Privacy policy

This is a simple translation from our German Privacy Policy. The German text shall be legally binding. All contracts are subject to German law. The actuality and liability of the into English translated texts is not guaranteed.

1. Information on the collection of personal data and contact details of the controller
2. Data collection when visiting our website
3. Contacting us
4. Cookies
5. Data processing for order processing
6. Data processing when opening a customer account and for contract processing
7. Use of your data for direct marketing
8. Use of social media: Video
9. Online marketing
10. Web analytics services
11. Tools and other
12. Rights of the data subject
13. Duration of storage of personal data
14. Use of the revocation button

1. Information on the collection of personal data and contact details of the controller
1.1 Thank you for visiting our website. Below, we would like to inform you about how your personal data is handled when using our website. In principle, personal data refers to any data that can be used to personally identify you.
1.2 The controller responsible for data processing on our website within the meaning of the General Data Protection Regulation (GDPR) is:

Fabian-Bernd Herkelmann
Schubertstr. 7
65812 Bad Soden am Taunus
Germany
Tel.: 069/15246300
E-Mail: info@bonkers-shop.de.
1.3 To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL or TLS) via HTTPS.

2. Data collection when visiting our website
Each time our website is accessed, our system automatically collects data and information transmitted by your browser to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected during this process:

* The website visited
* Date and time of access
* Volume of data transmitted (in bytes)
* Source/reference from which you arrived at the site
* Operating system used
* Browser used
* IP address used (if applicable: in anonymized form)

The legal basis for this processing is Art. 6(1)(f) GDPR, based on our legitimate interest in improving the stability and maintaining the functionality of our website. The data is not disclosed or used for any other purpose. Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To achieve this, the user's IP address must remain stored for the duration of the session.
We reserve the right to retrospectively review server log files should concrete evidence point to unlawful use. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected to provide the website, this occurs when the respective session ends.
In the case of data stored in log files, this occurs after a maximum of seven days. Storage beyond this period is possible; in such cases, users' IP addresses are deleted or masked so that the accessing client can no longer be identified. Collecting data to provide the website and storing data in log files is essential for the operation of the website. Consequently, the user has no right to object.

3. Contacting us
If you contact us via the contact form, the data entered in the input mask is transmitted to us and stored. The specific data collected can be seen from the respective input mask. When contacting us via email, only the data you provide in the email itself is transmitted to us.
The data is used exclusively to process the conversation and your inquiry. Where the user has given consent, the legal basis for processing the data is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted via email is Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and provided there are no statutory retention obligations to the contrary. For personal data from the contact form's input mask and data sent via email, this applies once the respective conversation with the user has ended. A conversation is considered ended when the circumstances indicate that the matter in question has been conclusively resolved. The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
3.1 WhatsApp Business

Visitors to our website have the option to communicate with us via WhatsApp (a service provided by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).
We use the so-called "Business version" of WhatsApp for this purpose. If you contact us via WhatsApp regarding a specific contract, we store and use the mobile number you use on WhatsApp and—if published and/or transmitted—your first and last name (Art. 6(1)(b) GDPR) for the purpose of processing your request. You may be asked to provide additional data if this is necessary to process your request (Art. 6(1)(b) GDPR).

If WhatsApp Business is used for general inquiries that do not relate to a specific contract, we store and use the mobile number you use on WhatsApp and—if published and/or provided—your first and last name (pursuant to Art. 6(1)(f) GDPR) for the purpose of processing your request. Our legitimate interest in this regard is to provide prompt responses to questions from our customers or interested parties. The data is not passed on to third parties.
WhatsApp Business accesses the address book of the mobile device used for this purpose. In the process, telephone numbers stored there are automatically transmitted to a Facebook server in the USA.
The mobile device we use for WhatsApp Business contains only the WhatsApp contact details of users who have already contacted us via WhatsApp.

For data transfers from the European Economic Area to the USA, WhatsApp relies on the EU Commission’s Standard Contractual Clauses. For further details regarding WhatsApp's data handling practices, please refer to WhatsApp’s privacy policy:
https://www.whatsapp.com/legal/?eea=1#privacy-policy
3.2 If you have purchased goods with digital elements or a digital product from us and we owe you updates for them under the contract, we will inform you of upcoming updates via a suitable communication channel. For this purpose, we process the data you provide when placing an order (name, address, email address) solely for the intended purpose and only to the extent necessary. The legal basis for this processing is Art. 6(1)(c) of the GDPR—specifically, compliance with our legal obligations.

