Privacy policy

Data protection declaration

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.

Server log files
You can use our websites without submitting personal data. 
Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
 

Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.

Contact

Responsible person
Contact us at any time. The person responsible for data processing is: Deborah Elfferding, Lucy-Lameck Straße 7, 12049 Berlin Deutschland, 015120225692, deborah.elfferding@elffcollective.com


Proactive contact of the customer by e-mail
If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.
 
Collection and processing when using the contact form 
When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Finally your data will be deleted, unless you have agreed to further processing and use.
 
WhatsApp Business
If you communicate with us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited for this (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you have your residence outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The purpose of the data processing is to handle and respond to your contact request. For this purpose we collect and process your mobile phone number registered with WhatsApp and, if provided, your name and additional data to the extent provided by you. We use a mobile device for the service, the address book of which stores exclusively the data of users who have contacted us via WhatsApp. Disclosure of personal data to WhatsApp shall not take place unless you have already consented to this with respect to WhatsApp.
Your data are transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA. 
Your data may be transferred to third countries such as the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in providing quick and easy communication as well as responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your personal data to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.
For more information on terms of service and privacy when using WhatsApp, please visit https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.
 


Customer account      Orders      

Customer account
When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.
 
Collection, processing, and transfer of personal data in orders
When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract with you. 
Your data will be shared, for example, with shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.
 

Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.


Advertising      

Use of the e-mail address for sending newsletters
We use your e-mail address to send you information and offers by newsletter, provided you have expressly consented to this. The data processing serves the sole purpose of advertising. For this purpose, we process your e-mail address and any other data that you have voluntarily provided when registering for our newsletter.
The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by sending us a message. Your e-mail address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a blacklist to prevent you from receiving future newsletter emails from us. This storage takes place on the basis of Art. 6 para. 1 lit. f GDPR out of our and your legitimate interest in preventing the reuse of your e-mail address for sending our newsletter. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.

Use of your email address for mailing of direct marketing 
We use your email address, which we obtained in the course of selling a good or service, for the electronic transmission of marketing for our own goods or services which are similar to those you have already purchased from us, unless you have objected to this use. You must provide your email address in order to conclude a contract. Failure to provide it will prevent the conclusion of any contract. The processing will be carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the contact details for exercising your right to object in our imprint. You can also use the link provided in the marketing email. This will not involve any costs other than transmission costs at basic tariffs.
 

Use of Klaviyo
We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") for newsletter dispatch as part of order processing.
We pass on the information provided by you during the newsletter registration (e-mail address, first and last name if applicable) to Klaviyo. The data processing serves the purpose of sending the newsletter and its statistical evaluation.
In order to evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked any integrated links. Within this context, we collect your personal data such as IP address, browser type and device as well as the time. A usage profile can be generated from this data under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical analysis to improve newsletter campaigns.
Your data is usually transmitted to Klaviyo servers in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
You can find more information on data protection at Klaviyo at https://www.klaviyo.com/legal/privacy-notice and at https://www.klaviyo.com/legal/data-processing-agreement.

Use of the e-mail address for availability notifications
We offer an availability notification service on our website. If an item is temporarily unavailable, you have the option of entering your e-mail address on the item in question and being informed by e-mail when it becomes available, provided you have given your consent. You will receive a one-time e-mail notification about the availability of the respective item when the goods are available. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the availability notification at any time by notifying us. Your e-mail address will then be removed from the mailing list.


Shipping companies      

Forwarding of your email address to shipping companies for information on shipping status
We forward your email address to the shipping company in the course of contractual processing, if you have explicitly agreed to this in the order process. The forwarding is for the purpose of informing you by email on the shipping status of your order. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us or the transport company without affecting the legality of the processing carried out with your consent up to the withdrawal.
 


Cookies 

Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.

Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac


technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.

