Privacy Policy

The data controller is:
Manuel Grümmer
Gerolsheimer Straße 9
67256 Weisenheim am Sand

Email: info@gruemart.com

Thank you for your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access data and hosting

You can visit our websites without providing any personal information. Each time a website is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of retrieval, the amount of data transferred, and the requesting provider (access data), and documents the retrieval. This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offerings. This serves to protect our legitimate interests in a correct presentation of our offerings, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.

2. Data processing for contract execution and contact initiation

2.1 Data processing for contract execution

For the purpose of contract execution (including inquiries regarding and processing of any existing warranty and performance disruption claims as well as any statutory update obligations) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, because in these cases we absolutely need the data for contract execution and cannot send the order without their provision. Which data is collected is evident from the respective input forms.

Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment, and shipping processing, can be found in the following sections of this privacy policy. After complete execution of the contract, your data will be restricted for further processing and deleted after the expiry of tax and commercial law retention periods in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

Merchandise management system

For order and contract processing, we use merchandise management systems from external service providers. Our service providers act on our behalf within the framework of order processing. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

Our service providers are located and/or use servers in the USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard contractual clauses of the European Commission.

Data transfer for age verification

If your order includes goods whose sale is subject to age restrictions, we ensure, by using a reliable procedure involving personal identity and age verification, that the customer has reached the required minimum age. For this purpose, the SCHUFA IdentitätsCheck is used on our website. This service is operated by SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter: SCHUFA).
To ensure the required minimum age, individual personal data (e.g., name, address, and date of birth) are transmitted to SCHUFA Holding AG. Subsequently, a so-called identity check with Q-Bit is carried out, which has been positively evaluated by the Commission for Youth Media Protection (KJM) for age verification. The data transfer to SCHUFA serves, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, to protect our legitimate interests in ensuring a youth protection-compliant offering and complying with legal provisions on youth protection, which are overriding in the context of a balancing of interests. A credit check does not take place in this respect.

2.2 Customer account

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we use your data for the purpose of opening a customer account and storing your data for further future orders on our website. Your customer account can be deleted at any time, either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After your customer account is deleted, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

2.3 Contact initiation

In the context of customer communication, we collect personal data for processing your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide it to us when contacting us (e.g., via contact form or email). Mandatory fields are marked as such, because in these cases we absolutely need the data to process your contact. Which data is collected is evident from the respective input forms. After your inquiry has been fully processed, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

Live-Chat-Tool Userlike

For the purpose of customer communication, we use the live chat tool from Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany ("Userlike"). This serves to protect our legitimate interests in effective and improved customer communication, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Userlike acts on our behalf.

Live-Chat-Tool WhatsApp

For the purpose of customer communication, we use the live chat tool from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"). This serves to protect our legitimate interests in effective and improved customer communication, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. WhatsApp acts on our behalf. The phone numbers stored by us on our mobile device are automatically processed on servers of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Only phone numbers of customers who have previously contacted us via WhatsApp and have therefore already accepted WhatsApp's terms of use and privacy policy are stored. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard contractual clauses of the European Commission.

Live-Chat-Tool Tidio

If you use the live chat tool to contact us, the data you voluntarily enter there (name, email address, message) will be processed by us in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the purpose of answering the inquiry within the framework of contract execution. Furthermore, the use of this tool serves to protect our legitimate interests in effective and improved customer communication, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The data will then be deleted. The live chat tool is provided by Tidio LLC, 180 Stewart St CA 94119 San Francisco, USA ("Tidio"), which acts on our behalf. Tidio uses servers in the USA and in other countries outside the EU and the EEA for which there is no adequacy decision by the European Commission. Our cooperation with Tidio is based on standard contractual clauses of the European Commission.

3. Data processing for the purpose of shipping

For the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they handle the shipping for us (drop shipping). These are considered shipping service providers within the meaning of this privacy policy.

Our service providers are located and/or use servers in these countries: USA
There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission, standard contractual clauses of a supervisory authority, approved binding corporate rules, approved contractual clauses, approved codes of conduct, approved certification mechanism.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: United Kingdom.

