Privacy policy

Welcome to our website! Thank you for visiting the website of L.A.B. Cosmetics GmbH (hereinafter "L.A.B. Cosmetics" or "we").

In this privacy policy, we inform you about the processing of your personal data by L.A.B. Cosmetics in connection with our website and your rights.

We attach the highest importance to the protection of your data and are constantly striving to optimize data protection.

Table of contents

  • Introduction and overview
  • Scope of application
  • Legal basis
  • Contact details of the data controller
  • Contact details of the data protection officer
  • Rights under the General Data Protection Regulation
  • Storage period
  • Data transfer to third countries
  • Security of data processing
  • TLS encryption with https
  • Web hosting
  • Cookies
  • Web Analytics
  • Facebook Pixel Privacy Policy
  • Facebook Connect
  • Consulting Tool Chatchamp
  • Google Tag Manager Privacy Policy
  • Email Marketing
  • Google Double Click
  • Google Analytics Privacy Policy
  • Online Marketing
  • Payment providers
  • Google Ads (Google AdWords) Conversion Tracking Privacy Policy
  • Google Fonts Privacy Policy
  • Google reCAPTCHA Privacy Policy
  • Stripe Privacy Policy
  • TrustedShops Privacy Policy
  • YouTube Privacy Policy
  • Use of WhatsApp
  • Registration
  • Electronic contact

Introduction and Overview

All terms used in this data protection declaration are to be understood as gender-neutral.

The aim of this privacy policy is to describe the most important things to you as simply and transparently as possible.

If questions nevertheless remain, we ask you to contact the responsible office named below or in the imprint, to follow the available links and to look at the linked information on third-party sites. Our contact details can also be found in the imprint.

Scope of application

This privacy policy applies to all personal data processed by us and to all personal data processed by companies commissioned by us (order processors) (hereinafter "personal data" or "data"). Personal data is information within the meaning of Art. 4 No. 1 DSGVO, such as a person's name, e-mail address and postal address. The scope of this privacy policy includes:

  • all online presences (websites, online stores) that we operate
  • the social media presences and email communication
  • our mobile apps for smartphones and other devices

Legal basis

In this privacy policy, we inform you about the legal basis for data processing in accordance with the relevant legal regulations, in particular the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).

Contact details of the responsible person

If you have any questions about data protection, you will find the contact details of the responsible legal entity below:

L.A.B. Cosmetics GmbH 
Friesenweg 24, 22763 Hamburg.
E-mail: [email protected]
Phone: +49-40-386 29 1020

Imprint: Imprint 

Contact details of the data protection officer:

AGOR AG
Sascha Hesse
Niddastraße 74
60329 Frankfurt am Main

E-Mail: [email protected]

Rights according to the General Data Protection Regulation

According to Art. 15 to 22 DSGVO, you have the following rights with regard to the processing of your personal data.

  • According to Article 15 DSGVO, you have the right to be informed whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to obtain the following information:
  • the purpose for which we carry out the processing
  • the categories, i.e. the types of data that are processed
  • who receives this data and if the data is transferred to third countries, how data security can be guaranteed
  • how long the data will be stored
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below)
  • the origin of the data if we have not collected it from you
  • whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
  • According to Article 16 of the GDPR, you have the right to rectify the data, which means that we must correct data if you find errors.
  • You have the right to erasure ("right to be forgotten") according to Article 17 GDPR, which specifically means that you can request the deletion of your data.
  • According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data, but not use it further.
  • According to Article 19 DSGVO, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
  • You have the right to object according to Article 21 DSGVO:
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing
  • If data is used to conduct direct marketing, you may object to this type of data processing at any time. We may not use your data for direct marketing thereafter
  • If data is used to conduct profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter
  • According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can contact the data protection supervisory authority responsible for us.

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent permitted. Your consent is in most cases the reason why we have data processed in third countries.

We expressly point out that in the USA there is currently not such a high level of data protection as in Europe, so that your data may be subject to access by authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights may be enforceable. Data processing by US services (such as Google Analytics) may also result in data not being processed and stored anonymously, where applicable. In addition, it may happen that collected data is linked to data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.

Data processing security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it more difficult for third parties to infer personal information from the data.

TLS encryption with https

We use HTTPS (Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transfer data over the Internet in a tap-proof manner.

By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we ensure the protection of confidential data.

You can recognize the use of this protection of data transmission by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g. examplepage.com) and the use of the https scheme (instead of http) as part of our Internet address.

If you want to know more about encryption, we recommend searching by search engine for "Hypertext Transfer Protocol Secure wiki".

Web hosting

What is web hosting?

When you visit websites, certain information - including personal data - is automatically created and stored, and this website is no exception. By website we mean the entirety of all web pages on a domain. By domain we mean for example example.de or example.com.

If you want to view a website on a screen, you use a program called a web browser for this purpose, for example Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.

This web browser connects to another computer where the website's code is stored: the web server. The operation of a web server is done by providers. They offer web hosting and thus ensure reliable and error-free storage of website data.

When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data is processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a while to ensure proper operation.

Why do we process personal data?

The purposes of data processing are:

  1. Professional hosting of the website and securing its operation.
  2. Maintenance of operational and IT security
  3. Anonymous evaluation of access behavior to improve our offer and, if necessary, for law enforcement or prosecution of claims

What data is processed?

