Privacy policy

1) Introduction and Contact Information of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to any data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is cute company GmbH, Thedestr 2, 22767 Hamburg, Germany, Tel.: 01781451822, Email: hi@acutecolor.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only—that is, if you do not register or otherwise provide us with information—we collect only the data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

The page you visited
Date and time of access
Amount of data transmitted in bytes
Source/referrer from which you accessed the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or otherwise used. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.

3) Hosting & Content Delivery Network

3.1 Shopify

We use the system of the following provider to host our website and display its content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 AWS CloudFront

We use a content delivery network provided by the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6(1)(f) GDPR. We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the U.S., the provider has joined the EU-U.S. Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

3.3 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

3.4 Shopify

We use a content delivery network provided by the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data may also be transferred to:

Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

For data transfers to the U.S., the data recipient has joined the EU-U.S. Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

4) Cookies

To make your visit to our website more engaging and to enable the use of certain features, we use cookies—small text files stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow for the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, pursuant to Art. 6(1)(a) GDPR in the event of consent, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a user-friendly and effective design of the site visit.

You can configure your browser so so that you are informed about the setting of cookies and can decide individually whether to accept them or can exclude the acceptance of cookies in specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Gorgias

This website uses a live chat system provided by the following provider: Gorgias Inc., 180 Sansome St, Suite 1800, San Francisco, CA 94014, USA

The processing of personal data transmitted via the chat takes place either pursuant to Art. 6(1)(b) GDPR, because it is necessary for the initiation or performance of a contract, or pursuant to Art. 6(1)(f) f GDPR based on our legitimate interest in effectively supporting our website visitors.

The data you transmit in this manner will be deleted, subject to any conflicting statutory retention periods, once the relevant matter has been conclusively resolved.

In addition, for the purpose of creating pseudonymized usage profiles using cookies, further information may be collected and analyzed; however, this information does not serve to identify you personally and is not merged with other data records. If this information is personally identifiable, processing is carried out in accordance with Art. 6(1)(f) f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented by adjusting your browser settings accordingly. However, this may limit the functionality of our website. You may object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with future effect.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For the transfer of data to the United States, the provider relies on the European Commission’s Standard Contractual Clauses, which are intended to ensure compliance with European data protection standards.

5.2 Reviews.io

For review reminders, we use the services of the following provider: REVIEWS.io 2020 GmbH, Skalitzer Str. 104, 10997 Berlin, Germany

Exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) 1(a) of the GDPR, we transmit your email address and, if applicable, other customer data to the provider so that they can contact you via email with a review reminder.

You may revoke your consent at any time with future effect by notifying us or the provider.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

5.3 Gorgias

To process customer inquiries, we use the email ticketing system provided by the following provider: Gorgias Inc., 180 Sansome St, Suite 1800, San Francisco, CA 94014, USA

If you submit contact requests via email through our website, these are stored and organized in the ticketing system to enable chronological processing and improve the service experience. You can always view the current status of your request using the individually assigned ticket number.

For the organization and processing of inquiries, personal data is collected to the extent provided, but in any case includes last name, first name, and email address, transmitted to the provider, stored there, and read.

The legal basis for processing this data is our legitimate interest in the efficient organization of our customer service, in responding to your inquiry as quickly as possible, and in optimizing our service offerings in accordance with Art. 6(1)(f) GDPR.

We have entered into a data processing agreement with the provider that ensures the protection of of our website visitors and prohibits unauthorized disclosure to third parties.

For the transfer of data to the U.S., the provider relies on the European Commission’s Standard Contractual Clauses, which are intended to ensure compliance with European data protection standards.

5.4 When you contact us (e.g., via contact form or email), personal data is processed—exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1) 1(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively resolved and provided that no statutory retention obligations preclude this.

