Privacy Policy

If you also provide us with personal data, for example, in an email inquiry or via our contact form, we will also process – depending on the information you provide – the following data:

• Personal information (e.g., name, address)
• Contact information (e.g., email address, phone number)
• Content data (e.g., text entries, photos, videos)
• Usage data (e.g., websites visited, access times)
• Communication/metadata (e.g., device information, IP addresses)

In addition, we may process the following personal data for the purposes of providing contractual services, customer support, and marketing/advertising:

• Contract details (e.g., contract subject matter, term, customer number)
• Payment details (e.g., bank account information, payment history)

We process your personal data when you visit our website for the following purposes:

• Providing the features and content of our online service
• Ensuring a smooth connection to our website
• Ensuring a user-friendly experience on our website
• Evaluating and ensuring system security and stability, as well as general security measures
• Responding to any contact requests or communicating with you
• Other administrative purposes
• Providing contractual services
• Customer service

Unless we specify a specific legal basis in this Privacy Policy, the following applies to the processing of your personal data: The legal basis for obtaining consent is derived from Article 6(1)(a) and Article 7 of the GDPR. The legal basis for data processing to fulfill our services and carry out (pre-)contractual measures, as well as to respond to any inquiries, is Article 6(1)(b) of the GDPR. For data processing to fulfill legal obligations, Article 6(1)(c) of the GDPR serves as the legal basis. If vital interests of the data subject or another natural person necessitate data processing, the legal basis is derived from Article 6(1)(d) of the GDPR. Data processing to safeguard our legitimate interests is based on Article 6(1)(f) of the GDPR. Our legitimate interest in this regard arises from the aforementioned purposes of data collection.

If, in the course of processing your personal data, we disclose it to third parties, transfer it to them, or otherwise grant them access to the data, this is done exclusively on the basis of a legal authorization, provided that you have consented to it, we are legally obligated to do so, or on the basis of our legitimate interests. Legal authorization exists in particular when the disclosure of data is necessary to fulfill contractual obligations (e.g., with payment or shipping service providers). A legitimate interest may exist when we use data for direct marketing or to prevent fraud, or even if you are a customer of ours. A legitimate interest may also exist, for example, when using web or email hosts, cloud providers, or similar service providers. Such service providers often act as so-called data processors on the basis of a corresponding contract. They are also obligated to comply with data protection regulations and to ensure this contractually. The legal basis for such data processing relationships is Article 28 of the GDPR.

Who do we share your data with?

We regularly work with the following recipients in particular:

• Shipping service provider
• Bank
• Email hosting provider
• Web hosting provider

We carefully select our external service providers. In cases of data processing arrangements (Art. 28 GDPR), these companies are contractually bound to follow our instructions and are regularly monitored by us. In cases of joint control (Art. 26 GDPR), appropriate contractual arrangements are in place.

Data transfer to entities outside the EU

The transfer of your personal data to third countries (i.e., outside the EU or the EEA) or to an international organization is only intended in exceptional cases. Further information can be found in the descriptions of the individual services below.

If we process your personal data in a third country or have it processed by third parties, we do so only if it is necessary to fulfill our pre-contractual or contractual obligations, based on your consent, a legal obligation, or our legitimate interests. Your personal data will only be processed in a third country if the specific requirements of Articles 44 et seq. of the GDPR are met, unless there are statutory or contractual permissions in individual cases. This means that data processing takes place, for example, on the basis of specific safeguards, such as the officially recognized determination of a level of data protection equivalent to that of the European Union or compliance with specific, recognized contractual obligations (in particular the so-called “EU Standard Contractual Clauses”).

Storage duration

The duration of the storage of your personal data is generally determined by applicable statutory retention periods (e.g., under commercial or tax law). Unless otherwise specified below, your personal data is routinely deleted upon expiration of any applicable retention period, provided that it is no longer necessary for the performance or initiation of a contract, we no longer have a legitimate interest in further storage, and/or you have not consented to storage beyond this period.
In Germany, specific retention periods exist in the following areas, among others:

• in accordance with commercial law (6, 8, or 10 years pursuant to Section 257(4) of the German Commercial Code (HGB), depending on the type of document, e.g., opening balance sheets, annual financial statements, accounting vouchers, etc.)
• Under tax law (10 years for all documents relevant under tax law)
• Under labor law (6 months for documents of rejected applicants)

