privacy policy

Privacy policy

1) Information on the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Yahya Studio GmbH, Dreieichring 10, 63067 Offenbach am Main, Deutschland, E-Mail: info@yahyastudio.com. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website

If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

·         Our visited website

·         Date and time at the time of access

·         Amount of data sent in bytes

·         Source/reference from which you reached the page

·         Browser used

·         Operating system used

·         IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

3) Hosting & content delivery network

Hosting by Shopify

We use the store system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz

Any further processing on Shopify servers other than those mentioned above will only take place within the scope specified below.

4) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted after you close the browser ("session cookies"), while others remain on your device for a longer period and allow the storage of page settings ("persistent cookies"). In the latter case, you can find the storage duration in the cookie settings of your web browser.

If certain cookies we use also process personal data, this processing is carried out in accordance with:

  • Article 6(1)(b) GDPR: For the performance of a contract,
  • Article 6(1)(a) GDPR: Based on your consent, or
  • Article 6(1)(f) GDPR: To safeguard our legitimate interests in ensuring the optimal functionality of the website and a user-friendly, effective website experience.

You can configure your browser to inform you when cookies are set, to decide individually whether to accept them, or to exclude cookies for specific cases or in general.
Please note that disabling cookies may limit the functionality of our website.

Name

Provider

Storage Duration (Days)

Purpose

Legal Basis

_fbp

Facebook Ireland Ltd.

90

User behavior analysis

Art. 6 (1) (a) GDPR

_ga

Google Ireland Ltd.

730

User behavior analysis

Art. 6 (1) (a) GDPR

_gat

Google Ireland Ltd.

730

User behavior analysis

Art. 6 (1) (a) GDPR

_gcl_au

Google Ireland Ltd.

90

User behavior analysis

Art. 6 (1) (a) GDPR

_gid

Google Ireland Ltd.

1

User behavior analysis

Art. 6 (1) (a) GDPR

_landing_page

Shopify

14

Tracks landing pages.

Art. 6 (1) (a) GDPR

_orig_referrer

Shopify

14

Tracks landing pages.

Art. 6 (1) (a) GDPR

_s

Shopify

<1

Shopify analytics.

Art. 6 (1) (a) GDPR

_shopify_country

Shopify

0

Used in connection with checkout.

Art. 6 (1) (f) GDPR

_shopify_d

Shopify

Session

Shopify analytics.

Art. 6 (1) (a) GDPR

_shopify_evids

Shopify

Session

Shopify analytics.

Art. 6 (1) (a) GDPR

_shopify_m

Shopify

365

Manages customer privacy settings.

Art. 6 (1) (f) GDPR

_shopify_s

Shopify

<1

Shopify analytics.

Art. 6 (1) (a) GDPR

_shopify_sa_p

Shopify

<1

Shopify marketing & recommendation analytics.

Art. 6 (1) (a) GDPR

_shopify_sa_t

Shopify

<1

Shopify marketing & recommendation analytics.

Art. 6 (1) (a) GDPR

_shopify_tm

Shopify

<1

Manages customer privacy settings.

Art. 6 (1) (a) GDPR

_shopify_tw

Shopify

14

Manages customer privacy settings.

Art. 6 (1) (f) GDPR

_shopify_y

Shopify

365

Shopify analytics.

Art. 6 (1) (a) GDPR

_tracking_consent

Shopify

365

Tracking settings.

Art. 6 (1) (f) GDPR

locale_bar_accepted

Shopify

Session

Used for currency settings.

Art. 6 (1) (f) GDPR

secure_customer_sig

Shopify

365

Used in connection with customer login.

Art. 6 (1) (f) GDPR

shopify_pay_redirect

Shopify

<1

Used in connection with checkout.

Art. 6 (1) (f) GDPR

localization

Shopify

14

Used in connection with checkout localization.

Art. 6 (1) (f) GDPR

cart_ver

Shopify

14

Used in connection with the shopping cart.

Art. 6 (1) (f) GDPR

cart_ts

Shopify

14

Used in connection with checkout.

Art. 6 (1) (f) GDPR

cart

Shopify

14

Used in connection with the shopping cart.

Art. 6 (1) (f) GDPR

_cmp_a

Shopify

1

Manages customer privacy settings.

Art. 6 (1) (f) GDPR

keep_alive

Shopify

1

Used in connection with buyer localization.

Art. 6 (1) (f) GDPR

tracked_start_checkout

Shopify

365

Related to checkout.

Art. 6 (1) (f) GDPR

_checkout_queue_token

Shopify

0

Used in connection with checkout.