Data transfer to shipping service providers for the purpose of shipping notification

If you have given us your express consent to this during or after your order, we will, based on this, transmit your e-mail address and telephone number to the selected shipping service provider in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, so that they can contact you before delivery for the purpose of delivery notification or coordination.
Consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 - 7
DE-36286 Neuenstein
Germany

United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

Hermes Germany GmbH
Essener Straße 89
D-22419 Hamburg
Germany

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

4. Data processing for payment processing

We work with the following partners to process payments in our online shop: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who act on our behalf within the framework of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for payment processing themselves, e.g., on their own website or via technical integration in the order process. In this respect, the privacy policy of the respective payment service provider applies.
For questions about our partners for payment processing and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimizing our payment processes

If necessary, we provide our service providers with additional data, which they use together with the data necessary for payment processing as our processors for the purpose of fraud prevention and optimizing our payment processes (e.g., invoicing, processing of disputed payments, accounting support). This serves to protect our legitimate interests in securing ourselves against fraud and efficient payment management, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

4.3 Credit check

If we provide advance payment (for purchase on account), we obtain an identity and creditworthiness check from specialized service companies (credit agencies). For this purpose, we transmit your personal data required for a credit check to:

SCHUFA Holding AG
Kormoranweg 5
65201 Wiesbaden
​​​​​​​Germany

This serves to protect our legitimate interests in assessing the creditworthiness and willingness to pay of our potential customers in advance of the contract conclusion and thus avoiding payment defaults, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, and is necessary for the conclusion of the contract in accordance with Art. 22 para. 2 lit. a GDPR. Appropriate measures to safeguard your rights, freedoms, and legitimate interests are taken into account. You have the possibility to present your point of view and to challenge the decision by contacting the contact option described in this privacy policy. After complete execution of the contract, your data processed for this purpose will be deleted, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

4.4 Identity and credit check when selecting Klarna payment services

Klarna Direct Debit, Invoice Purchase via Klarna, Klarna Installment Purchase
If you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, that we may transmit the data necessary for the processing of the payment and an identity and credit check to Klarna. In Germany, the credit agencies mentioned in Klarna's privacy policy may be used for the identity and credit check. Klarna uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time vis-à-vis Klarna.

4.5 Identity and credit check when selecting Billpay payment services (operated by Klarna Bank AB)

If you choose the payment services of Klarna Bank AB (publ.), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter BillPay), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, that we may transmit the data necessary for the processing of the payment and an identity and credit check to Billpay. In Germany, the credit agencies mentioned in Billpay's privacy policy may be used for the identity and credit check. Billpay uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time vis-à-vis BillPay.

4.6 Identity and credit check when selecting purchase on account via PayOne

If you choose the payment method purchase on account (offered via PayOne GmbH, Lyoner Str. 9, 60528 Frankfurt a. M., Germany (hereinafter PayOne)), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, that we may transmit the data necessary for the processing of the payment and an identity and credit check to PayOne. In Germany, the credit agencies mentioned in PayOne's privacy policy may be used for the identity and credit check. PayOne uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options.

4.7 Engagement of debt collection service providers

We pass on your data to a commissioned debt collection service provider, evocate - Inkasso GmbH, Marie-Curie-Str. 9, 76829 Landau, Germany, if our payment claim has not been settled despite a previous reminder. In this case, the claim is collected directly by the debt collection service provider. This serves to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, as well as to protect our legitimate interests in the effective assertion or enforcement of our payment claim, which are overriding in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

5. Advertising by email, post

5.1 Email Newsletter with Subscription, Newsletter Tracking with Separate Consent

If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time either by sending a message to the contact option described below or via a dedicated link in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use, which is permitted by law and about which we inform you in this statement.

If you have additionally given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR for the analysis of our newsletters, we also analyze your interaction with our newsletter by measuring, storing and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns ("newsletter tracking").

