1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data by which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Tim Kohl, Butenring 6, 25479 Germany, Tel.: +49 173 6851928, E‑Mail: info@safe-shield.eu. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2.1 When using our website for purely informational purposes, i.e. when you do not register or otherwise provide us with information, we only collect those data that your browser transmits to the server (so‑called “server log files”). When you call up our website, we collect the following data, which are technically necessary for us to display the website to you:
The processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. We do not pass on or otherwise use the data. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
3.1 Amazon Web Services
We use the system of the following provider for hosting our website and displaying page content: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.
All data collected on our website are processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
3.2 Shopify
We use the system of the following provider for hosting our website and displaying page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1‑2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).
Data are also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
All data collected on our website are processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
An adequate level of data protection for transfers to Canada is ensured by an adequacy decision of the European Commission.
3.3 AWS CloudFront
We use a content delivery network of the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.
This service allows us to deliver large media files such as images, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
3.4 Cloudflare
We use a content delivery network of the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.
This service allows us to deliver large media files such as images, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
In order to make your visit to our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so‑called “session cookies”), while others remain on your device for a longer period and enable storage of page settings (so‑called “persistent cookies”). You can find the storage period of the cookies in question in your web browser’s cookie settings overview.
If individual cookies used by us also process personal data, the processing takes place pursuant to Art. 6(1)(b) GDPR for contract performance, pursuant to Art. 6(1)(a) GDPR in the case of consent given, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interest in the best possible functionality of the website and a customer‑friendly and effective design of the website visit.
You can configure your browser so that you are informed about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies in general or in certain cases.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5.1 Judge.me
For review reminders we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1‑3 Worship Street, London, EC2A 2AB, United Kingdom.
Only on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR do we transmit your email address and, if applicable, other customer data to the provider so that they can contact you by email with a review reminder.
You can revoke your consent at any time with effect for the future against us or the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
An adequate level of data protection for transfers to the provider location is ensured by an adequacy decision of the European Commission.
5.2 Trustpilot
For review reminders we use the services of the following provider: Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark.
Only on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR do we transmit your email address and, if applicable, other customer data to the provider so that they can contact you by email with a review reminder.
You can revoke your consent at any time with effect for the future against us or the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
5.3 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the messaging service WhatsApp of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose we use the so‑called “Business version” of WhatsApp.
If you contact us via WhatsApp in connection with a specific transaction (e.g. a placed order), we store and use the mobile phone number you used with WhatsApp as well as – if provided – your first and last name pursuant to Art. 6(1)(b) GDPR to process and respond to your inquiry. On the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address or email address) in order to be able to assign your inquiry to a specific transaction.
If you use our WhatsApp contact for general inquiries (e.g. about services offered, availability or our website), we store and use the mobile phone number you used with WhatsApp as well as – if provided – your first and last name pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in providing the desired information efficiently and promptly.
Your data are used exclusively to answer your inquiry via WhatsApp. They are not passed on to third parties.
Please note that WhatsApp Business obtains access to the address book of the mobile device we use for this purpose and automatically transmits stored telephone numbers to a server of the parent company Meta Platforms Inc. in the USA. We use a mobile device for our WhatsApp Business account whose address book contains only the WhatsApp contact data of those users who have contacted us via WhatsApp.
This ensures that any person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp telephone number from the address books of their chat contacts pursuant to Art. 6(1)(a) GDPR through acceptance of the WhatsApp terms of use when first using the app on their device. The transmission of data of those users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
Purposes and scope of data collection and further processing and use of the data by WhatsApp and your rights and settings to protect your privacy can be found in WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
In the context of the above-mentioned processing, data transfers to servers of Meta Platforms Inc. in the USA may occur.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
5.4 In the context of contacting us (e.g. via contact form or email), personal data are processed exclusively for the purpose of handling and answering your inquiry and only to the extent necessary.
The legal basis for processing these data is our legitimate interest in answering your inquiry pursuant to Art. 6(1)(f) GDPR. If your inquiry is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when it becomes apparent from the circumstances that the matter in question has been conclusively clarified and provided no statutory retention obligations prevent deletion.
