Privacy policy

Privacy policy in accordance with the GDPR

I. Name and address of the controller

MLC-direct GmbH

Paulinenallee 32

20259 Hamburg

Tel.

Email: wsm@mlc-direct.de

Controller within the meaning of Section 18 (2) MStV: David Wohde

Managing Directors: David Wohde, Steven Potschull

Company headquarters: Hamburg

Commercial register: HRB183961

Tax office: Frankfurt am Main

VAT ID No.: DE365736834

Website: https://www.daytox.de

is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.

II. Name and address of the data protection officer

The controller's data protection champion is:

Matthias Siwy

Email: support@mlc-direct.de

III. General information on data processing

1. Scope of processing personal data

We only collect and use personal data from users of our website to the extent necessary to provide a functional website, our content and services.

As a matter of principle, the collection and use of our users' personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by law or where it is not possible to obtain prior consent for practical reasons.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data is generally derived from:

Art. 6 (1) (a) GDPR when obtaining the consent of the data subject.

Art. 6 (1) (b) GDPR for processing that serves to fulfil a contract to which the data subject is a party. This also includes processing operations that are necessary for the implementation of pre-contractual measures.

Art. 6 (1) (c) GDPR for processing that is necessary to fulfil a legal obligation.

Art. 6 (1) (d) GDPR if the vital interests of the data subject or another natural person require the processing of personal data.

Art. 6 (1) (f) GDPR, if processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest. In order to be able to base the processing of personal data on a legitimate interest, a review is carried out for each relevant process in consultation with the data protection officer, whereby the following three conditions must be met:

1) The controller or a third party has a legitimate interest in the data processing.

2) The processing is necessary to safeguard the legitimate interest.

3) The interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override this interest.

3. Data deletion and storage period

Users' personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Use of our website, general information

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information may be collected:

Information about the browser type and version used, the user's operating system, the user's Internet service provider, the user's IP address, the date and time of access, websites from which the user's system accesses our website, websites accessed by the user's system via our website

The data described is stored in our system's log files. This data is not stored together with other personal data of the user.

2. Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data helps us to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.

The collection of your personal data for the provision of our website and the storage of the data in log files is essential for the operation of the website. The user therefore has no option to object.

3. Duration of storage

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is ended.

If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of users will be deleted or anonymised. It will then no longer be possible to identify the client accessing the website.

V. General information on the use of cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When you visit a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again.

We use cookies to make our homepage more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

TTDSG:

The legal basis for the storage of cookies, device identifiers and similar tracking technologies, or for the storage of information in the end user's terminal equipment and access to this information, is the European ePrivacy Directive in conjunction with the Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).

Please note that the legal basis for the processing of personal data collected in this context is then derived from the GDPR (Art. 6 (1) sentence 1 GDPR). The legal basis for the processing of personal data relevant in each specific case can be found below the respective cookie or the respective processing itself.

The primary legal basis for storing information in the end user's terminal equipment – in particular for storing cookies – is your consent, Section 25 (1) sentence 1 TTDSG. Consent is given when you visit our website – although this is of course not mandatory – and can be revoked at any time in the cookie settings.

According to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. The cookie settings show you which cookies are classified as strictly necessary (often referred to as ‘technically necessary cookies’) and therefore fall under the exemption of Section 25 (2) TTDSG and do not require consent.

GDPR:

When cookies are used, the following data is stored and transmitted:

Items in a shopping basket, log-in information

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 sentence 1 lit. f GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.

We would like to point out that certain functions of our website can only be offered with the use of cookies.

These are the following applications:

Shopping basket, saving search terms

We do not use user data collected by technically necessary cookies to create user profiles.

Cookies are stored on the user's computer and transmitted to our site by the user. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes to your internet browser settings. Stored cookies can also be deleted there. Please note that you may not be able to use all the functions of our website if you deactivate cookies.

The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 para. 1 sentence 1 lit. a GDPR, provided that the user has given their consent.