The use of cookies or comparable technologies is carried out on the basis of Art. 25 para. 2 TDDDG. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.
You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

Use of the Cookie Consent Manager CCM19
On our website, we use the Cookie Consent Manager CCM19 from Papoo Software & Media GmbH (Auguststr. 4, D-53229 Bonn, Germany; "CCM19").
The plug-in enables you to give your consent to data processing via the website, in particular to set cookies, as well as to make use of your right of revocation for consents already provided. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies are used for this purpose. Among other things, the following information can be collected, stored and, if necessary, transferred to CCM19: randomly assigned ID, consent status, date and time of consent/rejection. The data is stored for one year and one month and then deleted. This data will not be passed on to any other third parties.
The data processing is carried out on the basis of Article 6 para. 1 lit. c GDPR to comply with a legal obligation.
For more information about data protection at CCM19, please visit: https://www.ccm19.de/datenschutzerklaerung.html.

Cookie-Consent Klaro!
On our website we use the cookie consent management tool Klaro! -by KIProtect GmbH (Bismarckstr. 10-12, 10625 Berlin; "Klaro!"). The tool allows you to give consent to data processing via the website, in particular the setting of cookies, and to make use of your right of revocation for already granted consents. The purpose of data processing is to obtain and document the necessary consents to data processing and thus to comply with legal obligations. Cookies can be used for this purpose. Among others, the following information may be collected: IP address, date and time of the page view and consent status.The data processing is carried out in order to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. For more information on data protection at Klaro!, please visit: https://heyklaro.com/de/ressourcen/datenschutz

Use of the Shopify Consent Tool (Shopify Privacy & Compliance)
We use the "Shopify Privacy & Compliance" consent tool from Shopify International Ltd (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Shopify is a company affiliated with Shopify Inc (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The tool enables you to give your consent to data processing via the website, in particular the setting of cookies, and to make use of your right to withdraw consent you have already given. The purpose of data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations. Cookies may be used for this purpose. User information, including your IP address, is collected and transmitted to Shopify.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified according to the TADPF.
This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.
The data processing is carried out to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.
You can find more information on data protection at Shopify at https://www.shopify.com/ca/legal/privacy.


Analysis      Advertising tracking      


Use of Google Analytics 4
We use the Google Analytics web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. 
In this context, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google may have about you.
 

The IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable an analysis of your use of the website. The use of cookies or similar technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a DSGVO.

The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
Both Google and US government agencies have access to your data.

For more information on terms of use and data protection, please visit https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy?hl=de&gl=de.

Use of Hotjar
On our website we use the analysis tool provided by Hotjar Ldt. (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; "Hotjar").
The data processing serves the purpose of designing, optimising and analysing our website according to your needs. 
The tool is used to randomly record the movements of visitors to the website. This creates a protocol of mouse movements, scrolling behaviour, dwell time and clicks on the website (what is known as the heat map). 
For this purpose Hotjar uses, among other things, cookies. These can involve the collection of, among other things, the following information: IP address (in anonymous form), information about the device you are using (screen size, devices, unique device identifier), information about the browser you are using, location data (country only), preferred language for displaying the website, operating system used. Detailed information on the cookies used and the function and the storage period of these can be found here:
This data is used to create user profiles under a pseudonym. The data is not used to personally identify the visitor of the website and is not merged with personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the collected data to other third parties.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Hotjar is not certified under the TAPF. The data transfer takes place on the basis of appropriate protective measures, among other things. Hotjar will provide you with further information on the measures taken upon request.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
For more information about data protection when using Hotjar, please visit: https://www.hotjar.com/legal/policies/privacy/#enduserenglish
 

Use of Shopify Analytics
We use the statistical and analytical functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of an order processing. Shopify is an affiliated company of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The processing of data serves to analyse this website and its visitors. For this purpose, data is stored for marketing and optimisation purposes and provided in reports, analyses and statistics. In the process, the following device information is collected and processed, among others: Web browser information, IP address, time zone and some of the cookies installed on your device. When you navigate the website, information is also collected on websites or products accessed, the referrer URL (website from which you accessed our website), and information on how you interact with the website. This is done using technologies such as cookies and web beacons, tags and pixels (electronic files that collect information about how you navigate the website).
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 Para. 1 Sentence 1 TDDDG in conjunction with Art. 6 Para. 1 Letter a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz, information on the order processing agreement at https://www.shopify.com/de/legal/dpa and information on the cookies used at https://www.shopify.com/de/legal/cookies.