Pursuant to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide them to us when opening a customer account. Which data are required for opening an account can be seen from the input mask of the relevant form on our website.
You may delete your customer account at any time by sending a message to the above controller’s address. After deletion of your customer account, your data will be deleted provided all contracts concluded via it have been fully performed, no statutory retention periods apply and we have no legitimate interest in further storage.
7.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For sending the newsletter we use the so‑called double opt‑in procedure, which ensures that you only receive the newsletter after explicitly confirming your consent via a verification link sent to the given email address.
By activating the confirmation link, you give us your consent for the use of your personal data pursuant to Art. 6(1)(a) GDPR. We store the IP address assigned by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later date. The data collected by us when registering for the newsletter are used exclusively for this purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending an appropriate message to the controller named above. After unsubscribing, your email address will be promptly deleted from our newsletter distribution list, unless you have expressly consented to further data use or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.
7.2 Sending the email newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our range by email. For this purpose, pursuant to § 7(3) UWG we do not have to obtain separate consent from you. The data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails.
You have the right to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the controller named above. Only transmission costs according to the basic tariffs may be incurred. After receipt of your objection, we will immediately cease using your email address for advertising purposes.
7.3 Shopify Email
We use the following provider for sending our email newsletter: Shopify International Limited, Victoria Buildings, 2nd Floor, 1‑2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Data are also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
On the basis of our legitimate interest in effective and user‑friendly newsletter marketing, we forward the data you provided when registering for the newsletter pursuant to Art. 6(1)(f) GDPR to this provider so that they can send the newsletter on our behalf.
Subject to your explicit consent pursuant to Art. 6(1)(a) GDPR, the provider also performs a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the newsletter content. End device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated but not merged with other data sets. You can withdraw your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
An adequacy decision of the European Commission ensures an adequate level of data protection for transfers to Canada.
7.4 WhatsApp Newsletter
If you subscribe to our WhatsApp newsletter, we will regularly send you information about our offers via WhatsApp. The only mandatory information for sending the newsletter is your mobile phone number.
To subscribe to the newsletter, save our provided mobile number in your device’s contacts and send us the message “Start” via WhatsApp. By sending this message, you give us your consent for the use of your personal data pursuant to Art. 6(1)(a) GDPR for the purpose of sending the newsletter. We will then add you to our newsletter distribution list.
The data we collect when you subscribe to the newsletter are processed exclusively for the purpose of advertising via the newsletter. You can unsubscribe at any time by sending us the message “Stop” via WhatsApp. After unsubscribing, your mobile phone number will be promptly deleted from our distribution list, unless you have expressly consented to further data use or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.
Please note that WhatsApp Business obtains access to the address book of the mobile device we use for this purpose and automatically transmits stored telephone numbers to a server of the parent company Meta Platforms Inc. in the USA.
Therefore, for sending our WhatsApp newsletter we use a mobile device whose address book contains only the WhatsApp contact data of our newsletter recipients. This ensures that any person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp telephone number from the address books of their chat contacts pursuant to Art. 6(1)(a) GDPR through acceptance of the WhatsApp terms of use when first using the app on their device. The transmission of data of those users who do not use WhatsApp and/or have not subscribed to our newsletter via WhatsApp is therefore excluded.
Purposes and scope of data collection and further processing and use of the data by WhatsApp and your rights and settings to protect your privacy can be found in WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
In the context of the above-mentioned processing, data transfers to servers of Meta Platforms Inc. in the USA may occur.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
7.5 Cart Abandonment Email Reminders
If you abandon your purchase before completing the order, you have the option to receive a one‑time email reminder of your virtual cart contents.
The only mandatory information for sending this reminder is your email address. Providing additional data is voluntary and may be used to address you personally. We use the so‑called double opt‑in procedure for sending the reminder, which ensures that you only receive the notification after explicitly confirming your consent via a verification link sent to the given email address.
By activating the verification link, you give us your consent for the use of your personal data pursuant to Art. 6(1)(a) GDPR for sending a cart abandonment reminder. We store the IP address assigned by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later date. The data we collect when registering for our email notification service are used exclusively for this purpose.
