Privacybeleid
This is a simple translation from our German Privacy Policy. The German text shall be legally binding. All contracts are subject to German law. The actuality and liability of the into English translated texts is not guaranteed.
Data protection declaration
1. Information about the collection of personal data and contact details of the person responsible
2. Data collection when visiting our website
3. Contacting us
4. Cookies
5. Data processing for order processing
6. Data processing when opening a customer account and for contract processing
7. Use of your data for direct advertising
8. Use of social media: video
9. Online marketing
10. Web analysis services
11. Tools and others
12. Rights of the data subject
13. Duration of storage of personal data
1. Information about the collection of personal data and contact details of the person responsible
1.1. Thank you for visiting our website. Below we would like to inform you about how your personal data is handled when you use our website. Personal data is basically all data with which you can be personally identified.
1.2. The person responsible for processing data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Fabian-Bernd Herkelmann
Schubertstr. 7
65812 Bad Soden am Taunus
Germany
Tel.:069/15246300
E-mail: info@bonkers-shop.de.
1.3. To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) over HTTPS.
2. Data collection when visiting our website
Every time you visit our website, our system automatically records data and information that your browser sends to our server (so-called "server log files"). The following data that is technically necessary for us is collected:
-
Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
The legal basis for processing is Art. 6 (1) (f) GDPR due to our legitimate interest in improving the stability and maintaining the functionality of our website. The data will not be passed on or used in any other way. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
We reserve the right to subsequently check the server log files if there are concrete indications of illegal use. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the users' IP addresses are deleted or alienated so that it is no longer possible to assign the calling client. The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no option to object.
3. Contact
If you contact us via the contact form, the data entered in the input mask will be sent to us and stored. The data collected can be found in the respective input mask. If you contact us by email, only the data you enter there will be transferred to us.
The data will be used exclusively to process the conversation and your request. The legal basis for processing the data if the user has given their consent is Art. 6 (1) (a) GDPR. The legal basis for processing data transmitted when an e-mail is sent is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and provided that there are no statutory retention periods to the contrary. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
3.1. WhatsApp Business
Visitors to our website have the option of communicating with us via WhatsApp (a service of Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).
We use the so-called "business version" of WhatsApp for this purpose. If you contact us via WhatsApp on the occasion of a specific contract, we save and use the mobile phone number you use on WhatsApp and - if published and/or transmitted - your first and last name (Art. 6 Para. 1 lit. b. GDPR) for the purpose of processing your request.
You may be asked to provide further data if this is necessary to process your request (Art. 6 Para. 1 lit. b. GDPR).
If contact via WhatsApp Business is used for general inquiries that do not relate to a specific contract, we will save and use the mobile phone number you use on WhatsApp and - if published and/or provided - your first and last name (according to Art. 6 Para. 1 lit. f. GDPR) for the purpose of processing your request.
Our legitimate interest lies in answering the questions of our customers or interested parties as quickly as possible.
The data will not be passed on to third parties.
WhatsApp Business receives access to the address book of the mobile device used for this purpose. Telephone numbers stored there are automatically transferred to a Facebook server in the USA.
The mobile device we use for WhatsApp Business only contains the WhatsApp contact details of those users who have already contacted us via WhatsApp.
When transferring data from the European Economic Area to the USA, WhatsApp relies on standard contractual clauses of the EU Commission. For further details on how WhatsApp handles data, please see WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
3.2. If you have purchased goods with digital elements or a digital product from us and we owe you updates for them in accordance with the contract, we will inform you of upcoming updates via a suitable communication channel. For this purpose, we process the data you provide when ordering (name, address, email address) for a specific purpose and only to the extent necessary. The legal basis for this processing is Art. 6 Para. 1 lit. c GDPR, namely the fulfillment of our legal obligation.
4. Cookies
Our website uses cookies.
Cookies are text files that are stored on the user's device. When a user visits a website, a cookie can be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. For the purposes mentioned above, we also have a legitimate interest in processing personal data in accordance with Art. 6 Paragraph 1 Letter f) GDPR.