4. Cookies
Our website uses cookies.

Cookies are text files stored on the user's device. When a user visits a website, a cookie may be stored on the user's operating system. Certain functions of our website cannot be provided without the use of cookies. For these functions, it is necessary for the browser to be recognized even after navigating to a different page. User data collected via technically necessary cookies is not used to create user profiles. Our legitimate interest in processing personal data pursuant to Art. 6 (1) (f) GDPR also lies in the aforementioned purposes.

Furthermore, our website may use cookies that enable an analysis of users' browsing behavior (so-called third-party cookies). You can find further information regarding the scope, purpose, legal basis, and options for objecting in the relevant sections of this privacy policy.

As a user, you have full control over the use of cookies. You can disable, restrict, or delete the transmission of cookies by changing the settings in your internet browser. If you disable cookies for our website, you may no longer be able to use all of the website's functions to their full extent. You can prevent the transmission of Flash cookies by changing the settings of the Flash Player. You can find help regarding the settings in your browser's help menu or at the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser upon your next visit (persistent cookies). When cookies are set, they collect and process specific user information—such as browser and location data as well as IP address values—to varying extents. Persistent cookies are automatically deleted after a predetermined period, which may vary depending on the specific cookie.

5. Data processing for order fulfillment
5.1 If you wish to place an order in our online shop, providing the personal data required for us to process your order is necessary for the conclusion of the contract. We process the data you provide in order to fulfill your order.

We work with external service providers to process your order. To do this, we must share the necessary personal data with them.

If we commission transport companies to deliver your goods, we pass on the data required for delivery to the respective transport company. To process payments, we share your data with the commissioned financial institution to the extent necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the transfer of your data is Art. 6 (1) (b) GDPR.
5.2 External service providers for order processing and fulfillment
- SendCloud

Shipping is handled via "SendCloud" (SendCloud GmbH, Kanalstr. 10, 80538 Munich). We therefore transfer your personal data to SendCloud—in accordance with Art. 6 (1) (b) GDPR—exclusively for the purpose of fulfilling your order and only to the extent necessary. Details regarding data protection at SendCloud can be viewed on the SendCloud website at www.sendcloud.de/datenschutz/.
5.3 Transfer of your personal data to shipping service providers
- DHL

If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we transfer only the recipient's name and the delivery address to DHL for the purpose of delivery and to the extent necessary in accordance with Art. 6 (1) (b) GDPR. We will only pass on your e-mail address to DHL—in accordance with Art. 6(1)(a) GDPR and subject to your express consent given during the ordering process—prior to delivery of the goods for the purpose of coordinating a delivery date or providing a delivery notification. You may revoke your consent at any time with effect for the future by contacting the controller named above or the transport service provider DHL.
- UPS
If the goods are delivered to you by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will pass on only the recipient's name and the delivery address to UPS for the purpose of delivery and to the extent necessary pursuant to Art. 6(1)(b) GDPR. We will only pass on your e-mail address to UPS—in accordance with Art. 6(1)(a) GDPR and subject to your express consent given during the ordering process—prior to delivery of the goods for the purpose of coordinating a delivery date or providing a delivery notification. You may revoke your consent at any time with effect for the future by contacting the controller named above or the transport service provider UPS.
5.4 Use of payment service providers
5.5 Apple Pay
If you select the "Apple Pay" payment method (a service provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), payment is processed via the "Apple Pay" function on your device (running iOS, watchOS, or macOS) by charging a payment card you have stored in "Apple Pay".

Your transaction is protected by the security features of your device's hardware and software. To authorize a payment, you must confirm it by entering a code and verifying your identity using the "Face ID" or "Touch ID" function on your device. The information you provide during the ordering process, along with details of your order, is transmitted to Apple in encrypted form for the purpose of payment processing. Apple subsequently re-encrypts this data and transmits it to the payment service provider associated with the payment card stored in Apple Pay in order to execute the payment. This encryption ensures that only the website where the order was placed can access the payment data.