You can unsubscribe from cart abandonment reminders at any time by sending an appropriate message to the controller named above. After unsubscribing, your email address will be promptly deleted from our distribution list, unless you have expressly consented to further data use or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.
8.1 If necessary for contract fulfillment for delivery and payment purposes, the personal data we collect will be forwarded to the commissioned shipping company and the commissioned credit institution pursuant to Art. 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or digital products based on a relevant agreement, we process the contact data you provided during ordering (name, address, email address) in order to inform you personally about upcoming updates within the legally prescribed period via an appropriate communication channel (e.g. by post or email) pursuant to Art. 6(1)(c) GDPR. Your contact data will be processed strictly for notifications about updates owed by us and only to the extent necessary for this purpose.
For the fulfillment of your order, we also cooperate with the following service providers who support us wholly or partly in performing concluded contracts. Certain personal data are transmitted to these service providers as described below.
8.2 Disclosure of Personal Data to Shipping Service Providers
- DHL
As a shipping service provider, we use: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.
We forward your email address and/or telephone number pursuant to Art. 6(1)(a) GDPR before delivery for the purpose of coordinating a delivery appointment or delivery notification, provided you have given your explicit consent in the ordering process. Otherwise, for delivery purposes pursuant to Art. 6(1)(b) GDPR, we forward only the recipient’s name and delivery address to the provider. Disclosure is only to the extent necessary for delivery. In this case, prior coordination of the delivery appointment or delivery notification with the provider is not possible.
You can revoke your consent at any time with effect for the future against the controller named above or the provider.
- DHL Express
As a shipping service provider, we use: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany.
We forward your email address and/or telephone number pursuant to Art. 6(1)(a) GDPR before delivery for the purpose of coordinating a delivery appointment or delivery notification, provided you have given your explicit consent in the ordering process. Otherwise, for delivery purposes pursuant to Art. 6(1)(b) GDPR, we forward only the recipient’s name and delivery address to the provider. Disclosure is only to the extent necessary for delivery. In this case, prior coordination of the delivery appointment or delivery notification with the provider is not possible.
You can revoke your consent at any time with effect for the future against the controller named above or the provider.
- DHL Freight
As a shipping service provider, we use: DHL Freight GmbH, Godesberger Allee 102‑104, 53175 Bonn, Germany.
We forward your email address and/or telephone number pursuant to Art. 6(1)(a) GDPR before delivery for the purpose of coordinating a delivery appointment or delivery notification, provided you have given your explicit consent in the ordering process. Otherwise, for delivery purposes pursuant to Art. 6(1)(b) GDPR, we forward only the recipient’s name and delivery address to the provider. Disclosure is only to the extent necessary for delivery. In this case, prior coordination of the delivery appointment or delivery notification with the provider is not possible.
You can revoke your consent at any time with effect for the future against the controller named above or the provider.
8.3 Use of Payment Service Providers
- Apple Pay
If you choose the payment method “Apple Pay” of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the “Apple Pay” function of your iOS-, watchOS- or macOS‑equipped device by charging a payment card stored in “Apple Pay”. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code chosen by you and verify via the “Face ID” or “Touch ID” function of your device.
For payment processing purposes, the information you provide during the ordering process along with information about your order is transmitted encrypted to Apple. Apple then encrypts these data again with a developer-specific key before transmitting them to the payment service provider of the payment card stored in Apple Pay. This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction‑specific dynamic security code to the website as confirmation of successful payment.
If personal data are processed during the described transfers, the processing takes place exclusively for payment processing purposes pursuant to Art. 6(1)(b) GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was completed successfully. Anonymization completely excludes any link to a person. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.
If you use Apple Pay on iPhone or Apple Watch to complete a purchase you made via Safari on Mac, the Mac and the authorization device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a form that identifies you. You can disable the use of Apple Pay on your Mac in your iPhone settings under “Wallet & Apple Pay” by turning off “Allow Payments on Mac.”
Further information on data protection with Apple Pay can be found here: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the payment method “Google Pay” of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment is processed via the “Google Pay” app on your Android 4.4+ device with NFC by charging a payment card or other verified payment method (e.g. PayPal) stored in Google Pay. For payments over €25, your device must be unlocked first using the configured verification method (face recognition, password, fingerprint, or pattern).
