1.1 What is personal data?
Personal data is information that discloses or can disclose the identity of the user. We adhere to the principle of data avoidance. As far as possible, we do not collect personal data.
1.2 Dealing with personal data
Personal data is used solely for the purpose of establishing the contract, structuring its content, implementing or processing the contractual relationship (Art. 6 I S. 1 b GDPR).
In addition, personal data will only be processed if we have received your consent to do so (Art. 6 I S. 1 a GDPR) or if it concerns data whose processing is necessary for our legitimate interests and if the assessment shows that there are no overriding interests, fundamental rights or fundamental freedoms on your part (Art. 6 I S. 1 f GDPR).
We may use contract processors to process your personal data, but will not pass on your personal data to third parties.
The data will only be passed on to the shipping company commissioned with the delivery in order to fulfil the contract, insofar as this is necessary for the delivery of ordered goods. In order to process payments, the necessary payment data will be passed on to the bank commissioned with the payment and, if applicable, to the commissioned and selected payment service provider.
The processing of your personal data takes place exclusively within the EU, unless otherwise stated below.
1.3 Usage data
When you visit the website, general technical information is collected. This includes the IP address used, time of day, duration of the visit, browser type and, if applicable, the page of origin. This usage data is registered in a log file for technical reasons and can be used and stored for the purpose of statistical evaluation of this website. This usage data is not linked to your other personal data.
1.4 Duration of storage
After the end of the purpose for which the data was collected, we only store your personal data for as long as this is necessary due to legal (in particular tax) regulations.
2. Your rights
You can request information from us as to whether we process your personal data and, if so, you have a right to information about this personal data and the further information specified in Art. 15 GDPR.
2.2 Right to Correction
You have the right to rectify the incorrect personal data concerning you and may request the completion of incomplete personal data in accordance with Art. 16 GDPR.
2.3 Right to cancellation
You have the right to demand that we delete your personal data immediately. We are obliged to delete them immediately, in particular if one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing of your data was based and there is no other legal basis for the processing.
- Your data have been processed unlawfully.
The right to deletion does not exist insofar as your personal data is necessary for the assertion, exercise or defence of our legal claims.
2.4 Right to limitation of processing
You have the right to demand that we restrict the processing of your personal data if
- you dispute the accuracy of the data and we therefore verify the accuracy,
- the processing is unlawful and you refuse to delete it and instead request the restriction of its use
- we no longer need the data, but you need it to assert, exercise or defend legal claims,
- you have objected to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.
2.5 Right to Data Transferability
You have the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format and you have the right to communicate this data to another responsible person without our interference, provided that the processing is based on a consent or a contract and the processing is carried out by us using automated procedures.
2.6 Right of revocation
If the processing of your personal data is based on a consent, you have the right to revoke this consent at any time.
2.7 General and right of appeal
The exercise of your aforementioned rights is generally free of charge for you. If you have any complaints, you have the right to contact the supervisory authority responsible for us, the state data protection officer, directly.
3. Data security
3.1 Data security
All data on our website is protected by technical and organisational measures against loss, destruction, access, alteration and distribution.
3.2 Sessions and Cookies
If you subscribe to our newsletter, we will use the data required for this purpose or provided separately by you in order to send you our e-mail newsletter on a regular basis. You can unsubscribe from the newsletter at any time, either by sending us a message via the contact details given in the imprint or via the link provided in the newsletter.
If you use the comment function on our website, the time of creation and your chosen pseudonym will be saved in addition to these comments. The IP address is made anonymous by us immediately and is not stored.
6. Presence on social media platforms
We use the following social media platforms for company presentation and communication (the following linked data protection declarations and opt-out options are expressly referred to).
Opt-Out: https://www.facebook.com/settings?tab=ads alternatively http://www.youronlinechoices.com
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany)
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
These social media platforms may be able to process personal data outside the EU, we refer in this respect to the above data protection declarations of the social media platforms. The respective social media platforms may create user profiles and store cookies on your computer, in which your user behaviour is stored, based on your user behaviour and the resulting interests on your part. If you have an account on the respective social media platform and are logged in, your usage behaviour can even be stored independent of the device. Your usage profile can be used, for example, to place advertisements that presumably correspond to your interests.
We process the personal data exclusively for communication with you via the social media platform selected by you and for the optimisation of our online presence and ensure that no interests on your part are affected which outweigh this justified interest on our part (Art. 6 I S. 1 f GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, your personal data will also be processed on the basis of this consent (Art. 6 I S. 1 a GDPR).
7. Third-party services
7.1 Google Analytics
7.2 Social media links
We have our own social media pages with the third-party providers that can be reached via links from this website. By using the links you will reach the respective websites of the third party providers (e.g. Facebook, Twitter, Google+). In order to avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider yourself before using a corresponding link, so that usage profiles cannot be created by the third-party provider through the use of the link.
7.3 Use of ActiveCampaign
Our e-mail communication is handled via "ActiveCampaign", 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA. Your e-mail address and other data described in this notice will be stored on ActiveCampaign's servers in the USA. ActiveCampaign uses this information to send and evaluate e-mails on our behalf. Furthermore, according to its own information, ActiveCampaign can use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. ActiveCampaign does not use the data of our mail recipients in order to write to them or pass them on to third parties. ActiveCampaign is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection regulations. In addition, we have concluded a data processing agreement with ActiveCampaign. This is a contract in which ActiveCampaign undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties. Thus, the weighing up results in the fact that no overriding interests on your part are opposed (Art. 6 I S. 1 f GDPR). You can view the data protection regulations of ActiveCampaign at https://www.activecampaign.com/privacy-policy/
7.4 Font Awesome Web Fonts
We use Adobe Typekit to display fonts on our website. Adobe Typekit is a service providing access to a font library provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you open a page, your browser loads the Web fonts you need into your browser cache to display text and fonts correctly. In the course of providing the Typekit service, no cookies are placed or used to provide the fonts. To provide the Typekit service, Adobe may collect font information to identify the site itself and the associated Typekit account. The interests of the users are not affected according to (Art. 6 I S. 1 f GDPR). For more information about privacy at Adobe Typekit, please refer to Adobe's privacy statement at https://www.adobe.com/privacy/policies/typekit.html
7.6 Google reCAPTCHA
7.7 Facebook Pixel
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in effective advertising campaigns, which also include social media. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de- de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy- secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
To do this, you first have to log into Facebook. If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
8. Establishing contact
If you would like to contact us about data protection, please use the contact options below. Responsible person in the sense of the GDPR:
Frau Dr. Katja Brunkhorst
Phone: +49 (0) 541 40757303