Following the payment, Apple sends the device account number and a transaction-specific, dynamic security code to the shop's website to confirm the payment.
Personal data may be processed during these procedures. In such cases, processing takes place for the purpose of payment processing in accordance with Art. 6(1)(b) of the GDPR.

We work with external service providers to process your order. To do this, we must share the necessary personal data with them.

Further information regarding Shop Pay's data protection practices:
https://www.shopify.com/pay
as well as in the Shop Pay privacy policy at
https://www.shopify.de/legal/datenschutz
- Stripe
If you select a payment method offered by the payment service provider Stripe, payment processing is handled by Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (hereinafter referred to as "Stripe").
We transmit your personal data and order information (name, address, account number, bank code, credit card number if applicable, invoice amount, currency, and transaction number) to Stripe—in accordance with Art. 6(1)(b) GDPR—exclusively for the purpose of payment processing and only to the extent necessary.
- Shopify Payments
We use the payment service provider "Shopify Payments," 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via Shopify Payments, payment processing is handled by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We transmit the information you provided during the order process, along with details of your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency, and transaction number), to this provider in accordance with Art. 6(1)(b) GDPR. Your data is transmitted exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information regarding Shopify Payments' data protection practices can be found at the following web address:
https://www.shopify.com/legal/privacy
Data protection information regarding Stripe Payments Europe Ltd. can be found here:
https://stripe.com/de/privacy

6. Data processing when opening a customer account and for contract fulfillment
When you open a customer account with us, personal data is collected and processed in accordance with Art. 6(1)(b) GDPR. The scope of the data is evident from the input form. The data you enter is stored and used by us for the purpose of fulfilling the contract.
You may delete your customer account at any time. This can be done by sending a message to the address of the controller or, if the option is available, directly within the customer account. In such a case, we will block your data—subject to statutory retention periods under tax and commercial law—and delete it once these periods have expired. This process may only be prevented if you have consented to permanent storage or if we are legally permitted to continue processing the data.

7. Use of your data for direct marketing
Newsletter

You have the option to subscribe to a free newsletter on our website. When you sign up for the newsletter, the data entered into the input form is transmitted to us. Your email address is the only mandatory piece of information. Any additional voluntary information provided is used solely for the purpose of addressing you personally.

The legal basis for processing your data following newsletter registration—provided the user has given their consent—is Art. 6(1)(a) GDPR. We obtain this consent via a confirmation email containing a confirmation link, which is sent to you after you sign up. By clicking this link, you simultaneously consent to receiving the newsletter.
When you submit your newsletter registration, we store your IP address as well as the date and time of registration. This storage serves to enable us to trace any potential misuse of your email address.

We use the data collected during newsletter registration exclusively for the purpose of sending the newsletter.

You may cancel your newsletter subscription at any time. A corresponding link is included in every newsletter. This also allows you to withdraw your consent to the storage of the personal data collected during the registration process.

8. Use of social media: Video
8.1 Use of Vimeo videos

We embed plugins from the video portal Vimeo (operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA) on our website.
When a page of our website containing such a plugin is accessed, your browser establishes a direct connection to Vimeo’s servers. The plugin content is transmitted directly from Vimeo to your browser and embedded into the page. As a result, Vimeo receives information that your browser has accessed the corresponding page (including your IP address). This occurs even if you do not have a Vimeo account or are not currently logged into Vimeo. This information is transmitted directly to a Vimeo server in the USA and stored there.

If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. As soon as you interact with one of the plugins (e.g., by clicking the start button on a video), this information is also transmitted directly to a Vimeo server and stored there.

This data processing takes place in accordance with Art. 6(1)(a) GDPR—specifically, based on your explicit consent.

To prevent the data from being directly associated with your Vimeo account, you must log out of Vimeo before visiting our website.

Details regarding the purpose and scope of data collection, the further processing and use of data by Vimeo, and your related rights and privacy settings can be found in Vimeo’s privacy policy: http://vimeo.com/privacy

The Google Analytics tracking tool is automatically integrated into Vimeo videos embedded on this website. This is a proprietary tracking mechanism used by Vimeo; we have no access to it, nor can we influence it. Google Analytics uses "cookies" for tracking purposes. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the USA and stored there.

