Privacy policy
––––––––––––––––––––
Privacy Policy
––––––––––––––––––––
1) Introduction and contact details of the controller
1.1 We are delighted that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is handled when you use our website. Personal data is any data by which you can be personally identified.
1.2 The controller for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is EntoSus GmbH, Funkschneise 12, 28309 Bremen, Germany, tel.: +49 17478 49570, email: info@entosus.de. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When you use our website for purely informational purposes, i.e. if you do not register or otherwise transmit information to us, we collect only such data as your browser transmits to the page server (so-called „server log files“). When you access our website, we collect the following data, which is technically necessary for us in order to display the website to you:
- Our visited website
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (where applicable: in anonymised form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. Your data will not be passed on or used in any other way. However, we reserve the right to check the server log files at a later date should there be concrete evidence of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string „https://“ and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
Shopify
For the hosting of our website and the display of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland („Shopify“)
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
In the case of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after the browser is closed (so-called „session cookies“), while others remain on your end device for longer and enable page settings to be saved (so-called „persistent cookies“). In the latter case, you can find the storage period in the overview of your web browser's cookie settings.
Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and in a customer-friendly and effective design of the page visit.
You can configure your browser to inform you about the setting of cookies and to decide individually about their acceptance, or to exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contacting us
Within the scope of contacting us (e.g. via contact form or email), personal data is processed – exclusively for the purpose of handling and answering your enquiry and only to the extent necessary for that purpose.
The legal basis for the processing of this data is our legitimate interest in answering your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted once it can be inferred from the circumstances that the matter has been conclusively clarified and provided that no statutory retention obligations stand in the way.
6) Use of customer data for direct marketing
Klaviyo
Our email newsletters are sent via this provider: Klaviyo, 225 Franklin St, Boston, MA 02110, USA
On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when signing up for the newsletter in accordance with Art. 6(1)(f) GDPR to this provider so that it can carry out the dispatch of the newsletter on our behalf.
Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also performs a statistical evaluation of the success of newsletter campaigns by means of web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the contents of the newsletter. In doing so, end device information (e.g. time of access, IP address, browser type and operating system) is also collected and analysed, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider that protects our site visitors' data and prohibits the disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
7) Data processing for order handling
7.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us is passed on, in accordance with Art. 6(1)(b) GDPR, to the commissioned transport company and the commissioned credit institution.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact details (name, address, email address) you transmitted to us when placing the order, in order to inform you personally within our statutory information obligations pursuant to Art. 6(1)(c) GDPR by suitable means of communication (e.g. by post or email) about upcoming updates within the period prescribed by law. Your contact details are used here strictly for the purpose of notifications about updates owed by us and are processed by us for this purpose only to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s) who support us in whole or in part with the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
7.2 To fulfil our contractual obligations towards our customers, we work with external shipping partners. We pass on your name, your delivery address and, insofar as necessary for delivery, your telephone number, exclusively for the purpose of delivering the goods pursuant to Art. 6(1)(b) GDPR, to a shipping partner selected by us.
7.3 Printful
For order processing, we use the following provider: Printful, Inc., 11025 Westlake Drive, Charlotte, NC 28273, USA
Name, address and, where applicable, further personal data are passed on to the provider, pursuant to Art. 6(1)(b) GDPR, exclusively for the purpose of processing the online order. Your data is only passed on to the extent actually necessary for processing the order.
For the transfer of data to the USA, the provider relies on Standard Contractual Clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
7.4 Xentral
For order processing, we use the following provider: Xentral ERP Software GmbH, Fuggerstraße 11, 86150 Augsburg, Germany
Name, address and, where applicable, further personal data are passed on to the provider pursuant to Art. 6(1)(b) GDPR for the purpose of processing the online order. Your data is only passed on to the extent actually necessary for processing the order. The provider is also used for accounting. In this context, the provider processes incoming and outgoing invoices and, where applicable, the bank movements of our company in order to automatically record invoices, match them to transactions, and from this create the financial accounting in a partially automated process.
Insofar as personal data is also processed in this context, the processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in an efficient organisation and documentation of our business processes.
7.5 Disclosure of personal data to shipping service providers
- DHL
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
Pursuant to Art. 6(1)(a) GDPR, we pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery appointment or for delivery notification, provided you have given your express consent for this during the ordering process. Otherwise, for the purpose of delivery, we pass on only the name of the recipient and the delivery address to the provider in accordance with Art. 6(1)(b) GDPR. Data is only passed on to the extent necessary for the delivery of the goods. In this case, a prior coordination of the delivery appointment with the provider or the delivery notification is not possible.