6) Data Processing When Opening a Customer Account

In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can see which data is required for account opening in the input fields of the corresponding form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. After your customer account is deleted, your data will be deleted provided that all contracts concluded in connection therewith have been fully settled, no statutory retention periods preclude such deletion, and we no longer have a legitimate interest in further storage.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to Our Email Newsletter

When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required to receive the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter, which ensures that you will only receive the newsletter once you have expressly confirmed your consent to receive it by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, to enable us to trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

7.2 Sending the Email Newsletter to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to periodically send you offers via email for similar goods or services from our product range, such as those you have already purchased. For this purpose, we are not required to obtain separate consent from you pursuant to Section 7(3) of the German Unfair Competition Act (UWG). Data processing in this regard is based solely on our legitimate interest in personalized direct marketing pursuant to Article 6(1)(f) of the GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails.

You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with future effect by notifying the controller named at the beginning. You will only incur transmission costs according to standard rates for this. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

7.3 Klaviyo

Our email newsletters and other promotional email communications are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly email marketing, we share the data you provided during registration with this provider in accordance with Art. 6(1)(f) GDPR so that they can handle email distribution on our behalf.

Subject to your explicit consent pursuant to Art. 6(1) 1(a) GDPR, the provider also conducts a statistical evaluation of the success of email campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the newsletter’s content. In doing so, device information (e.g., time of access, IP address, browser type, and operating system) is collected and analyzed, but not merged with other data sets.

You may revoke your consent to email tracking at any time with future effect.

We have entered into a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

7.4 Shopify Email

Our email newsletters are sent via this provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

Based on our legitimate interest in effective and user-friendly newsletter marketing, we share the data you provide when subscribing to the newsletter with this provider in accordance with Art. 6(1)(f) GDPR so that they can handle the newsletter distribution on our behalf.

Subject to your explicit consent in accordance with Art. 6(1)(a) a GDPR, the provider also conducts a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the newsletter’s content. In doing so, device information (e.g., time of access, IP address, browser type, and operating system) is collected and analyzed, but not merged with other data sets.

You may revoke your consent to newsletter tracking at any time with future effect.

We have entered into a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

In the case of data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

7.5 Email Notifications Regarding Product Availability

For items that are temporarily unavailable, you can sign up to receive email notifications regarding product availability. In this case, we will send you a one-time email message regarding the availability of the item you have selected. The only mandatory information required to send this notification is your email address. Providing additional data is voluntary and may be used to address you personally. For email delivery, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data we collect when you register for our email notification service regarding product availability is used strictly for the specified purpose.

You may unsubscribe from the availability notifications at any time by sending a message to the controller named at the beginning of this notice. Once you have unsubscribed, your email address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this scope, which is permitted by law and about which we inform you in this notice.

8) Data Processing for Order Processing

8.1 To the extent necessary for contract fulfillment for delivery and payment purposes, the personal data we collect will be transferred to the contracted shipping company and the contracted financial institution in accordance with Art. 6(1)(b) GDPR.

If, based on a corresponding contract, we are obligated to provide updates for goods with digital elements or for digital products, we process the contact information you provided when placing your order to personally inform you within the scope of our legal information obligations pursuant to Art. 6(1)(f) c GDPR. Your contact details will be used strictly for the specific purpose of communicating updates we are obligated to provide and will be processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who assist us in whole or in part with the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

8.2 EasyDHL

To prepare shipments, we use the services of the following provider: 247APPS UG (limited liability), In der Goldgrube 28, 56073 Koblenz

In accordance with Art. 6(1)(b) GDPR, we transmit digital shipping labels containing your delivery information exclusively for the purpose of processing your online order from our order processing system to the provider, who then sends them to our local printers to enable printing. Data is only shared to the extent that this is actually necessary for processing.

8.3 Post & DHL Shipping (official)

To prepare for shipping, we use the services of the following provider: Deutsche Post DHL Research And Innovation GmbH, Kurt-Schumacher-Str. 1, 53113 Bonn

8.4 Shopify Order Printer

We use the following provider for order processing: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Name, address, and, where applicable, other personal data are transferred to the provider in accordance with Art. 6(1)(b) GDPR for the purpose of processing the online order. Your data is only transferred to the extent that this is actually necessary for order processing. The provider is also used for accounting purposes. Thus, the provider processes incoming and outgoing invoices as well as, where applicable, our company’s bank transactions to automatically record invoices, match them to transactions, and use this data to generate financial accounting records in a semi-automated process.