For this evaluation, the emails sent contain one-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular:

• the page from which the page was requested (so-called referrer URL),
• the date and time of the request,
• the description of the type of web browser used,
• the IP address of the requesting computer,
• the email address,
• the date and time of registration and confirmation

and the one-pixel technologies with your email address or your IP address and, if applicable, an individual ID. Links contained in the newsletter can also contain this ID.

You can unsubscribe from newsletter tracking at any time either by sending a message to the contact option described or via a dedicated link in the newsletter.

The information will be stored as long as you are subscribed to the newsletter.

5.2 Email Newsletter without Subscription and your Right to Object

If we receive your email address in connection with the sale of goods or services and you have not objected to this, we reserve the right to regularly send you offers for similar products from our range, such as those already purchased, by email based on Section 7 (3) UWG. This serves to protect our legitimate interests in addressing our customers for advertising purposes, which interests outweigh others in the context of a balancing of interests.
You can object to this use of your email address at any time by sending a message to the contact option described in this privacy policy or via a dedicated link in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.
After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use, which is permitted by law and about which we inform you in this statement.

Our service providers are located and/or use servers in Israel. The European Commission has determined an adequate level of data protection for Israel by decision. In addition, our service providers use servers in the USA, South Korea and Taiwan, as well as in other countries outside the EU and the EEA for which there is no adequacy decision by the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.

5.3 Sending of Review Requests by Email

If you have given us your explicit consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to request a review of your order via the rating system we use. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a dedicated link in the review request.

5.4 Postal Advertising and your Right to Object

In addition, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. for sending you interesting offers and information about our products by post. This serves to protect our legitimate interests in addressing our customers for advertising purposes, which interests outweigh others in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to the contact option described in this privacy policy.

The advertising mailings are carried out by a service provider on our behalf, to whom we pass on your data for this purpose.

6. Cookies and other Technologies

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).

Privacy protection on end devices
When using our online offering, we use absolutely necessary technologies to provide the telemedia service explicitly requested. The storage of information in your end device or access to information already stored in your end device does not require consent in this respect.

For non-essential functions, the storage of information in your end device or access to information already stored in your end device requires your consent. We point out that if consent is not given, parts of the website may not be fully usable. Any consents you may have given remain valid until you adjust or reset the respective settings in your end device.

Potentially subsequent data processing by cookies and other technologies
We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). Through these technologies, IP address, time of visit, device and browser information as well as information about your use of our website (e.g. information about the content of the shopping cart) are collected and processed. This serves to protect our legitimate interests in an optimized presentation of our offer, which interests outweigh others in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

In addition, we use technologies to fulfill legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy. If applicable, we may also use technologies that are not individually listed in this privacy policy. Further information on these technologies, including the respective legal basis for data processing, can be found on the Usercentrics platform. You can access this by clicking on the fingerprint button in the bottom right or left corner of the page.

The cookie settings for your browser can be found under the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of the technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. Alternatively, you can click on the fingerprint button in the bottom right or left corner of the page. If cookies are not accepted, the functionality of our website may be limited.

6.2 Use of Usercentrics Consent Management Platform for managing consents

On our website, we use the Usercentrics Consent Management Platform ("Usercentrics") to inform you about the cookies and other technologies we use on our website, and to obtain, manage, and document your legally required consent to the processing of your personal data by these technologies. This is necessary in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation according to Art. 7 para. 1 GDPR to be able to prove your consent to the processing of your personal data, to which we are subject. Usercentrics is an offer of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes your data on our behalf. When you visit our website, Usercentrics' web server stores a so-called server log file, which also contains your anonymized IP address, date and time of visit, device and browser information, and information about your consent behavior. Your data will be deleted after three years, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use, which is permitted by law and about which we inform you in this statement.