Your rights

With regard to the processing of your personal data, you have the right

• to request information about your personal data that we process. In particular, you may request information regarding the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details (Art. 15 GDPR);
• to request, without delay, the correction of inaccurate personal data or the completion of your personal data stored by us (Art. 16 GDPR);
• to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims (Art. 17 GDPR);
• to request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you oppose its erasure, and if we no longer need the data but you require it to assert, exercise, or defend legal claims, or you have objected to the processing pursuant to Art. 21 GDPR (Art. 18 GDPR);
• to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller (data portability, Art. 20 GDPR);
• not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning the data subject or similarly significantly affects the data subject (Art. 22 GDPR);
• to issue a complaint with a supervisory authority (Art. 77 GDPR);
• to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) or (f); this also applies to profiling based on these provisions (Article 21 of the GDPR);
• to withdraw your consent at any time. As a result, we will no longer be permitted to process your data on the basis of that consent going forward (Art. 7(3) GDPR).

The last three rights mentioned are explained in more detail below.

Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR or for direct marketing or profiling, you have the right to object to the processing of your personal data at any time. This means that we may no longer continue processing your personal data in the future, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

However, the right to object applies only if there are grounds for doing so that arise from your specific situation or if your objection relates to direct marketing. In the latter case, you have a general right to object, which we will honor without requiring you to specify a particular situation.

If you wish to exercise your right to object, simply send us a message (see above for contact information).

Withdrawal of consent

You may withdraw your consent at any time. As a result, we will no longer be permitted to process your personal data based on that consent in the future.

If you wish to exercise your right of withdrawal, simply send us a message (see above for contact information).

How to File a Complaint

With regard to our processing of your personal data, you have the right to file a complaint with a data protection supervisory authority. A list of state data protection supervisory authorities can be found, for example, at the following address:
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

When and why is it necessary to provide your information?

When you use our contact form or send us inquiries via email, you provide us with your personal data (e.g., name, address, or email address).
The provision of your personal data is in some cases required by law (e.g., under tax law). It may also be necessary for the performance of pre-contractual or contractual measures. Failure to provide your personal data would result in the contract with you not being concluded or your inquiry not being answered.

The following information is required in order to execute contracts or take pre-contractual steps, or to communicate with us:

• First and last name
• Email address
• Customer information (if applicable, e.g., customer number)
• Text entries
• Phone number (if applicable, e.g., for follow-up questions or responding to customer inquiries)

Unless otherwise stated in this Privacy Policy, all other information is provided voluntarily.

Is automated decision-making (e.g., profiling) used?

No automated decision-making, including profiling, takes place.

Contact options

You can contact us by mail, phone, or email (see above). If you contact us via email or through our contact form, for example, we automatically store the personal data you voluntarily provide to us for the purpose of processing your inquiry or contacting you. This data will not be shared with third parties.

Website Security

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (Art. 32 GDPR). These measures include, in particular, ensuring the confidentiality, integrity, and availability of data. In addition, we have established business processes that specifically ensure the protection of data subjects’ rights, the erasure of data, and the response to data breaches. Furthermore, we adhere to the principles of data protection law, including data protection through design and privacy-friendly default settings (privacy by design and privacy by default, Art. 25 GDPR).

For security reasons and to protect the transmission of your personal data and other confidential information, we use encrypted transmission via an SSL/TLS certificate on our website. You can tell this is the case because the address bar of your browser displays “https” (instead of “http”), along with a padlock icon and a different color scheme.

Cookies

We use cookies on our website. These are small files containing text information that are stored by your browser or otherwise saved on your device.

So-called transient (or temporary) cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These cookies store a specific identifier (the so-called session ID), which allows your device to be recognized when you return to our website. This enables, for example, the contents of an online store’s shopping cart or your login status to be saved. Session cookies are deleted when you log out or close your browser.

So-called persistent (or permanent) cookies are automatically deleted after a certain period of time; the duration of storage varies depending on the cookie. This allows, for example, user information to be stored for a longer period of time for the purposes of measuring reach or for marketing purposes, or to maintain a login status.

For both temporary and permanent cookies, a distinction must be made between first-party cookies and third-party cookies. The former are set by the controller, while the latter are set by third-party providers.

You can delete cookies at any time via your browser’s security settings or, for example, refuse to accept third-party cookies. If you wish to object to the use of cookies for online marketing purposes in general, you can do so through various services or providers, such as the European website www.youronlinechoices.com. Please note, however, that you may then not be able to use all features of our website.

On our website, we may use temporary or permanent cookies, as well as first-party and third-party cookies, for example, to identify you during subsequent visits.

We currently use only those cookies that are technically necessary to provide our services (e.g., to store your login status). The legal basis for the use of cookies is Article 6(1)(f) of the GDPR. If other cookies that are not technically necessary are used, we will obtain your consent for this (Article 6(1)(a) of the GDPR).