In addition, our website may use cookies that enable an analysis of users' surfing behavior (so-called third-party cookies). You can find more information on the scope, purpose, legal basis and options for objection in the respective sections of the respective chapter of this data protection declaration.
You as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website, you may no longer be able to fully use all of the website's functions. You can prevent the transmission of Flash cookies by changing the settings in the Flash Player.
You can find help with the settings in the respective help menu of your browser or under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted when you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third party cookies) to recognize your browser the next time you visit (persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie.
5. Data processing for order processing
5.1. If you would like to order from our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to process your order.
In some cases, we work with external service providers to process your order. For this purpose, we must pass on the personal data required for this purpose.
If we commission transport companies to deliver your goods, we pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we pass on your data to the commissioned credit institution as far as necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the transfer of your data is Art. 6 Paragraph 1 Letter b of GDPR.
5.2. External service providers for order processing and order processing
- SendCloud
Shipping takes place via "SendCloud" (SendCloud GmbH, Kanalstr. 10, 80538 Munich). We therefore pass on your personal data to SendCloud in accordance with Art. 6 Paragraph 1 Letter b of GDPR solely for the purpose of processing your order and only to the extent necessary. Details on data protection at SendCloud can be found on the SendCloud website at www.sendcloud.de/datenschutz/.
- Lexoffice
Order processing is carried out by the service provider "lexoffice" (Haufe-Lexware GmbH & Co. KG in Freiburg i. Breisgau). We pass on your name, address and, if applicable, other personal data to lexoffice in accordance with Art. 6 Para. 1 lit. b GDPR exclusively for the purpose of processing your order and only to the extent necessary. Details on data protection at lexoffice and the data protection declaration of Haufe-Lexware GmbH & Co. KG can be found at the following link: https://www.lexoffice.de/datenschutz/
5.3. Transfer of your personal data to shipping service providers
- DHL
If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery and to the extent necessary in accordance with Art. 6 Para. 1 lit. b GDPR. Only if you have given your express consent during the ordering process will we pass on your e-mail address to DHL before delivery of the goods for the purpose of coordinating a delivery date or to provide delivery notification. Your consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider DHL.
- UPS
If the goods are delivered to you by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will only pass on the name of the recipient and the delivery address to UPS for the purpose of delivery and to the extent necessary in accordance with Art. 6 Para. 1 lit. b GDPR. Only if you have given your express consent during the ordering process will we pass on your e-mail address to UPS before delivery of the goods for the purpose of coordinating a delivery date or to provide delivery notification in accordance with Art. 6 Para. 1 lit. a GDPR. Your consent can be revoked at any time with effect for the future to the person responsible named above or to the transport service provider UPS.
5.4. Use of payment service providers
5.5. Apple Pay
If you select the payment method "Apple Pay" (a service of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), the payment is processed via the "Apple Pay" function of your iOS, watchOS or macOS device by charging a payment card that you have stored with "Apple Pay".
Your transaction is protected by the security functions of the hardware and software of your device. If a payment is to be approved, This must be released by entering a code and verifying it using the "Face ID" or "Touch ID" function of your device.
The information you provide during the ordering process, together with information about your order, will be passed on to Apple in encrypted form for the purpose of processing the payment. This data is then encrypted again by Apple and then transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. Encryption ensures that only the website on which the order was placed can access the payment data.
After payment, Apple sends the device account number and a transaction-specific, dynamic security code to the shop website to confirm the payment.
Personal data may be processed with the above-mentioned payment methods. In this case, this is done for the purpose of processing the payment in accordance with Art. 6 (1) (b) GDPR.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple can process or store data in the process. However, this is done in a format that cannot be used to identify you personally.
Information on Apple Pay's data protection policy can be found here: https://support.apple.com/de-de/HT203027
5.6. bancontact
When paying via "bancontact" via the PayPal checkout, payment processing is carried out by the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").
You can find more information about the PayPal checkout in the relevant section below.