We process data such as

  • the complete Internet address (URL) of the website accessed (e.g. https://www.beispielwebsite.de/beispielunterseite.html?tid=311289416)
  • browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
  • the host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121)
  • date and time
  • in files, the so-called web server log files

How long is data stored?

The above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful conduct.

Legal basis

The legal basis for this data processing is Art. 6 (1) f) DSGVO (protection of legitimate interests). The data set out must be processed in order to present our website in a secure and user-friendly manner.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used.

Cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, effectively the "brain" of your browser.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our website. Thanks to the cookies, our site recognizes you are offering you the setting that you are used to. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests".

What are the types of cookies?

We can distinguish 4 types of cookies:

Necessary/indispensable cookies.

These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages, and only later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.

Performance Cookies/Purposeful Cookies

These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

Functional/target-oriented cookies

These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

Marketing/advertising cookies

These cookies are used to deliver customized advertising to the user.

Apart from the necessary cookies, when you visit a website for the first time, you will be asked which of these cookie types you would like to allow.

If you want to know more about cookies and technical documentation we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Legal basis

The legal basis for storing cookies, device identifiers and similar tracking technologies, or for storing information in the end user's terminal equipment and accessing this information, is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act(TTDSG).

Please note that the legal basis for the processing of personal data collected in this context then results from the DSGVO (Art. 6 para. 1 p.1 DSGVO). The relevant legal basis for the processing of personal data in each specific case can be found below the respective cookie or the respective processing itself.

The primary legal basis for the storage of information in the end user's terminal equipment - in particular for the storage of cookies - is your consent, Section 25 (1) sentence 1 TTDSG. The consent is given when visiting our website -which of course does not have to be given- and can be revoked at any time in the cookie settings.

Pursuant to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as "technically necessary cookies"), and therefore fall under the exception of Section 25 (2) TTDSG and therefore do not require consent.

DSGVO

When cookies are used, the following data is stored and transmitted:

(1) Items in a shopping cart

(2) Log-in information

The legal basis for the processing of personal data using cookies results from Art. 6 para. 1 p. 1 lit. f DSGVO. The purpose of using the technically necessary cookies is to simplify the use of our website.

We point out that isolated functions of our website can only be offered using cookies.

These are the following applications:

(1) Shopping cart

(2) Remembering search terms

We do not use user data collected through technically necessary cookies to create user profiles.

Cookies are stored on the user's computer and transmitted to our site by the user. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. There, stored cookies can also be deleted again. Please note that you may no longer be able to use all the functions of our website if you disable cookies.

The legal basis for the processing of personal data using cookies for analysis and advertising purposes is, in the presence of a relevant consent of the user, Art. 6 para. 1 p. 1 lit. a DSGVO.

Here you can view and adjust your cookie settings

Web Analytics

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics for short. This involves collecting data that is processed by the respective analytic tool provider (also called tracking tool). With the help of the data, analyses of user behavior on our website are created and made available to us as the website operator. In addition, we can test which offers or content are best received by our visitors.

Why do we do web analytics?

We want to deliver the best web offer on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand, and on the other hand make sure that you feel comfortable on our website. With the help of web analytics tools, we can better understand the behavior of our website visitors and see, for example, where they come from, when our website is most visited or which content or products are particularly popular. All this information helps us to optimize the website and thus best adapt it to your needs, interests and wishes.

What data is processed?

Exactly what data is stored depends on the analysis tools used. As a rule, for example, which content you view on our website, which buttons or links you click on, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use is stored. If you declare your consent that location data may also be collected, these may also be processed by the web analysis tool provider.

In addition, your IP address - usually pseudonymized - is also stored. For the purpose of testing, web analysis and web optimization, no clear data, such as your name, age, address or e-mail address are stored as a matter of principle. All this data, if collected, is stored pseudonymously.

How long the respective data is stored depends on the provider. Some cookies only store data for a few minutes or until you leave the website again, other cookies can store data for several years.

Duration of data processing

We inform you about the duration of data processing below. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products, unless legal regulations oblige or entitle us to store the data for a longer period.

Right of objection

You have the right to revoke your consent to the use of cookies at any time. This works either via our cookie management or Google's opt-out function. In addition, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained via our cookie banner. The legal basis for the data processing associated with this is thus Art. 6 (1) a) DSGVO in conjunction with your consent.

For information on specific web analytics tools, please refer to the following sections.

Facebook Pixel Privacy Policy

We use the Facebook pixel from Facebook on our website. We have implemented code on our website to do this. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you came to our website through Facebook ads. For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Then Facebook deletes this data again. The collected data is anonymous and not visible to us and can only be used in the context of ad placements. If you yourself are a Facebook user and are logged in, the visit to our website is automatically assigned to your Facebook user account.

We want to show our services or products only to those people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. Thus, Facebook users (if they have allowed personalized advertising) get to see suitable advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

We have also activated Automatic Advanced Matching as part of the Facebook Pixel function. This feature of the pixel allows us to send hashed emails, name, gender, city, state, zip code, and date of birth or phone number as additional information to Facebook if you have provided us with this data. This activation allows us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products. Provided you are logged into Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can basically manage your usage-based online advertising on http://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option to deactivate or activate providers.

We would like to point out that there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Facebook Pixel. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from other Facebook services where you have a user account.

The legal basis for the data processing associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) a) DSGVO in conjunction with your consent.

Revocation: You can revoke your consent to the use of the Facebook Pixel at any time with effect for the future here. If you want to learn more about Facebook's data protection, we recommend that you read the company's own data policies at https://www.facebook.com/policy.php.