Art. 6 (1) (f) GDPR

_ga_7JR37HF8RD

Google Analytics

365

Stores and counts page views.

Art. 6 (1) (a) GDPR

_ga_081S4D5Z8J

Google Analytics

365

Stores and counts page views.

Art. 6 (1) (a) GDPR

_ga_EQX4BJHGC7

Google Analytics

365

Stores and counts page views.

Art. 6 (1) (a) GDPR

_shopify_ga

Shopify & Google Analytics

730

Data analytics.

Art. 6 (1) (a) GDPR

checkout

Shopify

21

Used in connection with checkout.

Art. 6 (1) (f) GDPR

checkout_legacy

Shopify

0

Used in connection with checkout.

Art. 6 (1) (f) GDPR

checkout_token

Shopify

1

Used in connection with checkout.

Art. 6 (1) (f) GDPR

tracked_start_checkout

Shopify

364

Related to checkout.

Art. 6 (1) (f) GDPR

shopify_fs

Shopify

730

Collects data on visitor behavior and interaction.

Art. 6 (1) (a) GDPR

_shopify_uniq

Shopify

1

Counts the number of visits of a user.

Art. 6 (1) (a) GDPR

_shopify_visit

Shopify

30 minutes

Counts the number of visitors.

Art. 6 (1) (a) GDPR

 

 

5) Making contact

When you contact us (e.g. via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Data processing when opening a customer account

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required to open an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded through it have been fully processed, there are no legal retention periods to the contrary and we have no legitimate interest in further storage.

7) Use of customer data for direct advertising

7.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending newsletters, which ensures that you only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. We store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. Once you have unsubscribed, your email address will be deleted from our newsletter mailing list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 - Newsletter dispatch via MailChimp

Our email newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.

MailChimp uses this information to send and statistically analyze the newsletter on our behalf. For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Mailchimp uses the web beacons to automatically generate general, non-personal statistics on the response behavior to newsletter campaigns.

On the basis of our legitimate interest in the statistical evaluation of newsletter campaigns to optimize advertising communication and better focus on recipient interests, the web beacons also collect and use data of the respective newsletter recipient (email address, time of retrieval, IP address, browser type and operating system) in accordance with Art. 6 para. 1 lit. f GDPR. This data allows individual conclusions to be drawn about the newsletter recipient and is processed by Mailchimp to automatically generate statistics that show whether a particular recipient has opened a newsletter message.

If you wish to deactivate the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

MailChimp may also use this data itself in accordance with Art. 6 para. 1 lit. f GDPR on the basis of its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

To protect your data in the USA, we have concluded a data processing agreement with MailChimp on the basis of the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: https://mailchimp.com/legal/data-processing-addendum/

You can view MailChimp's privacy policy here:

https://mailchimp.com/legal/privacy/

8) Data processing for order processing

Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data (name, address, email address) provided by you when placing the order in order to inform you personally by suitable means of communication (e.g. by post or email) about upcoming updates within the legally prescribed period as part of our statutory information obligations pursuant to Art. 6 para. 1 lit. c GDPR. Your contact details will be used strictly for the purpose of notifying you of updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.

To process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.1 Use of special service providers for order processing and fulfillment

- Billbee

Orders are processed by the service provider “Billbee” (Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany). Name, address and, if applicable, other personal data will be passed on to Billbee in accordance with Art. 6 para. 1 lit. b GDPR exclusively for processing the online order. Your data will only be passed on if this is actually necessary for processing the order. Details on Billbee's data protection and its privacy policy can be found on Billbee's website at “billbee.io”.

8.2 Transfer of personal data to shipping service providers

- DHL

If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will pass on your e-mail address to DHL in accordance with Art. 6 para. 1 lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The data will only be passed on if this is necessary for the delivery of goods. In this case, prior coordination of the delivery date with DHL or notification of delivery is not possible.

Consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the transport service provider DHL.

- Hermes

If the goods are delivered by the transport service provider Hermes (Hermes Germany GmbH, Essener Straße 89, 22419 Hamburg), we will pass on your e-mail address to Hermes in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Hermes for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Hermes or notification of delivery is not possible.

Consent can be withdrawn at any time with effect for the future from the controller named above or from the transport service provider Hermes.

8.3 Use of payment service providers (payment services)

- Shopify Payments

We use the payment service provider “Shopify Payments”, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment processing is carried out via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. You can find more information about Shopify Payments' data protection at the following Internet address: https://www.shopify.com/legal/privacy. Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy.