Cookie consent with Consentmanager:

We have integrated the consent management tool ‘consentmanager’ (www.consentmanager.net) from Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) into our website in order to request consent for data processing or the use of cookies or similar functions. With the help of ‘consentmanager’, you have the option of giving or refusing your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, reach measurement and personalised advertising. With the help of ‘consentmanager’, you can give or refuse your consent for all functions or give your consent for individual purposes or individual functions. You can also change the settings you have made at a later date. The purpose of integrating ‘consentmanager’ is to allow users of our website to decide on the above-mentioned matters and to offer them the option of changing settings they have already made when continuing to use our website. When using ‘consentmanager’, personal data and information about the end devices used, such as the IP address, are processed.

The legal basis for the processing is Art. 6 (1) (c) in conjunction with Art. 6 (3) (a) in conjunction with Art. 7 (1) GDPR and, alternatively, (f). By processing the data, we help our customers (the controllers under the GDPR) to fulfil their legal obligations (e.g. duty of proof).

‘Consentmanager’ stores your data for as long as your user settings are active. Thirteen months after the user settings have been made, consent is requested again. The user settings made are then stored again for this period.

You can object to the processing. You have the right to object for reasons arising from your particular situation. To object, please contact us by email at info@consentmanager.net

https://delivery.consentmanager.net/delivery/vendorlist.php?cdid=09d9601ecb05%22 Here you can view and adjust your cookie settings.

VI. Your rights / rights of the data subject

Under the EU General Data Protection Regulation, you as the data subject have the following rights:

1. Right to information

You have the right to obtain information from us as the controller as to whether and which personal data concerning you is processed by us, as well as further information in accordance with the legal requirements under Articles 13 and 14 of the GDPR.

You can assert your right to information at: support@mlc-direct.de

2. Right to rectification

If the personal data we process concerning you is incorrect or incomplete, you have the right to request that we correct and/or complete it. The correction will be made immediately.

3. Right to restriction

You have the right to restrict the processing of personal data concerning you in accordance with the statutory provisions (Art. 18 GDPR).

4. Right to erasure

If the reasons set out in Art. 17 GDPR apply, you may request that the personal data concerning you be erased without delay.

Please note that the right to erasure does not apply if the processing is necessary for one of the exceptions listed in Art. 17(3).

5. Right to be informed

If you have exercised your right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

6. Right to data portability

Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

7. Right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. We would like to point out that revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent until revocation.

8. Right to object

Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR.

9. Automated decision-making in individual cases, including profiling

Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

VII. Data transfer outside the EU

The GDPR ensures a uniformly high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We only allow your data to be processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognised determination by the EU Commission of a level of data protection equivalent to that of the EU or the observance of officially recognised special contractual obligations, the so-called ‘standard data protection clauses’.

VIII. Minors under the age of 16

Minors under the age of 16 are expressly not the target audience of our website and our offers on this website. We would like to point out that legal guardians must supervise their children's online activities. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect such data and do not pass it on to third parties.

IX.Newsletter

1. General

You can subscribe to a free newsletter on our homepage, which we use to inform you about our current interesting offers. The advertised goods and services are specified in the declaration of consent. The data you enter in the input mask during registration will be transmitted to us.

We collect the following data on the basis of the consent obtained from you during the registration process:

Email address

Furthermore, the following data is stored at the time of transmission:

IP address of the accessing computer, date and time of registration

Your data will not be passed on in connection with data processing for the purpose of sending newsletters. The data will be used exclusively for sending the newsletter.

2. Double opt-in and logging

Registration for our newsletter takes place in a so-called double opt-in procedure. After registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address.

3. Legal basis

The legal basis for the processing of data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given their consent. The user's email address is collected for the purpose of delivering the newsletter.

4. Deletion, revocation and objection

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your email address will therefore be stored for as long as your subscription to the newsletter is active. You can unsubscribe from the newsletter at any time by revoking your consent. For this purpose, there is a corresponding link in every newsletter.

We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements of Art. 21 GDPR. In particular, you can object to processing for direct marketing purposes.

5. Shipping service provider Klaviyo / Statistical survey

We use the services of Klaviyo to send our email newsletters. The provider is Klaviyo, 125 Summer St, Boston, MA 02110, USA. Klaviyo is a service that is used, among other things, to organise and analyse email newsletters.