Consultation tool

Within the framework of our so-called personal routine finder/consulting tool, we collect and process personal data on your habits and physical condition. These are determined by means of a questionnaire and the results are stored. For the routine finder, we use the chat tool of chatchamp UG, c/o Wayra, Kaufingerstr. 15, 80331 Munich ("Chatchamp"). Chatchamp assists us in retrieving our questionnaire by presenting it to you during a chat conversation. Subsequently, Chatchamp supports us in analyzing this data in order to recommend products to you that are suitable for your skin. This is partly health data in the sense of Art. 4 No. 15 DSGVO.

If you request the evaluation of the expert by e-mail, we link your e-mail address with the information you have provided in order to send you individual product recommendations. However, we keep the information you have provided pseudonymized.

The aforementioned processing is based on Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a DSGVO. We store the information you have provided, including information about your health condition, for the duration of the existence of your consent. After revocation of your consent, this data will be deleted. You can easily notify us of your revocation by clicking on the unsubscribe link in the product recommendation email. If we discontinue the "Routine Finder" program, the information you have provided will also be deleted in this case.

Google Tag Manager Privacy Policy

What is the Google Tag Manager?

For our website we use the Google Tag Manager of the company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Through Google Tag Manager, we can centrally incorporate and manage code sections from various tracking tools we use on our website.

Google Tag Manager is an organizational tool that allows us to embed and manage website tags centrally and through a user interface. Tags are small sections of code that, for example, record (track) your activity on our website. For this purpose, JavaScript code sections are inserted into the source code of our page. The tags often come from Google-internal products such as Google Ads or Google Analytics, but tags from other companies can also be included and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies and also track users across multiple websites.

Why do we use Google Tag Manager for our website?

To make our website as interesting as possible, we need various tracking tools such as Google Analytics. The collected data from these tools show us what you are most interested in, where we can improve our services and which people we should still show our offers to. In order for this tracking to work, we need to embed appropriate JavaScript codes into our website. With the help of Google Tag Manager, we can easily include the necessary scripts and manage them from one place.

What data is stored by Google Tag Manager?

The Tag Manager acts as a mere "manager" of the implemented tags. The data is collected by the individual tags of the different web analytics tools. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored.

In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this is only the use and usage of our Tag Manager and not your data that is stored via the code sections. We allow Google and others to receive selected data in anonymized form. We thus consent to the anonymous sharing of our website data. Google thereby deletes all info that could identify our website. Google aggregates the data with hundreds of other anonymous website data and, as part of benchmarking, creates user trends. Benchmarking compares our own results with those of our competitors. Processes can be optimized on the basis of the information collected.

How long and where is the data stored?

When Google stores data, this data is stored on Google's own servers. The servers are distributed all over the world. Most of them are located in America. You can find out exactly where Google servers are located at https://www.google.com/about/datacenters/inside/locations/?hl=de.

How long the individual tracking tools store data from you can be found in our individual privacy texts for each tool.

We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. Data processing is essentially carried out by Google (if, for example, Google Analytics is used in Google Tag Manager). This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other Google services where you have a user account.

Legal basis

The legal basis for the data processing associated with this is Art. 49 (1) a) or Art. 6 (1) a) DSGVO in conjunction with your consent.

Revocation: You can revoke your consent to the use of Google Tag Manager at any time with effect for the future here.

Objection to data processing:

You can also prevent the collection and transmission of data related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

If you would like to learn more about Google Tag Manager, we recommend that you read the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.

Email marketing

How does email marketing work?

In order to keep you informed about news and to offer you relevant and interesting content as well as offer, we enable you to consent to receive our email newsletter.

To do this, you can usually sign up by providing your email address. Under certain circumstances, we may also ask you for your title and name so that we can write to you personally.

Signing up for e-mail newsletters is done using the so-called "double opt-in procedure". After you have registered for our e-mail newsletter, you will receive an e-mail with a confirmation link, by clicking on which you confirm the e-mail newsletter registration. Your registration will be logged so that we can prove the legally correct registration process. The time of registration, the time of the registration confirmation and your IP address will be stored. In addition, it is also logged when you make changes to your stored data.

Legal basis

The legal basis for the data processing associated with this is Art. 6 (1) a) DSGVO in conjunction with your consent.

Revocation

You can revoke your consent for the future at any time, e.g. by clicking on the unsubscribe link at the end of each e-mail newsletter.

Please note that we may also send you advertising messages by e-mail on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), provided that you have become our customer, we receive your e-mail address in this context and inform you about the use of your e-mail address for advertising purposes, we use the e-mail address for advertising for similar goods or services and you have not objected to the use of your e-mail address for direct advertising.

Duration of data processing

If you revoke your consent to receive the e-mail newsletter, we will keep the data logged as part of the registration for up to three years so that we can still prove your consent. The legal basis for the data processing associated with this is Art. 6 (1) f) DSGVO (legitimate interests).

However, if you confirm that you have given us your consent for email newsletter subscription, you can submit an individual deletion request at any time.

Use of Klaviyo

We use the services of Klaviyo to send our email newsletters. The provider is Klaviyo, 125 Summer St, Boston, MA 02110, USA. Klaviyo is a service that serves, among other things, the organization as well as the analysis of e-mail newsletters.

