privacy

1. General Information

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data according to Art. 4 No. 1 GDPR is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address.

Data for which no connection to your person can be established, such as through anonymization, is not personal data. Processing (e.g. collection, storage, reading, querying, use, transmission, deletion or destruction) according to Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of processing has been achieved and no legally prescribed retention obligations need to be observed.

This privacy policy applies only to this website. It does not apply to other websites to which we merely refer through a hyperlink. We cannot accept responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself directly on these websites about how these companies handle your personal data.

We point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

2. Information about the responsible party

The responsible party for data processing on this website is:

Der Baranski Distribution und Onlinehandel UG

Marcus Baranski
Rotdornweg 39
21224 Rosengarten

Phone: +49 (0) 40 609 405 070
Email: shop@derbaranski.de

Responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

3. Hosting

We host the content of our website with the following provider:

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify").

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify captures your IP address as well as information about the device and browser you are using. Shopify also analyzes visitor numbers, visitor sources and customer behavior and creates user statistics. If you make a purchase on our website, Shopify also captures your name, your email address, delivery and billing addresses, payment data and other data related to the purchase (e.g. telephone number, amount of sales made, etc.). For the analyses, Shopify stores cookies in your browser.

Details can be found in Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.

The use of Shopify is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

4. Storage Duration

Unless a more specific storage duration is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate deletion request or revoke consent to data processing, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will occur after these reasons cease to exist.

5. Recipients of personal data

In the course of our business activities, we work with various external parties. This sometimes also requires transmission of personal data to these external parties. We only pass on personal data to external parties if this is necessary for contract fulfillment, if we are legally obligated to do so (e.g. forwarding data to tax authorities), if we have a legitimate interest according to Art. 6 para. 1 lit. f GDPR in the forwarding, or if another legal basis permits data forwarding. When using data processors, we only pass on personal data from our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

We employ such service providers in the areas:

IT
Logistics
Telecommunications

When transmitting to external parties in third countries, i.e. outside the EU or EEA, we ensure that these parties treat your personal data with the same care as within the EU or EEA. We only transmit personal data to third countries where the EU Commission has confirmed an adequate level of protection or if we ensure careful handling of personal data through contractual agreements or other suitable guarantees.

6. Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent already given at any time (Art. 7 para. 3 sentence 1 GDPR). The lawfulness of data processing carried out until revocation remains unaffected by the revocation.

7. Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).

8. Data subject rights

As a data subject, you have the following rights:

according to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
according to Art. 16 GDPR, the right to immediately request correction of incorrect or completion of your personal data stored with us;
according to Art. 17 GDPR, the right to request deletion of your personal data stored with us, unless further processing - for exercising the right to freedom of expression and information; - for fulfilling a legal obligation; - for reasons of public interest or - for asserting, exercising or defending legal claims is necessary;
according to Art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as - the accuracy of the data is disputed by you; - the processing is unlawful but you refuse its deletion; - we no longer need the data, but you need it for asserting, exercising or defending legal claims or - you have objected to processing according to Art. 21 GDPR;
according to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another controller;
according to Art. 77 GDPR, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

For questions about the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of given consents or objection to a specific data use, please contact us directly using the contact details in our imprint.

9. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Encrypted payment transactions on this website

If there is an obligation to transmit your payment data to us (e.g. account number for direct debit authorization) after concluding a paid contract, this data is required for payment processing.

Payment transactions using common payment methods (Visa/MasterCard, direct debit procedure) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

11. Objection to advertising emails

The use of contact data published as part of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in case of unsolicited sending of advertising information, such as through spam emails.

12. Data collection on this website

12.1 Cookies

Our websites use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or automatic deletion occurs through your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for handling payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required for carrying out the electronic communication process, for providing certain functions you have requested (e.g. for the shopping cart function) or for optimizing the website (e.g. cookies for measuring web audiences) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for storing cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

12.2 Cookie information and management

Which cookies and services are used on this website can be found in our Cookie Policy. You can adjust your consent settings for tracking technologies at any time through our cookie settings.

