Data protection at a glance
General Information and Mandatory Information
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
The responsible party for data processing on this website is:
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
General Information on the Legal Basis for Data Processing on this Website
Note on data transfer to the USA and other third countries
We use tools from companies based in the USA or other countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. Please note that in these countries, no data protection level comparable to that of the EU can be guaranteed.
For example, US companies are required to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. intelligence agencies) may process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke a consent already given at any time. The legality of data processing carried out until revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PAR. 1 GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 PAR. 2 GDPR).
Right to lodge a complaint with a supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.
Information, erasure and rectification
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of data processing and, if necessary, a right to rectification or erasure of this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time. The right to restrict processing exists in the following cases:
If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it for the exercise, defence or establishment of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
If you have filed an objection under Article 21(1) of the GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests outweigh the others, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, these data may only be processed - apart from their storage - with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Data collection on this website Cookies
Our websites use so-called "cookies". Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or automatic deletion by your web browser occurs.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These allow us or you to use certain services of the third-party company (e.g. cookies for payment processing).
Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertisements.
Cookies that are necessary for the electronic communication process, to provide certain functions desired by you (e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring website traffic) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent is requested for the storage of cookies and similar recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); consent can be revoked at any time.
You can set your browser to notify you about the placement of cookies and only allow cookies on a case-by-case basis, refuse the acceptance of cookies for certain cases or in general, and activate automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited.
To the extent that cookies are used by third-party companies or for analysis purposes, we will inform you separately within the framework of this data protection declaration and, if necessary, request your consent.
Use of Chatbots
We use chatbots to communicate with you. Chatbots are able to respond to your questions and other inputs without human assistance. To do so, the chatbots analyze not only your inputs, but also other data to provide appropriate responses (such as names, email addresses and other contact information, customer numbers and other identifiers, orders, and chat histories). Additionally, your IP address, log files, location information, and other metadata can be collected via the chatbot.
These data are stored on the chatbot provider's servers. User profiles can be created based on the data collected. Furthermore, the data can be used for targeted advertising if the other legal requirements (especially consent) are met. For this purpose, the chatbots can be linked with analysis and advertising tools. The collected data can also be used to improve our chatbots and their response behavior (machine learning).
The data you enter during communication remain with us or the chatbot operator until you request deletion, revoke your consent for storage, or the purpose for data storage is no longer applicable (e.g. after completion of your request processing). Mandatory legal provisions - especially retention periods - remain unaffected.
The legal basis for the use of chatbots is Art. 6 para. 1 lit. b GDPR if the chatbot is used to initiate or fulfill a contract. If consent has been obtained, processing is carried out solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time. In all other cases, the use is based on our legitimate interest in effective customer communication (Art. 6 para. 1 lit. f GDPR).
Analysis tools and advertising Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used, and the origin of the user. This data is assigned to the respective end device of the user. There is no assignment to a device ID.
Furthermore, we can record your mouse and scroll movements and clicks using Google Analytics, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information about the use of this website collected by Google is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
eCommerce and Payment Providers Processing of Customer and Contract Data
We collect, process and use personal customer and contract data to establish, design and modify our contractual relationships. We only collect, process and use personal data on the use of this website (usage data) to the extent necessary to enable the user to use the service or for billing purposes.
The legal basis for this is Art. 6 para. 1 lit. b GDPR.
The customer data collected will be deleted after the order has been completed or the business relationship has ended and after any applicable statutory retention periods have expired. Statutory retention periods remain unaffected.
Data Transfer for Contract Conclusion for Online Shops, Merchants and Shipping of Goods
If you order goods from us, we will disclose your personal data to the transport company commissioned to deliver the goods and to the payment service provider commissioned with payment processing. Only such data will be disclosed that the respective service provider requires to fulfil its task. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given your consent pursuant to Art. 6 para. 1 lit. a GDPR, we will pass on your email address to the transport company commissioned to deliver the goods so that it can inform you by email about the shipping status of your order; you can revoke your consent at any time.
For a purchase on account or any other payment method where we make advance payments, we may conduct a credit check procedure (scoring). For this purpose, we transmit your entered data (e.g. name, address, age or bank details) to a credit reference agency. Based on this data, the probability of payment default is determined. If there is a high risk of payment default, we may refuse the payment method in question.
The credit check is carried out on the basis of contract fulfilment (Art. 6 para. 1 lit. b GDPR) and to avoid payment defaults (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 para. 1 lit. GDPR); consent can be revoked at any time.
We integrate third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account information, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective provider's contractual and data protection provisions apply to these transactions. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) as well as in the interest of a smooth, comfortable and secure payment process (Art. 6 para. 1 lit. f GDPR). If your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents can be revoked at any time for the future.
The following payment services/payment service providers are used as part of this website:
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as
"Sofort GmbH"). With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method "Sofortüberweisung", you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances. In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. The personal data is your first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details on payment with Sofortüberweisung can be found in the following links:
The provider of this payment service is paydirekt GmbH, Stephanstraße 14 - 16, 60313 Frankfurt am Main (hereinafter "giropay").
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA").
The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection equivalent to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu- zustandigkeitsfragen-fur-den-ewr.html.
Translated with www.DeepL.com/Translator (free version)