When you enter data for the purpose of receiving e-mail newsletters (e.g. your e-mail address), this data is stored on Klaviyo's servers in the USA. With the help of Klaviyo, we can analyze our email newsletter campaigns. When you open an email sent with Klaviyo, a file contained in the email (known as a web beacon) connects to Klaviyo's servers in the USA. This makes it possible to determine whether an e-mail newsletter message has been opened and which links, if any, have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective e-mail newsletter recipient. It is used exclusively for the statistical evaluation of e-mail newsletter campaigns. The results of these analyses can be used to better tailor future e-mail newsletters to the interests of the recipient.

The legal basis for the associated data processing the sending of e-mail newsletters by Klaviyo are Art. 49 para. 1 a) DSGVO or Art. 6 para. 1 a) DSGVO in conjunction with your consent. You can revoke your consent at any time by unsubscribing from the e-mail newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

Conclusion of a data processing agreement

We have also concluded the so-called "Standard Contractual Clauses" with Klaviyo, in which we oblige Klaviyo to protect our customers' data and not to pass it on to third parties. Further details can be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, can be found at https://www.klaviyo.com/legal/dpa.

To learn more about the data processed through the use of Klaviyo, please see the Privacy Policy at https://www.klaviyo.com/legal/privacy-policy.

Google DoubleClick

This website continues to use the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Via a cookie ID, Google records which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser's website and make a purchase. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

You can prevent participation in this tracking process in various ways:

1. by adjusting your browser software settings accordingly; in particular, the suppression of third-party cookies means that you will not receive ads from third-party providers;

2. by disabling cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads , which setting will be deleted when you delete your cookies;

3. by disabling interest-based ads from the providers that are part of the "About Ads" self-regulatory campaign, via the link http://www.aboutads.info/choices , with this setting being deleted when you delete your cookies;

4. by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) http://www.networkadvertising.org

Google Analytics Privacy Policy

What is Google Analytics?

We use on our website the analysis tracking tool Google Analytics (GA) of the American company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and service to your preferences.

In the following, we will go into more detail about the tracking tool and, in particular, inform you about what data is stored and how you can prevent this.

Google Analytics is a tracking tool used to analyze traffic to our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions you take on our website. Once you leave our website, this data is sent to Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. These reports may include, but are not limited to, the following:

  • Audience reports: through audience reports, we get to know our users better and know more precisely who is interested in our service.
  • Ad reports: Ad reports help us analyze and improve our online advertising.
  • Acquisition reports: Acquisition reports give us helpful information on how to attract more people to our service.
  • Behavior reports: This is where we learn how you interact with our site. We can track the path you take on our site and which links you click.
  • Conversion reports: Conversion is when you take a desired action based on a marketing message. For example, you go from being just a website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are working for you.
  • Real-time reports: This is where we learn what is happening on our website. For example, we see how many users are reading this text.

Why do we use Google Analytics on our website?

We want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.

The statistically evaluated data shows us a picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We learn what we need to improve about our site to provide you with the best possible service.

How is your data processed by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles. However, due to the activation of IP anonymization "()" on this platform, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Expiration date of the cookie used by Google: 14 months.

Legal basis

The legal basis for the data processing associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) a) DSGVO in conjunction with your consent.

Revocation of consent to the use of performance cookies:

You can revoke your consent to the use of performance cookies at any time with effect for the future here.

Objection to data processing:

You can also prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Finally, you can prevent the collection and transmission of data relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Google Analytics Data Processing Addendum

In addition to the standard contractual clauses, we have also concluded one with Google on the use of Google Analytics by accepting the "Data Processing Addendum" in Google Analytics.

You can find out more about the data processing addendum for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad.

Google Analytics Google Signals

We have enabled Google signals in Google Analytics. This updates existing Google Analytics features (ad reports, remarketing, cross-device reports, and interest and demographic reports) to get aggregated and anonymized data from you if you have allowed personalized ads in your Google account.

What makes this special is that it is cross-device tracking. That means your data can be analyzed across devices. By enabling Google signals, data is collected and linked to the Google account. Google can thus recognize, for example, if you view a product on our website via a smartphone and only buy the product later via a laptop. Thanks to the activation of Google signals, we can launch cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.

In Google Analytics, Google signals also collect other visitor data such as location, search history, YouTube history and data about your actions on our website. This gives us better advertising reports from Google and more useful information about your interests and demographics. These include your age, what language you speak, where you live, or what gender you are.  All these characteristics help Google Analytics to define groups of people or target groups.

The reports also help us to better assess your behavior, wishes and interests. This allows us to optimize and adapt our services and products for you. By default, this data expires after 26 months. Please note that this data collection only occurs if you have allowed personalized advertising in your Google account. This is always aggregated and anonymous data and never individual person data. In your Google account, you can manage this data or also delete it.

Legal basis

The legal basis for the data processing associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) a) DSGVO in conjunction with your consent.

Revocation of consent to the use of marketing cookies:

You can revoke your consent to the use of marketing cookies at any time with effect for the future here.

Objection to data processing:

You can also prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection and transmission of data relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Online marketing

What is online marketing?

Online marketing refers to all measures that are carried out online to achieve marketing goals such as increasing brand awareness or closing a deal. In most cases, this involves online advertising, content marketing or search engine optimization. To enable us to use online marketing efficiently and in a targeted manner, personal data is also stored and processed. On the one hand, the data helps us to show our content only to those people who are actually interested in it. On the other hand, we can measure the advertising success of our online marketing measures.

What data is processed?