- Apple Pay

If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment will be processed via the “Apple Pay” function on your device running iOS, watchOS or macOS by debiting a payment card stored with “Apple Pay”. Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must therefore enter a code that you have previously defined and verify it using the “Face ID” or “Touch ID” function on your device.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be forwarded to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time and whether the transaction was successfully completed. This anonymization completely excludes any personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you have made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and deactivate “Allow payments on Mac”.

You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027

- Google Pay

If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment will be processed via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To approve a payment via Google Pay of more than €25, your mobile device must first be unlocked using the verification measure set up in each case (e.g. facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the source website in the form of a unique transaction number, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a unique numerical token. For all transactions via Google Pay, Google only acts as an intermediary for processing the payment process. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment stored with Google Pay.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Google reserves the right to collect, store and analyze certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and functional maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.

The Google Pay terms of use can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection at Google Pay can be found at the following Internet address

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - “purchase on account” or “payment by installments” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - “purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values).

If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including information on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

- PayPal Checkout

This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local payment methods from third-party providers.

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - “Pay later” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - “Pay later” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

If you select the PayPal payment method “purchase on account”, your payment data will first be transmitted to PayPal to prepare the payment, whereupon PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to process the payment. The legal basis in each case is Art. 6 para. 1 lit. b GDPR.

In this case, RatePay carries out an identity and credit check in its own name to determine solvency in accordance with the principle already mentioned above and passes on your payment data to credit agencies on the basis of the legitimate interest in determining solvency in accordance with Art. 6 Para. 1 lit. f GDPR. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/

If you use the payment method of a local third-party provider, your payment data will first be forwarded to PayPal to prepare the payment in accordance with Art. 6 para. 1 lit. b GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the relevant provider to process the payment in accordance with Art. 6 para. 1 lit. b GDPR:

- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)

- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)

- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)

- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)

- blik (Polski Standard P&lstrok;atno&sacute;ci sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)

- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2

1200 Vienna, Austria)

- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Pozna&nacute;, Poland)

For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

- Klarna

If you select a Klarna payment service, the payment will be processed by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable payment processing, your personal data (first and last name, street, house number, zip code, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 para. 1 lit. a GDPR during the ordering process. You can view the credit agencies to which your data may be forwarded here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained on the statistical probability of a payment default to make a balanced decision on the establishment, execution or termination of the contractual relationship.

You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract. Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's privacy policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or for data subjects domiciled in Austria

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy behandelt.

- SOFORT

If you select the “SOFORT” payment method, payment will be processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we will pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can obtain further information about SOFORT's data protection provisions at the following Internet address: https://www.klarna.com/sofort/datenschutz.

9) Online marketing

Facebook pixel for the creation of custom audiences with extended data matching (with cookie consent tool)

Within our online offer, the so-called “Facebook pixel” of the social network Facebook is used in the extended data matching mode, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).

On the basis of the user's express consent, when a user clicks on an advertisement placed by us on Facebook, Facebook Pixel adds an addendum to the URL of our linked page. This URL parameter is then written into the user's browser via a cookie after redirection, which our linked page sets itself. In addition, this cookie stores specific customer data such as the e-mail address, that we collect on our website linked to the Facebook ad during processes such as purchase transactions, account logins or registrations (extended data synchronization). The cookie is then read by Facebook Pixel and enables the data, including specific customer data, to be forwarded to Facebook.

With the help of the Facebook pixel with extended data matching, Facebook is able to precisely determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel with extended data matching to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are determined on the basis of the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel with extended data matching, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). Compared to the standard version of Facebook Pixel, the extended data matching function helps us to better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.

All transmitted data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place advertisements on and outside of Facebook. These processing operations are only carried out if express consent is given in accordance with Art. 6 para. 1 lit. a GDPR.

The information generated by Facebook is usually transmitted to a Facebook server and stored there; it may also be transmitted to the servers of Meta Platforms Inc. in the USA. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

Analysis and marketing

1. a) Google Analytics

We use on the basis of consent within the meaning of Art. 6 para. 1 lit. a. GDPR), we use Google Analytics and Google Adsense from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In accordance with its terms of use, Google reserves the right to use personal data for its own purposes. However, Google does not disclose whether and which personal data is used by Google.

If you have given your consent, Google uses cookies. The information generated by a cookie about the use of the online offer by the user is usually transmitted to a Google LLC server in the USA and stored there. Google processes the data in the USA on the basis of EU standard contractual clauses and thus offers sufficient guarantees within the meaning of Art. 46 para. 1, para. 2 lit. c) GDPR. You can find more information about the cookies used by Google and how to withdraw your consent here.