Cookie management through your browser:

View current cookies: In the browser settings under "Privacy" or "Cookies" you will find all stored cookies
Delete cookies: Already stored cookies can be deleted individually or all at once
Block cookies: You can prevent the setting of new cookies completely or partially
Activate notifications: Your browser can warn you before setting new cookies

Cookie management through our cookie banner "Your Privacy Settings":

On this control panel, you can set certain settings for the processing of your personal data. You can change your selection at any time by calling up this control panel via the provided button with security lock icon on the website at the bottom right.

To consent to the processing activities described below, move the switches accordingly or use the "accept all" button and then confirm the saving of your settings.

Options:

Reject all: Rejects all non-required tracking technologies
Accept all: Consents to all tracking technologies

Individual settings via "Your consent settings for tracking technologies":

Through the selection options within this section, you can set your consent settings individually for each of the tracking technologies used for the purposes mentioned below. Learn more about how we use such trackers and how they work in our Cookie Policy. Please note that if you reject individual purposes, associated functions may not be available.

Required

We use these trackers to enable processes that are absolutely necessary for providing and delivering a service that you have requested from us and therefore do not require your consent.

User Experience

Thanks to these trackers, we can offer you an improved user experience and enable interactions with external content, networks and platforms.

Performance Measurement

Thanks to these trackers, we can measure online traffic and analyze your behavior to improve our service.

Marketing

Thanks to these trackers, we can present you with personalized ads or advertising content and measure their performance.

Revocation and objection for cookies

You can revoke your once-given consent at any time with effect for the future
Use our cookie settings or contact us directly
The revocation does not affect the lawfulness of the processing carried out until then

Objection for legitimate interest for cookies that are set based on our legitimate interest, you can object at any time.

12.3 Complianz GDPR Cookie Consent

Our website uses Complianz GDPR Cookie Consent to obtain your consent for storing certain cookies on your device or for using certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723JG Groningen, Netherlands (hereinafter "Complianz").

When you enter our website, a connection is established to the servers of the provider Complianz. The provider Complianz thus receives personal data, such as the browser used, the IP address and a timestamp. A cookie is then stored in your browser to be able to assign you the consents given or their revocation. The data collected in this way is stored until you request us to delete it, delete the cookie yourself, or the purpose for data storage ceases. Mandatory legal retention obligations remain unaffected.

The use of Complianz GDPR Cookie Consent serves to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

12.4 Registration and customer profile

You can register on this website to use additional functions on the site and create a customer profile. During registration and when you store or update personal data in your customer profile, the following personal data is processed by you:

First name
Last name
Company
Address 1
Address 2
City
Postal code
Country
Email address
Password
Phone number

We use the data entered for the purpose of using the respective offer or service for which you have registered, for managing your customer account, for order processing and in case of queries. The mandatory information requested during registration (first name, last name, email, password) must be provided in full. Otherwise, we will reject the registration.

For important changes, such as changes in the scope of services or technically necessary changes, we use the email address provided during registration to inform you in this way.

We do not pass on this data without your consent.

The processing of data entered during registration serves the purpose of implementing the usage relationship established by registration and, if applicable, initiating further contracts (Art. 6 para. 1 lit. b GDPR). If data storage is related to contract fulfillment or is necessary for implementing pre-contractual measures, processing is based on Art. 6 para. 1 lit. b GDPR. In all other cases, processing is based on our legitimate interest in proper management of customer relationships (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data collected during registration is stored by us as long as you are registered on this website and is then deleted. Legal retention periods remain unaffected.

12.5 Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry including all resulting personal data (name, inquiry, email address or telephone number for telephone inquiries) will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided your inquiry is related to contract fulfillment or is necessary for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data sent to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases (e.g. after completion of handling your request). Mandatory legal provisions - especially legal retention periods - remain unaffected.

13. Data collection for implementing pre-contractual measures and contract fulfillment

13.1 Type and scope of data processing

In the pre-contractual area and upon contract conclusion, we collect personal data about you. This concerns, for example, first and last name, address, email address, telephone number or bank details.