When you enter data for the purpose of receiving email newsletters (e.g. your email address), this data is stored on Klaviyo's servers in the USA. Klaviyo enables us to analyse our email newsletter campaigns. When you open an email sent with Klaviyo, a file contained in the email (known as a web beacon) connects to Klaviyo's servers in the USA. This allows us to determine whether an email newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective email newsletter recipient. It is used exclusively for the statistical evaluation of email newsletter campaigns. The results of these analyses can be used to better tailor future email newsletters to the interests of the recipient.

The legal basis for the associated data processing for the sending of email newsletters by Klaviyo is your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with your consent. You can revoke your consent at any time by unsubscribing from the email newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

We have also concluded the so-called ‘Standard Contractual Clauses’ with Klaviyo, in which we oblige Klaviyo to protect our customers' data and not to pass it on to third parties.

The Data Processing Agreement, which complies with the Standard Contractual Clauses, can be found at https://www.klaviyo.com/legal/dpa.

You can find out more about the data processed through the use of Klaviyo in the privacy policy at https://www.klaviyo.com/legal/privacy-policy.

X. Legal basis for electronic contact

1. Contact form / email

If you wish to contact us, a contact form is available on our homepage, which you can use to contact us electronically. The data entered in the input mask will be transmitted to us and stored. This data includes:

Name*, email address*, subject*, order number, transaction ID

When the message is sent, the following data is also stored:

The user's IP address, date and time of sending

It is also possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

Your data will not be passed on to third parties in this context; the data will be used exclusively for the purpose of processing the communication.

The processing of the contact request and its handling is regularly Art. 6 (1) (b) GDPR.

If further personal data is processed during the sending process, this is only to prevent misuse of the contact form and to ensure the security of our information technology systems.

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

CRM tool Groove

We use the ‘Groove’ service from Groove Networks, LLC. (2 Dearborn St. Newport, RI, USA, ‘Groove’) to process your enquiries when you contact us by email or via the contact form. If you do not want Groove to process your data, we offer you an alternative contact option by telephone or post.

We use Groove to process enquiries more quickly and efficiently. When you send us an enquiry by email, Groove collects and processes the above-mentioned data. We have concluded a contract with Groove for commissioned data processing.

The data transferred for this purpose may be transferred to the USA. The transfer is based on a contract concluded with Groove Networks, LLC. on standard contractual clauses.

For more information on Groove's data protection, please visit https://www.groovehq.com/our/privacy and https://www.groovehq.com/our/dpa.

2. WhatsApp

We also use the WhatsApp messenger service (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, email: bd@whatsapp.com) to communicate with our customers. Of course, the use of this service is voluntary. You can still contact us quickly by telephone or email. To use the WhatsApp messenger service, you must consent to its use and agree that your personal data will be transferred to the USA. The legal basis for this is Art. 6 (1) (a) GDPR.

Revocation: You can revoke your consent to the use of the WhatsApp messenger service at any time with future effect by sending us an email to: Datenschutz@daytox.de.

WhatsApp also offers location-based services, which provide you with special offers tailored to your location. You can only use these features after you have agreed via a pop-up that your location data will be transmitted to WhatsApp in anonymised form via GPS and your IP address for the purpose of providing the service.

For more information about data processing by WhatsApp, please refer to WhatsApp's privacy policy. There you will also find further information about your rights in this regard and settings options for protecting your privacy, https://www.whatsapp.com/legal/updates/privacy-policy-eea. Finally, WhatsApp explains the data transfers that take place within the framework of WhatsApp Business at https://www.whatsapp.com/legal/business-data-transfer-addendum/? lang=en, and https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927.

XI.Registration

1. Direct registration

You have the option of registering on our homepage by providing your personal data. The data is entered into an input mask, transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

First name*, surname*, email address*, date of birth

The following data is also stored at the time of registration:

The user's IP address, date and time of registration

Registration is regularly used to fulfil a contract to which the user is a party or to carry out pre-contractual measures in the form of extended use of our website. The legal basis for the processing of the data is therefore Art. 6 (1) (b) GDPR.

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data collected during the registration process if the registration on our website is cancelled or modified.

This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to comply with contractual or legal obligations.