For payment processing purposes, the information you provide during the ordering process along with information about your order is transmitted to Google. Google then transmits your stored payment information as a one‑time transaction number to the website, which verifies the payment. This transaction number contains no real payment data but is generated and transmitted as a one‑time valid numeric token. For all Google Pay transactions, Google acts only as an intermediary. The actual transaction is carried out solely between you and the website by charging the payment method stored in Google Pay.
If personal data are processed during the described transfers, the processing takes place exclusively for payment processing purposes pursuant to Art. 6(1)(b) GDPR.
Google reserves the right to collect, store and evaluate certain transaction‑specific information for each Google Pay transaction, including date, time and amount of the transaction, merchant location and description, a description of goods or services provided by the merchant, photos you attached to the transaction, the name and email address of buyer and seller (or sender and recipient), the payment method used, your description of the transaction purpose, and any associated offer.
According to Google, this processing takes place exclusively pursuant to Art. 6(1)(f) GDPR based on their legitimate interest in proper billing, transaction verification and optimization and maintenance of the Google Pay service.
Google may also merge the processed transaction data with other information collected and stored by Google when using other Google services.
The Google Pay terms of use can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found here: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
The following online payment methods of Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden are available on this website.
If you choose a payment method for which you pay in advance (e.g. credit card), your payment data (name, address, bank and card details, currency and transaction number) and order details are forwarded to the provider pursuant to Art. 6(1)(b) GDPR. This is done exclusively for payment processing and only to the extent necessary.
If you choose a payment method in which the provider pays in advance (e.g. invoice or installment), you will be asked to provide certain personal data (name, street, house number, postal code, city, date of birth, email address, phone number, and, if applicable, alternative payment method data).
In order to safeguard our legitimate interest in determining our customers’ creditworthiness, these data are forwarded to the provider for a credit check pursuant to Art. 6(1)(f) GDPR. The provider evaluates your payment option based on the personal data provided as well as other data (shopping cart, invoice amount, order history, payment history) to determine payment and/or default risk.
For the application evaluation, identity and credit information from the following credit agencies may also be included pursuant to Art. 6(1)(f) GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (score values). If score values are included, they are based on a scientifically recognized mathematical‑statistical procedure. Address data, among other things, are included in the calculation of score values.
You may object to this processing of your data at any time by notifying us or the provider. However, the provider may remain entitled to process your personal data if this is necessary for contractual payment processing.
- PayPal
The following online payment methods of PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22‑24 Boulevard Royal, L‑2449 Luxembourg are available on this website.
If you choose a prepayment method, your payment data (name, address, bank and card details, currency and transaction number) and order details are forwarded to the provider pursuant to Art. 6(1)(b) GDPR. This is done exclusively for payment processing and only to the extent necessary.
If you choose a payment method for which we pay in advance, you will be asked to provide certain personal data (name, street, house number, postal code, city, date of birth, email address, phone number, and, if applicable, alternative payment method data).
To safeguard our legitimate interest in determining your creditworthiness, these data are forwarded to the provider for a credit check pursuant to Art. 6(1)(f) GDPR. The provider evaluates your payment option based on the personal data provided as well as other data (shopping cart, invoice amount, order history, payment history) to determine payment and/or default risk.
The credit report may contain probability values (score values). If score values are included, they are based on a scientifically recognized mathematical‑statistical procedure. Address data, among other things, are included in the calculation of score values.
You may object to this processing of your data at any time by notifying us or the provider. However, the provider may remain entitled to process your personal data if this is necessary for contractual payment processing.
- PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal that consists of PayPal’s own payment methods and local third‑party payment methods.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later” via PayPal, we forward your payment data to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22‑24 Boulevard Royal, L‑2449 Luxembourg for payment processing pursuant to Art. 6(1)(b) GDPR. Disclosure is only to the extent necessary for payment processing.
