Privacy policy
Privacy Policy
This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter “data”) within our online offering and the associated websites, functions, and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terms used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller
BADESOFA® Interior Design GmbH, Friesenstraße 50, 50670 Cologne, hello@badesofa.de
Managing Directors: Natalie Steger, Annika Götz
Link to the legal notice (Impressum): https://badesofa.de/pages/impressum
Data protection contact: hello@badesofa.de
Data Transfers to Third Countries
Visiting our website may involve the transmission of certain personal data to third countries, i.e., countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country.
If no such adequacy decision of the European Commission exists, personal data will only be transferred to a third country if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions in Art. 49 GDPR applies.
Unless otherwise stated below, we use as appropriate safeguards the EU Standard Contractual Clauses for the transfer of personal data to processors in third countries: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087.
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of the aforementioned Shopify services, data may also be transmitted, for further processing on behalf, to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. In the case of the transfer of data to Shopify Inc. in Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA are certified for the US-European data protection agreement “Privacy Shield,” which ensures compliance with the level of data protection applicable in the EU.
Further information on Shopify’s data protection can be found at the following website: https://www.shopify.de/legal/datenschutz
Any further processing on servers other than those mentioned above by Shopify takes place only within the scope communicated below.
Types of Data Processed
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
- Assortment and service optimization.
Categories of Data Subjects
Visitors and users of the online offering (hereinafter we also refer to the data subjects collectively as “users”).
Purpose of Processing
- Provision of the online offering, its functions and content.
- Processing your order.
- Responding to contact requests and communicating with users.
- Security measures.
- Reach measurement/marketing.
Definitions Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable Legal Bases
Pursuant to Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not named in the Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and carrying out contractual measures as well as responding to inquiries is Art. 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.
Security Measures
In accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access, input, transfer, availability assurance and separation relating to them. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and response to data endangerment. We also take into account the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
Cooperation with Processors and Third Parties
If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if transmission of the data to third parties, such as payment service providers, is necessary for contract performance pursuant to Art. 6(1)(b) GDPR), you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “processing contract,” this is done on the basis of Art. 28 GDPR.
Rights of Data Subjects
You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to request that data concerning you be erased without undue delay, or alternatively to request restriction of processing of the data in accordance with Art. 18 GDPR.
You have the right to receive the data concerning you which you have provided to us in accordance with Art. 20 GDPR and to request its transmission to other controllers.
Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. For us, the competent data protection supervisory authority is:
Landesbeauftragte für den Datenschutz Nordrhein-Westfalen, Kavalleriestraße 2–4, 40213 Düsseldorf, Tel. +49 211/38424-0, Fax: +49 211/38424-10, Email: poststelle@ldi.nrw.de.
Right to Withdraw Consent
You have the right to withdraw consent granted pursuant to Art. 7(3) GDPR with effect for the future.
Right to Object
You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may be made in particular against processing for purposes of direct advertising.
Cookies and Right to Object to Direct Advertising
“Cookies” are small files that are stored on users’ computers. Various information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. For example, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit the site after several days. Likewise, user interests can be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (otherwise, if they are only its cookies, they are called “first-party cookies”).
We may use temporary and permanent cookies and provide information about this within our Privacy Policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional restrictions of this online offering.
A general objection to the use of cookies used for online marketing purposes, especially in the case of tracking, can be declared for a variety of services via the U.S. site http://www.aboutads.info/choices/or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that not all functions of this online offering may then be usable.
Deletion of Data
Data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion is not opposed by statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
Under statutory requirements in Germany, retention is in particular for 10 years pursuant to §§ 147(1) AO, 257(1) nos. 1 and 4, (4) HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years pursuant to § 257(1) nos. 2 and 3, (4) HGB (commercial letters).
Under statutory requirements in Austria, retention is in particular for 7 years pursuant to § 132(1) BAO (accounting records, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with services provided electronically, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.
Business-Related Processing
In addition, we process:
- Contract data (e.g., subject matter of the contract, term, customer category).
- Payment data (e.g., bank details, payment history)
of our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Order Processing in the Online Shop and Customer Account
We process the data of our customers as part of the order processes in our online shop in order to enable them to select and order the chosen products and services, as well as their payment and delivery or execution.
The data processed includes inventory data, communication data, contract data, payment data, and the data subjects include our customers, prospects and other business partners. Processing is carried out for the purpose of providing contractual services in the context of the operation of an online shop, billing, delivery and customer services. In this context, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
Processing is carried out on the basis of Art. 6(1)(b) (execution of order processes) and (c) (legally required archiving) GDPR. The information marked as required is necessary for the conclusion and fulfillment of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permissions and obligations to legal advisors and authorities. Data is processed in third countries only if this is necessary for the fulfillment of the contract (e.g., at the customer’s request in the case of delivery or payment).