13.2 Purpose and legal basis of data processing

We collect and process this data exclusively for the purpose of contract implementation or fulfilling pre-contractual obligations. The legal basis for this is Art. 6 para. 1 lit. b) GDPR. If there is also consent from you, additional legal basis is Art. 6 para. 1 lit. a) GDPR.

13.3 Storage duration

The data is deleted as soon as it is no longer necessary for the purpose of its processing. There may also be legal retention obligations, for example commercial or tax law retention obligations under the Commercial Code (HGB) or the Tax Code (AO). If such retention obligations exist, we block or delete your data at the end of these retention obligations.

14. Social Media

14.1 Facebook

Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, however, the collected data is also transferred to the USA and other third countries.

An overview of Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like button" while logged into your Facebook account, you can link the contents of this website to your Facebook profile. This allows Facebook to assign the visit to this website to your user account. We point out that as providers of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its forwarding to Facebook. The processing by Facebook that takes place after forwarding is not part of the joint responsibility. The obligations jointly incumbent on us have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. information requests) regarding data processed by Facebook directly with Facebook. If you assert data subject rights with us, we are obligated to forward them to Facebook.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

The company has certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/4452.

14.2 Instagram

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to assign the visit to this website to your user account. We point out that as providers of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its forwarding to Instagram. The processing by Instagram that takes place after forwarding is not part of the joint responsibility. The obligations jointly incumbent on us have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Instagram tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Instagram products. You can assert data subject rights (e.g. information requests) regarding data processed by Instagram directly with Facebook. If you assert data subject rights with us, we are obligated to forward them to Facebook.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

Further information on this can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

14.3 Our online presence on Facebook and Instagram

Our presence on social networks and platforms serves better, active communication with our customers and prospects. We inform there about our products and ongoing special offers.

When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your device. In these cookies, visitor behavior and user interests are stored. This serves according to Art. 6 para. 1 lit. f GDPR to protect our legitimate interests that prevail in the context of a balancing of interests in an optimized presentation of our offer and effective communication with customers and prospects. If you are asked by the respective social media platform operators for consent to data processing, e.g. with the help of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR.

The detailed information on the processing and use of data by the providers on their pages as well as a contact possibility and your related rights and setting options for protecting your privacy, in particular objection possibilities (opt-out), can be found in the providers' privacy notices linked below. If you still need help in this regard, you can contact us.

Objection possibility (opt-out):

Facebook: https://www.facebook.com/settings?tab=ads
Instagram: http://instagram.com/about/legal/privacy/

15. Newsletter

15.1 Newsletter data

If you would like to receive the newsletter offered on the website, we collect and store the data you enter in the input mask (e.g. last name, first name, email address).

When registering for the newsletter, we also store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later time. For the confirmation email sent for control purposes (double opt-in email), we also store the date and time of the click on the confirmation link and the IP address entered by the Internet Service Provider (ISP).

15.2 Double opt-in procedure

For newsletter dispatch, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter after you have expressly confirmed to us that you consent to receiving the newsletter. We then send you a confirmation email asking you to confirm by clicking an appropriate link that you want to receive newsletters from us in the future.

This serves to ensure that only you yourself can register for the newsletter as the owner of the specified email address. Your confirmation must be made promptly after receiving the confirmation email, as otherwise your newsletter registration will be automatically deleted from our database.

15.3 Legal basis and storage duration

The processing of data entered into the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke the consent given for storing the data, the email address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the revocation.

The data you have deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or with the newsletter service provider and deleted from the newsletter distribution list after canceling the newsletter or after the purpose ceases to exist. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the framework of our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

Data stored with us for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest. You can object to the storage if your interests outweigh our legitimate interest.

16. Plugins and Tools

16.1 YouTube

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our web pages on which YouTube is embedded, a connection to YouTube's servers is established. The YouTube server is thereby informed which of our pages you have visited. All YouTube embeddings are used with the "Enhanced Privacy" embedding option.