Google Analytics uses the information obtained through cookies on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data. We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. With AdSense, as soon as you have completed an action, Google recognizes the relevant cookie and saves your action as a so-called “conversion”. As long as you are on our website and the cookie has not yet expired, we and Google recognize that you have found us via our Google Ads ad. We do not collect or receive any personal data from Google, only statistical reports.

If you are registered with a Google Ireland Limited service, Google Analytics can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that Google will find out and store your IP address and other identification features. In this case, Google Ireland Limited is responsible for passing on your data.

The IP address transmitted by the user's browser will not be merged with other Google data. You can - in addition to the default setting at the beginning of the use of the website - prevent the storage of cookies by setting your browser software accordingly; you can also prevent the collection of data generated by the cookie and related to your use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data by Google, setting and objection options can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners

1. b) Facebook Pixel

We use a marketing pixel from the service provider Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) on our website. We have implemented a code on our website for this purpose (“pixel”). The pixel is a snippet of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you have come to our website via Facebook ads. For example, if you purchase a product on our website, the pixel is triggered and saves your actions on our website in the relevant cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. Facebook then deletes this data again. The data collected is anonymous and not visible to us and can only be used for advertising purposes. If you are a Facebook user and are logged into your Facebook account, your visit to our website is automatically assigned to your Facebook user account.

We only want to show our services and products to people who are really interested in them. With the help of this marketing pixel, our advertising measures can be better tailored to your wishes and interests. This means that Facebook users (provided they have allowed the use of cookies required for personalized advertising) see suitable advertising. Facebook also uses the data collected for analysis purposes and its own advertisements.

The cookies that are set by integrating the marketing pixel can be found here.

For more information on the collection and use of data by Facebook and your rights and options for protecting your privacy in this regard, please refer to Facebook's privacy policy at https://www.facebook.com/about/privacy/

The legal basis for the setting of cookies and the associated processing of personal data is Art. 6 para. 1 lit. a GDPR.

You can also revoke this consent at any time in the settings. However, if you only withdraw your consent for processing outside the European Union, it will no longer be possible to continue using the marketing pixel functions.

1. c) Pinterest Pixel (Pinterest Tag)

If you have given your consent, our website uses the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which enables us to show our website visitors who have already shown an interest in our website and our content/offers and are Pinterest members relevant advertisements and offers on Pinterest. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, via which Pinterest is informed when you visit our website that you have accessed our website and which parts of our offer you were interested in. For example, if you have shown an interest in our subscriptions on our website, you may be shown an advertisement for our subscriptions on Pinterest.

The legal basis for setting the pixel and the associated processing of personal data is Art. 6 para. 1 lit. a GDPR. Data will only be processed via the pixel until you withdraw your consent. All processing operations carried out before you withdraw your consent remain unaffected. You can withdraw your consent here at any time.

You can also opt out of the collection of data for the display of interest-based advertising on Pinterest at any time in your Pinterest account settings at https://www.pinterest.de/settings (under “Customization”, deactivate the button “Use information from our partners to better tailor recommendations and ads to you on Pinterest”) or at https://help.pinterest.com/de/article/personalization-and-data#info-ad (deactivate the checkbox under “Deactivate individual customization”).

10) Page functionalities

10.1 Facebook plugins with 2-click solution

Our website uses social plugins (“plugins”) from the social network Facebook, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). In order to increase the protection of your data when you visit our website, the plugins are initially deactivated and integrated into the page using a so-called “2-click” solution. You can recognize deactivated plugins by the fact that they are highlighted in grey. This integration ensures that no connection to the Facebook servers is established when you access a page on our website that contains such plugins. Your browser only establishes a direct connection to the Facebook servers when you activate the plugins and thus give your consent to the transfer of data in accordance with Art. 6 para. 1 lit. a GDPR. The content of the respective plugin is transmitted directly to your browser and integrated into the page. The plugin then transmits data (including your IP address) to Facebook. We have no influence on the scope of the data that Facebook collects with the help of the plugins. To the best of our knowledge, Facebook receives information about which of our websites you have currently and previously visited. By integrating the plugins, Facebook also receives the information that your browser has accessed the corresponding page of our website even if you do not have a Facebook profile or are not currently logged in. The information collected (including your IP address) is transmitted directly from your browser to a Meta Platforms Inc. server in the USA and stored there. If you interact with the plugins, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your contacts there. You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation has no influence on the data that has already been transmitted to Facebook.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information: https://www.facebook.com/policy.php

10.2 Facebook plugins with Shariff solution

Our website uses social plugins (“plugins”) from the social network Facebook, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that no connection to the Facebook servers is established when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the Facebook page, where you can interact with the plugins there (if necessary after entering your login data).