Continuing obligations require the storage of personal data for the duration of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed in this regard cannot be determined on a general basis, but must be determined on a case-by-case basis for the respective contracts and contracting parties.

You can cancel your registration on our website at any time. You can also have your stored data changed at any time.

To do so, please send an email to support@mlc-direct.de

If the data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.

XII. Application form

On this website, we show you job vacancies for which interested parties can apply by email. Unsolicited applications can also be sent to us by email. In the case of a received application, we process the data received from the applicant exclusively for the purpose of processing the potential filling of the vacant position.

The primary legal basis for this is Art. 88 GDPR in conjunction with § 26 (1) BDSG.

Within our company, only those persons who are responsible for handling the application process and who are decision-makers regarding the outcome of the application have access to your personal data.

We delete your personal data as soon as it is no longer required for the above-mentioned purposes. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interests in this sense include, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).

Your personal data will not be passed on to third parties.

XIII.Shop

You have the option of ordering our care and beauty products directly from our homepage. During the ordering process, we use the contact details you provided during registration or collect the personal data you entered in the input mask.

This includes the following data:

Email address*, first name*, surname*, telephone number, street and house number*, country*, postcode*, city*, company name

The following data is also stored at the time of the order process:

User's IP address, date and time of order

If you wish to place an order in our shop, it is necessary for the conclusion of the contract that you provide your personal data, which we require to process your order. For processing purposes, we pass on your data to the relevant payment and delivery service providers. The legal basis for this is Art. 6 (1) (b) GDPR.

We are obliged by commercial and tax law to store your address, payment and order data for a period of 10 years. However, after 6 years we restrict processing, i.e. your data will only be used to comply with legal obligations. To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process takes place via an encrypted connection.

Integration of the Trusted Shops Trustbadge

Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g. seals of approval, collected reviews) and to offer Trusted Shops products to buyers after they have placed an order.

This serves to safeguard our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 (1) (f) GDPR. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible for data protection in accordance with Art. 26 GDPR. In this privacy policy, we will inform you about the essential contractual content in accordance with Art. 26 (2) GDPR.

The Trustbadge is provided by a US CDN (content delivery network) provider as part of a joint responsibility. An adequate level of data protection is ensured by standard data protection clauses and other contractual measures. Further information on data protection at Trusted Shops GmbH can be found in their privacy policy.

When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to your person. The anonymised data is used in particular for statistical purposes and for error analysis.

After completing your order, your email address, which has been hashed using a cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis for this is Art. 6 (1) (f) GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in providing the buyer protection and transactional evaluation services linked to the specific order in accordance with Art. 6 (1) (f) GDPR. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will then have the opportunity to do so for the first time. Further processing after registration is also based on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and it will no longer be possible to identify you personally.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis for this is Art. 6 (1) (f) GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and other contractual measures, and in the case of Israel by an adequacy decision.

Within the framework of the joint responsibility between us and Trusted Shops GmbH, if you have any questions about data protection or wish to assert your rights, please contact Trusted Shops GmbH using the contact details provided in the data protection information linked above. Regardless of this, you can always contact the controller of your choice. If necessary, your enquiry will then be forwarded to the other controller for a response.

XIV. Encrypted payment transactions on this website

If, after concluding a contract subject to a fee, you are obliged to provide us with your payment details (e.g. account number for direct debit authorisation), this data is required for payment processing.

Payment transactions using common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

With encrypted communication, your payment details that you send to us cannot be read by third parties.

1. Klarna

In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, we offer the following payment options. Payment is made to Klarna by direct debit. The debit will be made after the goods have been dispatched. You will be notified of the date by email.

The use of the payment methods invoice, instalment purchase and direct debit requires a positive credit check. In this respect, we forward your data to Klarna for the purpose of address and credit checks in the context of initiating and processing the purchase contract. Please understand that we can only offer you those payment methods that are permitted based on the results of the credit check.

The transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

Further information and Klarna's terms of use can be found here. Your personal data will be treated by Klarna in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

2. PayPal

When paying via PayPal, we will pass on your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter ‘PayPal’) for the purpose of payment processing.

The transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – ‘purchase on account’ or ‘instalment payment’ via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. For further information on data protection, including the credit agencies used, please refer to PayPal's privacy policy: www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

3. Google Pay

When you pay via Google Pay, we pass on your payment details to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for payment processing.

In addition to your payment information, data about your order (date, time, information about the products or services purchased, etc.) may also be forwarded to Google. The transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

When using Google's services, your personal data may be transferred to countries outside the European Union (third countries).

For more information on Google Pay's privacy policy, please visit: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

4. Apple Pay

We also offer payment via Apple Pay on our website. This payment service is provided by Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (hereinafter ‘Apple Pay’). If you choose to pay via Apple Pay, the payment details you enter will be transmitted to Apple Pay.

In addition to your payment information, data about your order (date, time, information about the products or services purchased, etc.) may also be forwarded to Apple Pay. The transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

For more information on Google Pay's privacy policy, please visit:

https://www.apple.com/legal/privacy/de-ww/ and

https://www.apple.com/de/privacy/.

XV.Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool itself (which implements the tags) does not use cookies and, for technical reasons, only collects your IP address. The tool triggers other tags, which in turn may set cookies and collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

If we have obtained your consent, the legal basis for the use of Google Tag Manager is Art. 6 para. 1 sentence 1 lit. a GDPR. Otherwise, the legal basis for the use of the technically necessary cookie arises from our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Further information can be found in the provider's terms of use at: https://www.google.com/intl/de/tagmanager/use-policy.html

XVI.Google ReCaptcha

We also use the Google service reCaptcha on our website to determine whether a human or a computer is making a particular entry in our contact or newsletter form.

Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website you are visiting and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha surfaces, and tasks in which you must identify images.

The legal basis for the aforementioned data processing is Art. 6 (1) (f) GDPR. Our legitimate interest in this data processing lies in ensuring the security of our website and protecting it from automated inputs (attacks).

Further information about the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is available at https://www.google.com/policies/privacy/

Opt-out: https://adssettings.google.com/authenticated

XVII. Google Web Fonts

Based on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, we integrate the fonts (‘Google Web Fonts’) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The aim is to optimise and economically operate our homepage. We host the fonts from our own servers so that no data is transmitted to Google.

The provider's privacy policy can be found at: https://www.google.com/policies/privacy

XVIII.Cloudflare

In order to offer you secure data transmission on our website using SSL encryption and to protect our website against malicious, mass (DDoS) or other attacks that would disrupt or prevent the operation of the website, we use the services of Cloudflare, Inc. 101 Townsend St San Francisco, CA 94107.

We have concluded a corresponding agreement with Cloudflare for order processing on the basis of the GDPR.

As part of the protection of this website, Cloudflare uses a script and possibly a cookie in your browser. This cookie is used to validate access and to detect malicious access attempts. Cloudflare collects statistical data about visits to this website. The access data includes:

Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Cloudflare uses the log data for statistical evaluations for the purpose of operating, securing and optimising the website. Please also read Cloudflare's privacy policy, which is available here https://www.cloudflare.com/privacypolicy/.

The legal basis for the use of Cloudflare is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which consists of the purposes described above.

Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

You can prevent the collection, forwarding and processing of this data by deactivating the execution of script code in your browser, installing a script blocker in your browser (you can find this, for example, at www.noscript.net) or activating the ‘Do Not Track’ setting in your browser.

XIX. Web analytics

1. Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’).

The use of Google Analytics 4 enables us to use a wide range of applications. We operate Google Analytics 4 using the following technologies:

Cookies
Scripts

This stores and retrieves information on your computer, which enables us to analyse your use of the website. The information generated in this way about your use of this website is usually transferred to a Google server in the USA and stored there. Your IP address is anonymised by default before being transmitted to us and Google. The full IP address is transmitted to a Google server in the USA, but is truncated there immediately. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 (1) (a) GDPR.