7. Use of Cookies and other Technologies

If you have given your consent for this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use the following cookies and other technologies from third-party providers on our website. After the purpose ceases to apply and we stop using the respective technology, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the "Cookies and other technologies" section. Further information, including the basis of our cooperation with the individual providers, can be found with the individual technologies. For questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

7.1 Use of Adobe Services

We use the technologies of Adobe Systems, Software Ireland Limited, Ireland, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland ("Adobe") described below. The information automatically collected by Adobe technologies about your use of our website is generally transmitted to an Adobe, Inc., 345 Park Avenue San Jose, CA 95110-2704, USA server and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. If your IP address is collected via Adobe technologies, it will be shortened or completely replaced by a generic IP address before being stored on Adobe's servers by activating the corresponding settings.

 Adobe Fonts

For the uniform display of content on our website, data (IP address, time of visit, device and browser information) is collected by the "Adobe Fonts" script code, transmitted to Adobe, and subsequently processed by Adobe. We have no influence on this subsequent data processing. Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR.

7.2 Use of Google Services

We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") described below. The information automatically collected by Google technologies about your use of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise specified for individual technologies, data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR for the respective technology. Further information about data processing by Google can be found in Google's privacy policy.

 Google Analytics

For the purpose of website analysis, data (IP address, time of visit, device and browser information, and information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this. Your IP address is generally not merged with other Google data. Data processing is carried out on the basis of a data processing agreement with Google.

For the purpose of optimized marketing of our website, we have activated the data sharing settings for "Google products and services" . This allows Google to access and then use the data collected and processed by Google Analytics to improve Google services. Data sharing with Google within the framework of these data sharing settings takes place on the basis of an additional agreement between controllers. We have no influence on the subsequent data processing by Google.

For the creation and execution of tests, we also use the extension function of Google Analytics Google Optimize.

For the purpose of optimized marketing of our website, we use the so-called User-ID function. With the help of this function, we can assign a unique, permanent ID to your interaction data from one or more sessions on our online presences and thus analyze your user behavior across devices and sessions.

For web analysis, the extension function of Google Analytics Google Signals enables so-called "cross-device tracking". Insofar as your internet-enabled devices are linked to your Google account and you have activated the "personalized advertising" setting in your Google account, Google can create reports on your usage behavior (in particular the cross-device user numbers), even if you change your end device. We do not process personal data in this respect; we only receive statistics created on the basis of Google Signals.

For web analysis and advertising purposes, the extension function of Google Analytics, the so-called DoubleClick cookie, enables your browser to be recognized when you visit other websites. Google will use this information to compile reports on website activity and to provide other services related to website use.

 Google AdSense

Our website markets space for third-party advertisements via Google AdSense. These advertisements are displayed to you at various places on this website. The so-called DoubleClick cookie enables the display of interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) and automatically assigning a pseudonymous UserID, with the help of which interests are determined based on visits to this and other websites.

 Google Ads

For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) and by means of a pseudonymous cookie ID and based on the pages you visit. Further data processing only takes place if you have activated the "personalized advertising" setting in your Google account. In this case, if you are logged in to Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing.

For website analysis and event tracking, we measure your subsequent user behavior via Google Ads Conversion Tracking if you have reached our website via a Google Ads advertisement. Cookies may be used for this purpose and data (IP address, time of visit, device and browser information, and information about your use of our website based on events we define, such as visiting a website or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms.

 Google Maps

For the visual representation of geographical information, data about your use of the Maps functions, in particular the IP address and location data, is collected by Google Maps, transmitted to Google, and subsequently processed by Google. We have no influence on this subsequent data processing.

Google reCAPTCHA

For the purpose of protecting against misuse of our web forms and against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, and information about your use of our website) and analyzes your use of our website using a JavaScript and cookies. In addition, other cookies stored by Google services in your browser are evaluated. Personal data from the input fields of the respective form is neither read nor stored.

Google Fonts

For the uniform display of content on our website, data (IP address, time of visit, device and browser information) is collected via the "Google Fonts" script code, transmitted to Google, and subsequently processed by Google. We have no influence on this subsequent data processing.

Google Tag Manager

The Google Tag Manager allows us to manage various codes and services on our website. When implementing individual tags, Google may also process personal data (e.g., IP address, online identifiers (including cookies)). Data processing is carried out based on a data processing agreement with Google.

