Privacy Policy

 

Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased you are visiting our website and thank you for your interest. Below, we provide information on the handling of your personal data when using our website. Personal data includes all data that can personally identify you.

1.2 The controller for data processing on this website, as defined by the General Data Protection Regulation (GDPR), is Lisa Dublin. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser’s address bar.

2) Data Collection When Visiting Our Website
When using our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we collect only the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data necessary for the display of the website:

• The website visited
• Date and time of access
• Amount of data sent in bytes
• Source/referral from which you accessed the site
• Browser used
• Operating system used
• IP address used (if applicable, anonymized)

Processing is carried out under Article 6(1)(f) of the GDPR, based on our legitimate interest in improving the stability and functionality of our website. This data is not disclosed or otherwise used. However, we reserve the right to retrospectively check server log files if specific indications of illegal use arise.

 

3) Cookies
To make visiting our website more attractive and enable the use of certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some cookies we use are deleted after your browser session ends (session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser upon your next visit (persistent cookies). Persistent cookies are deleted automatically after a set period, which may vary depending on the cookie.

Cookies may serve to simplify processes (e.g., remembering the content of a virtual shopping cart for a later visit). If personal data is processed by cookies, it is done either under Article 6(1)(b) of the GDPR to execute the contract or under Article 6(1)(f) of the GDPR to ensure our legitimate interest in the website's optimal functionality and user-friendly experience.

You can set your browser to notify you when cookies are set, decide on their acceptance individually, or exclude cookies in certain cases or generally. However, declining cookies may restrict our website's functionality.

4) Contact
When contacting us (e.g., via contact form or email), personal data is collected. The specific data collected in the contact form is evident from the respective form. Data is used solely to process your inquiry or for technical administration purposes. The legal basis for processing is our legitimate interest in responding to your request under Article 6(1)(f) of the GDPR. If your contact aims to conclude a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.

Your data is deleted once your request is resolved unless legal retention periods apply.

5) Data Processing When Opening a Customer Account and for Contract Fulfillment
Under Article 6(1)(b) of the GDPR, personal data is collected and processed when you provide it for contract fulfillment or opening a customer account. The data collected can be seen from the respective input forms. You can delete your account at any time by notifying the controller.

Data is stored and used to process contracts and, after contract completion, is restricted for further processing until tax and commercial retention periods expire, after which it is deleted unless you have consented to further use or permitted by law.

6) Data Processing for Order Handling

6.1 Transfer of Personal Data to Shipping Providers
To fulfill your order, we share your personal data with the shipping company responsible for delivery, as far as necessary. This is based on Article 6(1)(b) of the GDPR.

6.2 Payment Processing with Payment Service Providers

• PayPal: If you use PayPal for payment, your payment data is forwarded to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. This is necessary for processing payments per Article 6(1)(b) of the GDPR. For certain payment methods, PayPal may perform a credit check, sharing data with credit agencies based on its legitimate interest in determining your ability to pay (Article 6(1)(f) of the GDPR). See PayPal’s privacy policy for details: PayPal Privacy Policy.

7) Contact Regarding Review Reminders
We may use your email address for a one-time request to review your order if you’ve explicitly consented during or after the purchase under Article 6(1)(a) of the GDPR. You can revoke this consent at any time by contacting the controller.

8) Use of Social Media Plugins

8.1 Facebook Plugins with Shariff Solution
We use social plugins ("plugins") from Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. To protect your data, these plugins are integrated as HTML links rather than active plugins. This ensures no data is sent to Facebook servers unless you actively click the link.

Facebook is certified under the EU-US Privacy Shield framework, ensuring compliance with EU privacy standards. For more information, see Facebook’s privacy policy: Facebook Privacy Policy.

8.2 Google+ Plugins with Shariff Solution
Similarly, we use Google+ plugins provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These are integrated to ensure no automatic data transfer occurs. Google is also certified under the EU-US Privacy Shield. See Google’s privacy policy for details: GooglePrivacy Policy.

8.3 Instagram Plugins with Shariff Solution
Social plugins from Instagram are incorporated using the Shariff solution to protect your privacy. Instagram is a service of Facebook Inc. Data sharing only occurs when the plugin is actively clicked.