PayPal reserves the right to perform a credit check for credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later” via PayPal. For this purpose, your payment data may be forwarded to credit agencies pursuant to Art. 6(1)(f) GDPR to determine the statistical probability of payment default. The result of the credit check is used by PayPal to decide whether to provide the respective payment method. The credit report may contain probability values (score values). If score values are included, they are based on a scientifically recognized mathematical‑statistical procedure. Address data, among other things, are included in the calculation of score values. You may object to this processing at any time by notifying PayPal. However, PayPal may remain entitled to process your personal data if this is necessary for contractual payment processing.
If the PayPal payment method “Invoice” is available and selected, your payment data are first forwarded to PayPal for payment preparation, after which PayPal forwards them to Ratepay GmbH, Franklinstraße 28‑29, 10587 Berlin for payment execution pursuant to Art. 6(1)(b) GDPR. In this case, Ratepay conducts an identity and credit check in its own name to determine your creditworthiness pursuant to Art. 6(1)(f) GDPR and forwards your payment data to credit agencies based on its legitimate interest in determining creditworthiness. A list of the credit agencies Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using a local third‑party payment method, your payment data are first forwarded to PayPal for payment preparation pursuant to Art. 6(1)(b) GDPR. Depending on your selection, PayPal then forwards your payment data for payment execution pursuant to Art. 6(1)(b) GDPR to the respective provider:
- Apple Pay (Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
- iDEAL (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
- Bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
- BLIK (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- EPS (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, 75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
Further data protection information can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Shopify Payments
The following online payment methods of Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland are available on this website.
If you choose a payment method for which you pay in advance (e.g. credit card), your payment data (name, address, bank and card details, currency and transaction number) and order details are forwarded to the provider pursuant to Art. 6(1)(b) GDPR. This is done exclusively for payment processing and only to the extent necessary.
- SOFORT
The following online payment methods of SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany are available on this website.
If you choose a payment method for which you pay in advance (e.g. credit card), your payment data (name, address, bank and card details, currency and transaction number) and order details are forwarded to the provider pursuant to Art. 6(1)(b) GDPR. This is done exclusively for payment processing and only to the extent necessary.
8.4 We reserve the right to forward your data to the debt collection service provider Collectia GmbH, Brunnwiesenstraße 4, 94469 Deggendorf, if our payment claim is not settled despite prior reminders. In this case, the claim will be collected directly by the debt collection service provider.
The transfer of your data serves contractual performance pursuant to Art. 6(1)(b) GDPR and the protection of our overriding legitimate interest in effectively asserting and enforcing our claim pursuant to Art. 6(1)(f) GDPR.
9.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our website.
By default, Google Analytics 4 sets cookies when you visit the website, which are small text files stored on your device and collect certain information. This includes your IP address, which Google truncates to exclude direct personal identification.
The information is transmitted to and processed on Google’s servers. Transfers to Google LLC servers in the USA are possible.
Google uses the collected information on our behalf to evaluate your website usage, compile reports on website activity for us, and provide other services related to website usage and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Data collected via Google Analytics 4 are stored for two months and then deleted.
All processing described above, in particular setting cookies on your device, only takes place if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. Without your consent, Google Analytics 4 is not used during your visit. You can revoke your consent at any time with effect for the future by disabling the service via the website’s cookie consent tool.
We have concluded a data processing agreement with Google, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites.
Demographics
Google Analytics 4 uses the “demographics” feature to compile statistics on visitors’ age, gender and interests based on advertising and third‑party data. This enables identification of target groups for marketing purposes. The data collected cannot be linked to a specific person and are deleted after two months.
Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross‑device reports. If you have personalized ads enabled and your devices linked to your Google account, Google may analyze your behavior across devices with your consent under Art. 6(1)(a) GDPR and build models for cross‑device conversions. We do not receive any personal data from Google, only aggregated statistics. To opt out of cross‑device analysis, disable “Personalized Ads” in your Google account settings: https://support.google.com/ads/answer/2662922?hl=de. Further information on Google Signals: https://support.google.com/analytics/answer/7532985?hl=de
User IDs
As an extension to Google Analytics 4, the “User IDs” feature may be used on this website. If you have consented to Google Analytics 4 under Art. 6(1)(a) GDPR, have created an account on this website and log in on different devices, your activities including conversions can be analyzed across devices.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
9.2 Google Tag Manager
This website uses the Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The Google Tag Manager provides a technical foundation for managing various web applications, including tracking and analytics services, via a single interface. The Tag Manager itself does not store any information on user devices or read such information, nor does it perform independent data analyses. However, when a page with the Tag Manager is loaded, your IP address is transmitted to and possibly stored by Google. Transfers to Google LLC servers in the USA are possible.
