Privacy policy

As the responsible party in the sense of the data protection regulations, we inform you below about the processing of your personal data by us.

I. The term personal data and other important terms

In simple terms, personal data is any information that relates to you personally as a data subject. Provisions on what the term "personal data" means and what other terms important for the following data protection information mean can be found in Article 4 of the DS-GVO (General Data Protection Regulation).

II. Name and contact details of the person responsible; contact details of the data protection officer

In simple terms, the controller is the person who alone or jointly with others determines the purposes and means of the processing of personal data. The name and contact details of the person responsible can be found in our provider identification / imprint.

III. Purposes of the processing of your personal data; legal basis for the processing

We process your personal data within the scope of our activities for the purposes listed below in accordance with the legal bases stated in each case.

1. To carry out pre-contractual measures based on an inquiry from you, the processing of your personal data is based on your consent pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (b) DS-GVO.
2. In order to safeguard our legitimate interest in responding to inquiries and in taking other measures based on an inquiry from you, the processing of your personal data is based on the consent you have given us pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (f) DS-GVO.
3. For the performance of a contract to which you are a party, the processing of your personal data is based on the consent given by you pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (b) DS-GVO.
4. For the implementation of measures for the purpose of advertising, the processing of your personal data will be carried out either on the basis of the consent given by you pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (f) DS-GVO.
5. In order to protect our legitimate interest in maintaining the proper operation of our website, in providing the most user-friendly functions possible and in analyzing the use of our website, the processing of your personal data is based on Article 6 (1) (f) DS-GVO.
6. In order to protect our legitimate interest in enforcing our rights and defending ourselves against claims, the processing of your personal data is based on Article 6 (1) (f) DS-GVO.

Our systems are secured in accordance with the state of the art by technical and organizational measures to protect your personal data against access, alteration or dissemination by unauthorized persons and against loss and destruction.

Information on the processing of your personal data for the individual processing purposes can be found in the corresponding further notes within the scope of this privacy policy.

IV. Transfer of your personal data to third parties; categories of recipients of your personal data

Insofar as this is necessary to achieve the purposes of the processing of your personal data, we transfer your personal data to third parties within the framework of the legal requirements. Detailed information on the transfer of your personal data to third parties for the individual processing purposes can be found in the corresponding further notes within the scope of this privacy policy. In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.

V. Scope of the processing of your personal data for the individual processing purposes

Below, we inform you in detail about the processing of your personal data for the various processing purposes.

Your personal data will be deleted when it is no longer needed for processing for the respective processing purpose, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information provided in this privacy policy.

1. Use of our internet presence for information purposes

If you visit our website without sending us any information, we only process the personal data that your browser transmits to our server. This is the following data, which is technically necessary to display our Internet presence to you and to ensure stability and security:

the page you called up
date and time of the request
amount of data transferred
source or reference from where you came to the page
the browser you are using
operating system used by you
your IP adress

Your personal data is processed on the basis of Article 6 (1) (f) DS-GVO to protect our legitimate interest in maintaining the proper operation of our website.

Your personal data will be deleted after 6 months, unless it is further required for the assertion of rights or the enforcement of claims due to measures against the proper operation of our Internet presence. In this case, the deletion will take place immediately after the conclusion of the corresponding proceedings.

2. Processing of inquiries

If you contact us with an inquiry or a request, we process the personal data and information/documents you provide. Regardless of the way in which you send us your inquiry or request, this may include:

date and time of contact
Name data
Contact data
Data on inquiry/concern
Transmitted information/documents

Depending on the content of your inquiry or request, the processing of your personal data and the transmitted information/documents is based on your consent pursuant to Article 6 para. 1 letter a) DS-GVO to respond to your inquiry or on Article 6 para. 1 letter b) DS-GVO to carry out pre-contractual measures or on Article 6 para. 1 letter b) DS-GVO for the performance of a contract to which you are a party or on the basis of Article 6 para. 1 letter f) DS-GVO to protect our legitimate interest in responding to inquiries/concerns and in taking other measures in connection with the processing of inquiries/concerns.

Insofar as we provide a contact form and you contact us via this contact form, you grant consent with the following content by sending your message, about which you will be informed separately in the contact form: "I consent to the processing of my e-mail address and the other personal data provided by me for the purpose of responding to my message. I can revoke this consent at any time and without giving reasons with effect for the future. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation."