In order for our online marketing to work and the success of the measures to be measured, user profiles are created and data is stored, for example, in cookies (these are small text files). With the help of this data, we can display r advertising directly on our website in the way you prefer. For this purpose, there are various third-party tools that offer these functions and collect and store data from you accordingly. In the named cookies are stored, for example, which web pages you have visited on our website, how long you have looked at these pages, which links or buttons you click or from which website you have come to us. In addition, technical information may also be stored. For example, your IP address, which browser you use, from which device you visit our website or the time when you accessed our website and when you left it again. If you have consented that we may also determine your location, we may also store and process this.

Your IP address is stored in pseudonymized form (i.e. shortened). Unique data that directly identifies you as a person, such as your name, address or e-mail address, is only stored in pseudonymized form as part of the advertising and online marketing processes. We can therefore not identify you as a person, but we have only the pseudonymized stored information in the user profiles.

Under certain circumstances, the cookies can also be deployed, analyzed and used for advertising purposes on other websites that use the same advertising tools. The data may then also be stored on the servers of the advertising tools providers.

In exceptional cases, clear data (name, e-mail address, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously received data to the user profile.

Legal basis

The legal basis for the data processing associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) a DSGVO in conjunction with your consent.

Right of withdrawal

You have ach right and the possibility to revoke your consent to the use of cookies in connection with our online marketing at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser. The lawfulness of the processing until the revocation remains unaffected.

Since online marketing tools may be used, we also recommend that you read our general information about cookies. To find out exactly what data is stored and processed by you, you should read the privacy statements of the respective tools.

Outbrain privacy policy

We use Outbrain, a web advertising platform, on our website. The service provider is the British company Outbrain UK Limited, 5th Floor, The Place, 175 High Holborn, London, WC1V 7AA, United Kingdom. With the help of a so-called widget, users are referred to further content within our website and on third-party websites that may also be of interest to you. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.

Legal basis

The legal basis for the data processing associated with this is Art. 6 (1) a) DSGVO in conjunction with your consent.

Right of withdrawal

You can revoke your consent to the use of marketing cookies at any time with effect for the future here.

In addition, you have the option to object to the tracking for the display of interest-based recommendations by Outbrain; to do so, click on the "Decline" field (opt-out) under Outbrain's privacy policy, available at http://www.outbrain.com/de/legal/privacy. Here you can also obtain further information on the data protection of Outbrain UK Ltd.

Facebook Conversions API and Facebook Custom Audiences

We use Facebook Conversions API on our website, a server-side event tracking tool. The service provider is the American company Facebook Inc. The company responsible for the European region is Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

With the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Due to the Facebook pixel used, your browser automatically establishes a direct connection with the Facebook server, provided you have consented to the use of marketing cookies.

Through the integration of the Facebook pixel, Facebook receives the information that you have called up our website or clicked on an ad of ours and/or carried out further activities on our website. If you visit other websites that also use "Facebook Conversion", this information will also be linked to your user account. However, it is not apparent to us which other websites you visit. If you are registered with a Facebook service, Facebook can associate your visits with your account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will learn and store your IP address and other identifiers.

We also use Facebook Custom Audiences on our website. This allows users of the websites to be shown interest-based advertisements ("Facebook Ads") when they visit "Facebook" or other websites that also use this method. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our website or offers as interesting as possible for you.

The processing of your data by Facebook takes place within the framework of Facebook's data policy, available at https://www.facebook.com/policy.php. You can also obtain further information and details about the Facebook pixel and how it works in Facebook's help area, available at: https://www.facebook.com/business/help.

We point out that the cookie has a duration of 180 days.

We would like to point out that there is currently no adequate level of protection for data transfer to the USA. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from possible other Facebook services where you have a user account.

Legal basis

The legal basis for the data processing associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) a) DSGVO in conjunction with your consent.

Right of withdrawal

You can revoke your consent to the use of marketing cookies at any time with effect for the future here.

Objection to data processing:

You can also prevent the use of the Facebook Pixel in various ways by

  • making a corresponding setting in your browser software,
  • as a logged-in user of the Facebook social network at https://www.facebook.com/settings/?tab=ads#die change settings, or
  • by deactivating it on the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. However, we would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

You can learn more about the data processed through the use of Facebook Conversions API and Facebook Custom Audiences in the Privacy Policy at https://www.facebook.com/about/privacy.

What is a payment processor?

We use online payment systems on our website that enable us and you to make payments safely and smoothly. In the process, personal data is sent to the payment provider, stored and processed

We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN.

Why do we use payment providers on our website?

We want to offer the best possible service with our website and our integrated online store, so that you feel comfortable on our site and use our offers. For these reasons, we offer you various payment options. You can select your preferred payment provider for payment.

What data is processed?

Which data is processed depends, of course, on the respective payment provider. Basically, name, address and bank data (account number, credit card number, passwords, TANs, etc.) are processed. This is necessary data to be able to carry out the transaction. In addition, any contractual data and user data, such as when you visit our website, what content you are interested in or which sub-pages you click on, may be processed. Your IP address and information about the computer you are using are also stored by most payment providers.

The data is stored and processed on the servers of the payment providers. We as the website operator do not receive this data. We are only informed whether the payment worked or not. For all payment transactions, the terms and conditions and privacy policy of the respective provider apply.

Duration of data processing

We only process personal data for as long as is absolutely necessary for the provision of our services and products, insofar as we are not entitled or obliged to store it further. For example, we keep accounting records relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are created.