This processing takes place in accordance with Art. 6(1)(a) GDPR, based on your explicit consent.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses.
Details can be found here: https://vimeo.com/privacy
8.2 Use of YouTube videos

On this website, we use the YouTube embedding function to display and play videos from the provider "YouTube," which is part of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). In doing so, we use the enhanced privacy mode, which, according to the provider, only begins storing user information when the video is played. When you start playing embedded YouTube videos, the provider "YouTube" uses cookies to collect information about your user behavior. According to YouTube, these serve purposes such as recording video statistics, improving user-friendliness, and preventing abusive practices. If you are logged into Google while doing this, your data will be directly associated with your account.

If you do not wish for this data to be associated with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them.

Such analysis is carried out, in particular, pursuant to Art. 6(1)(a) GDPR based on your explicit consent.

You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube. Regardless of whether the embedded videos are played, a connection to the Google "DoubleClick" network is established every time this website is accessed; this may trigger further data processing operations beyond our control.

Data may also be transmitted to Google LLC servers in the USA. Further information regarding data protection at YouTube can be found in the provider's privacy policy at:
https://policies.google.com/privacy?hl=en
Settings regarding personalized advertising can be adjusted at:
https://adssettings.google.com/authenticated.

Google LLC, based in the USA, is certified under the "EU-U.S. Data Privacy Framework," which ensures compliance with the level of data protection applicable in the EU.
Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/

9. Online Marketing
Use of Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and, within the scope of Google Ads, the conversion tracking service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

This involves advertising our offerings on external websites using advertising materials (so-called Google Ads). Our legitimate interest lies in displaying advertisements that are of interest to you and in ensuring a fair calculation of advertising costs. The legal basis is Art. 6(1)(a) GDPR—specifically, your explicit consent.

Google Ads uses cookies for conversion tracking; these are set when you click on an ad placed by Google. These cookies generally expire after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie; therefore, cookies cannot be tracked across the websites of different Ads customers.

The information obtained in this way is used to generate conversion statistics for Ads customers regarding the total number of users who clicked on their ad and were redirected to a page equipped with a conversion tracking tag.

You cannot be personally identified through this process.

If you wish to prevent tracking, you can disable the Google conversion tracking cookie via your internet browser's user settings.

Google LLC, based in the USA, is certified under the "EU-U.S. Data Privacy Framework," which ensures compliance with the level of data protection applicable in the EU. You can find further information regarding Google's data protection policies at the following address:
http://www.google.de/policies/privacy/
Further information on Google's data protection practices can be found here: https://business.safety.google/privacy/
You can permanently disable conversion cookies by adjusting your browser settings accordingly or by downloading and installing the browser plug-in available at the following link:
https://www.google.com/settings/ads/plugin?hl=de
In this case, certain functions of this website may not be available or may only be usable to a limited extent.
Further information on Google's data protection practices can be found here:
https://business.safety.google/privacy/

10. Web Analytics Services
10.1 Google Analytics 4

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter referred to as "GA4"), on our website.

Google Analytics uses "cookies." These are small text files stored on your device that enable an analysis of your use of the website. The information generated about your use of this website (including the shortened IP address) is transmitted to a Google server, where it is stored and processed; this may involve a transfer to the USA. IP addresses are anonymized by default. For IPv4 addresses, the last octet is set to zero in memory, and for IPv6 addresses, the last 80 bits are set to zero, thereby "anonymizing" them. It is not possible to link this data to a specific individual. A transfer to servers of Google LLC, based in the USA, cannot be ruled out.

During your visit to the website, GA4 records your user behavior in the form of "events," such as: page views, first-time visit to the website, start of the session, your "click path," interaction with the website, scrolling, clicks on external links, internal search queries, interaction with videos, file downloads, viewed/clicked ads, and language settings. GA4 also records your approximate location (region), your IP address (in anonymized form), technical information about your browser and the devices you use (e.g., language settings, screen resolution), your internet service provider, and the referrer URL (the website or advertising medium via which you arrived at this website).