Use of Microsoft Clarity
We use the "Microsoft Clarity" analytics tool from Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; "Microsoft") on our website. Microsoft is a company affiliated with Microsoft Corporation (One Microsoft Way, Redmond, Washington 98052, USA).
The purpose of data processing is the needs-based design, optimisation and analysis of our website. The tool is used to record the movements of randomly chosen page visitors on the website. This creates a log of mouse movements, scrolling behaviour, length of stay and clicks on the website (so-called heat map).
Cookies or comparable technologies are used for this purpose. The following information, among others, may be collected: IP address, time of access, click path, information about the device you are using (device type, screen size and resolution, unique device identifier, operating system), information about the browser you are using (browser type and browser version), location data, preferred language for displaying the website, subpages visited, length of visit, content viewed, website or file requested.
User profiles are created from this data under a pseudonym. The data is not used to personally identify the visitor to the website and is not merged with personal data of the bearer of the pseudonym. Microsoft is contractually prohibited from selling the collected data to other third parties.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Detailed information on the cookies used and their function can be found at https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-list. Information on the storage duration of the information collected can be found at https://learn.microsoft.com/en-us/clarity/setup-and-installation/data-retention. Further information on data protection when using Microsoft Clarity can be found at https://learn.microsoft.com/en-us/clarity/faq#privacy, https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data and https://clarity.microsoft.com/terms. General information on data protection at Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement.

Use of Meta Pixel
We use Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website.
Meta and we are jointly responsible for the collection of your data and the transfer of this data to Meta when the service is integrated. The basis for this is an agreement between us and Meta on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at https://de-de.facebook.com/legal/terms/businesstools. According to this agreement, we are responsible in particular for the fulfilment of the information obligations in accordance with Arts 13 and 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations in accordance with Arts 33 and 34 GDPR, insofar as a violation of the protection of personal data affects our obligations under the agreement on joint processing. Meta is responsible for enabling the rights of the data subject in accordance with Arts 15-20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for complying with the obligations of Arts 33 and 34 GDPR, insofar as a breach of personal data protection concerns Meta's obligations under the joint processing agreement.
The application serves to address the visitor to the website with interest-related advertising on the social networks Facebook and Instagram. We have implemented Meta’s remarketing tag on our website for this purpose. This tag sets up a direct connection to Meta’s servers when you visit our website. This informs the Meta server which of our web pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalised, interest-related ads.
The application also serves the purpose of creating conversion statistics. This allows us to find out the total number of users who have clicked our adverts and were forwarded to a page equipped with a conversion tracking tag as well as what actions are taken after being redirected to this website. However, they do not receive any information which could be used to personally identify users.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
For this purpose, you can deactivate the remarketing function “Custom Audiences”. You can find more detailed information on Meta’s collection and use of data and your associated rights and options for protecting your privacy in Meta’s privacy policy: https://www.facebook.com/about/privacy/.

Use of Google Ads conversion tracking
Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.
The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users. 
Your data may be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You will find more information as well as Google’s data privacy policy at: https://www.google.com/policies/privacy/

Use of the remarketing or "similar target groups" function by Google Inc.
Our website uses the remarketing or "similar target groups" function by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
This application serves to analyse visitor behaviour and visitor interests.
Google uses cookies to analyse website use, forming the basis for producing interest-related adverts. Cookies allow for the recording of website visits as well as anonymised data on the use of the website. The personal data of website visitors is not saved. If you then visit another website in the Google display network you will then be shown adverts which are more likely to take previous areas of product and information interest into account.
Your data may be transmitted to Google LLC servers in the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on Google remarketing as well as the associated data privacy policy at: https://www.google.com/privacy/ads/