As part of registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) GDPR.
Deletion takes place after the expiry of statutory warranty and comparable obligations; the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligations).
External Services
Shopify Payments
We use the payment service provider “Shopify Payments,” 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment processing is carried out via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the order process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) pursuant to Art. 6(1)(b) GDPR. Your data is passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on data protection at Shopify Payments can be found at the following internet address: https://www.shopify.com/legal/privacy .
We also use PayPal as an external payment service provider, through whose platforms users and we can carry out payment transactions (link to the privacy policy, PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)).
The data processed by the payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract-, totals- and recipient-related details. The information is required to carry out the transactions. However, the entered data is processed only by the payment service providers and stored there. I.e., we do not receive any account or credit card information, but only information with confirmation or negative notification of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission is intended to check identity and creditworthiness. For this, we refer to the GTC and privacy notices of the payment service providers.
The terms and conditions and privacy notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, apply to the payment transactions. We also refer to these for further information and the assertion of cancellation, information and other data subject rights.
Google Analytics
We use on our website the web analytics service Google Analytics of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you have your habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the Google-affiliated company responsible for the processing of your data and compliance with applicable data protection laws.
Data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website usage and internet usage to the website operator. The following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you use and the device you use, pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
Google Analytics uses technologies such as cookies, web storage in the browser and tracking pixels that enable an analysis of your use of the website. The information generated about your use of this website is generally transmitted to a Google server in the USA and stored there. IP anonymization is activated on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google has certified itself under the US-EU data protection agreement “Privacy Shield” and thus committed to complying with European data protection guidelines.
Data processing, in particular the setting of cookies, takes place on the basis of Art. 6(1)(f) GDPR from our predominant legitimate interest in the needs-based and targeted design of the website. You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR.
You can prevent the collection of the data generated by Google Analytics and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
To prevent data collection and storage by Google Analytics across devices, you can set an opt-out cookie. Opt-out cookies prevent the future collection of your data when visiting this website. You must perform the opt-out on all systems and devices used for this to have a comprehensive effect. If you delete the opt-out cookie, requests will again be transmitted to Google. If you click here, the opt-out cookie will be set: Disable Google Analytics.
Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html
and at https://www.google.de/intl/de/policies/as well as at https://policies.google.com/technologies/cookies?hl=de.
Use of Rating and Certification Graphics
Reviews.io
Our website also uses the product review system from the provider REVIEWS.io Limited, 29 St Nicholas Place, Leicester, LE1 4LD UK (hereinafter referred to as “Review.io”), whose privacy policy can be found at https://www.reviews.io/front/user-privacy-policy. Reviews.io helps us learn your opinion about our products. Reviews.io is concerned about data security. Reviews.io is listed on the Data Protection Public Register, number ZA872629. https://www.reviews.io/front/data-protection
Use of Social Media
Facebook, Twitter and Pinterest
In addition to this website, we also maintain profiles and pages on social media, including Facebook and Instagram, which you can reach via corresponding buttons on our website. If you visit such a social media profile or the platform of the respective social network, personal data may be transmitted to the provider of the social network.
We also use services from Facebook, Twitter and Pinterest to enable you to share content from our online offering.
For the services of Facebook, Instagram, Twitter and Pinterest, your data is transferred to third countries outside the European Union. The operators of these services process your data, in particular your IP address, the type of browser used and the respective version as well as, if applicable, other data of your computer system.
If you are logged in to the respective social network when visiting our online offering, the respective operator processes your data in accordance with the respective terms of use and can link this with your user account.
Further information, in particular regarding the purpose and scope of processing, can be found in the privacy policies of the respective service providers. You can access these, for example, as follows:
- Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA: https://www.facebook.com/about/privacy/
- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA: https://twitter.com/de/privacy
- Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA: https://help.instagram.com/155833707900388
- Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA: https://policy.pinterest.com/de/privacy-policy
YouTube Videos
We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.comand can be played directly from our website. These are all embedded in “enhanced privacy mode,” i.e., no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the next paragraph be transmitted. We have no influence on this data transmission.
By playing the videos, YouTube receives the information that you have accessed the corresponding subpage of our website and may place further tools for marketing purposes. If you are logged into Google, your information will be associated directly with your account.
Recipients:
Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Business Analyses and Market Research
In order to run our business economically, to recognize market trends, wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6(1)(f) GDPR, whereby the data subjects include contractual partners, prospects, customers, visitors and users of our online offering.