Ihre Einwilligung können Sie jederzeit und ohne Angabe von Gründen mit Wirkung für die Zukunft widerrufen. Hierfür genügt eine entsprechende Mitteilung an den Verantwortlichen, dessen Kontaktdaten Sie den Angaben zum Verantwortlichen entnehmen können. Die Rechtmäßigkeit der bis zum Widerruf erfolgten Verarbeitung bleibt im Falle des Widerrufs unberührt.

You can revoke your consent at any time and without giving reasons with effect for the future. For this purpose, it is sufficient to send a corresponding message to the responsible person, whose contact details you can find in the information on the responsible person. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation.

Insofar as this is necessary for the processing of your inquiry/request, we transmit your personal data to third parties within the scope of the legal requirements. In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.

Your personal data will be deleted when your inquiry/concern has been resolved, unless we are allowed to continue processing the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this privacy policy.

3. Customer account

When opening a customer account, we collect your personal data to the extent specified therein. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your customer account will then be deleted.

4. Fulfillment of contracts

If you provide us with personal data for the purpose of concluding a contract or in connection with the creation of a customer account, we process the data you provide for the purpose of fulfilling the contract. These are your customer data (e.g. your name and address) and the contract data (e.g. details of the products covered by the contract and payment and delivery information).

The processing of your personal data is based on Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party.

Insofar as this is necessary for the performance of the contract with you, we transmit your personal data to third parties within the framework of the legal requirements. This transfer is made to the service providers involved in the performance of the contract. These are the providers of the processing tools used by us. Furthermore, these are the companies commissioned with the transport.

In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum required.

Your personal data will be deleted after the expiry of the retention periods of 6 or 10 years under tax and commercial law, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this privacy policy.

5. Advertising by letter post

We process the personal data you provide on first and last name and address, if necessary, for sending information on our offers by letter post.

In this respect, the processing of your personal data is carried out on the basis of Article 6 (1) (f) DS-GVO for the protection of our legitimate interest in carrying out advertising measures by letter post.

You can object to the processing of your personal data for the purpose of carrying out advertising measures by letter post at any time. For this purpose, it is sufficient to send a corresponding message to the responsible person, whose contact details you can find in the information on the responsible person.

If you object to the processing of your personal data for the purpose of carrying out advertising measures by letter post, the personal data you have provided regarding first name, surname and address will be deleted immediately, unless we may continue to process the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this data protection declaration.

6. Newsletter

We use your e-mail address independently of the contract processing exclusively for our own advertising purposes for sending newsletters, provided that you have expressly consented to this. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. To do so, you can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the distribution list.

Your data will be passed on to a service provider for e-mail marketing within the scope of order processing. Your data will not be passed on to any other third parties.

7. Cookies

We use so-called cookies on our website. These are small files that are stored on your device and through which certain information is transmitted to us. The use of cookies serves to enable you to use certain functions and to make our offer more user-friendly overall.

Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device even after the end of the browser session, i.e. after you close your browser, and enable us or our partner companies (third-party cookies) to recognize you the next time you visit our website (so-called persistent cookies).

Some of the cookies we use are technically necessary to enable you to use certain functions. This is the case, for example, with regard to the storage of entries in connection with the use of the shopping cart function. In this respect, your personal data is processed on the basis of Article 6 (1) (b) DS-GVO for the implementation of pre-contractual measures that take place at your request as a data subject or on the basis of Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party or on the basis of Article 6 (1) (f) DS-GVO to protect our legitimate interest in providing the most user-friendly functions possible. Insofar as we or our partner companies use cookies for the purpose of range measurement or for marketing purposes, you can find detailed information on this, if applicable, in the corresponding further notes within the scope of this data protection declaration. For cookies for marketing and analysis purposes, your consent pursuant to Art.6 (1) (A) DS-GVO serves as the legal basis. Consent given can be revoked at any time with effect for the future.

You can prevent the storage of cookies by selecting the appropriate settings on your browser software. If necessary, please refer to the program help for the browser you are using to see how the corresponding setting can be made. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. By way of example, we refer to the information on the following common browsers:

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

VI. Information on service providers used

To operate this website, we integrate external services to make our website more user-friendly, effective and secure. This is our legitimate interest according to Art 6 para. 1 p. 1 f) DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

1 Cookie consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to store certain cookies on your terminal device or to use certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

Your consent(s) or revocation of your consent(s)
Your IP address
Informationen about your browser
Informationen about your terminal devise
time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is hosted by Google Cloud EMEA Ltd*, 70 Sir John Rogerson's Quay, Dublin 2, Ireland.

In principle, there is no data processing outside the European Union (EU), as the data centers are located in the EU.