If personal data is also processed in this context, the processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business processes.

8.5 Disclosure of personal data to shipping service providers

- Deutsche Post

We use the following provider as our shipping service provider: Deutsche Post AG, Charles-de-Gaulle -Straße 20, 53113 Bonn, Germany

We will disclose your email address and/or phone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or providing a delivery notification, provided that you have given your explicit consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only the recipient’s name and the delivery address to the provider. The data is only shared to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or a delivery notification is not possible.

Consent may be revoked at any time with future effect by contacting the controller named above or the provider.

- DHL

As a shipping service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We disclose your email address and/or phone number in accordance with Art. 6(1) 1(a) of the GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or notifying the provider of the delivery, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6(1)(b) of the GDPR, we will only provide the provider with the recipient’s name and the delivery address. The transfer takes place only to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or notification of delivery is not possible.

Consent may be revoked at any time with future effect by contacting the controller named above or the provider.

8.6 Use of Payment Service Providers (Payment Services)

- Apple Pay

If you choose the “Apple Pay” payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the “Apple Pay” function of your iOS, watchOS, or macOS-powered device by charging a payment card stored with “Apple Pay.” Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. To authorize a payment, you must therefore enter a code you previously set and verify your identity using the “Face ID” or “Touch ID” feature of your device.

For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data using a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the successful payment.

If personal data is processed during the transmissions described above, such processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6( 1(b) of the GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you initiated via Safari on your Mac, the Mac and the authorizing device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that could identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone’s Settings. Go to “Wallet & Apple Pay” and turn off “Allow Payments on Mac.”

For more information on privacy with Apple Pay, visit the following website: https://support.apple.com/de-de/HT203027

- EPS Transfer

This website offers one or more online payment methods from the following provider: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria

If you select a payment method from this provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the contents of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

- giropay

One or more online payment methods from the following provider are available on this website: paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany

If you select a payment method from this provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the contents of your order in accordance with Art. 6(1)(b) GDPR. In this case, your data is transferred exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

- Google Pay

If you choose the “Google Pay” payment method offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing takes place via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with NFC functionality, by charging a payment card stored in Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, you must first unlock your mobile device using the verification method set up for that device (such as facial , password, fingerprint, or pattern).

For the purpose of payment processing, the information you provide during the ordering process, along with the details of your order, is shared with Google. Google then transmits your payment information stored in Google Pay to the originating website in the form of a one-time transaction number, which verifies that a payment has been made. This transaction number contains no information regarding the actual payment details of the payment method stored in Google Pay; but is generated and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google acts solely as an intermediary for processing the payment transaction. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed during the described transmissions, such processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.

Google reserves the right to collect, store, and analyze certain transaction-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, the merchant’s location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) of the GDPR on the basis of a legitimate interest in proper accounting, the verification of transaction data, and the optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with additional information collected and stored by Google when using other Google services.

The Google Pay Terms of Service can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection for Google Pay can be found at the following web address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- GoPay

One or more online payment methods from the following provider are available on this website: GoPay s.r.o., Planá 67, 370 01 Planá, Czech Republic

If you select a payment method from this provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the contents of your order will be transmitted to the provider in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method where the provider makes an advance payment (such as purchase on account, installment purchase, or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, ZIP code, city, date of birth, email address, phone number, and, if applicable, information regarding an alternative payment method).

To safeguard our legitimate interest in determining the creditworthiness of our customers, we will forward this data to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data you have provided as well as additional data (such as shopping cart, invoice amount, order history, payment history) whether the payment option you have selected can be granted in light of payment and/or default risks.