The use of Google Tag Manager allows for the integration of various services/technologies.
If you do not wish to use individual tracking services and have therefore deactivated them, the deactivation will apply to all affected tracking tags integrated via Google Tag Manager.

YouTube Video Plugin

To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube Video Plugin in the extended data protection mode we use, transmitted to Google, and subsequently processed by Google, only if you play a video.

7.3 Use of Microsoft Services

We use the technologies described below from Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). Data processing is carried out based on an agreement between joint controllers according to Art. 26 GDPR. The information about your use of our website automatically collected by Microsoft technologies is usually transferred to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and stored there. There is no adequacy decision from the European Commission for the USA. Our cooperation with them is based on standard contractual clauses from the European Commission. Further information about data processing by Microsoft can be found in Microsoft's privacy notices.

Microsoft Advertising

For advertising purposes in Bing, Yahoo, and MSN search results, and on third-party websites, the Microsoft Advertising Remarketing cookie is set when you visit our website. This cookie automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) using a pseudonymous cookie ID and based on the pages you have visited.

For website analysis and event tracking, we measure your subsequent user behavior via Microsoft Advertising Universal Event Tracking (UET) if you have reached our website via a Microsoft Advertising ad. For this purpose, cookies may be used, and data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms. If your internet-enabled devices are linked to your Microsoft account and you have not deactivated the "Interest-based advertising" setting in your Microsoft account, Microsoft can create reports on user behavior (especially cross-device user numbers), even if you switch your device, known as "Cross-Device Tracking". We do not process personal data in this regard; we only receive statistics created based on Microsoft UET.

Bing Maps

For the visual representation of geographical information, data about your use of the Maps functions, in particular your IP address and location data, are collected by Bing Maps, transmitted to Microsoft, and processed by Microsoft. We have no influence on this data processing.

7.4 Use of Facebook Services

Use of Facebook Pixel

We use the Facebook Pixel as part of the technologies described below from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland"). The Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter), from which usage profiles are created using pseudonyms. As part of the so-called extended data matching, information for matching purposes is also collected and stored in hashed form, which can identify individuals (e.g., names, email addresses, and phone numbers). For this purpose, a cookie is automatically set by the Facebook Pixel when you visit our website, which automatically enables the recognition of your browser when visiting other websites by means of a pseudonymous cookie ID. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activities and to provide other services related to website usage, in particular personalized and group-based advertising.
The information about your use of our website automatically collected by Facebook (by Meta) technologies is usually transferred to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision from the European Commission for the USA. Insofar as the data transfer to the USA falls under our responsibility, our cooperation is based on standard contractual clauses from the European Commission. Further information about data processing by Facebook can be found in the privacy notices of Facebook (by Meta).

Facebook Analytics

Within the framework of Facebook Business Tools, statistics on visitor activities on our website are created from the data collected with the Facebook Pixel about your use of our website. Data processing is carried out based on a data processing agreement with Facebook (by Meta). Your analysis serves the optimal presentation and marketing of our website.

Facebook Ads (Ads Manager)

Through Facebook Ads, we advertise this website on Facebook (by Meta) and on other platforms. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the precise implementation, in particular the decision on the placement of ads for individual users. Unless otherwise specified for the individual technologies, data processing is carried out based on an agreement between joint controllers according to Art. 26 GDPR. The joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.

Based on the statistics created via Facebook Pixel on visitor activities on our website, we conduct group-based advertising on Facebook (by Meta) via Facebook Custom Audience by determining the characteristics of the respective target group. In the context of the extended data matching for determining the respective target group (see above), Facebook (by Meta) acts as our data processor.

Based on the pseudonymous cookie ID set by the Facebook Pixel and the collected data about your usage behavior on our website, we carry out personalized advertising via Facebook Pixel Remarketing.

Via Facebook Pixel Conversions, we measure your subsequent usage behavior for web analysis and event tracking if you have reached our website via a Facebook Ads advertisement. Data processing is carried out based on a data processing agreement with Facebook (by Meta).