8.4 Instagram Plugins with Shariff Solution
Our website uses social plugins (“plugins”) from Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").

To enhance the protection of your data when visiting our website, these buttons are not directly integrated as plugins but are instead embedded using HTML links. This method ensures that no connection to Instagram servers is established simply by visiting a page on our website containing such buttons. If you click on the button, a new browser window will open and take you to Instagram’s site, where you can interact with its plugins (after entering your login details, if required).

Instagram LLC is certified under the US-EU Privacy Shield Framework, ensuring compliance with the EU’s data protection standards.

For information about the purpose and scope of data collection, further processing, and use of your data by Instagram, as well as your rights and privacy settings, please refer to Instagram’s privacy policy: Instagram Privacy Policy.

9) Online Marketing

9.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").

DoubleClick uses cookies to display ads relevant to users, improve campaign performance reports, and avoid showing the same ad multiple times. Through a cookie ID, Google tracks which ads have been displayed in which browsers and prevents repeat ads. This data processing is carried out based on our legitimate interest in optimally marketing our website, pursuant to Article 6(1)(f) of the GDPR.

Additionally, DoubleClick can use cookie IDs to record so-called conversions related to ad requests. For instance, this might occur when a user views a DoubleClick ad and later uses the same browser to visit the advertiser's website and make a purchase. According to Google, DoubleClick cookies do not contain any personally identifiable information.

For more information about DoubleClick’s data practices, including how to manage or opt-out of these cookies, please visit Google’s privacy policy: Google Privacy Policy.

 

9.2 Data Processing by DoubleClick
When using the marketing tools mentioned, your browser automatically establishes a direct connection with Google’s server. We have no control over the scope and further use of the data collected by Google through this tool. According to our understanding, the integration of DoubleClick provides Google with the following information:

• That you have accessed a particular section of our website or clicked on one of our ads.
• If you are registered with a Google service, Google may associate your visit with your account.
• Even if you are not registered with Google or not logged in, there is still a possibility that Google may obtain and store your IP address.

How to Opt-Out of Tracking

If you wish to opt out of this tracking process, you can disable cookies for conversion tracking by configuring your browser to block cookies from the domain www.googleadservices.com. You can do this via this link: Google Ad Settings. However, note that these settings will be reset if you clear your cookies.

Alternatively, you can learn more about cookies and manage your preferences via the Digital Advertising Alliance at www.aboutads.info.

Additionally, you can configure your browser settings to:

• Notify you when cookies are being set, allowing you to decide individually whether to accept them.
• Reject cookies in specific cases or in general.

Please note that disabling cookies may limit the functionality of our website.

 9.2 Use of Google AdWords Conversion Tracking

This website utilizes the "Google AdWords" online advertising program and, within the scope of Google AdWords, the Conversion Tracking feature offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Purpose of Google AdWords

We use Google AdWords to promote our offerings on external websites through advertisements (so-called Google AdWords). By analyzing campaign data, we can evaluate the success of individual advertising efforts. This helps us achieve the following objectives:

• Deliver ads that are relevant to your interests.
• Enhance the appeal of our website for visitors.
• Ensure fair cost assessments for our advertising efforts.

How Conversion Tracking Works

When you click on a Google AdWords ad, a conversion tracking cookie is placed on your device. These cookies are small text files stored on your system, typically expiring after 30 days. They do not contain data that could personally identify you.

If you visit certain pages of our website before the cookie expires, both Google and we can determine that you clicked on the ad and were redirected to our website.

Each AdWords customer receives a unique cookie. This ensures that cookies cannot be tracked across websites of different AdWords customers.

Data Collected and Usage

• The information collected via the conversion cookie is used to compile conversion statistics for AdWords advertisers.
• Advertisers, like us, can see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.
• However, advertisers do not receive information that could personally identify users.

Opting Out of Conversion Tracking

If you do not wish to participate in the tracking process, you can block the use of conversion cookies through your browser settings. To do so:

1. Disable the Google Conversion Tracking cookie under your browser’s user preferences.
2. This ensures that you are not included in the conversion tracking statistics.

