may be transmitted to the USA. The Google Tag Manager itself is only used for managing these tools that are integrated through it.

When using the Google Tag Manager on this website, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in implementing and managing tracking tools on this website easily and quickly. If you have previously given consent to data processing on this website through the Google Tag Manager, the processing of your data will take place solely on the legal basis of Art. 6 para. 1 lit. a GDPR § 25 para. 1 TDDDG. You can revoke your consent at any time.

Meta Pixel

"We use the Meta Pixel on this website, which is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland."

With the help of the Meta Pixel, we can analyze the behavior of our website visitors when they are redirected to our website by clicking on a Facebook ad. We use the user data to measure the success of our ads on Facebook and to optimize the ads. As website operators, we only receive anonymized data, so we cannot identify you as a user.

"Meta, on the other hand, processes the data in such a way that it can be assigned to a specific user and used for its own advertising purposes. This allows Meta to display personalized advertisements on Meta and other websites. We as website operators have no influence over this. More information about data processing can be found in Meta's privacy policy at ".https://www.facebook.com/about/privacy/.

Legal basis

When using Meta-Pixel, we rely on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke your consent at any time.

The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://www.facebook.com/legal/EU_data_transfer_addendumandhttps://de-de.facebook.com/help/566994660333381.

"If personal data is collected on this website through this service and shared with Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland share joint responsibility for the processing of your personal data (Art. 26 GDPR). In this regard, we are only responsible for the collection of your data and its transmission to Meta, while Meta is responsible for what happens to the data thereafter. The obligations that we impose on each other within the framework of joint responsibility are set out in an agreement on joint data processing. You can find the exact text of the agreement at the following link:"https://www.facebook.com/legal/controller_addendum. Accordingly, we must provide you with information on data protection when using the Meta tool and ensure that the tool is implemented in compliance with data protection regulations on our website.

"Meta itself is responsible for the security of its own products. If you wish to exercise your rights as a data subject and request information about the data processed by Meta concerning you, you can contact Meta directly. If you assert your rights as a data subject with us, we have the obligation to forward your request to Meta."

Shopify CDN

Type and scope of processing

"We use Shopify CDN for the proper provision of the content on our website. Shopify CDN is a service of Shopify International Limited, which acts as a Content Delivery Network (CDN) on our website to ensure the functionality of other services of Shopify, Inc. For these services, you will find a separate section in this privacy policy. This section is solely about the use of the CDN."

A CDN helps to deliver content from our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you connect to servers of Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the purposes mentioned above and to maintain the security and functionality of Shopify CDN.

Purpose and Legal Basis

The use of the Content Delivery Network is based on our legitimate interests, i.e., the interest in a secure and efficient provision as well as the optimization of our online offerings in accordance with Art. 6 para. 1 lit. f. GDPR.

Shopify Checkout

Type and scope of processing

The provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify Payment”).

For details, please refer to the privacy policy of Shopify Payment:https://www.shopify.de/legal/datenschutz.

jQuery CDN

Type and scope of processing

"We use jQuery CDN for the proper provision of the content on our website. jQuery CDN is a service of jQuery that acts as a Content Delivery Network (CDN) on our website."

A CDN helps to deliver content from our online offerings, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you connect to servers of jQuery, where your IP address and possibly browser data such as your User-Agent are transmitted. This data is processed solely for the purposes mentioned above and to maintain the security and functionality of jQuery CDN.

Purpose and Legal Basis

Storage period

The specific storage duration of the processed data is not influenced by us, but is determined by jQuery. Further information can be found in the privacy policy for jQuery CDN: https://www.stackpath.com/legal/privacy-statement/.