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information: https://www.facebook.com/policy.php

10.3 Instagram plugin as a Shariff solution

Our website uses so-called social plugins (“plugins”) of the online service Instagram, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”).

In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that no connection to Instagram's servers is established when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the Instagram page, where you can interact with the plugins there (if necessary after entering your login data). The purpose and scope of the data collection and the further processing and use of the data by Instagram as well as your rights in this regard and setting options to protect your privacy can be found in Instagram's data protection information: https://help.instagram.com/155833707900388/

10.4 Google reCAPTCHA

On this website, we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in determining individual responsibility on the Internet and avoiding abuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA. Further information about Google reCAPTCHA as well as Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/
Where legally required, we have obtained your consent for the above-mentioned processing of your data in accordance with Article 6(1)(a) of the GDPR. You can withdraw your consent at any time with effect for the future. To exercise your withdrawal, please follow the procedure for raising an objection as described above.

10.5 ShopSync for Shopify
This website uses the Shopify app “ShopSync” provided by ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.

With the help of ShopSync, the newsletter service “Mailchimp” is synchronized with our Shopify account. This ensures that updates in Mailchimp email lists (e.g., a newsletter recipient opting out) are automatically reflected in Shopify, and that new contact data generated from transactions on Shopify is automatically transferred to Mailchimp email lists.

In the first case, data processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in maintaining advertising recipient directories effectively and across systems, as well as efficiently observing legally significant status changes.

In the second case, data is transferred to Mailchimp by ShopSync solely based on the explicit consent of the user in accordance with Article 6(1)(a) of the GDPR. This applies after a contract has been concluded on Shopify, where the user's first and last name, address, and email address, along with transaction-related information (purchase amount, time, and date of purchase), are added to the Mailchimp list.

The data transferred in this process is not stored or retained by ShopSync after synchronization. All information synchronized between Shopify and Mailchimp is transmitted using SSL technology (Secure Socket Layer), and all transmitted information remains encrypted during the synchronization process.

The synchronization process requires transferring information over a secure connection to servers hosted by Amazon Web Services in the USA.

Further data protection information regarding ShopSync can be found here: https://shopsync.io/privacy-policy

11) Tools and Other Applications


Cookie-Consent Tool
This website uses a so-called "Cookie-Consent Tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "Cookie-Consent Tool" is displayed to users upon visiting the website as an interactive user interface. It allows users to provide consent for specific cookies and/or cookie-based applications by checking corresponding boxes. Using this tool ensures that all cookies/services requiring consent are only loaded if the user provides the relevant consent by checking the boxes. This guarantees that such cookies are only placed on the user’s device when consent is explicitly granted.

The tool sets technically necessary cookies to store your cookie preferences. Generally, personal user data is not processed.

If, in individual cases, the processing of personal data (such as an IP address) is required for the storage, assignment, or logging of cookie settings, this processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management and thus in ensuring the lawful configuration of our website.

Another legal basis for the processing is Article 6(1)(c) of the GDPR, as we are legally obligated to make the use of non-essential cookies dependent on user consent.

Further information about the operator and settings of the Cookie-Consent Tool can be found directly in the corresponding user interface on our website.

12) Data Subject Rights
12.1 The applicable data protection law grants you the following rights as a data subject with regard to the processing of your personal data by the data controller (rights of access and intervention), with the conditions for exercising these rights based on the cited legal foundations:

  • Right of access under Article 15 GDPR;
  • Right to rectification under Article 16 GDPR;
  • Right to erasure under Article 17 GDPR;
  • Right to restriction of processing under Article 18 GDPR;
  • Right to notification under Article 19 GDPR;
  • Right to data portability under Article 20 GDPR;
  • Right to withdraw consent under Article 7(3) GDPR;
  • Right to lodge a complaint under Article 77 GDPR.

12.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data
The duration of storage of personal data depends on the respective legal basis, the purpose of processing, and, where applicable, any relevant statutory retention periods (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent under Article 6(1)(a) GDPR, such data is stored until the data subject revokes their consent.

If statutory retention periods apply to data processed based on legal or contractual obligations under Article 6(1)(b) GDPR, such data is routinely deleted after the expiration of the retention periods, provided it is no longer required for contract performance or initiation and/or there is no legitimate interest on our part to continue storage.

When processing personal data based on Article 6(1)(f) GDPR, such data is stored until the data subject exercises their right to object under Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for direct marketing purposes based on Article 6(1)(f) GDPR, such data is stored until the data subject exercises their right to object under Article 21(2) GDPR.

Unless otherwise stated in this declaration regarding specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.