Legal basis

The legal basis for the data processing associated with this is Art. 6 (1) b) DSGVO, i.e. the fulfillment of your agreement with the respective payment service provider to process your payment.

Information on the payment providers can be found in the following sections.

Klarna

In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, we offer the following payment options. The payment is made in each case to Klarna by direct debit. The debit will be made after the goods have been shipped. The time will be communicated to you by e-mail.

The use of the payment methods invoice, installment purchase and direct debit requires a positive credit assessment. In this respect, we forward your data to Klarna for the purpose of address and credit assessment as part of the purchase initiation and processing of the purchase contract. Please understand that we can only offer you those payment methods that are permitted based on the results of the credit check. Further information and Klarna's terms of use can be found here. General information about Klarna can be found here. Your personal data will be treated by Klarna in accordance with the applicable data protection regulations and as specified in Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

PayPal Privacy Policy

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

When paying with PayPal, we transmit the amount to be paid by you together with your first and last name, delivery address, e-mail address, telephone number and IP address to PayPal (i.e. to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg), so that you can authorize the payment to us vis-à-vis PayPal. You will need a PayPal account for this purpose. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not maintain a PayPal account.

The legal basis for the data processing associated with this is Art. 6 (1) b) DSGVO, i.e. the processing of your data is necessary for the fulfillment of your agreement with PayPal regarding a payment via PayPal.

The data transmitted to PayPal may be transmitted by PayPal to credit agencies. This transmission is used for identity and credit checks. More information on data protection at PayPal can be found on the PayPal website at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

The legal basis for the data processing associated with this is Art. 6 (1) f) DSGVO (balancing of interests, based on our interest in offering you effective and secure payment options and preventing fraud in this context).

You can find out more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Google Ads (Google AdWords) Conversion Tracking

What is Google Ads conversion tracking?

We use Google Ads (formerly Google AdWords) as an online marketing measure to advertise our products and services. In Europe, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). With the help of this free tracking tool, we can better adapt our advertising offer to your interests and needs.

Google Ads (formerly Google AdWords) is the in-house online advertising system of Google Inc. using conversion tracking.

But what is a conversion actually? A conversion occurs when you go from being a purely interested website visitor to an acting visitor. This happens whenever you click on our ad and subsequently perform another action, such as visiting our website. With Google's conversion tracking tool, we record what happens after a user clicks on our Google Ads ad. For example, we can see whether products are purchased, services are used or whether users have signed up for our newsletter.

Why do we use Google Ads conversion tracking on our website?

Our goal is to ensure that our advertising campaigns reach only those people who are interested in our offers. With the conversion tracking tool we can see which keywords, ads, ad groups and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device and then make a conversion. This data allows us to calculate our cost-benefit factor, measure the success of individual advertising measures, and consequently optimize our online marketing efforts. In addition, we can use the data obtained to make our website more interesting for you and adapt our advertising offer even more individually to your needs.

What data is stored with Google Ads conversion tracking?

We have included a conversion tracking tag or code snippet on our website to better analyze certain user actions. Now, when you click on one of our Google Ads ads, the cookie "Conversion" is stored on your computer (usually in the browser) or mobile device by a Google domain.

Here are the data of the most important cookies for Google's conversion tracking:

Name: Conversion

Value: EhMI_aySuoyv4gIVled3Ch0llweVGAEgt-mr6aXd7dYlSAGQ311289416-3

Purpose: This cookie stores every conversion you make on our site after coming to us through a Google Ad.

Expiration date: after 3 months

Name: _gac

Value:1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE

Expiration date: after 3 months

Note: The _gac cookie appears only in conjunction with Google Analytics. The above enumeration does not claim to be complete, as Google repeatedly uses other cookies for analytical evaluation.

As soon as you complete an action on our website, Google recognizes the cookie and saves your action as a so-called conversion. As long as you surf our website and the cookie has not yet expired, we and Google recognize that you have found us via our Google Ads ad. The cookie is read and sent back to Google Ads with the conversion data. It is also possible that other cookies are used to measure conversions. We do not process any personal data. We receive a report from Google with statistical evaluations. For example, we learn the total number of users who clicked on our ad and we see which advertising measures were well received.

How long and where is the data stored?

At this point, we would like to point out that we have no influence on how Google uses the collected data. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personal data. The cookies named "Conversion" and "_gac" (which is used in connection with Google Analytics) have an expiration date of 3 months.We would like to point out that there is currently no adequate level of protection for data transfer to the USA. The data processing is essentially carried out by Google Ads. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from possible other Google services where you have a user account.

Legal basis

The legal basis for the consent associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) DSGVO in conjunction with your consent.

Revocation

You can revoke your consent to the use of marketing cookies at any time with effect for the future here.

Objection

You also have the option of not participating in Google Ads' conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. For each browser, this works slightly differently. Here are the instructions on how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome.

Safari: Manage cookies and website data with Safari.

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: delete and manage cookies

Microsoft Edge: delete and manage cookies

If you generally don't want cookies, you can set your browser to notify you whenever a cookie is about to be set. This way, you can decide whether to allow the cookie or not for each individual cookie. Downloading and installing this browser plug-in at https://support.google.com/ads/answer/7395996 will also disable all "advertising cookies". Keep in mind that by disabling these cookies, you are not preventing the advertisements, only the personalized advertisements.

If you would like to learn more about Google's privacy policy, we recommend reading Google's general privacy policy: https://policies.google.com/privacy?hl=de.