Legal Basis for Usage

We use Google AdWords under our legitimate interest in targeted advertising, as per Art. 6 (1)(f) GDPR.

Google's Privacy Standards

Google LLC is certified under the EU-U.S. Privacy Shield agreement, ensuring compliance with EU data protection standards.

For more details on Google's data protection policies, visit Google’s Privacy Policy.

10) Web Analytics Services: Google (Universal) Analytics

Use of Google Universal Analytics

This website employs Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies, which are text files stored on your device, enabling the analysis of your website usage.

The information generated by the cookie regarding your use of this website (including your truncated IP address) is generally transmitted to and stored on a Google server in the USA.

IP Anonymization

This website exclusively uses Google Analytics with the extension "_anonymizeIp()", which ensures that IP addresses are processed in truncated form to prevent direct personal identification.

• Within EU member states or other contracting parties to the Agreement on the European Economic Area, Google shortens your IP address beforehand.
• Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated.

Purpose and Legal Basis

The processing of data through Google Analytics serves our legitimate interest in analyzing user behavior for optimization and marketing purposes. This is carried out based on Art. 6 (1)(f) GDPR.

Data Usage by Google

Google processes the collected data on our behalf for purposes such as:

1. Evaluating your website use.
2. Compiling reports on website activities.
3. Providing us with additional services related to website and internet usage.

The IP address transmitted from your browser via Google Analytics is not combined with other Google data.

User Options

1. Blocking Cookies
• You can prevent the storage of cookies through your browser settings. However, doing so might restrict your use of certain features on our website.
2. Preventing Data Collection by Google Analytics
• You can prevent Google Analytics from collecting and processing your data (including your IP address) by installing the browser plugin available at this link:
  Download Google Analytics Opt-out Plugin.
3. Additional Information
• For more information on how Google handles user data in its analytics services, refer to Google’s privacy policies:
  Google Privacy Policy.

 Google Analytics: Additional Information

Opt-Out Options for Google Analytics

1. Browser Plugin Alternative
• If you prefer not to use the browser plugin or are accessing the site via a mobile browser, you can click on the following link to set an Opt-Out Cookie. This cookie prevents future data collection via Google Analytics on this website (it only works for this browser and domain).
• Important: If you clear cookies in this browser, you will need to click the link again.
• Deactivate Google Analytics
2. Cross-Device Analysis with User-ID
• This site utilizes Google Analytics for cross-device visitor flow analysis using a unique, permanent, and anonymized User-ID assigned to users when they first visit.
• The User-ID links interaction data from various devices and sessions to a single user.
• The User-ID does not contain or transmit personal data to Google.
• To object to data collection using the User-ID, Google Analytics must be disabled on all devices and browsers you use (e.g., other browsers or mobile devices).

Further References

• Use the Google Opt-Out Plugin to disable tracking.
• Find detailed information on Universal Analytics here: Google Support - Universal Analytics.

11) Retargeting/Remarketing/Recommendation Advertising: Facebook Custom Audience via Pixel

Facebook Pixel

This website uses the Facebook Pixel provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

1. Purpose
• With explicit user consent, the pixel tracks user behavior after they have clicked or viewed a Facebook ad.
• This tracking evaluates the effectiveness of Facebook ads for statistical and market research purposes.
• The goal is to optimize future ad campaigns.
2. Data Handling
• The collected data is anonymous to us and does not reveal user identities.
• However, Facebook stores and processes the data, linking it to individual user profiles.
• Facebook may use this data for its own advertising purposes as outlined in its Data UsePolicy.
• Facebook can enable itself and partners to display ads on Facebook or other platforms.
3. Cookies
• A cookie may be stored on your device for these purposes.

Legal Basis

Processing is carried out based on explicit consent under Art. 6 (1)(a) GDPR.

Restrictions on Consent

• Only users 13 years or older can consent to the use of the Facebook Pixel.
• Users under 13 years should seek permission from a parent or guardian.

Privacy Shield Certification

Facebook Inc., based in the USA, is certified under the EU-U.S. Privacy Shield, ensuring compliance with EU data protection standards.