Nevertheless, there are theoretical access possibilities through Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In this context, we would like to point out that due to the US CLOUD Act of 2018, there is a theoretical access possibility for US authorities to data of US IT companies and cloud providers that are stored outside the USA.

Transport encryption secures the transmission paths against unauthorized access.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c) DSGVO.

In addition, Art. 6 para. 1 lit. f) DSGVO serves as the legal basis. Our legitimate interest is to provide the website visitor with a user-friendly administration of consents.

Contract on order processing

We have concluded an order processing contract with Usercentrics. This is a contract required by data protection law, which ensures that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

2. Merchandise management system

We use an enterprise resource planning system for contract and payment processing as part of order processing. For this purpose, your personal data collected in the context of the order will be transmitted to Step Ahead GmbH, Riesstraße 17, 80992 Munich.

The processing is based on Art. 6, Para. 1 lit b) DS-GVO and is necessary for the processing of the contract.

3. Sendinblue

For sending our newsletter, we use the service Sendinblue of the provider SendinBlue SAS, 55 rue d'Amsterdam, 75008 Paris, France. With the help of this service, we organize the dispatch of our newsletter. The e-mail address you provide to order the newsletter is stored on SendinBlue's servers. Server location is Germany. In addition, Sendinblue enables us to analyze the behavior of newsletter recipients. Here, for example, it can be traced how many recipients have opened our newsletter.

If you do not want Sendinblue to analyze your data, you can unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future by sending an e-mail to the address given in our imprint. The e-mail address you provide for the purpose of sending the newsletter will be stored until you unsubscribe. After unsubscribing from the newsletter, the e-mail address will be deleted from our system, as well as from the provider's system. Data that has been collected for other purposes, e.g. for ordering, remains unaffected.

Further information on data protection can be found here: https://de.sendinblue.com/legal/privacypolicy/ By concluding an order processing agreement, we have obliged the provider SendinBlue to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

4. Google Tag Manager

The Google Tag Manager service is used on our website to control the display of services. This service is offered by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Please read here how Google complies with the data protection requirements also with regard to the transmission to the USA: https://policies.google.com/privacy?hl=en

We use Google Tag Manager on the basis of Art. 6 para 1. p. 1 f) DSGVO. Our legitimate interest lies in being able to effectively play out services on our site.

As soon as this service is called up on our site, Google receives your IP address. The service itself does not store any other data or cookies, but only controls the playout of services that are listed in this privacy policy.

X. Data subject rights and storage period

1. Duration of storage

After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, thereafter taking into account statutory, in particular tax and commercial law retention periods, and then deleted after expiry of the period, unless you have consented to further processing and use.

2. Rights of the data subject

In order to ensure fair and transparent processing of personal data, you as the data subject are entitled to the following rights in accordance with data protection law:

the right to obtain information in accordance with Article 15 DS-GVO,
the right to rectification in accordance with Article 16 DS-GVO,
the right to deletion according to Article 17 DS-GVO,
the right to restriction of processing pursuant to Article 18 DS-GVO,
the right to data portability according to Article 20 DS-GVO
the right to revoke consent given at any time in accordance with Article 7 (3) DS-GVO,
the right to object to processing pursuant to Article 21 DS-GVO, about which we will inform you separately below
and the right to lodge a complaint with the supervisory authority persuant to Article 77 DS-GVO, about which we will inform you separately below

Your right to object to processing

THE PROCESSING OF PERSONAL DATA IS PERMITTED IF THE PROCESSING IS NECESSARY FOR THE PURPOSES OF THE LEGITIMATE INTERESTS OF THE CONTROLLER OR A THIRD PARTY, UNLESS SUCH INTERESTS ARE OVERRIDDEN BY THE INTERESTS OR FUNDAMENTAL RIGHTS AND FREEDOMS OF THE DATA SUBJECT WHICH REQUIRE THE PROTECTION OF PERSONAL DATA, IN PARTICULAR WHERE THE DATA SUBJECT IS A CHILD, ART. 6 ABS. 1(F) DS-GVO.

YOU, AS THE DATA SUBJECT, HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LETTER F) DS-GVO; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS AS A DATA SUBJECT, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU AS THE DATA SUBJECT HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU, AS THE DATA SUBJECT, OBJECT TO THE PROCESSING FOR THE PURPOSES OF DIRECT MARKETING, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR SUCH PURPOSES.

XII. Changes to this Privacy Policy

If new services or providers are used to operate this website, we reserve the right to adapt this data protection declaration in order to comply with the legal circumstances. This adjusted privacy policy will then apply to your revisiting this website.