In addition to the provider’s internal criteria pursuant to Art. 6(1)(f) GDPR, identity and creditworthiness information from the following credit reporting agencies may also be included in the decision-making process during the application review:

https://cdn.klarna.com/ 1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). To the extent that score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things but not exclusively, address data.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider that requires advance payment, your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the contents of your order in accordance with Art. 6(1)(b) GDPR. In this case, your data is transferred exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, ZIP code, city, date of birth, email address, phone number, and, if applicable, details of an alternative payment method).

In such cases, to safeguard our legitimate interest in verifying your creditworthiness, we will forward this data to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of a credit check. Based on the personal data you have provided as well as additional data (such as shopping cart, invoice amount, order history, payment history), the provider assesses whether the payment method you have selected can be granted in light of payment and/or credit default risks.

The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but not exclusively, address data.

- PayPal Checkout

This website uses PayPal Checkout, an online payment system from PayPal that consists of PayPal’s own payment methods and local payment methods from third-party providers.

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—“Pay Later” via PayPal, we will transfer your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). This transfer is carried out in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal, or—if offered—“Pay Later” via PayPal, – the right to conduct a credit check. For this purpose, your payment data may be transferred to credit bureaus in accordance with Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check—specifically the statistical probability of payment default—to decide whether to provide the respective payment method. The credit report may probability values (so-called score values). To the extent that score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things but not exclusively, address data. You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of the payment.

If the PayPal payment method “Purchase on Account” is available and selected your payment data is first transmitted to PayPal to prepare the payment, after which PayPal forwards it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to execute the payment. The legal basis in each case is Art. 6(1)(b) GDPR. In this case, RatePay conducts an identity and credit check in its own name to determine your creditworthiness in accordance with the principle mentioned above and, based on the legitimate interest in determining creditworthiness pursuant to Art. 6(1)(f) GDPR, forwards your payment data to credit bureaus. A list of the credit bureaus that RatePay may use can be found here: https://www.ratepay. com/legal-payment-creditagencies/

When using a local third-party payment method, your payment data is first transferred to PayPal in accordance with Art. 6(1)(b) GDPR to prepare the payment. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the relevant provider in accordance with Art. 6(1)(b) GDPR to execute the payment:

- Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)

- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)

- iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)

- Bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)

- Blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)

- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2

1200 Vienna, Austria)

- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further information regarding data protection, please refer to PayPal’s Privacy Policy: https://www.paypal.com/de/legalhub/paypal/privacy-full

- Shopify Payments

This website offers one or more online payment methods from the following provider: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

If you select a payment method from this provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, in accordance with Art. 6(1)(b) GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

- Stripe

One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

If you select a payment method from this provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, in accordance with Art. 6(1)(b) GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method where the provider pays in advance (such as purchase on account, installment purchase, or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, ZIP code, city, date of birth, email address, phone number, and, if applicable, details regarding an alternative payment method).

To safeguard our legitimate interest in determining the creditworthiness of our customers, we will forward this data to the provider pursuant to Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data you have provided as well as additional data (such as shopping cart, invoice amount, order history, payment history) whether the payment option you have selected can be granted in light of payment and/or credit default risks.

The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical -statistical method. The calculation of the score values includes, among other things but not exclusively, address data.

9) Web Analytics Services

9.1 Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

Google (Universal) Analytics is used on this website exclusively without the use of cookies, which means that the service does not set cookies on your device at any time.

Instead, your browser’s local storage is used to store a unique ID assigned by Google (Universal) Analytics, which enables an analysis of your use of the website. For this purpose, certain user information is processed via the ID. This information includes your IP address, although Google truncates the last digits to prevent direct personal identification.

The information is transmitted to Google’s servers and processed there. This may also involve transfers to Google LLC, which is based in the United States.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. The data collected through the use of Google (Universal) Analytics is stored for a period of two months and then deleted.

All processing described above, including the storage of information on the device you are using in the form of an ID, takes place only if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR.

Without your consent, Google (Universal) Analytics will not be used during your visit to the site. You may revoke your consent at any time with future effect.