Consent can be revoked at any time with effect for the future, either to the above-mentioned controller or to the provider.
- UPS
As a transport service provider, we use the following provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany
Pursuant to Art. 6(1)(a) GDPR, we pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery appointment or for delivery notification, provided you have given your express consent for this during the ordering process. Otherwise, for the purpose of delivery, we pass on only the name of the recipient and the delivery address to the provider in accordance with Art. 6(1)(b) GDPR. Data is only passed on to the extent necessary for the delivery of the goods. In this case, a prior coordination of the delivery appointment with the provider or the delivery notification is not possible.
Consent can be revoked at any time with effect for the future, either to the above-mentioned controller or to the provider.
7.6 Use of payment service providers
- Apple Pay
If you decide to use the payment method „Apple Pay“ of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the „Apple Pay“ function of your end device operated with iOS, watchOS or macOS by charging a payment card stored in „Apple Pay“. Apple Pay uses security functions integrated in the hardware and software of your device to protect your transactions. To authorise a payment, it is therefore necessary to enter a code previously set by you and to verify it by means of the „Face ID“ or „Touch ID“ function of your end device.
For the purpose of payment processing, the information you have provided in the course of the ordering process, together with the information about your order, is passed on to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay in order to carry out the payment. The encryption ensures that only the website on which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the original website to confirm the success of the payment.
Insofar as personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
Apple retains anonymised transaction data, including the approximate amount of the purchase, the approximate date and time, and an indication of whether the transaction was successfully completed. The anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve „Apple Pay“ and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made via Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to identify you personally. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and deactivate "Allow payments on Mac".
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/en-gb/HT203027
- Google Pay
If you decide to use the payment method „Google Pay“ of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“), payment processing is carried out via the „Google Pay“ application of your mobile end device operated with at least Android 4.4 („KitKat“) and equipped with an NFC function, by charging a payment card stored in Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment via Google Pay of more than €25.00, the prior unlocking of your mobile end device through the verification method set up (e.g. facial recognition, password, fingerprint or pattern) is required.
For the purpose of payment processing, the information provided by you during the ordering process, together with the information about your order, is passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the original website, with which a payment made is verified. This transaction number does not contain any information on the real payment data of your payment means stored in Google Pay, but is generated and transmitted as a one-off numerical token. In all transactions via Google Pay, Google acts merely as an intermediary for the processing of the payment process. The transaction itself is carried out exclusively in the relationship between the user and the original website by debiting the payment means stored in Google Pay.
Insofar as personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
Google reserves the right to collect, store and analyse certain transaction-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, the merchant location and description, a description provided by the merchant of the goods or services purchased, photos that you have attached to the transaction, the name and email address of the seller and buyer or of the sender and recipient, the payment method used, your description of the reason for the transaction and, where applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively pursuant to Art. 6(1)(f) GDPR on the basis of the legitimate interest in proper invoicing, the verification of transaction data and the optimisation and maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with further information collected and stored by Google through the use of other Google services.
The terms of use of Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
- Klarna
On this website, one or more online payment methods of the following provider are available: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you choose a payment method of the provider in which you pay in advance (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
If you choose a payment method in which the provider pays in advance (e.g. invoice or instalment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postcode, town, date of birth, email address, telephone number, and where applicable data on an alternative means of payment).
In order to safeguard our legitimate interest in determining the ability of our customers to pay, this data is forwarded by us to the provider, pursuant to Art. 6(1)(f) GDPR, for the purpose of a credit assessment. The provider checks, on the basis of the personal data provided by you and further data (such as shopping basket, invoice amount, order history, payment experiences), whether the payment option chosen by you can be granted with regard to payment and/or default risks.
In order to make the decision in the context of the application check, in addition to provider-internal criteria, identity and creditworthiness information from the following credit agencies may also be included pursuant to Art. 6(1)(f) GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data.
You can object to this processing of your data at any time by sending us a message or contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- PayPal
On this website, one or more online payment methods of the following provider are available: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you choose a payment method of the provider in which you pay in advance, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
If you choose a payment method in which we pay in advance, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postcode, town, date of birth, email address, telephone number, and where applicable data on an alternative means of payment).
In order to safeguard our legitimate interest in determining your ability to pay in such cases, this data is forwarded by us to the provider, pursuant to Art. 6(1)(f) GDPR, for the purpose of a credit assessment. The provider checks, on the basis of the personal data provided by you and further data (such as shopping basket, invoice amount, order history, payment experiences), whether the payment option chosen by you can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data.
You can object to this processing of your data at any time by sending us a message or contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Shopify Payments
On this website, one or more online payment methods of the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
If you choose a payment method of the provider in which you pay in advance (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
8) Web analytics services
8.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.
By default, when you visit the website, Google (Universal) Analytics sets cookies that are stored as small text modules on your end device and that collect certain information. Among the information collected is your IP address, which is, however, shortened by Google by the last digits in order to exclude direct personal identifiability.
The information is transmitted to Google's servers and further processed there. Transmissions to Google LLC based in the USA are also possible in this context.
Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activities for us and to provide other services associated with the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics and shortened is not merged with other Google data. The data collected as part of the use of Google (Universal) Analytics is stored for a period of two months and then deleted.
All processing operations described above, in particular the setting of cookies on the end device used, are only carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR.
Without your consent, the use of Google (Universal) Analytics during your page visit will not take place. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
Further legal information on Google (Universal) Analytics can be found at https://policies.google.com/privacy?hl=en and at https://policies.google.com/technologies/partner-sites
Demographic characteristics
Google (Universal) Analytics uses the special function „demographic characteristics“ and can use this to create statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the data collected cannot be assigned to any specific person and is deleted after being stored for a period of two months.
Google Signals
As an extension to Google (Universal) Analytics, Google Signals may be used on this website to enable cross-device reports. If you have activated personalised advertising and have linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the function "Personalised advertising" in the settings of your Google account. To do so, please follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en For further information on Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=en
UserIDs
As an extension to Google (Universal) Analytics, the function "UserIDs" may be used on this website. If you have consented to the use of Google (Universal) Analytics pursuant to Art. 6(1)(a) GDPR, have set up an account on this website and log in to this account on different devices, your activities, including conversions, can be analysed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
8.2 Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.
By default, when you visit the website, Google Analytics 4 sets cookies that are stored as small text modules on your end device and that collect certain information. Among the information collected is your IP address, which is, however, shortened by Google by the last digits in order to exclude direct personal identifiability.
The information is transmitted to Google's servers and further processed there. Transmissions to Google LLC based in the USA are also possible in this context.
Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activities for us and to provide other services associated with the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics and shortened is not merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.
All processing operations described above, in particular the setting of cookies on the end device used, are only carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR.
Without your consent, the use of Google Analytics 4 during your page visit will not take place. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
Further legal information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=en&gl=en and at https://policies.google.com/technologies/partner-sites
Demographic characteristics
Google Analytics 4 uses the special function „demographic characteristics“ and can use this to create statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the data collected cannot be assigned to any specific person and is deleted after being stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to enable cross-device reports. If you have activated personalised advertising and have linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the function "Personalised advertising" in the settings of your Google account. To do so, please follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en For further information on Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=en
UserIDs
As an extension to Google Analytics 4, the function "UserIDs" may be used on this website. If you have consented to the use of Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, have set up an account on this website and log in to this account on different devices, your activities, including conversions, can be analysed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
8.3 Google Tag Manager
This website uses „Google Tag Manager“, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: „Google“).
Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and for calibrating, controlling and linking them to conditions via a uniform user interface. Google Tag Manager itself does not store any information on user end devices or read any out. The service also does not carry out any independent data analyses. However, when a page is called up, Google Tag Manager transmits your IP address to Google and, where applicable, stores it there. Transmission to servers of Google LLC. in the USA is also possible.
This processing will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. Without this consent, Google Tag Manager will not be used during your page visit. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
9) Retargeting / remarketing and conversion tracking
9.1 Meta Pixel
Within our online offering, we use the service "Meta Pixel" of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")
If a user clicks on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter with the help of "Meta Pixel". This URL parameter is then entered in the user's browser, after the redirect, through a cookie that our linked page itself sets.
On the one hand, this enables Meta to identify the visitors of our online offering as a target group for the display of advertisements (so-called "ads"). Accordingly, we use the service in order to show the Facebook and/or Instagram ads placed by us only to those users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products, which is determined by the websites visited), which we transmit to Meta (so-called „custom audiences“).
On the other hand, the „Meta Pixel“ can be used to track whether users have been redirected to our website after clicking on an advertisement and what actions they take there (so-called „conversion tracking“).
The data collected is anonymous for us, i.e. it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.
All processing operations described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
The information generated by Meta is generally transmitted to a Meta server and stored there; in this context, a transmission to servers of Meta Platforms Inc. in the USA may also occur.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
9.2 Google Ads Remarketing
This website uses retargeting technology of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
For this purpose, Google sets a cookie in the browser of your end device which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. Any further data processing only takes place if you have agreed with Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account will be used to personalise advertisements that you view on the web. If, in this case, you are logged in to Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. in the USA.
All processing operations described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. Without this consent, retargeting technology will not be used during your page visit.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the „cookie consent tool“ provided on the website.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
9.3 Google Ads Conversion Tracking
This website uses the online advertising programme "Google Ads" and, within the framework of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“). We use the offer of Google Ads in order to draw attention to our attractive offers on external websites with the help of advertising material (so-called Google Adwords). With regard to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We pursue the aim of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of the advertising costs incurred.
The cookie for conversion tracking is set when a user clicks on a Google ad. Cookies are small text files that are stored on your end device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Google Ads customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page provided with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. in the USA.
Details on the processing triggered by Google Ads Conversion Tracking and on Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
All processing operations described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the „cookie consent tool“ provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in of Google available under the following link:
https://www.google.com/settings/ads/plugin?hl=en
Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies.
Google's privacy provisions can be viewed here: https://www.google.com/policies/privacy/
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
10) Site functionalities
10.1 Trusted Shops Trustbadge
Graphic elements of the following provider are integrated into our website for the display of external customer reviews and/or an externally awarded quality seal: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany
When you call up a page of our website which contains such graphic elements, your browser establishes a direct connection to the servers of the provider in order to load the elements properly. In doing so, certain browser information, including your IP address, is transmitted to the provider.
Insofar as personal data is also processed in this context, this is done in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the optimal marketing of our offer and the attractive design of our website.
In the case of an online order with us, further processing may take place.
Depending on your express consent in accordance with Art. 6(1)(a) GDPR, via the Trustbadge, after the completion of an order, your order information (order total, order number, where applicable purchased product) and your email address will be transmitted to the provider in encrypted form in order to check an existing registration for the services of the provider (in particular the "buyer protection") and, where applicable, to enable a new registration.
In the case of an established existing registration or in the case of a new registration with the provider for its services (in particular the buyer protection), your order information (order total, order number, purchased product) and your email address will be transmitted to it on the basis of the contractual agreement with the provider pursuant to Art. 6(1)(b) GDPR and further processed by it in order to grant the services (in particular the buyer protection).
We are jointly responsible with the provider for the processing operations described above pursuant to Art. 26 GDPR. The agreement on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO
10.2 Google Maps
This website uses an online map service of the following provider: Google Maps (API) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for the display of interactive (land) maps in order to visually present geographic information. By using this service, our location is displayed to you and any possible travel to us is facilitated.
As soon as you call up the subpages into which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google's servers and stored there; transmission to the servers of Google LLC. in the USA may also occur. This takes place regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in with Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyses them.
The collection, storage and analysis take place in accordance with Art. 6(1)(f) GDPR on the basis of Google's legitimate interest in displaying personalised advertising, market research and/or the needs-based design of Google websites. You have a right to object to the creation of these usage profiles, which you must exercise by contacting Google. If you do not agree with the future transmission of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot then be used.
Insofar as legally required, we have obtained your consent for the processing of your data described above in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option described above for filing an objection.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
11) Rights of the data subject
11.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the respective legal basis for the exercise conditions:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent given pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. A CONTINUATION OF THE PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA TO CARRY OUT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
12) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of the processing and – if applicable – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When personal data is processed on the basis of an express consent pursuant to Art. 6(1)(a) GDPR, the data concerned is stored until you revoke your consent.
If statutory retention periods exist for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data is routinely deleted after the expiry of the retention periods, provided that it is no longer required for the performance of the contract or the initiation of the contract and/or there is no legitimate interest on our part in further storage.
When personal data is processed on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
When personal data is processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information of this declaration on specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
Privacy Policy
––––––––––––––––––––
1) Introduction and contact details of the controller
1.1 We are delighted that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is handled when you use our website. Personal data is any data by which you can be personally identified.
1.2 The controller for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is EntoSus GmbH, Funkschneise 12, 28309 Bremen, Germany, tel.: +49 17478 49570, email: info@entosus.de. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When you use our website for purely informational purposes, i.e. if you do not register or otherwise transmit information to us, we collect only such data as your browser transmits to the page server (so-called „server log files“). When you access our website, we collect the following data, which is technically necessary for us in order to display the website to you:
- Our visited website
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (where applicable: in anonymised form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. Your data will not be passed on or used in any other way. However, we reserve the right to check the server log files at a later date should there be concrete evidence of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string „https://“ and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
Shopify
For the hosting of our website and the display of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland („Shopify“)
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
In the case of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after the browser is closed (so-called „session cookies“), while others remain on your end device for longer and enable page settings to be saved (so-called „persistent cookies“). In the latter case, you can find the storage period in the overview of your web browser's cookie settings.
Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and in a customer-friendly and effective design of the page visit.
You can configure your browser to inform you about the setting of cookies and to decide individually about their acceptance, or to exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contacting us
Within the scope of contacting us (e.g. via contact form or email), personal data is processed – exclusively for the purpose of handling and answering your enquiry and only to the extent necessary for that purpose.
The legal basis for the processing of this data is our legitimate interest in answering your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted once it can be inferred from the circumstances that the matter has been conclusively clarified and provided that no statutory retention obligations stand in the way.
6) Use of customer data for direct marketing
Klaviyo
Our email newsletters are sent via this provider: Klaviyo, 225 Franklin St, Boston, MA 02110, USA
On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when signing up for the newsletter in accordance with Art. 6(1)(f) GDPR to this provider so that it can carry out the dispatch of the newsletter on our behalf.
Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also performs a statistical evaluation of the success of newsletter campaigns by means of web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the contents of the newsletter. In doing so, end device information (e.g. time of access, IP address, browser type and operating system) is also collected and analysed, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider that protects our site visitors' data and prohibits the disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
7) Data processing for order handling
7.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us is passed on, in accordance with Art. 6(1)(b) GDPR, to the commissioned transport company and the commissioned credit institution.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact details (name, address, email address) you transmitted to us when placing the order, in order to inform you personally within our statutory information obligations pursuant to Art. 6(1)(c) GDPR by suitable means of communication (e.g. by post or email) about upcoming updates within the period prescribed by law. Your contact details are used here strictly for the purpose of notifications about updates owed by us and are processed by us for this purpose only to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s) who support us in whole or in part with the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
7.2 To fulfil our contractual obligations towards our customers, we work with external shipping partners. We pass on your name, your delivery address and, insofar as necessary for delivery, your telephone number, exclusively for the purpose of delivering the goods pursuant to Art. 6(1)(b) GDPR, to a shipping partner selected by us.
7.3 Printful
For order processing, we use the following provider: Printful, Inc., 11025 Westlake Drive, Charlotte, NC 28273, USA
Name, address and, where applicable, further personal data are passed on to the provider, pursuant to Art. 6(1)(b) GDPR, exclusively for the purpose of processing the online order. Your data is only passed on to the extent actually necessary for processing the order.
For the transfer of data to the USA, the provider relies on Standard Contractual Clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
7.4 Xentral
For order processing, we use the following provider: Xentral ERP Software GmbH, Fuggerstraße 11, 86150 Augsburg, Germany
Name, address and, where applicable, further personal data are passed on to the provider pursuant to Art. 6(1)(b) GDPR for the purpose of processing the online order. Your data is only passed on to the extent actually necessary for processing the order. The provider is also used for accounting. In this context, the provider processes incoming and outgoing invoices and, where applicable, the bank movements of our company in order to automatically record invoices, match them to transactions, and from this create the financial accounting in a partially automated process.
Insofar as personal data is also processed in this context, the processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in an efficient organisation and documentation of our business processes.
7.5 Disclosure of personal data to shipping service providers
- DHL
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
Pursuant to Art. 6(1)(a) GDPR, we pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery appointment or for delivery notification, provided you have given your express consent for this during the ordering process. Otherwise, for the purpose of delivery, we pass on only the name of the recipient and the delivery address to the provider in accordance with Art. 6(1)(b) GDPR. Data is only passed on to the extent necessary for the delivery of the goods. In this case, a prior coordination of the delivery appointment with the provider or the delivery notification is not possible.
Consent can be revoked at any time with effect for the future, either to the above-mentioned controller or to the provider.
- UPS
As a transport service provider, we use the following provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany
Pursuant to Art. 6(1)(a) GDPR, we pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery appointment or for delivery notification, provided you have given your express consent for this during the ordering process. Otherwise, for the purpose of delivery, we pass on only the name of the recipient and the delivery address to the provider in accordance with Art. 6(1)(b) GDPR. Data is only passed on to the extent necessary for the delivery of the goods. In this case, a prior coordination of the delivery appointment with the provider or the delivery notification is not possible.
Consent can be revoked at any time with effect for the future, either to the above-mentioned controller or to the provider.
7.6 Use of payment service providers
- Apple Pay
If you decide to use the payment method „Apple Pay“ of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the „Apple Pay“ function of your end device operated with iOS, watchOS or macOS by charging a payment card stored in „Apple Pay“. Apple Pay uses security functions integrated in the hardware and software of your device to protect your transactions. To authorise a payment, it is therefore necessary to enter a code previously set by you and to verify it by means of the „Face ID“ or „Touch ID“ function of your end device.
For the purpose of payment processing, the information you have provided in the course of the ordering process, together with the information about your order, is passed on to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay in order to carry out the payment. The encryption ensures that only the website on which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the original website to confirm the success of the payment.
Insofar as personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
Apple retains anonymised transaction data, including the approximate amount of the purchase, the approximate date and time, and an indication of whether the transaction was successfully completed. The anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve „Apple Pay“ and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made via Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to identify you personally. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and deactivate "Allow payments on Mac".
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/en-gb/HT203027
- Google Pay
If you decide to use the payment method „Google Pay“ of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“), payment processing is carried out via the „Google Pay“ application of your mobile end device operated with at least Android 4.4 („KitKat“) and equipped with an NFC function, by charging a payment card stored in Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment via Google Pay of more than €25.00, the prior unlocking of your mobile end device through the verification method set up (e.g. facial recognition, password, fingerprint or pattern) is required.
For the purpose of payment processing, the information provided by you during the ordering process, together with the information about your order, is passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the original website, with which a payment made is verified. This transaction number does not contain any information on the real payment data of your payment means stored in Google Pay, but is generated and transmitted as a one-off numerical token. In all transactions via Google Pay, Google acts merely as an intermediary for the processing of the payment process. The transaction itself is carried out exclusively in the relationship between the user and the original website by debiting the payment means stored in Google Pay.
Insofar as personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.
Google reserves the right to collect, store and analyse certain transaction-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, the merchant location and description, a description provided by the merchant of the goods or services purchased, photos that you have attached to the transaction, the name and email address of the seller and buyer or of the sender and recipient, the payment method used, your description of the reason for the transaction and, where applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively pursuant to Art. 6(1)(f) GDPR on the basis of the legitimate interest in proper invoicing, the verification of transaction data and the optimisation and maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with further information collected and stored by Google through the use of other Google services.
The terms of use of Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
- Klarna
On this website, one or more online payment methods of the following provider are available: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you choose a payment method of the provider in which you pay in advance (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
If you choose a payment method in which the provider pays in advance (e.g. invoice or instalment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postcode, town, date of birth, email address, telephone number, and where applicable data on an alternative means of payment).
In order to safeguard our legitimate interest in determining the ability of our customers to pay, this data is forwarded by us to the provider, pursuant to Art. 6(1)(f) GDPR, for the purpose of a credit assessment. The provider checks, on the basis of the personal data provided by you and further data (such as shopping basket, invoice amount, order history, payment experiences), whether the payment option chosen by you can be granted with regard to payment and/or default risks.
In order to make the decision in the context of the application check, in addition to provider-internal criteria, identity and creditworthiness information from the following credit agencies may also be included pursuant to Art. 6(1)(f) GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data.
You can object to this processing of your data at any time by sending us a message or contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- PayPal
On this website, one or more online payment methods of the following provider are available: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you choose a payment method of the provider in which you pay in advance, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
If you choose a payment method in which we pay in advance, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postcode, town, date of birth, email address, telephone number, and where applicable data on an alternative means of payment).
In order to safeguard our legitimate interest in determining your ability to pay in such cases, this data is forwarded by us to the provider, pursuant to Art. 6(1)(f) GDPR, for the purpose of a credit assessment. The provider checks, on the basis of the personal data provided by you and further data (such as shopping basket, invoice amount, order history, payment experiences), whether the payment option chosen by you can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data.
You can object to this processing of your data at any time by sending us a message or contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Shopify Payments
On this website, one or more online payment methods of the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
If you choose a payment method of the provider in which you pay in advance (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order are passed on to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
8) Web analytics services
8.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.
By default, when you visit the website, Google (Universal) Analytics sets cookies that are stored as small text modules on your end device and that collect certain information. Among the information collected is your IP address, which is, however, shortened by Google by the last digits in order to exclude direct personal identifiability.
The information is transmitted to Google's servers and further processed there. Transmissions to Google LLC based in the USA are also possible in this context.
Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activities for us and to provide other services associated with the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics and shortened is not merged with other Google data. The data collected as part of the use of Google (Universal) Analytics is stored for a period of two months and then deleted.
All processing operations described above, in particular the setting of cookies on the end device used, are only carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR.
Without your consent, the use of Google (Universal) Analytics during your page visit will not take place. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
Further legal information on Google (Universal) Analytics can be found at https://policies.google.com/privacy?hl=en and at https://policies.google.com/technologies/partner-sites
Demographic characteristics
Google (Universal) Analytics uses the special function „demographic characteristics“ and can use this to create statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the data collected cannot be assigned to any specific person and is deleted after being stored for a period of two months.
Google Signals
As an extension to Google (Universal) Analytics, Google Signals may be used on this website to enable cross-device reports. If you have activated personalised advertising and have linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the function "Personalised advertising" in the settings of your Google account. To do so, please follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en For further information on Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=en
UserIDs
As an extension to Google (Universal) Analytics, the function "UserIDs" may be used on this website. If you have consented to the use of Google (Universal) Analytics pursuant to Art. 6(1)(a) GDPR, have set up an account on this website and log in to this account on different devices, your activities, including conversions, can be analysed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
8.2 Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.
By default, when you visit the website, Google Analytics 4 sets cookies that are stored as small text modules on your end device and that collect certain information. Among the information collected is your IP address, which is, however, shortened by Google by the last digits in order to exclude direct personal identifiability.
The information is transmitted to Google's servers and further processed there. Transmissions to Google LLC based in the USA are also possible in this context.
Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activities for us and to provide other services associated with the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics and shortened is not merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.
All processing operations described above, in particular the setting of cookies on the end device used, are only carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR.
Without your consent, the use of Google Analytics 4 during your page visit will not take place. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
Further legal information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=en&gl=en and at https://policies.google.com/technologies/partner-sites
Demographic characteristics
Google Analytics 4 uses the special function „demographic characteristics“ and can use this to create statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the data collected cannot be assigned to any specific person and is deleted after being stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to enable cross-device reports. If you have activated personalised advertising and have linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the function "Personalised advertising" in the settings of your Google account. To do so, please follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en For further information on Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=en
UserIDs
As an extension to Google Analytics 4, the function "UserIDs" may be used on this website. If you have consented to the use of Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, have set up an account on this website and log in to this account on different devices, your activities, including conversions, can be analysed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
8.3 Google Tag Manager
This website uses „Google Tag Manager“, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: „Google“).
Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and for calibrating, controlling and linking them to conditions via a uniform user interface. Google Tag Manager itself does not store any information on user end devices or read any out. The service also does not carry out any independent data analyses. However, when a page is called up, Google Tag Manager transmits your IP address to Google and, where applicable, stores it there. Transmission to servers of Google LLC. in the USA is also possible.
This processing will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. Without this consent, Google Tag Manager will not be used during your page visit. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
9) Retargeting / remarketing and conversion tracking
9.1 Meta Pixel
Within our online offering, we use the service "Meta Pixel" of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")
If a user clicks on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter with the help of "Meta Pixel". This URL parameter is then entered in the user's browser, after the redirect, through a cookie that our linked page itself sets.
On the one hand, this enables Meta to identify the visitors of our online offering as a target group for the display of advertisements (so-called "ads"). Accordingly, we use the service in order to show the Facebook and/or Instagram ads placed by us only to those users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products, which is determined by the websites visited), which we transmit to Meta (so-called „custom audiences“).