This processing only takes place if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. Without consent, the Tag Manager does not run. You can revoke consent at any time via the website’s cookie consent tool.
We have concluded a data processing agreement with Google, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
Further legal information on Google Tag Manager can be found at https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de.
10.1 Meta Pixel
Within our online offering we use the “Meta Pixel” service from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).
If a user clicks on an advertisement we placed on Facebook and/or Instagram, the URL of our linked page is appended with a parameter via the Meta Pixel. After redirection, this URL parameter is stored in a cookie set by our linked page.
This allows Meta to identify visitors to our online offering as a target group for displaying advertisements (so‑called “Ads”). We use this service to show our Facebook and/or Instagram ads only to users who have shown interest in our offering or who exhibit certain characteristics (e.g. interests in specific topics or products determined by the pages visited), which we transmit to Meta (“Custom Audiences”).
Additionally, the Meta Pixel can track whether users who clicked on an ad are redirected to our website and which actions they perform there (so‑called “conversion tracking”).
The collected data are anonymous for us and do not allow conclusions about users’ identities. However, the data are stored and processed by Meta and may be linked to individual user profiles, and Meta may use the data for its own advertising purposes.
All processing described above, in particular setting cookies to read information on the user’s device, only takes place if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke consent at any time via the website’s cookie consent tool.
We have concluded a data processing agreement with Meta, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
The information generated by Meta is usually transmitted to and stored on Meta’s servers; transfers to Meta Platforms Inc. servers in the USA may also occur.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
10.2 Google Ads Conversion Tracking
This website uses the online advertising program Google Ads and, within Google Ads, the conversion tracking service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offers on external websites using advertising media (so‑called Google AdWords). We can determine how successful individual advertising measures are based on campaign data. Our goal is to display ads that are of interest to you, make our website more attractive for you and ensure fair calculation of the advertising costs incurred.
The conversion tracking cookie is set when a user clicks on a Google‑placed ad. Cookies are small text files stored on your device. They typically expire after 30 days and are not used for personal identification. If a user visits certain pages of this website while the cookie is still valid, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a unique cookie. Cookies cannot thus be tracked across Google Ads customers’ websites. Information collected via the conversion cookie is used to compile conversion statistics for Google Ads customers who choose conversion tracking. The customers receive the total number of users who clicked on their ad and were redirected to a conversion-tagged page. No information that allows identification of users is provided. When using Google Ads, personal data may also be transmitted to Google LLC servers in the USA.
Details on the processing triggered by Google Ads conversion tracking and how Google handles website data can be found here: https://policies.google.com/technologies/partner-sites
All processing described above, in particular setting cookies to read information on the user’s device, only takes place if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke consent at any time via the website’s cookie consent tool.
You can also permanently object to setting cookies via Google Ads conversion tracking by downloading and installing the browser plugin available here: https://www.google.com/settings/ads/plugin?hl=de
Please note that disabling cookies may prevent certain functions of this website from working or working fully.
Google’s privacy policy: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
11.1 Facebook Plugins
Plugins from the social network of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are used on our website.
These plugins enable direct interactions with social network content.
To increase data protection when you visit our website, plugins are initially disabled using a “2‑click” or “Shariff” solution.
This ensures that no connection to the provider’s servers is established when you load a page containing such plugins.
If you activate the plugins and thus give your consent pursuant to Art. 6(1)(a) GDPR for data transfer, your browser establishes a direct connection to the provider’s servers. Regardless of whether you are logged into a user profile, information about your device (including your IP address), browser and page history is transmitted and possibly processed by the provider.
If you are logged into a profile on the social network, interactions via the plugins are also published there and shown to your contacts.
You can revoke consent at any time by deactivating the plugin again. The revocation does not affect data already transmitted to the provider.