During your visit to the website, your user behaviour is recorded in the form of ‘events’. Events can include:

Page views
First visit to the website
Start of session
Your ‘click path’, interaction with the website
Scrolls (whenever a user scrolls to the bottom of the page (90%))
Clicks on external links
Internal search queries
Interaction with videos
File downloads
Advertisements viewed/clicked on
Language setting

The following may also be recorded:

Your approximate location (region)
Your IP address (in abbreviated form)
Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
Your internet service provider
The referrer URL (which website/advertising medium you used to access this website)

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

Google Analytics 4 uses machine learning to better understand user behaviour. These algorithms help to close data gaps that arise, for example, due to tracking errors.

They also serve as the basis for predictive metrics, which use historical data to predict user behaviour in the future as accurately as possible. These predictions can be used, for example, to forecast the likelihood of user churn or purchases and sales.

The recipients of the data may be:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

We store your data for a period of 12 months.

Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: https://marketingplatform.google.com/about/analytics/terms/de/, privacy policy overview: https://policies.google.com/?hl=de

2. Matomo

This website uses the web analytics service Matomo to analyse and regularly improve the use of our website. Matomo collects your anonymised IP address, your pseudo-anonymised location (based on the anonymised IP address), date and time, title of the page accessed, URL of the page accessed, URL of the previous page (if permitted), screen resolution, external links, duration of page load, main language of the browser and the browser's user agent.

Matomo also creates so-called heat maps and session recordings, which record your interactions with forms (but not their content), files that have been clicked on and downloaded, the movement of the mouse pointer, and your clicking and scrolling behaviour.

The statistics obtained in this way enable us to improve our offering and make it more interesting for you as a user. The legal basis for the use of Matomo is your consent in accordance with Art. 6 (1) (a) GDPR.

Cookies are stored on your computer for the purpose of evaluation. The information collected in this way is stored exclusively on the controller's server in Germany.

We use Matomo with the ‘AnonymizeIP’ extension. This means that IP addresses are shortened before being processed, thus ruling out any direct personal references. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

Information on data protection from the third-party provider can be found at https://matomo.org/privacy-policy/.

3. Taboola

To increase the attractiveness, content and functionality of the website, we use technologies from Taboola Inc., London (Oneus-tonsq, 40 Melton Street, 13th Floor, London, NW1 2FD) on our website. This enables us to recommend content that matches your personal interests and thus tailor our offering to you individually. Taboola uses cookies to determine which websites you visit frequently and how you navigate our website. For this purpose, device-related data and log data are collected and usage profiles are created using pseudonyms. These usage profiles are not merged with data about the bearer of the pseudonym and do not allow any conclusions to be drawn about your personal data. Your IP address, for example, is transmitted to Taboola in truncated form.

The legal basis for the processing of your data is Art. 6 (1) (a) GDPR.

For more information about Taboola, please visit https://www.taboola.com/privacy-policy. You can find a way to deactivate the service on the Digital Advertising Alliance website at http://optout.aboutads.info/?c=2&lang=EN.

4. AWIN (Digital Window)

We participate in the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter ‘AWIN’). As part of its tracking services, AWIN stores cookies (Digital Window) on the end devices of users who visit or use its customers' websites or other online offerings (e.g. to register for a newsletter or place an order in an online shop) for the purpose of documenting transactions (e.g. leads and sales). These cookies serve the sole purpose of correctly attributing the success of an advertising medium and the corresponding billing within its network.

A cookie only stores information about when a particular advertising medium was clicked on by a device. AWIN tracking cookies store an individual sequence of numbers that cannot be assigned to individual users, which is used to document the advertiser's affiliate programme, the publisher and the time of the user's action (click or view). AWIN also collects information about the device from which a transaction is carried out, e.g. the operating system and the browser used. The legal basis for this is your consent in accordance with Art. 6 (1) (1) GDPR.

Further information on data use by AWIN can be found in the company's privacy policy: www.awin.com/de/rechtliches/.

5. Outbrain Amplify

We use ‘Outbrain Amplify’, a service provided by Outbrain UK Ltd., 5 New Bridge Street, London, EC4V 6JA, UK (hereinafter referred to as ‘Outbrain’) on our website. Outbrain stores and processes information about your user behaviour on our website. Outbrain uses cookies for this purpose, i.e. small text files that are stored locally in the cache of your web browser on your device and enable an analysis of your use of our website.

We use Outbrain Amplify for marketing and optimisation purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour, we can improve our offering and make it more interesting for you as a user. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR.