7.5 Other providers of web analysis and online marketing services

Use of Wix Statistics for web analysis

For the purpose of website analysis, data (IP address, time of visit, device and browser information, location information, and information about your use of our website) is automatically collected and stored using technologies from Wix Ldt., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel ("Wix"), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymized usage profiles are not merged with personal data about the holder of the pseudonym without a separately granted, explicit consent. Wix acts on our behalf. Wix uses servers in Israel. The European Commission has determined an adequate level of data protection for Israel by decision. Additionally, Wix uses servers in the USA, South Korea, and Taiwan, as well as in other countries outside the EU and the EEA, for which no adequacy decision from the European Commission exists. Our cooperation with Wix is based on standard contractual clauses from the European Commission.

Use of Visitor Analytics for web analysis

To achieve the purposes mentioned above, we use so-called fingerprinting technology. For this purpose, technical characteristics of your device or internet browser are evaluated to enable reliable analysis. The pseudonymized usage profiles are not merged with personal data about the holder of the pseudonym without separately granted, explicit consent. Visitor Analytics acts for us within the framework of data processing.

Use of Amazon services for online marketing

Through the advertising partner Amazon Europe Core S.à.r.l., 5 Rue Plaetis, L-2338 Luxembourg ("Amazon"), we market space for third-party advertisements on Amazon. These advertisements are displayed to you at various points on this website. Through cookies, Amazon can track the progress of the respective order and, in particular, understand that you have clicked on the respective advertisement and then ordered the product. For this purpose, data (IP address, time of visit, device and browser information, and information about your use of our website) is collected, transmitted to Amazon, and processed by Amazon. We have no influence on this data processing. Data processing is carried out based on an agreement between joint controllers according to Art. 26 GDPR. The information about your use of our website automatically collected by Amazon is usually transferred to a server of Amazon, Inc., 410 Terry Ave. North, Seattle, WA 98109-5210, USA, and stored there. There is no adequacy decision from the European Commission for the USA. Our cooperation with them is based on standard contractual clauses from the European Commission.

Use of Vimeo Video Plugin for embedding third-party content

To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin from Vimeo LLC, 555 West 18th Street, New York 10011, USA ("Vimeo"), transmitted to Vimeo, and subsequently processed by Vimeo. Data processing is carried out based on an agreement between joint controllers according to Art. 26 GDPR. Google Analytics is automatically integrated into the Vimeo Video Plugin. For the purpose of website analysis, data (IP address, time of visit, device and browser information, and information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information about your use of our website automatically collected by Google is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. Your IP address is shortened before being stored on Google's servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We have no influence on and no access to data processing by Vimeo, including the settings and results of Google Analytics. There is no adequacy decision from the European Commission for the USA. Our cooperation with them is based on standard contractual clauses from the European Commission.

7.6 Information on third-country transfer (data transfer to third countries)

We use technologies from service providers on our website whose server locations may be in third countries, outside the EU or EEA. These include, among others, the USA. If, as in the case of the USA, there is no adequacy decision from the EU Commission, an adequate level of data protection must be ensured by other appropriate safeguards. In July 2020, the ECJ ruled that the Privacy Shield Agreement between the EU and the USA can no longer be used to transfer personal data to the USA. This means that the sectoral adequacy decision is thereby repealed.
Appropriate safeguards in the form of contractually agreed standard contractual clauses of the EU Commission or binding corporate rules (Binding Corporate Rules) are generally possible but require prior verification by the contracting parties as to whether an adequate level of protection can be guaranteed. According to the ECJ ruling, additional protective measures may be necessary for this. We have generally agreed to the standard data protection clauses issued and still valid by the EU Commission with the third-party technologies we use that process personal data in a third country such as the USA. Where possible, we also agree on additional guarantees that are intended to ensure adequate data protection in the USA or other third countries.
Regardless, it may happen that despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In these cases, if necessary, we ask for your consent in accordance with Art. 49 para. 1 lit. a GDPR for the transfer of your personal data to a third country as part of the cookie consent. This refers in particular to data transfer to the USA.
In particular, there is a risk that (US) authorities may gain access rights to your personal data that are not sufficiently restricted from an EU perspective, without us as the data exporter or you as the data subject noticing this, and that you may not have any legal remedies available to prevent this or to take action against such access.