Data may also be transferred to: Meta Platforms Inc., USA.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
11.2 Instagram Plugins
Plugins from the social network of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are used on our website.
These plugins enable direct interactions with social network content.
To increase data protection when you visit our website, plugins are initially disabled using a “2‑click” or “Shariff” solution.
This ensures that no connection to the provider’s servers is established when you load a page containing such plugins.
If you activate the plugins and thus give your consent pursuant to Art. 6(1)(a) GDPR for data transfer, your browser establishes a direct connection to the provider’s servers. Regardless of whether you are logged into a user profile, information about your device (including your IP address), browser and page history is transmitted and possibly processed by the provider.
If you are logged into a profile on the social network, interactions via the plugins are also published there and shown to your contacts.
You can revoke consent at any time by deactivating the plugin again. The revocation does not affect data already transmitted to the provider.
Data may also be transferred to: Meta Platforms Inc., USA.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
11.3 YouTube
This website uses plugins for displaying and playing videos from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transmitted to: Google LLC, USA.
When you access a page containing such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. Information including your IP address is transmitted to the provider.
If you start playback of embedded videos, the provider also sets cookies to collect usage information, compile playback statistics and prevent abuse.
If you are logged into a user account with the provider during your visit, data are linked to your account when you click on a video. To avoid this, please log out of your profile before clicking the playback button.
All processing described above, in particular setting cookies to read information on the user’s device, only takes place if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke consent at any time via the website’s cookie consent tool.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
Further data protection information from Google: https://business.safety.google/intl/de/privacy/
11.4 Google Maps
This website uses the online map service Google Maps API from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for displaying interactive maps to visually represent geographic information. Using this service, our location is shown and directions provided.
When you access pages with embedded maps, usage information (e.g. your IP address) is transmitted to and stored on Google’s servers; transfers to Google LLC servers in the USA may also occur. This happens regardless of whether Google provides or you have a user account. If you are logged into Google, the data are linked to your account. To prevent this, log out before activating the map. Google stores usage profiles even for users not logged in and analyzes them.
Collection, storage and analysis are based on Google’s legitimate interest in personalized advertising, market research and/or website design pursuant to Art. 6(1)(f) GDPR. You have the right to object to profile creation; you must contact Google directly. If you do not agree to data transfers to Google when using Google Maps, you can completely deactivate the service by disabling JavaScript in your browser, but the map display will no longer be available.
Where legally required, we have obtained your consent pursuant to Art. 6(1)(a) GDPR. You can revoke consent at any time for the future. To do so, follow the instructions above.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
Further Google privacy information: https://business.safety.google/intl/de/privacy/
11.5 Google reCAPTCHA
This website uses the CAPTCHA service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transmitted to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses “Google Fonts,” loaded from Google’s servers. No further data beyond standard reCAPTCHA data are processed.
The service checks whether an input is made by a human or abused by automated processing and blocks spam, DDoS attacks and similar automated threats. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of the device used, client data of the browser and operating system type, as well as date and duration of the visit, and transmits these for evaluation to the provider’s servers.
The legal basis is our legitimate interest in verifying individual human responsibility online and preventing abuse and spam pursuant to Art. 6(1)(f) GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
Further Google privacy information: https://business.safety.google/intl/de/privacy/
11.6 Google Customer Reviews (formerly Google Trusted Stores)
We participate in the “Google Customer Reviews” program of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program allows us to collect customer reviews from users of our website. After a purchase, you may be asked to participate in a survey via email.
If you consent pursuant to Art. 6(1)(a) GDPR, we transmit your email address to Google. You will receive an email from Google Customer Reviews inviting you to rate your experience. Your submitted rating is then aggregated with other ratings and displayed with our Google Customer Reviews badge as well as in our Merchant Center dashboard. Your rating may also be used for Google Seller Ratings. Transfers to Google LLC servers in the USA may occur.
You can revoke your consent at any time by notifying the controller or Google.