Furthermore, YouTube can store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts. Furthermore, the collected data is processed in the Google advertising network.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information on handling user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

16.2 Google Fonts (local hosting)

This site uses so-called Google Fonts for uniform display of fonts, which are provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Fonts are installed locally. No connection to Google servers takes place.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

16.3 Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is intended to check whether data entry on this website (e.g. in a contact form) is carried out by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data storage and analysis is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in Google's privacy policy and Google's terms of use under the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

16.4 Google (Universal) Analytics for web analysis

Insofar as you have given your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR, this website uses Google (Universal) Analytics for website analysis, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google (Universal) Analytics uses methods that enable analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymization on this website, your IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is generally not merged with other Google data. After the purpose ceases and the end of our use of Google Analytics, the data collected in this context will be deleted.

You can revoke your consent at any time with effect for the future by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google.

17. eCommerce and Payment Providers

17.1 Processing customer and contract data

We collect, process and use personal customer and contract data for establishing, designing and modifying our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 para. 1 lit. b GDPR.

The collected customer data is deleted after completion of the order or termination of the business relationship and expiration of any existing legal retention periods. Legal retention periods remain unaffected.

17.2 Data transmission upon contract conclusion for goods shipment

If you order goods from us, we pass on your personal data to the transport company commissioned with delivery and to the payment service provider commissioned with payment processing. Only such data is disclosed that the respective service provider needs to fulfill its task. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for fulfilling a contract or pre-contractual measures. If you have given appropriate consent according to Art. 6 para. 1 lit. a GDPR, we will pass on your email address to the transport company commissioned with delivery so that it can inform you by email about the shipping status of your order; you can revoke consent at any time.

17.3 Data transmission upon contract conclusion for services and digital content

We only transmit personal data to third parties if this is necessary for contract processing, such as to the credit institution commissioned with payment processing.

Further transmission of data does not occur or only if you have expressly consented to the transmission. No disclosure of your data to third parties without express consent, for example for advertising purposes, takes place.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for fulfilling a contract or pre-contractual measures.

17.4 Reviews.io - Review Platform

We use the Reviews.io review platform from REVIEWS.io Ltd, 29 St Nicholas Place, Leicester, LE1 4LD, United Kingdom, on our website to give our customers the opportunity to rate products or our service.

Processed data:

When you submit a review via Reviews.io, the following personal data is processed:

First and last name (if provided)
Email address (for verification, not publicly visible)
Place of residence and country (if provided)
Information about the device used (e.g. browser type and version, not publicly visible)
IP address (not publicly visible)

Purpose of processing:

Data processing serves to authenticate reviews and display authentic customer opinions on our website. We also use the data to optimize our offering and to communicate with reviewers for queries.

Legal basis:

Processing is carried out according to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in transparent and trustworthy communication with our customers and in optimizing our services.

Data transmission to third countries:

Since Reviews.io is based in the United Kingdom, data transmission to a third country takes place. For the United Kingdom, there is an adequacy decision by the EU Commission, so an adequate level of data protection is ensured.

Storage duration:

Data is only stored as long as necessary for the review, its display and, if applicable, for settling disputes.

Data subject rights:

As a data subject, you have the right to information, correction, deletion, restriction of processing and objection to the processing of your data.

More information about data processing by Reviews.io can be found at: https://www.reviews.io/front/user-privacy-policy, https://www.reviews.io/legal/user-privacy-policy, https://www.reviews.io/legal/data-processing-agreement.

18. Data disclosure to shipping service providers

If you have given us your express consent during or after your order, we pass on your email address to the selected shipping service provider based on this consent according to Art. 6 para. 1 sentence 1 lit. a GDPR so that it can contact you before delivery for the purpose of delivery announcement or coordination. Consent can be revoked at any time by a message to the contact option described below or directly to the shipping service provider at the contact address listed below. After revocation, we delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve further data use that is legally permitted and about which we inform you in this declaration.

DHL Paket GmbH as shipping service provider:

We work with DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, as a shipping service provider, to whom personal data is passed on for carrying out delivery. Further information about data processing by DHL can be found in their privacy policy: https://group.dhl.com/de/datenschutz.html.

19. Changes to the privacy policy

We reserve the right to update this declaration accordingly when necessary.