8. Integration of the Trusted Shops Trustbadge/other widgets

Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g., trustmark, collected reviews) and to offer Trusted Shops products to buyers after an order.

This serves to protect our legitimate interests in optimal marketing by enabling secure shopping, which predominates within the scope of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (Trusted Shops), with whom we are jointly responsible under data protection law in accordance with Art. 26 GDPR. In the context of this privacy policy, we will inform you below about the essential contractual contents in accordance with Art. 26 para. 2 GDPR.
Within the framework of the joint responsibility between us and Trusted Shops GmbH, please contact Trusted Shops GmbH preferably for data protection questions and to assert your rights. You can find their contact details here. Further information on data protection can be found at the following link here. Regardless of this, you can always contact us using the contact option described in this privacy policy. Your request will then, if necessary, be forwarded to the other responsible party for response.

8.1 Data processing when integrating the Trustbadge/other widgets

The Trustbadge is provided by a US-American CDN provider (Content Delivery Network) within the framework of joint responsibility. An adequate level of data protection is ensured by standard contractual clauses and further contractual measures. Further information on data protection by Trusted Shops GmbH can be found here. When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of retrieval, amount of data transferred, and the requesting provider (access data) and documents the retrieval. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and error analysis.

8.2 Data processing after order completion

After completing your order, your email address, hashed using a cryptological one-way function, will be transmitted to Trusted Shops GmbH. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. This serves to verify whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in providing the buyer protection and transactional review services linked to the specific order in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If this is the case, further processing will take place according to the contractual agreement made between you and Trusted Shops. If you are not yet registered for the services, you will subsequently have the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and personal identification will then no longer be possible.

Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and further contractual measures, and in the case of Israel by an adequacy decision.

9. Social Media

9.1 Social Plugins from Facebook (by Meta), Instagram (by Meta), Pinterest, Whatsapp

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links, so that no connection to the servers of the respective provider is established when our website is called up. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can, for example, activate the Like or Share button.

9.2 Our Online Presence on Facebook (by Meta), Youtube, Pinterest

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, when you visit our online presences on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which usage profiles will be created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as contact options and your rights and settings options for protecting your privacy, please refer to the providers' privacy notices linked below. If you still need help with this, you can contact us.

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision from the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. Data processing within the framework of visiting a Facebook (by Meta) fan page takes place on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.

YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. There is no adequacy decision from the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

Pinterest is a service of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transferred to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there. There is no adequacy decision from the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

• pursuant to Art. 15 GDPR, the right to obtain information about your personal data processed by us to the extent specified therein;
• pursuant to Art. 16 GDPR, the right to obtain without undue delay the rectification of inaccurate personal data stored by us or to have incomplete personal data completed;
• pursuant to Art. 17 GDPR, the right to obtain the erasure of your personal data stored by us, unless further processing is
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation;
• for reasons of public interest; or
• for the establishment, exercise or defense of legal claims;
• pursuant to Art. 18 GDPR, the right to obtain restriction of the processing of your personal data, insofar as
• the accuracy of the data is contested by you;
• the processing is unlawful, but you oppose the erasure of the data;
• we no longer need the data, but you require them for the establishment, exercise or defense of legal claims; or
• you have objected to the processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR, the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller;
• pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

Right to object Insofar as we process personal data as explained above in order to safeguard our overriding legitimate interests within the framework of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have a right to object if there are reasons arising from your particular situation. After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims. This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

10.2 Contact Options

If you have any questions regarding the collection, processing, or use of your personal data, or for information, correction, restriction, or deletion of data, as well as revocation of granted consents or objection to a specific data use, please contact us directly using the contact details in our imprint.

Privacy Policy created with the Trusted Shops Legal Text Generator