For data transfers to the USA, the provider has joined the EU‑US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
Further Google privacy information: https://business.safety.google/intl/de/privacy/
11.7 ShopSync for Shopify
This website uses the Shopify app “ShopSync” by ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
ShopSync synchronizes our Mailchimp newsletter service with our Shopify account so that updates in email lists (e.g. an opt‑out) are automatically reflected in Shopify and new contacts generated via Shopify purchases are automatically added to Mailchimp lists.
In the first case, data processing pursuant to Art. 6(1)(f) GDPR is based on our legitimate interest in effective, cross-system maintenance of marketing lists and reliable compliance with legally relevant status changes.
In the second case, data (first and last name, address, email address and transactional information such as purchase amount, time and date) are transferred on the basis of explicit user consent pursuant to Art. 6(1)(a) GDPR after a Shopify purchase.
Transferred data are not stored or retained by ShopSync after synchronization. All synchronized information is transmitted via SSL and remains encrypted during synchronization.
Synchronization requires a secure connection to servers hosted by Amazon Web Services in the USA.
Further privacy information on ShopSync: https://www.shop-sync.com/privacy-policy
12.1 Lexware Office
For accounting we use the cloud‑based accounting software service of Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany.
The provider processes incoming and outgoing invoices as well as, if applicable, our company’s bank transactions to automatically record invoices, match transactions and create financial accounting via a semi‑automated process.
If personal data are processed, the processing is based on our legitimate interest in efficient organization and documentation of our business processes.
12.2 Cookie Consent Tool
This website uses an interactive “cookie consent tool” to collect valid user consents for cookies and cookie‑based applications. The tool displays a user interface on page load where consents for certain cookies/services can be given via checkboxes. Cookies/services subject to consent are only loaded when the respective user consents. This ensures that technically unnecessary cookies are only set if consent is given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data are generally not processed.
If, in rare cases, personal data (e.g. IP address) are processed for storage, mapping or logging of cookie settings, this is based on our legitimate interest in compliant, user‑specific and user‑friendly consent management for cookies and thus in legally compliant design of our website pursuant to Art. 6(1)(f) GDPR.
Additionally, processing may be based on Art. 6(1)(c) GDPR if legally required. As controller, we are legally obliged to make technically unnecessary cookies dependent on user consent.
Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
Further information about the operator and settings of the cookie consent tool can be found directly in the user interface on our website.
12.3 Judge.me
For verifying and publishing customer reviews we use the services of Judge.me Ltd., c/o Buckworths, 2nd Floor, 1‑3 Worship Street, London, EC2A 2AB, United Kingdom.
When you leave a review on our website, your first and last name, email address, order date and number, as well as product identifiers (GTIN/ISBN) are collected and transmitted to the provider for validation of review authenticity. Processing is based on our legitimate interest in ensuring authentic customer reviews pursuant to Art. 6(1)(f) GDPR. After review moderation, the provider deletes the data.
An adequacy decision of the European Commission ensures adequate data protection for transfers to the provider’s location.
13.1 Under applicable data protection law, you have the following rights against the controller regarding the processing of your personal data (the requirements for each right are referred to in the respective legal basis):
13.2 Right to Object
If we process your personal data based on a balancing of interests, you have the right to object at any time, for reasons arising from your particular situation, to processing of your personal data based on our overriding legitimate interest. If you object, we will cease processing the data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If your personal data are processed for direct advertising, you have the right to object at any time to processing of personal data concerning you for such advertising. If you object, we will cease processing for direct advertising purposes.
The retention period for personal data depends on the respective legal basis, the processing purpose and, where applicable, statutory retention periods (e.g. commercial and tax law retention periods).
If processing is based on consent pursuant to Art. 6(1)(a) GDPR, the data are stored until you withdraw consent.
If statutory retention periods apply for data processed based on contract performance pursuant to Art. 6(1)(b) GDPR, the data are routinely deleted after these periods expire, provided they are no longer required for contract performance or contract initiation and no overriding legitimate interest on our part in further storage exists.
If processing is based on legitimate interest pursuant to Art. 6(1)(f) GDPR, data are stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing overriding your interests, rights and freedoms, or processing serves the establishment, exercise or defense of legal claims.
If personal data are processed for direct advertising pursuant to Art. 6(1)(f) GDPR, they are stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise specified in this policy, stored personal data are deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