Deactivating the Use of Cookies on Your Computer.
To deactivate the use of cookies on your computer, you can configure your internet browser so that no cookies can be placed on your computer in the future, or any cookies that have already been placed are deleted. However, turning off all cookies may result in some features on our website no longer being available. You can also disable the use of cookies by third-party providers, such as Facebook, through the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/

Google AdWords Remarketing

Our website uses the features of Google AdWords Remarketing, allowing us to advertise this website in Google search results as well as on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google sets a cookie in your browser, which automatically enables interest-based advertising through a pseudonymous cookie ID based on the pages you visit. Processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f of the GDPR.

Further data processing only takes place if you have given Google consent to link your internet and app browsing history with your Google account, and to use information from your Google account to personalize ads you see on the web. If you are logged into Google while visiting our website, Google will use your data along with Google Analytics data to create and define audience lists for cross-device remarketing. For this, your personal data is temporarily linked with Google Analytics data to form audiences.

You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/. Alternatively, you can learn more about the setting of cookies and make adjustments at the Digital Advertising Alliance's website: www.aboutads.info.

Finally, you can configure your browser to notify you when cookies are being set, allowing you to individually decide whether to accept them, or to exclude the acceptance of cookies for specific cases or generally. Please note that not accepting cookies may limit the functionality of our website.

Google LLC, based in the USA, is certified under the EU-US Privacy Shield Framework, which ensures compliance with the data protection standards applicable in the EU.

For further information on Google’s advertising and privacy policies, please visit: https://www.google.com/policies/technologies/ads/

12) Rights of the data subject
12.1 The applicable data protection law grants you extensive rights as a data subject concerning the processing of your personal data (rights to information and intervention), which we outline below:

Right to Information under Art. 15 GDPR: You have the right to request information about your personal data processed by us, including the processing purposes, categories of data processed, recipients or categories of recipients to whom your data has been disclosed, the planned storage duration or criteria for determining the storage duration, the existence of the right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if not collected directly from you, and the existence of automated decision-making, including profiling, along with relevant information about the logic involved and the potential consequences and effects of such processing. You also have the right to be informed about guarantees under Art. 46 GDPR for data transfers to third countries.

Right to Rectification under Art. 16 GDPR: You have the right to request the immediate correction of incorrect data concerning you and/or the completion of incomplete data stored by us.

Right to Deletion under Art. 17 GDPR: You have the right to request the deletion of your personal data when the conditions of Art. 17 Para. 1 GDPR are met. However, this right does not apply if processing is necessary for the exercise of the right to freedom of expression and information, compliance with a legal obligation, reasons of public interest, or the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing under Art. 18 GDPR: You have the right to request the restriction of processing of your personal data while its accuracy is being verified, if you oppose the deletion of data due to unlawful processing and instead request restriction, if you need the data for the establishment, exercise, or defense of legal claims, or if we no longer need the data for the intended purposes, and you have objected to processing due to your particular situation, while it has not yet been determined whether our legitimate reasons override yours.

Right to Notification under Art. 19 GDPR: If you have exercised your right to rectification, deletion, or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed about these changes unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

Right to Data Portability under Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of this data to another controller, as far as technically feasible.

Right to Withdraw Consent under Art. 7 Para. 3 GDPR: You have the right to withdraw consent given for the processing of data at any time with future effect. In the event of withdrawal, we will immediately delete the relevant data, unless further processing can be based on another legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent until its withdrawal.

Right to Lodge a Complaint under Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, workplace, or where the alleged infringement took place, without prejudice to any other administrative or judicial remedy.

12.2 Right to Object
If we process your personal data based on our legitimate interests, you have the right to object at any time, for reasons arising from your particular situation, to such processing with future effect. If you exercise your right to object, we will cease processing the relevant data. However, further processing may be permitted if we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. You can exercise your right to object as described above. If you do so, we will cease processing your data for direct marketing purposes. 

13) Storage period for personal data
The duration of the storage of personal data is determined by the applicable statutory retention periods (e.g., commercial and tax retention periods). After the retention period expires, the relevant data is routinely deleted, provided it is no longer required for the fulfillment of the contract or initiation of a contract and/or there is no legitimate interest on our part in further retention.