To exercise your right to revoke consent, you can download and install the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin or within browsers on mobile devices, you can withdraw your consent by clicking the following link to set an opt-out cookie that will prevent future tracking by Google Analytics on this website (this opt-out cookie works only in this browser and only for this domain. If you delete your cookies in this browser, you must click this link again) :

Disable Google Analytics

We have entered into a data processing agreement with Google that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further legal information regarding Google (Universal) Analytics can be found at https://business. safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de, and at https://policies.google.com/technologies/partner-sites

Demographic characteristics

Google (Universal) Analytics uses the special “demographic characteristics” feature and can use it to generate statistics that provide insights into the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be attributed to any specific individual and is deleted after being stored for a period of two months.

Google Signals

As an extension to Google (Universal) Analytics, Google Signals can be used on this website to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyze your usage behavior across devices and create database models, including those related to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the “Personalized ads” feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de

For more information about Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs

As an extension to Google (Universal) Analytics, the “UserIDs” feature can be used on this website. If you have consented to the use of Google (Universal) Analytics pursuant to Art. 6(1)(a) GDPR, have set up an account on this website, and log in to this account on various devices, your activities, including conversions, be analyzed across devices.

9.2 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, although Google truncates the last digits to prevent direct personal identification.

The information is transmitted to Google’s servers and processed there. This may also involve transfers to Google LLC, based in the United States.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us, and to provide other services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above , in particular the setting of cookies on the device used, takes place only if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR.

Without your consent, Google Analytics 4 will not be used during your visit to the site. You may revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with Google that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further legal information regarding Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de, and https://policies.google.com/technologies/partner-sites

Demographic Features

Google Analytics 4 uses the special “demographic characteristics” feature and can generate statistics that provide insights into the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be attributed to a specific individual and is deleted after being stored for a period of two months.

Google Signals

As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google Account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyze your usage behavior across devices and create database models, including those related to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the “Personalized ads” feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de

For more information about Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs

As an extension to Google Analytics 4, the “UserIDs” feature can be used on this website. If you have consented to the use of Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, have set up an account on this website, and log in to this account on various devices, your activities—including conversions—can be analyzed across devices.

9.3 Google Tag Manager

This website uses “Google Tag Manager,” a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).

Google Tag Manager provides a technical foundation for bundling various web applications, including tracking and analytics services, and for calibrating, controlling, and conditioning them via a unified user interface. Google Tag Manager itself does not store any information on users’ devices or read such information. Nor does the service perform any independent data analysis. However, when you visit a page, Google Tag Manager transmits your IP address to Google, where it may be stored. Transmission to servers of Google LLC in the U.S. is also possible.

This processing is carried out only if you have given us your explicit consent pursuant to Art. 6(1)(a) of the GDPR. Without this consent, Google Tag Manager will not be used during your visit to the site. You may revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service using the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the U.S., the provider has joined the EU-U.S. Data Privacy Framework (EU-US Data Privacy Framework), which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

Further legal information regarding Google Tag Manager can be found at https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de

9.4 Shopify Analytics

This website uses the web analytics service provided by the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

Using cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used, such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this enables the analysis of movement patterns (so-called heatmaps), which reveal the duration of page visits as well as interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally precludes direct personal identification. There is no merging with other personal data collected about you.

All processing described above, in particular the reading or storage of information on the device used, are only carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

In the case of data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

10) Retargeting/Remarketing and Conversion Tracking

10.1 Meta Pixel

Within our online offering, we use the “Meta Pixel” service provided by the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”)

If a user clicks on an advertisement we have placed on Facebook and/or Instagram, “Meta Pixel” adds a parameter to the URL of our linked page. This URL parameter is then entered into the user’s browser after the redirect via a cookie set by our linked page itself.

This enables Meta to identify visitors to our online offering as a target group for the display of ads. Accordingly, we use the service to display the Facebook and/or Instagram ads we place only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites visited), which we transmit to Meta (so-called “Custom Audiences”).