Google Fonts Privacy Policy

What are Google Fonts?

On our website, we use Google Fonts. These are the "Google Fonts" of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to log in or provide a password to use Google Fonts. Also, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, your Google account information is not transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to your users free of charge.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

Google Fonts allows us to use fonts on our own website, and not have to upload them to our own server. Google Fonts is an important component to keep the quality of our website high. All Google Fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for mobile use. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Google Fonts support all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and work reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So, we use Google Fonts so that we can display our entire online service as beautifully and consistently as possible.

What data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address are visiting our website.

Google Fonts stores CSS and font requests securely at Google. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analytics pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts. This data is published in the Google Fonts BigQuery database.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change the design or font of a website, for example.

The font files are stored by Google for one year. Google pursues with it the goal to improve the loading time of web pages. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

We would like to point out that, according to the current situation, there is no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Google Fonts. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from possible other Google services where you have a user account.

Legal basis

The legal basis for the consent associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) DSGVO in conjunction with your consent.

On our part, there is also a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 f) DSGVO (Legitimate Interests).

Revocation

You can revoke your consent to the use of Google Fonts at any time with effect for the future.

How can I delete my data?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is called up. To delete this data early, you need to contact Google support at https://support.google.com/?hl=de&tid=311289416.

Unlike other web fonts, Google allows us unlimited access to all fonts. So we can have unlimited access to many fonts and get the most out of them for our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=311289416.

You can also read about which data is basically collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Google reCAPTCHA privacy policy

What is reCAPTCHA?

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are also a human and not a robot or other spam software. With Google's reCAPTCHA, in most cases it is enough to simply check a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to put a checkmark anymore.

With reCAPTCHA, a JavaScript element is included in the source code and then the tool runs in the background and analyzes your user behavior. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate even before the captcha is entered how likely you are to be a human. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

What data is stored by reCAPTCHA?

reCAPTCHA collects personal data from users to determine whether the actions on our website really come from people. Thus, the IP address and other data required by Google for the reCAPTCHA service may be transmitted to Google. IP addresses are usually shortened before they are transmitted to the USA. Your IP address is also not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA.

The following list of collected browser and user data contains examples of data processed by Google.

Referrer URL (the address of the page from which the visitor came)

IP address (e.g. 256.123.123.1)

Operating system info (the software that enables your computer to operate. Known operating systems are Windows, Mac OS X or Linux)

Cookies (small text files that store data in your browser)

Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored)

Date and language settings (which language or date you have preset on your PC is saved)

All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)

Screen resolution (shows how many pixels the image display consists of)

How long and where is the data stored?

By inserting reCAPTCHA, data is transmitted from you to Google. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged.

Legal basis

The legal basis for the aforementioned data processing is Art. 6 para. 1 p.1 lit. f DSGVO. Our legitimate interest in this data processing is with regard to ensuring the security of our website and protection against automated entries (attacks).

For more information about the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, please visit https://www.google.com/policies/privacy/.

Opt-out: https://adssettings.google.com/authenticated

How can I delete my data?

Basically, as soon as you visit our site, the data is automatically transmitted to Google. To delete this data again, you need to contact Google support at https://support.google.com/?hl=de&tid=311289416.

Stripe Privacy Policy

What is Stripe ?

We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed through Stripe Payments. In this process, data necessary for the payment process will be forwarded to Stripe and stored.

Stripe handles the entire payment process. A big advantage of Stripe is, for example, that you never have to leave our website or store during the payment process and the payment processing is very fast.

Why do we use Stripe for our website?

We want to offer the best possible service with our website and our integrated online store, so that you feel comfortable on our site and use our offers.

What data is stored by Stripe?

If you choose Stripe as your payment method, personal data about you will be transmitted to Stripe and stored there. This data includes the payment method (i.e. credit card, debit card or account number), bank code, currency, amount and date of payment. In the case of a transaction, your name, email address, billing or shipping address, and transaction history may also be transmitted. This data is necessary for authentication. Furthermore, for fraud prevention, financial reporting and to fully provide its own services, Stripe may also collect, in addition to technical data about your device (such as IP address), name, address, phone number and your country.

Stripe does not sell your data to third parties. However, the data may be shared with internal departments, a limited number of external Stripe partners, or for regulatory compliance purposes, for example.

How long and where is the data stored?

Personal data is stored for the duration of the service provision by Stripe . That is, the data is stored until we terminate our relationship with Stripe. However, in order to comply with legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. Because Stripe is a global company, data may also be stored in any country where Stripe provides services. Thus, data may also be stored outside of your country, for example in the.

We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Stripe. This may result in data not being processed and stored anonymously where applicable. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from possible other Stripe services where you have a user account.

Legal basis

The legal basis for the consent associated with this is Art. 6 (1) b) DSGVO, i.e. the fulfillment of your agreement with Stripe on the processing of your payment. We therefore offer the payment service provider Sofortüberweisung in addition to traditional banking/credit institutions for the processing of contractual or legal relationships (Art. 6 para. 1 b) DSGVO).

If you would like to obtain further information, the detailed Stripe privacy policy at https://stripe.com/at/privacy serves as a good source.

Integration of the Trusted Shops trustbadge / other widgets

Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected ratings) and to offer Trusted Shops products to buyers after an order has been placed.

This serves to protect our legitimate interests in optimal marketing by enabling secure shopping, which prevail in the context of a balancing of interests in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany, with whom we are jointly responsible for data protection pursuant to Art. 26 DSGVO. In the following, we inform you about the essential contractual contents according to Art. 26 (2) DSGVO within the framework of this data protection notice.