On our behalf, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website and internet usage. There is no merging of the IP-anonymized address collected in this context with other data held by Google.

The data collected in this context is stored for fourteen months.

The legal basis for the data processing described here and the setting of cookies is your
express consent pursuant to Art. 6 (1) (a) GDPR. This consent may be revoked at any time with effect for the future—for example, by deactivating this Google service via the cookie consent tool where you originally provided your consent.

Google Analytics 4 will not be used during your visit to the site without your consent. You may revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service using the "cookie consent tool" provided on the website.

Google LLC, based in the USA, is certified under the "EU-U.S. Data Privacy Framework," which ensures compliance with the level of data protection applicable in the EU.
We have also entered into a data processing agreement with Google.
Further information regarding data protection in Google Analytics 4 can be found on the following websites:
https://policies.google.com/technologies/partner-sites
and
https://policies.google.com/privacy?hl=de&gl=de

Demographic characteristics
The "demographic characteristics" function of GA4 can generate statistics that allow inferences to be made regarding the age, gender, and interests of site visitors. To this end, advertising and information from third-party providers are analyzed, and target groups for specific marketing activities are identified. However, no personal attribution of data takes place during this process. The data is deleted after fourteen months.

User IDs If we use the extended "UserIDs" function, your activities (including conversions) can be analyzed across devices. In this case, the analysis is not conducted on a pseudonymous basis.
This is possible provided that you have given your consent to the use of Google Analytics 4 in accordance with Art. 6(1)(a) GDPR, have created an account on this website, and log in to this account on various devices.

Google Signals

If we use the "Google Signals" feature, we can generate cross-device reports regarding your usage behavior. However, we receive only statistics, not personal data. This analysis is only possible if you have enabled personalized ads in your Google account and linked your devices to a Google account. Furthermore, your consent to the use of Google Analytics pursuant to Art. 6 (1) (a) GDPR must be in place.
Cross-device analysis can be prevented by disabling the "personalized advertising" feature in your Google account.
Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=en
Further information on Google's data protection practices can be found here:
https://business.safety.google/privacy/
10.2 Shopify Analytics

We use the web analytics service provided by Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).

To safeguard our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes, Shopify collects, analyzes, and stores pseudonymized visitor data, from which pseudonymized usage profiles can be created and analyzed. Shopify uses cookies to recognize the browser, thereby enabling more accurate determination of statistical data. Your IP address is also collected but is pseudonymized immediately after collection and prior to storage, ensuring that no personal identification is possible.

The legal basis is Art. 6 (1) (a) GDPR—specifically, your express consent.

Shopify does not associate your IP address with other data held by Shopify. To object to the future collection of data, the creation of pseudonymized user profiles, and the use of cookies, you can generally disable the use of cookies on your computer by configuring your internet browser to prevent cookies from being stored on your computer in the future or to delete cookies that have already been stored. However, disabling all cookies may result in some functions on our websites no longer being fully usable.
You can also find Shopify’s privacy policy at:
https://www.shopify.de/legal/datenschutz

11. Tools and Other Items
11.1 Cloudflare

We use the provider Cloudflare (Cloudflare Inc., 665 3rd St. #200, San Francisco, CA 94107, USA). Cloudflare offers a globally distributed content delivery network (CDN) with DNS services.
A CDN enables faster and more efficient delivery of large files, graphics, and scripts via regional servers connected to the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN. To achieve this, the browser you use must establish a connection to the CDN servers. As a result, your IP address is transmitted to the server. Cloudflare may also store cookies on your computer, subject to your consent, in accordance with Art. 6(1)(a) GDPR.

We have entered into a data processing agreement with Cloudflare based on the GDPR and EU Standard Contractual Clauses.