On the other hand, the “Meta Pixel” can be used to track whether users were redirected to our website after clicking on an advertisement and what actions they take there (so-called “conversion tracking ").

The collected data is anonymous to us, meaning it does not allow us to identify users. However, the data is stored and processed by Meta, enabling a link to the respective user profile and allowing Meta to use the data for its own advertising purposes.

All processing described above, in particular the setting of cookies to read information on the device used, is carried out only if you have given your explicit consent in accordance with Art. 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is generally transmitted to a Meta server and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the United States.

10.2 Pinterest Tag Conversion Tracking

This website uses the conversion tracking technology of the following provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

If you arrived at our website via an advertisement on the provider’s domain, the success of the advertisement can be tracked using cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests), the success of the advertisement can be tracked.

To this end, the tracking technology reads certain device and browser information, including your IP address if applicable, to record and analyze user actions predefined by us (e.g., completed transactions, leads, website search queries, visits to product pages). This enables us to generate statistics on user behavior on our website following a redirect from an advertisement, which we use to optimize our offerings.

All processing described above, in particular the setting of cookies to read information from the device used, is carried out only if you have given us your explicit consent to do so in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

10.3 TikTok Pixel

This website uses the conversion tracking technology of the following provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

To this end, the tracking technology reads certain device and browser information, including your IP address if applicable, to capture and evaluate user actions predefined by us (e.g., completed transactions, leads, search queries on the website, visits to product pages) and evaluate them. This enables us to generate statistics on usage behavior on our website following a redirect from an advertisement, which help us optimize our offerings.

All processing described above, in particular the setting of cookies to read information from the device used, are only carried out if you have given us your explicit consent to do so in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

11) Site Features

11.1 Google Web Fonts

This site uses so-called web fonts from the following provider to ensure consistent font display: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you visit a page, your browser loads the required web fonts into its cache to display text and fonts correctly and establishes a direct connection to the provider’s servers. In doing so, certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA

The processing of personal data in connection with establishing a connection with the font provider is only carried out if you have given us your explicit consent to do so in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service via the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

11.2 Typeform

We use the services of the following provider to conduct surveys or for online forms: TYPEFORM SL, Carrer de Can Rabia 3-5, 4th Floor, 08017 Barcelona, Spain

This provider enables us to design and evaluate surveys and online forms. In addition to the personal data you enter into the forms, information regarding your operating system, browser, date and time of your visit, referrer URL, and your IP address is also collected, transmitted to the provider, and stored on the provider’s servers.

The information you enter into the forms is stored in a password-protected manner to ensure that third-party access is prevented and that only we can evaluate the data for the purpose specified in the respective form.

When processing personal data necessary to fulfill a contract with you (this also applies to processing operations necessary to carry out pre-contractual measures), Article 6(1)(b) of the GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is based on Article 6(1)(a) of the GDPR. Consent that has been given may be revoked at any time with future effect.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

11.3 Online Applications via a Form

On our website, we list currently vacant positions in a separate section, for which interested parties can apply using a corresponding form.

Applicants must provide all personal data necessary for a thorough assessment, including general information such as name, address, and contact details, as well as performance-related documentation and, where applicable, health-related information. Details regarding the application can be found in the job posting.

When the form is submitted, applicant data is transmitted to us in encrypted form using state-of-the-art technology, stored by us, and evaluated exclusively for the purpose of processing the application. Processing is based on Art. 6(1)(b) GDPR (or § 26(1) BDSG), under which the application process is considered the initiation of an employment contract.

To the extent that special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data such as information regarding severe disability status) are requested from applicants, processing is carried out in accordance with Art. 9(2)(b) GDPR so that we may exercise the rights arising from labor law and the law on social security and social protection and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9(1)(h) of the GDPR if it is carried out for the purposes of preventive healthcare or occupational medicine, for the assessment of the applicant’s fitness for work, for medical diagnosis, care, or treatment in the health or social sector, or for the administration of systems and services in the health or social sector.