Further information on data protection from the third-party provider can be found on the following website: http://www.outbrain.com/de/legal/privacy.

6. NEORY Marketing Cloud

We use the ‘NEORY Marketing Cloud’ service provided by NEORY GmbH, Brandschachtstraße 2, D-44149 Dortmund, Germany, to conduct effective market research/analysis, collect statistical data for campaign tracking, and optimise the user-friendliness of our offering.

This is done using pseudonymous usage profiles, in which no personal data is used, only anonymised or pseudonymised data. So-called cookies may be used for this purpose. The following data, among other things, is collected: time of access, channel information including possible parameters, and domain of the referrer. The data is not used to personally identify visitors to this website.

NEORY GmbH will use the transmitted data on our behalf, in particular to carry out campaign tracking. All of the above-mentioned data is collected exclusively for this purpose and stored without personal reference.

Processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

Further information on data protection is available at https://www.neory.com/privacy-policy.

7. TikTok Analytics / TikTok Pixel

We use TikTok Pixel on our website. TikTok Pixel is a TikTok advertiser tool provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (collectively ‘TikTok’).

TikTok Pixel is a JavaScript code snippet that enables us to understand and track the activities of visitors to our website. To this end, TikTok Pixel collects and processes information about visitors to our website or the devices they use. The data collected via the TikTok Pixel is used to target our advertisements, improve ad delivery and personalise advertising. To this end, the data collected on our website using the TikTok Pixel is transmitted to TikTok. Some of this data is information stored on your device. In addition, the TikTok Pixel also uses cookies to store information on your device.

Processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

For more information on how TikTok processes personal data, please refer to TikTok's privacy policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.

XXI. Social media

1. Social media presence

We maintain fan pages on various social networks and platforms with the aim of communicating with customers, interested parties and users who are active there and informing them about our services.

We would like to point out that your personal data may be processed outside the European Union, which may entail risks for you (e.g. in enforcing your rights under European/British law).

User data is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behaviour and the resulting interests of users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that are likely to correspond to the interests of users. For these purposes, cookies are usually stored on users' computers, in which the usage behaviour and interests of users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (in particular if users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with them in accordance with Art. 6(1)(f) of the GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

Further information on the processing of your personal data and your options for objection can be found under the links of the respective provider listed below. The assertion of information and other rights of the data subjects can also be made against the providers, who then only have direct access to the users' data and have the relevant information at their disposal. We are of course available to answer any questions you may have and will assist you if you need help.

We currently use the following social media platforms:

a) Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Opt-out: https://www.facebook.com/settings?tab=ads

and http://www.youronlinechoices.com

b) Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

c) YouTube (Google)

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Opt-out: https://adssettings.google.com/authenticated

d) Pinterest

Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA

https://about.pinterest.com/de/privacy-policy.

2. Integration of YouTube video links

We have integrated links to YouTube videos into our online offering. These links lead directly to the YouTube video platform, so no data about you as a user is transferred to YouTube if you do not play the videos. Only when you click on the videos and access the YouTube platform will the data mentioned in paragraph 2 be transferred. We have no influence on this data transfer.

If you are logged in to Google, your data will be directly associated with your account. If you do not want this association with your YouTube profile, you must log out before clicking on the link. YouTube stores your data as usage profiles and uses it for advertising, market research and/or the design of its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Insofar as we obtain your consent, the legal basis for the use of the plug-in is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can find out how the respective social media providers process your personal data in the respective privacy policy. We are not responsible for the data processing of social media providers within the meaning of the GDPR.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy

Opt-out: https://support.google.com/ads/answer/10261289?hl=de&ref_topic=7048998.

XXII. Online advertising

1. Google AdSense

On our homepage, we use the online advertising service Google AdSense, which allows us to present you with advertising tailored to your interests. Our aim is to show you advertisements that may be of interest to you in order to make our website more interesting for you. For this purpose, statistical information about you is collected and processed by our advertising partners. These advertisements can be identified by the ‘Google Ads’ label in the respective advertisement.