Cloudflare may collect statistical data regarding visits to this website.
The following data is collected:
Name of the accessed webpage, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Cloudflare uses log data for statistical analysis to operate, secure, and optimize the service. You can find further information on data protection at Cloudflare at the following link:
https://www.cloudflare.com/de-de/privacypolicy/
Cloudflare Inc., based in the USA, is certified under the "EU-U.S. Data Privacy Framework," which ensures compliance with the level of data protection applicable in the EU. 11.2 Google Tag Manager
We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
Google Tag Manager allows us to integrate tracking or statistical tools and other technologies into our website via tags. Tags are code snippets that record specific activities on the website. While tags often originate from other Google programs, they can also be integrated from other companies. Tags can, for example, collect browser data, embed buttons, or set cookies.
However, Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses; it merely serves to manage and deploy the tools integrated through it.
Your IP address is captured via Google Tag Manager and may also be transmitted to Google’s parent company in the United States.

The legal basis for using Google Tag Manager is Art. 6(1)(a) GDPR—specifically, your consent.
Google LLC, based in the USA, is certified under the "EU-U.S. Data Privacy Framework," which ensures compliance with the level of data protection applicable in the EU. You can find further information regarding Google’s data protection policies at the following web address:
http://www.google.de/policies/privacy/
Further information on Google’s data protection practices can be found here:
https://business.safety.google/privacy/

12. Rights of the Data Subject
12.1 Applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data; we inform you of these below:
- Right of access pursuant to Art. 15 GDPR:
You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller. Furthermore, you have the right to obtain information regarding the purpose, the categories of personal data, the recipients, the planned storage period, and the existence of further rights such as the rectification of data or the right to lodge a complaint with a supervisory authority; the source of your data if not collected by us; the existence of automated decision-making, including profiling, and—where applicable—meaningful information about the logic involved and the significance and envisaged consequences of such processing for you; as well as your right to be informed of the safeguards in place pursuant to Art. 46 GDPR regarding the transfer of your data to third countries;
- Right to rectification pursuant to Art. 16 GDPR:
You have the right to the immediate rectification of incorrect data concerning you and/or the completion of incomplete data stored by us; such rectification or completion must be carried out without undue delay. - Right to restriction of processing pursuant to Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data while the accuracy of your data—which you have contested—is being verified; if you object to the deletion of your data due to unlawful processing and instead request the restriction of its processing; if you require your data for the establishment, exercise, or defense of legal claims after we no longer need the data for the original purpose; or if you have objected to processing based on your particular situation, pending the determination of whether our legitimate grounds override yours;
If the processing of your personal data has been restricted, such data may—with the exception of storage—only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If the restriction on processing is lifted, you will be informed by the controller before the restriction is removed.
- Right to erasure pursuant to Art. 17 GDPR:
You have the right to request the immediate erasure of your personal data if the conditions set out in Art. 17(1) GDPR are met. However, this right to erasure does not apply—specifically, though not exclusively—if processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
- Right to be informed pursuant to Art. 19 GDPR:
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, insofar as this is technically feasible;
- Right to object pursuant to Art. 7 para. 3 GDPR:
You have the right to object at any time to the processing of personal data concerning you that is based on Art. 6 para. 1 (e) or (f) GDPR; this also applies to profiling based on these provisions.
Furthermore, you have the right to withdraw your data protection consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority—particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement—if you consider that the processing of personal data concerning you infringes the GDPR.
12.2 Right to object

You have the right to object to the processing of your data at any time with effect for the future, provided we are processing your data based on our overriding legitimate interest following a balancing of interests.
If you exercise this right to object, we will cease processing your data unless there are demonstrable, overriding, compelling legitimate grounds preventing such cessation, or if further processing serves the establishment, exercise, or defense of legal claims.

13. Duration of personal data storage
The duration for which personal data is stored depends on statutory retention periods. Once these periods expire, we routinely delete the data, provided it is no longer required for the performance or initiation of a contract and/or we no longer have a legitimate interest in continued storage.

14. Use of the revocation button
Once the revocation button is used, we process the personal data entered therein: name, order/contract details, communication details (declaration of revocation), time of revocation, and—where applicable—user account/IP data (in the case of an online form). Processing is carried out for the purpose of identifying your contract and documenting your revocation. We store the data for documentation purposes for a maximum of 10 years and delete it automatically, provided there are no statutory retention obligations preventing such deletion. The legal basis is Art. Article 6(1)(b) GDPR (performance of a contract) Article 6(1)(c) (compliance with a legal obligation)

Item added to your cart

Privacy policy

Language

Country/region

Language

Privacy policy