If the applicant is not selected or withdraws their application prematurely, the data submitted via the form as well as all electronic correspondence, including the application email, will be deleted no later than 6 months after a corresponding notification. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, fulfilling our obligations to provide evidence under the regulations on equal of applicants.

In the event of a successful application, the data provided will be processed on the basis of Art. 6(1)(b) GDPR (in the case of processing in Germany in conjunction with § 26(1) BDSG) for the purpose of carrying out the employment relationship.

12) Tools and Miscellaneous

12.1 - Billbee

For accounting purposes, we use the cloud-based accounting software service provided by the following provider: Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany

The provider processes incoming and outgoing invoices as well as, where applicable, our company’s bank transactions in order to automatically record invoices, match them to transactions, and use this data to generate financial accounting records in a semi-automated process.

To the extent that personal data is processed in this context, such processing is based on our legitimate interest in the efficient organization and documentation of our business processes pursuant to Art. 6(1)(f) GDPR.

- DATEV

For our accounting purposes, we use the cloud-based accounting software service provided by the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany

To the extent that personal data is processed in this context, the processing is based on our legitimate interest in the efficient organization and documentation of our business processes pursuant to Art. 6(1)(f) GDPR.

- pathway solutions

For our accounting, we use the cloud-based accounting software service provided by the following provider: pathway solutions gmbh, c/o ba tax gmbh, Alstertwiete 3, 20099 Hamburg

The provider processes incoming and outgoing invoices as well as, where applicable, our company’s bank transactions in order to automatically capture invoices, match them to the transactions, and use this data to generate financial accounting records through a semi-automated process.

12.2 Cookie Consent Tool

This website uses a so-called “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent . The “Cookie Consent Tool” is displayed to users when they visit the page in the form of an interactive user interface, where consent for specific cookies and/or cookie-based applications can be granted by checking boxes. Through the use of this tool, all cookies and services requiring consent are loaded only if the respective user grants the corresponding consent by checking the appropriate boxes. This ensures that such cookies are set on the user’s device only if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings (such as the IP address), this is done in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

A further legal basis for the processing is Art. 6(1)(c) GDPR. As the controller, we are legally obligated to make the use of technically non-essential cookies contingent upon the user’s consent.

Where necessary, we have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the settings options for the cookie consent tool can be found directly in the corresponding user interface on our website.

13) Rights of the Data Subject

13.1 Applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data, whereby reference is made to the cited legal basis for the respective conditions for exercising these rights:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to be informed pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent pursuant to Art. 7(3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, exercise, or defense of legal claims.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

14) Duration of Storage of Personal Data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing, and—where applicable—the respective statutory retention period (e.g., retention periods under commercial and tax law).

When processing personal data based on explicit consent pursuant to Art. 6(1)(a) GDPR, the data in question will be stored until you withdraw your consent.

If statutory retention periods exist for data processed within the scope of contractual or quasi-contractual obligations based on Article 6(1)(b) of the GDPR, this data is routinely deleted upon expiration of the retention periods, provided it is no longer necessary for the performance or initiation of a contract and/or we no longer have a legitimate interest in further storage.

When processing personal data based on Article 6(1)(f) of the GDPR, this data is stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for the purpose of direct marketing based on Article 6(1)(f) of the GDPR, this data is stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

As of: April 17, 2026, 3:36:42 AM

Privacy policy

1) Introduction and Contact Information of the Data Controller

2) Data Collection When Visiting Our Website

3) Hosting & Content Delivery Network

4) Cookies

5) Contact

6) Data Processing When Opening a Customer Account

7) Use of Customer Data for Direct Marketing

8) Data Processing for Order Processing

9) Web Analytics Services

10) Retargeting/Remarketing and Conversion Tracking

11) Site Features

12) Tools and Miscellaneous

13) Rights of the Data Subject

14) Duration of Storage of Personal Data

Cart

No more products available for purchase

Perfect match: