Privacy Policy

 

Information on Data Protection

 

With this privacy policy, we inform you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The Bestsales Online GmbH (hereinafter referred to as "we" or "us") is responsible for data processing.

 

Content

  1. General Information
    1. Contact
    2. Legal Basis
    3. Storage Duration
    4. Categories of Data Recipients
    5. Data Transfer to Third Countries
    6. Processing when Exercising Your Rights
    7. Your Rights
    8. Right to Object
    9. Data Protection Officer
  2. Data Processing on Our Website
    1. Processing of Server Log Files
    2. Hosting by Shopify
    3. Online Shop
    4. Payment Service Provider
    5. Newsletter
    6. Product Reviews and Satisfaction Surveys
    7. Cookies
    8. Consent Management Tool
    9. Analysis of Our Website
      1. Hotjar
    10. Tracking & Retargeting
      1. Google Analytics
      2. Meta Pixel
      3. TikTok Pixel
      4. Snap Pixel
      5. Google Ads
    11. External Media and Third-Party Services
      1. Cloudflare
      2. Use of Contact Data for Customer Matching
      3. Google Customer Match
      4. Facebook Custom Audiences
  3. Data Processing on Our Social Media Pages
    1. Visiting a Social Media Page
    2. Communication via Social Media Pages
  4. Other Data Processing
    1. Contact by Email
    2. Use of Email Address for Marketing Purposes
    3. Information for Affected Persons in Switzerland

      

    I. General Information
    1.    Contact

    If you have any questions or suggestions regarding this information, or if you wish to contact us to assert your rights, please address your inquiry to

     

    Bestsales Online GmbH
    Weidegrund 13
    21614 Buxtehude
    Tel.       +49 4161 752 9250
    E-Mail   shop@kronstadtbrand.com

     

    2. Legal Basis

    The data protection term "personal data" refers to all information relating to an identified or identifiable natural person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (§ 25 para. 1 TDDDG or Art. 6 para. 1 lit. a GDPR), for the performance of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR), for compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR) or if the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 lit. f GDPR).

     

    3. Storage Duration

    Unless otherwise stated in the following notes, we only store data for as long as it is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law provisions. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and personal data contained in commercial letters and contracts for six years. Furthermore, we will retain data related to consent requiring proof and to claims for complaints and receivables for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to its processing for this purpose.

     

    4.    Categories of Data Recipients

    In the course of processing your data, we engage processors. The processing operations carried out by such processors include, for example, hosting, email dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures, or document and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the controller and are contractually obliged to ensure appropriate technical and organizational measures for data protection. Furthermore, we may transmit your personal data to entities such as postal and delivery services, our principal bank, tax consulting/auditing firms, or the tax authorities. Further recipients may result from the following notes.

     

    5.    Data Transfer to Third Countries

    Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. If such an adequacy decision by the European Commission is not available, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.

    Unless an adequacy decision exists and nothing else is specified below, we use the EU standard contractual clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option to receive or view a copy of these EU standard contractual clauses. Please contact the address provided under Contact for this purpose. 

    If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 lit. a GDPR.

     

    6.    Processing when Exercising Your Rights

    If you exercise your rights pursuant to Articles 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights on our part and to be able to provide proof thereof. Data stored for the purpose of providing information and preparing it will only be processed for this purpose and for purposes of data protection control, and in all other respects the processing will be restricted in accordance with Art. 18 GDPR.

    These processing operations are based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

     

    7.    Your Rights

    As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

    • In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information about whether and, if so, to what extent we process personal data concerning you.
    • In accordance with Art. 16 GDPR, you have the right to request the rectification of your data from us.
    • In accordance with Art. 17 GDPR and § 35 BDSG, you have the right to request the erasure of your personal data from us.
    • In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data.
    • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
    • If you have given us separate consent for data processing, you can withdraw this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
    • If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

     

    8.    Right to Object

    In accordance with Art. 21 para. 1 GDPR, you have the right to object, on grounds relating to your particular situation, to processing based on Art. 6 para. 1 lit. e or f GDPR. If personal data concerning you are processed by us for direct marketing purposes, you may object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.

     
    9.    Data Protection Officer

    You can reach our Data Protection Officer at the following contact details:

    Email: datenschutzbeauftragter@bestsales-online.de

    Herting Oberbeck Datenschutz GmbH

    Hallerstr. 76, 20146 Hamburg

    https://www.datenschutzkanzlei.de

     

     

    II. Data Processing on Our Website

    When using the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. In data protection law, the IP address is generally also considered personal data. An IP address is assigned to every device connected to the internet by the internet provider, so that it can send and receive data.

     

    1.    Processing of Server Log Files

    When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e., not via registration). This typically includes: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.

    The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 lit. f GDPR. This processing serves the technical administration and security of the website. The stored data is automatically deleted unless there is a justified suspicion of illegal use based on concrete evidence, and further examination and processing of the information is therefore necessary. We are unable to identify you as a data subject based on the stored information. Therefore, Articles 15 to 22 GDPR do not apply in accordance with Art. 11 para. 2 GDPR.

     

    2.    Hosting by Shopify

    We use the Shopify shop system for the purpose of hosting and displaying our website. Shopify is offered by the service provider Shopify International Limited (Ireland, EU). All data collected on our website is processed on our behalf on the servers of Shopify International Limited.

    Further information on data protection at Shopify can be found in Shopify's privacy policy at https://www.shopify.de/legal/datenschutz.

     

    3.    Online Shop

    If you order a product through our website, we process personal data exclusively for contract fulfillment or to provide you with the ordered product. Within the scope of the booking or ordering process, we only process the data that you have entered yourself in the input mask, as well as payment information if applicable. To be able to deliver the ordered products to you, we transmit your data required for delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR. All data fields marked as mandatory are required to process your order. Failure to provide them will result in us being unable to process your order.

    The provision of further data is voluntary. We process such voluntarily provided data on the basis of Art. 6 para. 1 lit. f GDPR.

    You have the option to create a customer account in our online shop by registering. If you have registered for a customer account, your stored data will automatically be entered into the order form when you order a product in our shop. You can also use the customer account to check the status of your orders and save products to a wish list. It is not necessary to register for a customer account to place an order in our online shop.

    The information required for registration can be seen in the input mask. The provision of information marked as mandatory is absolutely necessary for the registration to be completed. A valid email address is required for registration. To confirm the registration, you will first receive a registration email, which you must confirm via a link (double opt-in). After registration, you can log in to the customer account by entering your email address and the password you used. The processing of the data provided during registration and use of the customer account is based on the legal basis of Art. 6 Para. 1 lit. b GDPR.

     

    4.    Payment Service Providers

    To pay for ordered products in our online shop, you can choose between various options. For this purpose, we cooperate with Shopify International Limited (Ireland, EU) as our primary payment provider. Shopify International Limited acts as our processor and processes your payment data on our behalf.

    The payment data you provide during the order process will be transmitted by us to the payment service providers insofar as this transmission is necessary to carry out the payment process.

    The legal basis for this transmission is Art. 6 Para. 1 lit. b GDPR.

    Please note that, in addition, the respective payment information is processed by the respective payment service providers under their own responsibility.

    We use the following payment service providers:

    • Stripe

    If you pay for your order by credit card, payment is made via the payment service Stripe, offered by Stripe Payments Europe Ltd. (Ireland, EU). Further information on data protection at Stripe can be found here: https://stripe.com/de/privacy#translation

    • PayPal / PayPal Express Checkout

    You have the option to pay via the PayPal service of PayPal Europe S.a.r.l. et Cie s.c.a. (Luxembourg, EU). In doing so, PayPal may transmit your address data stored with PayPal, which we process exclusively for contract execution. Further information on data protection at PayPal can be found at: https://www.paypal.com/webapps/mpp/ua/privacy-full.

    • Klarna (invoice purchase)

    We offer payment by invoice in cooperation with Klarna AB (publ) (Sweden, EU). For this purpose, Klarna must carry out an identity and credit check. For this purpose, further data (such as your date of birth, your gender and your phone number) will be collected and transmitted to Klarna when this payment method is selected, which you can find in detail in Klarna's terms and conditions. The legal basis for the transmission to Klarna is Art. 6 Para. 1 lit. b GDPR. Otherwise, Klarna processes the data independently. Further information on data protection at Klarna can be found at https://www.klarna.com/de/datenschutz/

     

    5.    Newsletter

    We offer the option to subscribe to our newsletter on our website. After registration, we will regularly inform you about current news regarding our offers. A valid email address is required for newsletter registration. To verify the email address, you will first receive a registration email, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and your name based on the consent you have given. The processing is based on the legal basis of Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future, for example, via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal.

    When you subscribe to the newsletter, we also store the IP address as well as the date and time of registration. The processing of this data is necessary to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 Para. 1 lit. c in conjunction with Art. 7 Para. 1 GDPR).

    We also analyze the reading behavior and opening rates of our newsletter. We evaluate the data generated during the delivery and retrieval of our emails in an aggregated and anonymized form (delivery rate, opening rate, click rates, unsubscribe rate, bounce rate, visits, conversions) to measure the use and success of the emails. The legal basis for the analysis of our newsletter is Art. 6 Para. 1 lit. f GDPR, and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the contact channels mentioned above.

    Secondly, we also analyze the data generated when you retrieve and use these emails (time of opening, clicked hyperlinks, downloaded documents) as well as movement data on downstream websites in a personalized manner in connection with your email address, in order to provide you with individualized information in the future that best takes your interests and needs into account. We use the collected anonymous and personal data to provide you with personalized content and individualized information in our promotional emails and downstream websites. The legal basis for data processing in the context of emails is Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future, for example, via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above.

    For managing subscriptions, sending newsletters, and analysis, we use the service Klaviyo, by Klaviyo, Inc. (USA). Your email address will therefore be transmitted by us to the service provider. If you do not want your data to be processed by this service provider, you should not subscribe to the newsletter or unsubscribe from it.

    Please note the information in the section "Data transfer to third countries".

     

    6.    Product Reviews and Satisfaction Surveys

    You have the option to rate our products and services and to participate in satisfaction surveys. For this purpose, after completing your order, you will receive a link through which you can share your feedback with us.

    For collecting and displaying product reviews, we use the service provider Judge.me from Judge.me Ltd (UK). Judge.me acts as our processor and processes your personal data according to our instructions. Product reviews submitted via Judge.me are published in our webshop under the reviewed product. Your name will be displayed in an abbreviated form, so that only the initials of your first and last name, along with the corresponding review and its date, are visible to visitors of the webshop.

    In some cases, we may also invite you to participate in a satisfaction survey. In this case, you will receive an email from us with further information about the survey. For sending these emails, we use the Klaviyo service from Klaviyo, Inc. (USA). Your email address will therefore be transmitted by us to the service provider. Please also refer to the information in the "Newsletter" section.

    When evaluating our products and participating in satisfaction surveys, your personal data may be transferred to third countries. Please therefore note the information in the section "Data transfer to third countries".

     

    7.    Cookies

    We use cookies and similar technologies (“cookies”) on our website. Cookies are small data records that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can generally object to the use of cookies, or for specific cases, through your browser settings.

    The use of cookies is partly technically necessary for the operation of our website and thus permissible without the user's consent. We may also use cookies to offer special functions and content, as well as for analysis and marketing purposes. This may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with § 25 para. 1 TDDDG and, if applicable, Art. 6 para. 1 lit. a GDPR. Information on the purposes, providers, technologies used, stored data, and storage duration of individual cookies can be found in the cookie settings of our Consent Management Tool. You can access this at any time via the "Data Settings" link in the footer of our website.

     

    8.    Consent Management Tool

    This website uses the Consent Management Tool Pandectes from Pandectes OÜ (Estonia, EU) to control cookies and the processing of personal data.

    The consent banner allows users of our website to give consent for specific data processing procedures or to withdraw previously given consent. By confirming the "I accept" button or by saving individual cookie settings, you agree to the use of the associated cookies.

    The legal basis for data protection is your consent within the meaning of Art. 6 Para. 1 lit. a GDPR.

    Furthermore, the banner helps us to provide proof of the declaration of consent. For this purpose, we process information about the declaration of consent and other log data related to this declaration. Cookies are also used to collect this data. The processing of this data is necessary to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 Para. 1 lit. c in conjunction with Art. 7 Para. 1 GDPR).

    You can withdraw your consent for cookies at any time via the "Data Settings" link in the footer of our website.

     
    9.     Analysis of our website
    a)     Hotjar

    On our website, we use the Hotjar service from the provider Hotjar Ltd. (Malta, EU) to analyze movements on our website using so-called "heatmaps". These heatmaps show, for example, how far users scroll and which buttons users click how often. Furthermore, the tool also makes it possible to collect feedback directly from the users of the website. In this way, we gain valuable information to make our website even faster and more customer-friendly. With Hotjar, we can only track which buttons are clicked, the movement of the mouse, how far is scrolled, the screen size of the device, device type, and browser information. We also receive information about your geographical location (country) and the preferred language for displaying our website. Areas of the websites where your personal data or that of third parties are displayed are automatically hidden by Hotjar and are therefore not traceable by the tool at any time.

    The processing of your data is based on your consent according to Art. 6 Para. 1 lit. a GDPR.

    To integrate the service, cookies are placed on your device. The setting of cookies and the access to information stored on your device is done with your consent, which you can revoke at any time with effect for the future via our Consent Management Tool. Further information on data protection at Hotjar can be found in Hotjar's privacy policy at https://www.hotjar.com/legal/policies/privacy/.

     

    10. Tracking & Retargeting
    a)     Google Analytics

    We use the Google Analytics service from Google Ireland Limited (Ireland, EU) on our website.

    Google Analytics is a web analytics service that enables us to collect and analyze data on user behavior on our website. Google Analytics allows us to measure interaction data from different devices and sessions. This enables us to contextualize individual user actions and analyze long-term relationships.

    Google Analytics uses cookies to enable analysis of the use of our website. In addition, personal data in the form of IP addresses, device identifiers, and information about interaction with our website are processed. Some of this data consists of information stored on your end device. In addition, other information is also stored on your end device via the cookies used.

    Google Ireland will process the data collected in this way on our behalf to evaluate the use of our website by users, to compile reports on activities within our website, and to provide us with other services related to the use of our website and internet use. Pseudonymous user profiles of users can be created from the processed data.

    The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6 (1) (a) GDPR. You can revoke this consent at any time with effect for the future via our Consent Management Tool.

    We only use Google Analytics with IP anonymization activated. This means that the IP address of users is truncated by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the users' browser will not be merged with other data. The IP address is truncated on servers in the EU.

    Data on user actions is stored for a period of two months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.

    We also use Google Analytics advertising features (remarketing). This feature allows us to display ads more targeted in connection with Google's cross-device features and to present users with interest-based ads. Through remarketing, users are shown ads and products for which interest has been identified on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with Google Ads' cross-device functions. In this way, interest-based, personalized advertising messages, which have been adapted to a user based on previous usage and surfing behavior on one end device (e.g. mobile phone), can also be displayed on another end device of the user (e.g. tablet or PC).

    If you have given your consent, Google links your web and app browser history with your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on any end device on which you log in with your Google account. The merging of the collected data in your Google account is exclusively based on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects the Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data. This serves to define and create target groups for cross-device advertising.

    Further information on how data from websites or apps is used by Google for advertising purposes can be found in Google's notes at: www.google.com/policies/technologies/ads/.

     

    b)  Meta Pixel

    We use the Meta Pixel, a Meta Business tool from Meta Platforms Ireland Limited (Ireland, EU), on our website. Information on the contact details of Meta Platforms Ireland Ltd. and the contact details of Meta Platforms Ireland Ltd.'s data protection officer can be found in Meta Platforms Ireland Ltd.'s data policy at https://www.facebook.com/about/privacy.

    The Meta Pixel is a JavaScript code snippet that allows us to track the activities of visitors to our website. This tracking is called conversion tracking. The Meta Pixel collects and processes the following information for this purpose (so-called event data):

    • Information on actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
    • Specific pixel information such as the pixel ID and the Facebook cookie;
    • Information on buttons clicked by website visitors;
    • Information present in HTTP headers, such as IP addresses, information about the web browser, the page location and the referrer;
    • Information on the status of ad tracking deactivation/restriction.

    Some of this event data consists of information stored on your end device. In addition, cookies are also used via the Meta Pixel, which store information on your end device. Such storage of information by the Meta Pixel or access to information already stored on your end device only takes place with your consent pursuant to Section 25 (1) TDDDG.

    The event data collected via the Meta Pixel is used for targeting our advertisements and for improving ad delivery on Meta products such as the social media platforms Facebook and Instagram, for personalizing functions and content, and for improving and securing Meta products. For this purpose, the event data collected on our website via the Meta Pixel is transmitted to Meta Platforms Ireland Ltd. This collection and transmission of event data is carried out by us and Meta Platforms Ireland Ltd. as joint controllers. We have concluded an agreement with Meta Platforms Ireland Ltd. on processing as joint controllers, in which the distribution of data protection obligations between us and Meta Platforms Ireland Ltd. is set out. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things, that

    • we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data;
    • Meta Platforms Ireland Ltd. is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with regard to the personal data stored by Meta Platforms Ireland Ltd. after the joint processing.

    You can access the agreement concluded between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum.

    Meta Platforms Ireland Ltd. is solely responsible for the subsequent processing of the transmitted event data. Further information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and the possibilities for exercising your rights vis-à-vis Meta Platforms Ireland Ltd., can be found in Meta Platforms Ireland Ltd.'s data policy at https://www.facebook.com/about/privacy.

    We have also commissioned Meta Platforms Ireland Ltd. to prepare reports on the impact of our advertising campaigns and other online content (campaign reports) and to create analyses and insights on users and their use of our website, products and services (analyses) based on the event data collected via the Meta Pixel. For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Ltd. The transmitted personal data is processed by Meta Platforms Ireland Ltd. as our processor to provide us with the campaign reports and analyses.

    The collection and transmission of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. for the creation of analyses and campaign reports only takes place if you have given your prior consent. The legal basis for the processing of personal data is therefore Art. 6 (1) (a) GDPR.

     

    c)  TikTok Pixel

    We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok Advertiser Tool provided by the two providers

    • TikTok Technology Limited (Ireland, EU)
    • TikTok Information Technologies UK Limited (UK) (both are hereinafter jointly referred to as "TikTok").

    The TikTok Pixel is a JavaScript code snippet that allows us to understand and track the activities of visitors on our website. The TikTok Pixel collects and processes information about visitors to our website or their devices (so-called event data) for this purpose.

    The event data collected via the TikTok Pixel is used for targeting our advertisements and for improving ad delivery and for personalized advertising. For this purpose, the event data collected on our website via the TikTok Pixel is transmitted to TikTok.

    Some of this event data consists of information stored on your end device. In addition, cookies are also used via the TikTok Pixel, which store information on your end device. Such storage of information by the TikTok Pixel or access to information already stored on your end device only takes place with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Art. 6 (1) (a) GDPR. You can revoke your consent at any time via our Consent Management Tool.

    This collection and transmission of event data is carried out by us and TikTok as joint controllers. We have concluded an agreement with TikTok on processing as joint controllers, which sets out the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that

    • we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data;
    • TikTok is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with regard to the personal data stored by TikTok after the joint processing.

    You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.

    TikTok is solely responsible for the subsequent processing of the transmitted event data. Further information on how TikTok processes personal data, including the legal basis on which TikTok relies and the possibilities for exercising your rights vis-à-vis TikTok, can be found in TikTok's data policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.

     

    d)  Snap Pixel

    We use the Snap Pixel from the provider Snap Camera GmbH (Germany) on our website. With the help of the Snap Pixel, we can identify visitors to our website as a target group for displaying ads on the social media platform Snapchat (so-called "Snapchat Ads"). Accordingly, we use the Snap Pixel to show our Snapchat Ads only to Snapchat users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in specific topics or products, which are determined based on the visited websites) that we transmit to Snapchat.

    With the help of the Snapchat Pixel, we also want to ensure that our Snapchat Ads correspond to the potential interest of users and are not annoying. With the help of the Snapchat Pixel, we can also understand the effectiveness of Snapchat advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Snapchat advertisement.

    Your data is processed based on your consent in accordance with Art. 6 (1) (a) GDPR.

    To integrate the service, cookies are placed on your device. The setting of cookies and access to information stored on your device occur with your consent, which you can revoke at any time with future effect via our Consent Management Tool. When using the service, a transfer of your data to the United Kingdom cannot be excluded. We base the data transfer to the United Kingdom on the adequacy decision of the European Commission in accordance with Art. 45 GDPR. Further information on data protection at Snap Group Limited can be found in Snap Group Limited's privacy policy at https://www.snap.com/de-DE/privacy/privacy-policy/#european-union-users.

     

    e)    Google Ads

    We use the online advertising program Google Ads from Google Ireland Limited (Ireland, EU) on our website to display advertisements in the Google search engine. If you reach our website via a Google ad, Google places a cookie on your device ("Conversion Cookie"). A different conversion cookie is assigned to each Google Ads customer, so that the cookies cannot be tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to generate conversion statistics. This tells us the total number of users who clicked on one of our Google ads. However, we do not receive any information that can be used to personally identify users.

    Your data is processed based on your consent in accordance with Art. 6 (1) (a) GDPR.

    Cookies are set with your consent, which you can revoke at any time with future effect via the Consent Management Tool. When using the service, a transfer of your data to the USA cannot be excluded. Please note the information in the "Data transfer to third countries" section. Further information on data protection at Google can be found in Google's privacy policy at https://policies.google.com/privacy#infocollect.

     
    11. External Media and Third-Party Services
    a)     Cloudflare

    We use the Cloudflare service from Cloudflare Inc. (USA) on our website to display content. For such integration, processing your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Cloudflare. You can object to this data processing at any time via the settings of the browser you are using or certain browser extensions. Please note that this may lead to functional restrictions on the website.

    Your data is processed based on Art. 6 (1) (f) GDPR and is based on our legitimate interest in optimizing and operating our website economically.

    When using the service, a transfer of your data to the USA cannot be excluded. Please note the information in the "Data transfer to third countries" section. Further information on data protection at Cloudflare can be found in Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/.

     

    12. Use of contact data for customer matching
    a)     Google Customer Match

    We use the Customer Match function as part of the Google Ads service from Google Ireland Ltd. (Ireland, EU). This function allows us to target ads more precisely in Google services based on customer lists, thereby increasing the relevance of the ads for users. If we have previously collected this data from you, we transmit your email address, phone number, postal address, and mobile device ID to Google Ireland Ltd (Google) for this purpose. Before we transmit the data to Google, we perform a one-way encryption of the data using the SHA256 algorithm. The so-called hash strings of the data are then automatically compared by Google with those of the corresponding data from existing Google accounts. In the event of a match, the respective Google account is added to a customer list created for us. If the data does not match, it may still be used by Google for policy compliance checks. After the data has been matched and the policy compliance check is completed, the data is deleted by Google.

    Your data is processed on the legal basis of Art. 6 (1) (f) GDPR and is based on our legitimate interest in targeting our advertising more precisely.

    As a Google user, you can control which ads you see in Google services via the Google ad settings. This also applies to ads with the "Customer Match" function. Information on data protection in Google Ads Customer Match can be found at: https://support.google.com/google-ads/answer/6379332?hl=de. General information on data protection at Google can be found here: https://policies.google.com/privacy?hl=de.

     

    b)    Facebook Custom Audiences

    We use the personal data you provide for customer matching via the Custom Audiences function, offered by Meta Platforms Ireland Limited (Ireland, EU).

    The Custom Audiences function allows us to create target groups – a so-called Custom Audience – of users of Meta services based on customer lists, in order to display advertisements more precisely in Meta services such as the Facebook platform and thus increase the relevance of the advertising for users. For this purpose, we transmit your email address, phone number, and address to Meta Platforms Ireland Limited (Meta). Using this personal data, we create target groups for advertisements. Before the data is used by Meta for matching, the data is hashed and thus pseudonymized using one-way encryption. These so-called hash strings of the data are then automatically compared by Meta with the hash strings of the corresponding data about users of Meta services that are already available at Meta. In the event of a match, the users are added to the target group. Once the Custom Audience has been created by Meta, the hashed data is deleted, both in case of a match and a non-match. Further information on the Custom Audiences function can be found here.

    Your data is processed on the legal basis of Art. 6 (1) (f) GDPR and is based on our legitimate interest in targeting our advertising more precisely.

    Meta Platforms Ireland Limited's general privacy policy can be found at: https://de-de.facebook.com/privacy/explanation

     

    III. Data processing on our social media pages

    We are represented on several social media platforms with a company page. This is to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

    • Facebook of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter "Meta";
    • Instagram of Meta Platforms Ireland Limited, (Ireland, EU);
    • TikTok of TikTok Technology Limited, (Ireland, EU), hereinafter "TikTok".

     

    If you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, during your visit to a social media profile, certain information about it is often automatically collected, which may also constitute personal data.

     

    1.    Visiting a social media page

    When you visit our social media page, through which we present our company or individual products from our offering, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data. Further information about the processing of personal data can be found in their privacy policies, which we link to below:

    The operators of the social media platforms collect and process event data and profile data and provide us with anonymized statistics and insights for our pages, with the help of which we gain knowledge about the types of actions people take on our page (so-called "Page Insights"). These Page Insights are created based on certain information about people who have visited our page. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these insights. The legal basis for this processing is Art. 6 (1) (f) GDPR.

    We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have entered into agreements with the operators of the social media platforms regarding processing as joint controllers, which define the distribution of data protection obligations between us and the operators. Details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and the operators can be found at the following links:

    You have the option to assert your rights against the operators as well. Further information can be found at the following links:

    We have agreed with Meta and TikTok that the Irish Data Protection Commission is the lead supervisory authority overseeing the processing for Page Insights. You always have the right to file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

     

    2.    Communication via social media pages

    We also process information that you have provided to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. These processing operations are carried out by us as the sole controller. We process this data based on our legitimate interest in contacting individuals who make inquiries. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Further data processing may occur if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if it is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR).

     

    IV. Further Data Processing
    1.   Contact via email

    If you send us a message via the provided contact email, we will process the transmitted data for the purpose of answering your inquiry. We process this data based on our legitimate interest in contacting individuals who make inquiries. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. If the inquiry relates to a contract already concluded or to be concluded with you, the legal basis is Art. 6 para. 1 lit. b GDPR.

     

    2.    Use of email address for marketing purposes

    We may use your email address provided during registration or order placement to inform you about our own similar products and services offered.

    The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. You can object to this at any time, without incurring any costs other than the transmission costs according to the basic rates. To do this, you can unsubscribe by clicking on the unsubscribe link included in every mailing.

     

    3.    Information for data subjects in Switzerland

    If you are a data subject within the scope of the Swiss Federal Act on Data Protection, additional information under this point applies.

    The legal references made in this privacy policy are addressed to data subjects in Switzerland in accordance with the comparable provisions of the Federal Act on Data Protection. This particularly concerns the applicable data subject rights under Art. 25-29, 32 FADP.

    Data processing also takes place in the following countries outside Switzerland:

    • Germany (EU)
    • Denmark (EU)
    • Austria (EU)
    • Ireland (EU)
    • Malta (EU)
    • Estonia (EU)
    • United States of America
    • United Kingdom

    We guarantee an appropriate level of data protection. This is ensured by:

    • a determined adequate level of data protection in accordance with Art. 16 para. 1 FADP for the recipient country;
    • standard data protection clauses previously approved, issued, or recognized by the FDPIC, in particular the standard contractual clauses of the European Commission;
    • a treaty under international law that regulates an adequate level of data protection.

     

     

    Status: [1.0, 22.01.2024]