Use of Microsoft Advertising
Our website uses Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft").
The processing of data serves the purposes of marketing and advertising and the purpose of measuring the success of the advertising measures (conversion tracking). This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. It is, however, not possible to identify this user personally through this process. Microsoft Advertising uses technology such as cookies and tracking pixels which make it possible to analyse your use of the website. If you click on adverts placed by Microsoft Advertising, a cookie is placed on your computer for conversion tracking. This cookie has limited validity and cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Microsoft can recognise that you have clicked on the advert and were forwarded to this page. In this process the following information, inter alia, can be collected: IP address, identifiers (indicators) assigned by Microsoft, information on the browser and device you are using, Referrer URL (website via which you accessed our website), URL of our website. 
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
More information on data protection and the cookies used by Microsoft can be found at: https://privacy.microsoft.com/de-de/privacystatement

Use of the Pinterest tag
We use the Pinterest tag of Pinterest Europe Limited (Palmerston House, 2nd, Fenian Street, Floor, Dublin 2, Ireland "Pinterest") on our website.
The application serves to address the visitor to the website with interest-related advertising on the social network Pinterest. We have implemented Pinterest’s conversion tag on our website for this purpose. This tag sets up a direct connection to Pinterest’s servers when you visit our website. This informs the Pinterest server which of our web pages you have visited. Pinterest associates this information with your personal Pinterest user account if you are logged into the social network. When you visit Pinterest, you will then be shown personalised, interest-related Pinterest ads. If you reach our website via a Pin on the Pinterest social network, a cookie for conversion tracking is placed on your computer. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our site and the cookie has not expired, we and Pinterest may recognise that you have clicked the Pin and been directed to that page. The information collected using the conversion cookie serves the purpose of producing conversion statistics and thereby optimising our website. These can involve the processing of, among other things, the following information: Total number of users who clicked one of our Pins and were redirected to our website, subpages visited on our website (e.g. category or product pages), search queries on our website, your shopping cart contents, completed transactions.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TAPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on Pinterest’s collection and use of data and your associated rights and options for protecting your privacy in Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy.

Use of TikTok Pixel
On our website we use TikTok Pixel by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and by TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”). Both companies are the joint controllers (hereinafter referred to as “TikTok”).
The purpose of the data processing is to identify and analyze our customers' website access and to better target our customers by running targeted ads and to evaluate the effectiveness of ads on TikTok. TikTok uses technologies such as cookies and pixels that allow your browser to be recognized. Among others, the following information can be collected and transmitted to TikTok: Date and time of the visit, information about the browser and device type you are using, screen resolution, IP address. TikTok can associate this information with your personal TikTok user account. Using pseudonyms, user profiles can be created from the data collected in this way. However, it is not possible to personally identify the users in this way.
Your data may be transferred to third countries such as the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TAPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
The use of cookies or comparable technologies takes place with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1(a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1(a) GDPR. You can revoke the consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
For more information on data protection please visit: https://www.tiktok.com/legal/page/eea/privacy-policy/de and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.


Plug-ins

Use of social plug-ins
Our website uses social network plug-ins. The integration of social plug-ins and the data processing associated with this serves the purpose of optimising the advertising for our products.
The integration of social plug-ins involves a connection between your computer and the servers of the service provider of the social network which then instructs your web browser to display the plug-in on that web page, provided you have expressly consented to this. In this process, both your IP address as well as the information on which web pages you have visited will be transmitted to the provider’s servers. This happens regardless of whether you are registered with or logged into the social network. The information is transferred even if users are not registered or logged in. Should you be connected simultaneously with one or more of your social network accounts, the collected information may also be assigned to your corresponding profiles. When using the plug-in functions (e.g. by pressing the appropriate button), this information will also be assigned to your user account. You can therefore prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
The following social networks are integrated in our website through social plug-ins. You can find more detailed information on the scope and purpose of collection and use of the data and your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.

Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland).
Meta Platforms Ireland and we are jointly responsible for the collection of your data and the transfer of this data to Facebook when the service is integrated. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible in particular for the fulfilment of the information obligations in accordance with Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations in accordance with Art. 33, 34 GDPR, insofar as a violation of the protection of personal data affects our obligations under the agreement on joint processing. Meta Platforms Ireland is responsible for enabling the rights of the data subject in accordance with articles 15-20 of the GDPR, for complying with the security requirements of article 32 of the GDPR with regard to the security of the service, and for complying with the obligations of articles 33, 34 of the GDPR, insofar as a breach of personal data protection concerns Meta Platforms Ireland's obligations under the joint processing agreement.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
For more information on data protection please visit: https://www.facebook.com/about/privacy/.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://help.instagram.com/155833707900388
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
 
Pinterest by Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/en/privacy-policy
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF.
 
Use of social plug-ins via the “2-click solution” 
Our website uses social network plug-ins via the “2-click solution”. No connection is made to the social network servers and no data submitted without your explicit consent.Standard integration of plug-ins set up a connection between your computer and the provider’s servers when you call up pages on our website which contain such a plugin, allowing the plug-in to be shown on the web page by a notice sent to your browser. Both your IP address and the fact that you have visited our web pages are transmitted to the provider’s servers. This happens regardless of whether you are registered with or logged into the social network. The information is transferred even if users are not registered or logged in. If you are also logged into the social network, this information is also assigned to your user profile. When you use plug-in functions (e.g. activate the button) this information is also assigned to your user account, which you can only prevent by logging out before using the plug-in. To ensure that you retain control over your data we have decided to initially deactivate the corresponding button. This is shown by the greyed-out button. No connection is made to the social network servers and no data submitted without your explicit consent - in the form of activation of the button.Only when you activate the button does it become active (highlighted) and set up a direct connection to the social network’s servers.By logging in, you give your permission for the transfer of your data to the respective social media provider. At this time, information such as your IP address and which websites you have visited is transmitted. Should you be connected simultaneously with one or more of your social network accounts, the information collected is also assigned to your corresponding profiles. Therefore, you can only prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts.
The social networks listed below are integrated with the “2-click function”. You can find more detailed information on the scope and purpose of collection and use of the data, your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.
 
Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
 

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
http://instagram.com/legal/privacy/
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Pinterest by Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA):
https://policy.pinterest.com/en/privacy-policy 
https://help.pinterest.com/de/articles/personalization-and-data
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF.

Use of YouTube
Our website uses the function for embedding YouTube videos by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube"). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
This feature shows YouTube videos in an iFrame on the website. The option "advanced privacy mode" is enabled here. This prevents YouTube from storing information on visitors to the website. It is only if you watch a video that information is transmitted to and stored by YouTube. Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
Further information on the data collected and used by YouTube and Google and your associated rights and options for protecting your privacy can be found in YouTube’s privacy policy (https://www.youtube.com/t/privacy).

Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
The data processing serves to facilitate the consistent display of fonts on our website. In order to load the fonts, a connection to Google servers is established when the page is accessed. Among other things, your IP address and information about the browser you are using will be processed and transmitted to Google. This data is not linked to your Google account. Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on the data processing and data protection at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq.
 

Use of Google Translate
We use the translation service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website via API integration. The data processing serves the purpose of presenting the information provided on the website in a different language. In order for the translation to be automatically displayed after you have selected a national language, the browser you are using connects to the Google servers. Cookies may be used for this purpose. Thereby, among other things, the following information can be collected and processed: IP address, URL of the page visited, date and time. Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more information on the collection and use of your data by Google at: https://www.google.com/policies/privacy/.


Rights of persons affected and storage duration

Duration of storage 
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
 
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
 
Right to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
 

You can lodge a complaint with, among others, the supervisory authority responsible for us, which you may reach at the following contact details:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
Besuchereingang: Puttkamerstr. 16 – 18 (5. Etage)
10969 Berlin
Tel.: +49 30 138890
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de

Right to object
If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.
If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
 

If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.

last update: 22.10.2024