5.7. blik
When paying via "blik" via the PayPal checkout, payment processing is carried out by the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").
You can find more information about the PayPal checkout in the relevant section below.
5.8. Google Pay
If you select the payment method "Google Pay" (a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), the payment processing is carried out via the "Google Pay" application on your Android (at least 4.4 "KitKat") mobile device with an NFC function. Payment is made using one of your payment cards stored with Google Pay or a payment system verified there (e.g. PayPal). To authorize a payment via Google Pay of more than EUR 25, you must first unlock your mobile device. The information you provide when ordering is passed on to Google for the purpose of payment processing. Google generates a unique transaction number that is sent to the ordering website to verify the payment. This transaction number is merely a numerical token that does not contain any information about your data. The actual transaction is carried out between the user and the ordering website by charging the payment method stored with Google Pay. Personal data may be processed during the processes described. In this case, processing is carried out for the purpose of payment processing in accordance with Art. 6 Paragraph 1 Letter b of GDPR.
The Google Pay terms of use can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de Further information on data protection at Google Pay can be found at the following internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de 5.9
. mybank
When paying via "mybank" via the PayPal checkout, payment processing is carried out via the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").
You can find more information about the PayPal checkout in the corresponding passage below.
- Paypal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, the payment will be processed via PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
We will pass on your personal data to PayPal as required in accordance with Art. 6 Paragraph 1 Letter b of GDPR. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal.
For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR due to PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.
What other data PayPal collects can be found in the respective PayPal privacy policy. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
5.10. Paypal Checkout
We use PayPal Checkout on this website (PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and local payment methods from third-party providers.
If you select the payment methods PayPal, credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal (if offered in each case), we will pass on your necessary payment data to PayPal for the purpose of processing the payment. The transfer is permitted in accordance with Art. 6 Para. 1 lit. b GDPR.
For the payment methods credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, PayPal may pass on your necessary payment data to credit agencies. The processing takes place on the legal basis of Art. 6 Para. 1 lit. f GDPR. PayPal has a legitimate interest in determining your ability to pay. You can object to this processing of your data at any time by sending a message to PayPal, whereby further processing of your personal data by PayPal may still be permitted if this is necessary for the contractual payment processing.
'
If you select the PayPal purchase on account payment method, we will initially transmit your payment data to PayPal in accordance with Art. 6 Para. 1 lit. b GDPR. PayPal will then forward your data to Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin to process the payment. RatePay will then carry out an identity and credit check in its own name. The legal basis for this is Art. 6 Para. 1 lit. f GDPR, the legitimate interest in determining solvency. For this purpose, RatePay will pass your payment data on to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR. Ratepay
can access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/
If you choose the payment method of a local third-party provider, we will initially pass your payment data on to PayPal in accordance with Art. 6 Para. 1 lit. b GDPR. PayPal will then pass on your payment data to the provider you have selected to carry out the payment (Article 6 (1) (b) GDPR):
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200 Vienna, Austria)
- blik (Polski Standard Płatności sp. z oo, ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
- MyBank (PRETA SAS, 40 Rue de Courcelles, F-75008 Paris, France)
For more information, see PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
5.11. Shop Pay On our website we use, among other things, payment via Shop Pay (Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4,D04 XN32, Ireland, hereinafter referred to as "Shop Pay"). When you pay with Shop Pay, your personal data is collected. Your data is transmitted to Shop Pay on the basis of Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (processing to fulfill the contract) and only to the extent necessary.
You have the option of revoking your consent to data processing at any time, whereby a revocation does not affect the effectiveness of data processing operations carried out in the past.
Further information on Shop Pay's data protection: https://www.shopify.com/pay and in Shop Pay's data protection declaration at
https://www.shopify.de/legal/datenschutz
- Stripe
If you select a payment method from the payment service provider Stripe, payment processing will be carried out by Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (hereinafter referred to as "stripe").
We will pass on your personal data along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) to Stripe in accordance with Art. 6 Para. 1 lit. b GDPR solely for the purpose of payment processing and only to the extent necessary.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, payment processing will be carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Paragraph 1 Letter b GDPR. Your data will be passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information on Shopify Payments' data protection can be found at the following internet address: https://www.shopify.com/legal/privacy
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
6. Data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data will be collected and processed in accordance with Art. 6 Paragraph 1 Letter b of GDPR. The scope of the data can be seen from the input form. The data you enter will be stored and used by us to process the contract.
You can delete your customer account at any time. This can be done by sending a message to the address of the person responsible or, if offered, directly in the customer account. In this case, we will also block your data with regard to tax and commercial retention periods and delete it after these periods have expired. This can only be contradicted by your consent to permanent storage or a legally permitted further use of data on our part.
7. Use of your data for direct advertising
Newsletter
On our website you have the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input mask is sent to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used for personal contact.
The legal basis for processing your data after registering for the newsletter is Art. 6 Paragraph 1 Letter a of GDPR if the user has given their consent. We obtain this by sending you a confirmation email containing a confirmation link after registering for the newsletter. If you click on this link, you also consent to receive the newsletter.
When you send the newsletter registration, we save your IP address and the date and time of registration. This storage serves to be able to trace any possible misuse of your email address.
We use the data we collect when you register for the newsletter exclusively for the purpose of sending the newsletter.
You can cancel your newsletter subscription at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to revoke consent to the storage of personal data collected during the registration process.
8. Use of social media: Video
8.1. Use of Vimeo videos
We integrate plug-ins from the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA on our website.
If a page on our website is accessed with such a plug-in, the browser establishes a direct connection to the Vimeo servers. The content of the plug-in is transmitted directly from Vimeo to your browser and integrated into the page. This simultaneously informs Vimeo that your browser has accessed the corresponding page (including your IP address). This also happens if you do not have a Vimeo account or are not currently logged in to Vimeo. This information is transmitted directly to a Vimeo server in the USA and stored there.
If you are logged in to Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. As soon as you interact with one of the plugins (e.g. clicking the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.
This data processing takes place in accordance with Art. 6 Para. 1 lit. a GDPR, namely your express consent.
To prevent the data from being directly assigned to your Vimeo account, you must log out of Vimeo before visiting our website.
The purpose and scope of data collection and the further processing and use of the data by Vimeo as well as your related rights and setting options to protect your privacy can be found in Vimeo's privacy policy: http://vimeo.com/privacy
The tracking tool Google Analytics is automatically integrated into Vimeo videos that are embedded on this website. This is Vimeo's own tracking, to which we have no access and which we cannot influence. Google Analytics uses "cookies" for tracking. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
This processing is carried out in accordance with Art. 6 Para. 1 lit. a GDPR on the basis of your express consent.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://vimeo.com/privacy
8.2. Use of YouTube videos
On this website we use the YouTube embedding function to display and play videos from the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use the extended data protection mode, which, according to the provider, only starts saving user information when the video(s) is played. When you start playing embedded YouTube videos, the provider "Youtube" uses cookies to collect information about your user behavior. According to "Youtube", these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account.
If you do not want to be assigned to your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
Such an evaluation is carried out in particular in accordance with Art. 6 Para. 1 lit. a GDPR on the basis of your express consent.
You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right. Regardless of whether the embedded videos are played, a connection to the Google network "DoubleClick" is established each time this website is accessed, which can trigger further data processing operations without our control.
Data may also be transmitted to the servers of Google LLC in the USA. Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://policies.google.com/privacy?hl=de Settings for personalized advertising are possible at: https://adssettings.google.com/authenticated .
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/
9. Online marketing
Use of Google Ads Conversion Tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
This involves advertising for our offers on external websites using advertising materials (so-called Google Adwords). Our legitimate interest lies in displaying advertising that is of interest to you and in achieving a fair calculation of advertising costs. The legal basis is Art. 6 Para. 1 lit. a GDPR, namely your express consent.
Google Ads uses cookies for conversion tracking, which are set when you click on an AdWords ad placed by Google.
These cookies usually expire after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Ads customers' websites.
The information obtained in this way is used to create conversion statistics for Ads customers on the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.
This does not allow you to be personally identified.
If you want to prevent tracking, you can deactivate the Google Conversion Tracking cookie in your Internet browser under user settings.
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU. You can find more information about Google's data protection policy at the following Internet address: http://www.google.de/policies/privacy/ You can permanently deactivate the conversion cookies by setting your browser accordingly or download and install the browser plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=de
In this case, certain functions of this website may not be available or may only be available to a limited extent.
10. Web analysis services
10.1. Google Analytics 4
We use Google Analytics 4 on our website, a web analysis service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter referred to as "GA4").
Google Analytics uses "cookies". These are small text files that are stored on your device and that enable an analysis of your use of the website. The information generated in this way about your use of this website (including the shortened IP address) is transmitted to a Google server and stored and processed there; transmission to the USA is possible. IP addresses are anonymized by default. For IPv4 addresses, the last octet and for IPv6 addresses the last 80 bits in the memory are set to zero and thus "anonymized". Personal reference is excluded. Transfer to servers of Google LLC based in the USA cannot be excluded.
During your visit to the website, GA4 records your user behavior in the form of "events", such as: page views, first visit to the website, start of the session, your "click path", interaction with the website, scrolls, clicks on external links, internal search queries, interaction with videos, file downloads, ads seen / clicked, language setting. GA4 also records your approximate location (region), your IP address (in anonymized form), technical information about your browser and the devices you use (e.g. language setting, screen resolution), your internet provider, the referrer URL (from which website / advertising medium you came to this website).
Google uses this information on our behalf to evaluate your website usage, compile reports on website activity and provide us with other services related to website activity and internet usage. Your IP address collected in this context will not be merged with other Google data.
The data collected in this context will be stored for fourteen months.
The legal basis for the data processing described here and the setting of cookies is your
express consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR. This consent can be revoked at any time with effect for the future, for example by deactivating this Google service via the Cookie Consent Tool in which you have already given your consent.
Without your consent, Google Analytics 4 will not be used during your visit to the website. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website.
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU.
We have also concluded a data processing agreement with Google.
Further information on data protection through Google Analytics 4 can be found on the following websites:
https://policies.google.com/technologies/partner-sites
and
https://policies.google.com/privacy?hl=de&gl=de
Demographic characteristics
The "demographic characteristics" function of GA4 can create statistics that can be used to make statements about the age, gender and interests of site visitors. For this purpose, advertising and information from third parties are analyzed and target groups for certain marketing activities are identified. However, no personal assignment of data is made. The data is deleted after fourteen months.
User IDs
If we use the extended "User IDs" function, your activities (including conversions) can be analyzed across devices. In this case, the analysis is not carried out pseudonymously.
This is possible provided that you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 Paragraph 1 Letter a of GDPR, you have set up an account on this website and you log in to this account on various devices.
Google Signals
If we use the "Google Signals" extension, we can have cross-device reports prepared on your usage behavior. However, we only receive statistics and no personal data. This analysis is only possible if you have activated personalized ads in your Google account and have linked your devices to a Google account. You must also have your consent to the use of Google Analytics in accordance with Art. 6 Paragraph 1 Letter a of GDPR. Cross-device analysis can be prevented by deactivating the "personalized advertising" function in your Google account. Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=de
10.2. Shopify Analytics
We use the web analysis service of Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).
In order to protect our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes, Shopify collects, evaluates and stores pseudonymized visitor data from which pseudonymized usage profiles can be created and evaluated. Shopify uses cookies to recognize the browser and thus enable more precise determination of the statistical data. Your IP address is also collected, but pseudonymized immediately after collection and before storage, so that personal reference is excluded.
The legal basis is Art. 6 Para. 1 lit. a GDPR, namely your express consent.
Shopify does not associate your IP address with other Shopify data.
To object to the collection of data and creation of pseudonymized user profiles and the setting of cookies for the future, you can generally deactivate the use of cookies on your computer by setting your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, deactivating all cookies may result in some functions on our website no longer being fully usable.
Shopify's privacy policy can also be found at:
https://www.shopify.de/legal/datenschutz
11. Tools and miscellaneous
11.1. CloudFlare
We use the provider Cloudflare (CloudFlare Inc., 665 3rd St. #200, San Francisco, CA 94107, USA). CloudFlare offers a globally distributed content delivery network with DNS.
With the help of a CDN, large files, graphics and scripts can be delivered faster and better through regional servers connected via the Internet. User data is only processed for the aforementioned purposes and to maintain the security and functionality of the CDN. To do this, the browser you use must connect to the CDN servers. This means that your IP address is transferred to the server. Cloudflare may also store cookies on your computer with your permission in accordance with Art. 6 lit. a GDPR.
We have concluded a corresponding data processing agreement with Cloudflare based on the GDPR and the EU standard contractual clauses.
Cloudflare can collect statistical data about visits to this website. The
following is collected:
name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Cloudflare uses the log data for statistical evaluations for the purpose of operating, securing and optimizing the service. You can find further information on data protection at Cloudflare under the following link:
https://www.cloudflare.com/de-de/privacypolicy/
Cloudflare Inc., based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU.
11.2. Google Tag Manager
We use the Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
With the help of the Google Tag Manager, we can integrate tracking or statistical tools and other technologies on our website via tags. Tags are not sections of code that record certain activities on the website. The tags usually come from other Google programs, but can also be integrated by other companies. The tags can, for example, collect browser data, integrate buttons or set cookies.
However, the Google Tag Manager itself does not create user profiles, does not save cookies or carry out independent analyses, but only serves to manage and display the tools integrated through it.
Your IP address is recorded via the Google Tag Manager and can also be transferred to Google's parent company in the United States.
The legal basis for the use of the Google Tag Manager is Art. 6 Paragraph 1 Letter a of GDPR, namely your consent.
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU. You can find further information about Google's data protection regulations at the following internet address: http://www.google.de/policies/privacy/
12. Rights of the data subject
12.1. The applicable data protection law grants you comprehensive rights as a data subject (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we will inform you below:
- Right to information in accordance with Art. 15 GDPR:
You can request confirmation from the responsible party as to whether personal data concerning you is being processed by the responsible party. In addition, you have the right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of other rights such as rectification of the data or the existence of a right of complaint to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR when your data is forwarded to third countries;
- Right to rectification in accordance with Art. 16 GDPR:
You have the right to have inaccurate data concerning you rectified immediately and/or your incomplete data stored by us completed; the rectification or completion must be carried out immediately.
- Right to restriction of processing in accordance with Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is being verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons related to your particular situation, as long as it has not yet been determined whether our legitimate reasons prevail;
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the person responsible before the restriction is lifted.
- Right to deletion in accordance with Art. 17 GDPR:
You have the right to have your personal data deleted immediately if the requirements of Art. 17 Paragraph 1 GDPR are met. However, this right to deletion does not exist in particular - but not exclusively - if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims
- Right to information in accordance with Art. 19 GDPR:
If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom your personal data was disclosed of said rectification or erasure of the data or restriction of processing, unless doing so is impossible or involves disproportionate expenditure. You also have the right to be informed about these recipients.
- Right to data portability in accordance with Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller, provided this is technically possible;
- Right of revocation in accordance with Art. 7 Para. 3 GDPR:
You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 Para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation.
- Right to complain in accordance with Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
12.2. Right of objection
You have the right to object to the processing of your data at any time with effect for the future if we process your data based on our overriding legitimate interest after weighing up interests.
If you exercise this right of objection, we will stop processing your data unless there are demonstrably compelling legitimate reasons that prevent termination or if further processing serves to exercise or defend legal claims.
13. Duration of storage of personal data
The duration of storage of personal data depends on statutory retention periods. After these periods have expired, we routinely delete the data if it is no longer required to fulfill or initiate a contract and/or if we no longer have a legitimate interest in continuing to store it.