When you visit our website, Google receives information that you have accessed our website. To do this, Google uses a web beacon to place a cookie on your computer. The data mentioned in section IV of this statement is transmitted. We have no influence on the data collected, nor are we aware of the full extent of the data collection and the storage period. Your data is transferred to the USA and evaluated there. If you are logged in with your Google account, your data can be directly assigned to it. If you do not want this to be associated with your Google profile, you must log out. It is possible that this data may be passed on to third parties and authorities by Google's contractual partners.

Legal basis for the processing of your data Your consent in accordance with Art. 6 (1) (a) GDPR.

You can prevent the installation of Google AdSense cookies in various ways:

a) by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies means that you will not receive any third-party advertisements;

b) by deactivating interest-based advertising on Google via the link http://www.google.de/ads/preferences, whereby this setting will be deleted if you delete your cookies;

c) by deactivating interest-based ads from providers who are part of the ‘About Ads’ self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies;

d) by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all the functions of this website to their full extent.

Further information on the purpose and scope of data collection and its processing, as well as further information on your rights in this regard and setting options for protecting your privacy, can be obtained from: Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA; privacy policy for advertising: http://www.google.de/intl/de/policies/technologies/ads.

2. Google Dynamic Remarketing

We use the Google Dynamic Remarketing application. This is a process we use to re-engage with you. This application allows us to display our advertisements to you when you continue to use the internet after visiting our website. This is done using cookies stored in your browser, which Google uses to record and evaluate your usage behaviour when you visit various websites. This allows Google to detect your previous visit to our website. According to Google, the data collected as part of remarketing is not merged with your personal data that may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.

You can prevent participation in this tracking process in various ways:

a) by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies means that you will not receive any third-party advertisements;

b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain ‘www.googleadservices.com’, https://www.google.de/settings/ads , although this setting will be deleted when you delete your cookies;

c) by deactivating interest-based ads from providers who are part of the ‘About Ads’ self-regulation campaign via the link http://www.aboutads.info/choices , although this setting will be deleted when you delete your cookies;

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org .

3. Google DoubleClick

This website also uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to track which ads are served in which browser, thus preventing them from being displayed multiple times. In addition, DoubleClick can use cookie IDs to track conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating DoubleClick, Google receives the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address.

You can prevent participation in this tracking process in various ways:

a) by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies means that you will not receive any third-party advertisements;

c) by deactivating interest-based advertising from providers who are part of the ‘About Ads’ self-regulation campaign via the link http://www.aboutads.info/choices , although this setting will be deleted if you delete your cookies;

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

4. Facebook Custom Audiences / Facebook Pixel

Furthermore, the website uses the remarketing function ‘Custom Audiences’ from Facebook Inc. (“Facebook”). This allows users of the website to be shown interest-based advertisements (‘Facebook Ads’) when visiting the social network Facebook or other websites that also use this process. Our aim is to show you advertisements that are of interest to you in order to make our website more interesting for you.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding page of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying features.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR.

Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.

XIII. Competitions

Information obligations under Art. 13 GDPR for competitions

1. Responsible body

The responsible body for data collection and processing is

MLC-direct GmbH

Paulinenallee 32

20259 Hamburg

Germany

Email: support@mlc-direct.de

Telephone: +49 (0) 40 8090 811 62

2. Data protection officer

You can contact our data protection officer at:

Email: support@mlc-direct.de

3. Purpose of processing and legal basis

The purpose of data processing is to conduct/process a competition. The following personal data is used for this purpose:

Winners:

First and last name
Email address
Address

The legal basis for data processing is Art. 6(1)(b) GDPR.

Participation in the competition is voluntary and not linked to any other services.

Any further use of the data, e.g. for marketing purposes, will only take place if the data subject has given their explicit, separate consent for this purpose. The legal basis for data processing in this context is Art. 6 (1) (a) GDPR.

You can revoke this consent at any time by sending an email to datenschutz@daytox.de. This will not incur any additional costs for you.

As of: April 2025

Privacy policy

a) Facebook

b) Instagram

c) YouTube (Google)

d) Pinterest

Follow us on

Register now for free

Privacy policy

a) Facebook

b) Instagram

c) YouTube (Google)

d) Pinterest

Follow us on

Language