On the other hand, the „Meta Pixel“ can be used to track whether users have been redirected to our website after clicking on an advertisement and what actions they take there (so-called „conversion tracking“).
The data collected is anonymous for us, i.e. it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.
All processing operations described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the „cookie consent tool“ provided on the website.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
The information generated by Meta is generally transmitted to a Meta server and stored there; in this context, a transmission to servers of Meta Platforms Inc. in the USA may also occur.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
9.2 Google Ads Remarketing
This website uses retargeting technology of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
For this purpose, Google sets a cookie in the browser of your end device which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. Any further data processing only takes place if you have agreed with Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account will be used to personalise advertisements that you view on the web. If, in this case, you are logged in to Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. in the USA.
All processing operations described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. Without this consent, retargeting technology will not be used during your page visit.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the „cookie consent tool“ provided on the website.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
9.3 Google Ads Conversion Tracking
This website uses the online advertising programme "Google Ads" and, within the framework of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“). We use the offer of Google Ads in order to draw attention to our attractive offers on external websites with the help of advertising material (so-called Google Adwords). With regard to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We pursue the aim of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of the advertising costs incurred.
The cookie for conversion tracking is set when a user clicks on a Google ad. Cookies are small text files that are stored on your end device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Google Ads customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page provided with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. in the USA.
Details on the processing triggered by Google Ads Conversion Tracking and on Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
All processing operations described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the „cookie consent tool“ provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in of Google available under the following link:
https://www.google.com/settings/ads/plugin?hl=en
Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies.
Google's privacy provisions can be viewed here: https://www.google.com/policies/privacy/
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
10) Site functionalities
10.1 Trusted Shops Trustbadge
Graphic elements of the following provider are integrated into our website for the display of external customer reviews and/or an externally awarded quality seal: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany
When you call up a page of our website which contains such graphic elements, your browser establishes a direct connection to the servers of the provider in order to load the elements properly. In doing so, certain browser information, including your IP address, is transmitted to the provider.
Insofar as personal data is also processed in this context, this is done in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the optimal marketing of our offer and the attractive design of our website.
In the case of an online order with us, further processing may take place.
Depending on your express consent in accordance with Art. 6(1)(a) GDPR, via the Trustbadge, after the completion of an order, your order information (order total, order number, where applicable purchased product) and your email address will be transmitted to the provider in encrypted form in order to check an existing registration for the services of the provider (in particular the "buyer protection") and, where applicable, to enable a new registration.
In the case of an established existing registration or in the case of a new registration with the provider for its services (in particular the buyer protection), your order information (order total, order number, purchased product) and your email address will be transmitted to it on the basis of the contractual agreement with the provider pursuant to Art. 6(1)(b) GDPR and further processed by it in order to grant the services (in particular the buyer protection).
We are jointly responsible with the provider for the processing operations described above pursuant to Art. 26 GDPR. The agreement on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO
10.2 Google Maps
This website uses an online map service of the following provider: Google Maps (API) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for the display of interactive (land) maps in order to visually present geographic information. By using this service, our location is displayed to you and any possible travel to us is facilitated.
As soon as you call up the subpages into which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google's servers and stored there; transmission to the servers of Google LLC. in the USA may also occur. This takes place regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in with Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyses them.
The collection, storage and analysis take place in accordance with Art. 6(1)(f) GDPR on the basis of Google's legitimate interest in displaying personalised advertising, market research and/or the needs-based design of Google websites. You have a right to object to the creation of these usage profiles, which you must exercise by contacting Google. If you do not agree with the future transmission of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot then be used.
Insofar as legally required, we have obtained your consent for the processing of your data described above in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option described above for filing an objection.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
11) Rights of the data subject
11.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the respective legal basis for the exercise conditions:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent given pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. A CONTINUATION OF THE PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA TO CARRY OUT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
12) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of the processing and – if applicable – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When personal data is processed on the basis of an express consent pursuant to Art. 6(1)(a) GDPR, the data concerned is stored until you revoke your consent.
If statutory retention periods exist for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data is routinely deleted after the expiry of the retention periods, provided that it is no longer required for the performance of the contract or the initiation of the contract and/or there is no legitimate interest on our part in further storage.
When personal data is processed on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
When personal data is processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information of this declaration on specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