The analyses are carried out for the purpose of economic evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information, e.g., about their used services. The analyses serve us to increase user-friendliness, to optimize our offering and economic efficiency. The analyses are for our use only and are not disclosed externally unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they will be deleted or anonymized upon termination by the users, otherwise after two years from contract conclusion. In all other respects, the overall business analyses and general trend determinations are prepared anonymously where possible.
Online Job Applications / Publication of Job Advertisements
We offer you the opportunity to apply to us via our website. In the case of digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application process.
The legal basis for this processing is § 26(1) sentence 1 BDSG in conjunction with Art. 88(1) GDPR.
If, after the application process, an employment contract is concluded, we will store your data transmitted during the application in your personnel file for the purpose of the usual organizational and administrative process—of course taking into account further legal obligations.
The legal basis for this processing is also § 26(1) sentence 1 BDSG in conjunction with Art. 88(1) GDPR.
If an application is rejected, we will automatically delete the data transmitted to us two months after the rejection has been announced. However, the deletion will not take place if the data must be stored for a longer period due to legal provisions, e.g., due to obligations to provide evidence under the AGG, for up to four months or until the conclusion of a court proceeding.
In this case, the legal basis is Art. 6(1)(f) GDPR and § 24(1) no. 2 BDSG. Our legitimate interest lies in legal defense or enforcement.
If you expressly consent to a longer storage of your data, e.g., for inclusion in an applicant or prospect database, the data will continue to be processed on the basis of your consent. The legal basis is then Art. 6(1)(a) GDPR. You can, of course, revoke your consent at any time pursuant to Art. 7(3) GDPR with effect for the future by declaration to us.
Cookie Policy
With regard to our online offering, we use cookies. Cookies are small text files that are assigned to the browser you use by means of a characteristic string and stored on your hard drive and through which certain information flows to the entity that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any damage. They serve to make the internet offering as a whole more user-friendly and effective, i.e., more pleasant for you.
Cookies may contain data that make it possible to recognize the device being used. In some cases, however, cookies only contain information about certain settings that are not personally relatable. Cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, cookies are further distinguished between:
- Essential cookies: These are strictly necessary to navigate the website, use basic functions and ensure the security of the website; they neither collect information about you for marketing purposes nor store which internet pages you have visited;
- Statistics cookies: These collect information about how you use our online offering, which pages you visit and, e.g., whether errors occur when using the website; they do not collect information that could identify you—all information collected is anonymous and is used only to improve our website and find out what interests our users;
- Marketing cookies: These are used to provide the website user with needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers;
Cookies help us continuously improve the user experience of our online offering.
Enabling, Managing and Deleting Cookies
In addition to the settings you can make on our website regarding cookies, most internet browsers also offer settings. How you can, for example, delete cookies again, you can find out for the most common browsers on the following websites:
Cookie Settings on Our Online Offering
Below you can adjust your cookie settings on our platform. We differentiate between the cookie categories mentioned above (necessary cookies, statistics cookies, marketing cookies and preference cookies). Only the “necessary cookies” are required for use of the website.
Overview “Necessary Cookies”
|
_ab |
Used in connection with access to admin. |
Essential |
|
_secure_session_id |
Used in connection with navigation through a storefront. |
Essential |
|
__cfduid |
The _cfduid cookie helps Cloudflare detect malicious visitors to our Customers’ websites and minimizes blocking legitimate users. |
Essential |
|
Cart |
Used in connection with shopping cart. |
Essential |
|
cart |
Used in connection with shopping cart. |
Essential |
|
cart_sig |
Used in connection with checkout. |
Essential |
|
cart_ts |
Used in connection with checkout. |
Essential |
|
checkout_token |
Used in connection with checkout. |
Essential |
|
Secret |
Used in connection with checkout. |
Essential |
|
secure_customer_sig |
Used in connection with customer login. |
Essential |
|
storefront_digest |
Used in connection with customer login. |
Essential |
|
_shopify_u |
Used to facilitate updating customer account information. |
Essential |
|
XSRF-TOKEN |
Used in connection with GDPR legal Cookie. |
Essential |
|
gdpr_legal_cookie_session |
Used in connection with GDPR legal Cookie. |
Essential |
|
_bc_c_set |
Used in connection with GDPR legal Cookie. |
Essential |
Overview “Cookies Marketing and Analytics”
|
_orig_referrer |
Used in connection with shopping cart. |
Marketing & Analytics |
|
_landing_page |
Track landing pages. |
Marketing & Analytics |
|
_s |
Shopify analytics. |
Marketing & Analytics |
|
_shopify_fs |
Shopify analytics. |
Marketing & Analytics |
|
_shopify_s |
Shopify analytics. |
Marketing & Analytics |
|
_shopify_y |
Shopify analytics. |
Marketing & Analytics |
|
_y |
Shopify analytics. |
Marketing & Analytics |
|
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
Marketing & Analytics |
|
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
Marketing & Analytics |
|
_shopify_uniq |
Shopify analytics. |
Marketing & Analytics |
|
_shopify_visit |
Shopify analytics. |
Marketing & Analytics |
|
tracked_start_checkout |
Shopify analytics relating to checkout. |
Marketing & Analytics |
|
_ga |
Contains a randomly generated User-ID. This ID enables Google Analytics to recognize returning users on this website and to merge data from previous visits. |
Marketing & Analytics |
|
_gid |
Used in connection with GDPR legal Cookie tag-manager for google add words. |
Marketing & Analytics |
|
_gat |
Used in connection with GDPR legal Cookie tag-manager for google add words. |
Marketing & Analytics |
|
_dc_gtm_XXXXXXXXX |
Used in connection with GDPR legal Cookie tag-manager for google add words. |
Marketing & Analytics |
|
_gat_gtag_XXXXXXXXX |
Used in connection with GDPR legal Cookie tag-manager for google add words. |
Marketing & Analytics |
|
_gac_XXXXXXXXX |
Used in connection with GDPR legal Cookie tag-manager for google add words. |
Marketing & Analytics |
|
bc_tgm_gtm |
Used in connection with GDPR legal Cookie tag-manager for google tag-manager. |
Marketing & Analytics |
|
_fbp |
Used in connection facebook pixel. |
Marketing & Analytics |
|
bc_tgm_aw |
Used in connection with GDPR legal Cookie tag-manager for google add words. |
Marketing & Analytics |
Â
For further information, please follow the link more on GDPR Legal Cookies
Newsletter
In our shop, you have the option to subscribe to our newsletter.
When you sign up for our newsletter, we use the data required for this purpose or separately provided by you in order to regularly send you our email newsletter on the basis of your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.
You can unsubscribe from the newsletter at any time, either by sending a message to the above-mentioned contact option or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes that are legally permitted and about which we inform you in this declaration.
Klaviyo
For managing subscribers and sending newsletters and other marketing emails, we use the service Klaviyo. Klaviyo is provided by Klaviyo Inc., based in Boston (USA). The data provided for sending the newsletter and data collected from newsletter analytics are transmitted to and processed on servers of Klaviyo Inc. in the USA. For this purpose, we have concluded EU Standard Contractual Clauses with Klaviyo Inc. for the transfer of personal data to processors in third countries.
Mable.ai
Within our online offering, we use a tool provided by Mable GmbH, Kaiserstraße 88, 76133 Karlsruhe (hereinafter “Mable”). Mable enables us, in the interest of users and our own interests, to better control our data streams and to decide and manage which data is passed on to third parties. It also allows us to independently evaluate this data according to our own criteria.
When we work with certain partners, e.g., for online marketing purposes, this often requires the integration of code components that establish a direct server connection and enable the collection of personal data of our website users by the partner. In such cases, we often have no control over the exact data collected or the data flows. Mable allows us to use partners’ programs without integrating their code into our website. In this case, a direct server connection to the website users by the third party is not required. Instead of a direct server connection, the partner receives the aggregated data, if available, from us.
For the above-mentioned purpose of processing and sharing, we process the following data of website users: a pseudonymous user ID; visitor behavior on websites (visitor behavior includes, among other things, data about where visitors come from, which areas of a website are visited, and how often and how long individual subpages and categories are viewed). This data can be added to the information stored in your user account or collected during the ordering process, regardless of whether the purchase is completed. The data processing is based on your consent in accordance with Art. 6 (1) lit. a GDPR.
Klar Attribution
We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar collects, processes, and stores data on this website and its subpages for reach measurement and statistical analysis on our behalf. This collection is carried out on the following legal basis:
If no consent is given by the user, the data is collected anonymously, i.e., without collecting personal or personally identifiable data, and in groups, i.e., by randomly assigning the collected data to groups of users. It is therefore not possible to draw conclusions about individual users. This anonymous collection is strictly necessary under § 25 (2) no. 2 TTDSG in order to optimize business costs and thereby ensure the desired service.
If the user’s consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR and § 25 (1) sentence 1 TTDSG has been given, the data to be processed will be collected on a user-specific basis.
For the above-mentioned different collection methods, different cookies are used to ensure the respective method of collection.