The trust badge is provided as part of a joint responsibility by a US CDN provider (content delivery network). An appropriate level of data protection is ensured by standard data protection clauses and other contractual measures. Further information on the data protection of Trusted Shops GmbH can be found in their privacy policy.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to you personally. The anonymized data is used in particular for statistical purposes and for error analysis.

After order completion, your e-mail address, which is hashed by cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will be given the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data is automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 lit. f DSGVO for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and further contractual measures and in the case of Israel by an adequacy decision.

Within the framework of the joint responsibility existing between us and Trusted Shops GmbH, please prefer to contact Trusted Shops GmbH with data protection questions and to assert your rights using the contact options provided in the data protection information linked above. Irrespective of this, however, you can always contact the responsible person of your choice. Your inquiry will then, if necessary, be forwarded to the other responsible party for a response.

YouTube Privacy Policy

What is YouTube?

We have integrated YouTube videos on our website to present you with interesting videos directly on our site. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. In the process, various data are transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. With the help of our embedded videos, we provide you with other helpful content in addition to our text and images. Also, when we run ads through Google Ads, Google - thanks to the data it collects - can really only show those ads to people who are interested in what we have to offer.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets a cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, sharing content via social media or adding to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. For example, your preferred language setting is retained. But a lot of interaction data can't be stored because fewer cookies are set.

Where is the data stored?

The data YouTube receives and processes from you is stored on Google servers. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Basically, you can delete data in the Google account manually. With the automatic deletion function of location and activity data, information is stored depending on your decision - either 3 or 18 months and then deleted.

We would like to point out that there is currently no adequate level of protection for data transfer to the USA. The data processing is essentially carried out by YouTube. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from other YouTube or Google services with which you have a user account.

Legal basis

The legal basis for the data processing associated with this is Art. 49 (1) a) DSGVO or Art. 6 (1) a) DSGVO.

Revocation

You can revoke your consent to the use of YouTube at any time with effect for the future here.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.

All texts are protected by copyright.

Use of WhatsApp

In communication with our customers, we use the messenger service of WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, e-mail: [email protected]). Of course, the use of this service is voluntary. You can still contact us quickly by phone or e-mail. A prerequisite for the use of the WhatsApp messenger service is that you consent to its use and in this course agree to your personal data being transferred to the USA. There is currently no decision by the EU Commission that the USA offers an adequate level of data protection. This means that there is a risk that your data is not protected by WhatsApp or its parent company Facebook in the same way as in the European Union. The use of the WhatsApp messenger service and the associated transfer of your data to the USA therefore only takes place on the basis of your expressly declared consent. Legal bases in this respect are Art. 6 para. 1 a) DSGVO or Art. 49 para. 1 a) DSGVO in conjunction with your consent.

Revocation: You can revoke your consent to the use of the Messenger service of WhatsApp at any time with effect for the future by sending us an email to: [email protected].

In addition, the WhatsApp offer also includes so-called location-based services, with which you are provided with special offers that are tailored to your respective location. You can only use these functions after you have agreed via a pop-up that your location data by means of GPS and your IP address are transmitted to WhatsApp in anonymized form for the purpose of providing the service.

You can find more information about data processing by WhatsApp in WhatsApp's privacy information. There you will also find further information on your rights in this regard and setting options to protect your privacy, https://www.whatsapp.com/legal/updates/privacy-policy-eea. Finally, WhatsApp explains the data transfers that take place as part of WhatsApp Business at https://www.whatsapp.com/legal/business-data-transfer-addendum/?lang=de and https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927.

Pinterest

Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA.

Privacy Policy /Opt-Out:

https://about.pinterest.com/de/privacy-policy.

Registration

You have the option of registering on our website by entering your personal data. The data is entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process:

  • First name
  • Name
  • E-mail address

The following data is also stored at the time of registration:

  • The IP address of the user
  • Date and time of registration

Legal basis

Registration regularly serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures in the form of extended use of our website. The legal basis for processing the data is therefore Art. 6 para. 1 p. 1 lit. b DSGVO.

After registration, you have the following options in your account area:

  • Manage profile data
  • Manage address book
  • Change e-mail address and password
  • Subscribe to or unsubscribe from the newsletter
  • Manage credit card

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process, when the registration on our website is cancelled or modified.

This is the case for the data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer necessary for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to fulfill contractual or legal obligations.

Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed cannot be determined in general terms, but must be determined on a case-by-case basis for the contracts concluded and the contracting parties.

You have the possibility to cancel your registration on our homepage at any time. Furthermore, you can also have data stored about you changed at any time.

The following is a more detailed description of how a deletion of the account and a change of data is possible:

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible insofar as contractual or legal obligations do not prevent a deletion.

Electronic contact

It is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the communication.

Legal basis

The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 p.1 lit. b DSGVO.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts concerned have been conclusively clarified.

Use of data for postal advertising and your right to object

We reserve the right to store your first and last name, your postal address and - insofar as we have received this additional information from you within the framework of the contractual relationship - your occupation, industry or business name (etc) and to use it for our own advertising purposes, e.g. to send you interesting offers and information about our products by mail. The legal basis for this is Art. 6 para.1 p.1 lit. f DSGVO (legitimate interest). You can object to the storage and use of your data for these purposes at any time by sending a message to [email protected]

Status: January 2022