1. General information
1.1 What are personal data
Personal data is information that discloses or may disclose the identity of the user. We adhere to the principle of data avoidance. As far as possible, we refrain from collecting personal data.
1.2 Handling of personal data
Personal data is used exclusively for the purpose of establishing the contract, structuring its content, implementing or handling the contractual relationship (Art. 6 I S. 1 b GDPR).
In addition, personal data will only be processed if we have received your consent to do so (Art. 6 I p. 1 a GDPR) or if the processing of such data is necessary for our legitimate interests and provided that the weighing of interests shows that there are no overriding interests, fundamental rights or fundamental freedoms that conflict with your interests (Art. 6 I p. 1 f GDPR).
We may use contract processors to process your personal data, but will not pass on your personal data to third parties.
The data will only be passed on to the shipping company commissioned with the delivery for the fulfillment of the contract, insofar as this is necessary for the delivery of ordered goods. In order to process payments, the necessary payment data will be passed on to the credit institution commissioned with the payment and, if applicable, to the commissioned and selected payment service provider.
The processing of your personal data takes place exclusively within the EU unless otherwise stated below.
1.3 Usage data
General technical information is collected when visiting the website. These are the IP address used, time of day, duration of the visit, browser type and, if applicable, the originating page. This usage data is registered in a log file for technical reasons and can be used and stored for the purpose of statistical evaluation of this website. This usage data is not linked to your other personal data.
1.4 Duration of storage
We store your personal data after the end of the purpose for which the data was collected, only as long as this is necessary due to legal (especially tax) regulations.
2. Your rights
You can request information from us as to whether we process personal data about you and, if this is the case, you have the right to be informed of this personal data and the other information mentioned in Art. 15 GDPR.
2.2 Right of rectification
You have the right to rectify incorrect personal data concerning you and, in accordance with Art. 16 of the GDPR, you may request the completion of incomplete personal data.
2.3 Right to deletion
You have the right to demand from us that the personal data concerning you be deleted immediately. We are obliged to delete them immediately, especially if one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing of your data was based and there is no other legal basis for the processing.
- Your data have been processed unlawfully.
The right to deletion does not exist insofar as your personal data is necessary for the assertion, exercise or defense of our legal claims.
2.4 Right to limit processing
You have the right to request us to limit the processing of your personal data if
- you dispute the accuracy of the data and we, therefore, verify the accuracy,
- the processing is unlawful and you refuse to delete it and instead request that its use be restricted,
- we no longer need the data, but you need it to assert, exercise or defend legal claims,
- you have lodged an objection to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.
2.5 Right to data transferability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by us using automated procedures.
2.6 Right of withdrawal
If the processing of your personal data is based on consent, you have the right to revoke this consent at any time.
2.7 General and right of complaint
The exercise of your aforementioned rights is basically free of charge for you. You have the right to contact the supervisory authority responsible for us, the State Data Protection Commissioner, directly in the event of complaints.
3. Data security
3.1 Data security
All data on our website is protected by technical and organizational measures against loss, destruction, access, modification and distribution.
3.2 Sessions and cookies
Below you will find the domain, name and duration of the cookies used only with your consent:
current user login status
session / 90 days
registers a unique ID that is used to generate statistical data on how the visitor uses the website
is used by Google Analytics to distinguish users
Is used by Google Analytics to limit the request rate
If you register for our newsletter, we will use the data required for this purpose or data provided separately by you to send you our e-mail newsletter regularly on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time and either by sending us a message via the contact details given in the imprint or via the link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner that goes beyond that which is legally permitted and about which we inform you in this declaration.
5. Presence on social media platforms
We use the following social media platforms for company presentation and communication (the following linked privacy statements and opt-out options are expressly referred to).
Facebook (Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Opt-out: https://www.facebook.com/settings?tab=ads alternatively http://www.youronlinechoices.com
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)
YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
These social media platforms may process personal data outside the EU and we refer to the above privacy statements of the social media platforms.
The respective social media platforms may create user profiles from your usage behavior and the resulting interests and actions on your part and save cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior can even be saved independently of the device. Your user profile can be used, for example, to place advertisements that presumably correspond to your interests.
We process the personal data exclusively for communication with you via the social media platform you have chosen and for the optimization of our online presence and ensure that no interests on your part are affected which outweigh this legitimate interest on our part (Art. 6 I S. 1 f GDPR). Insofar as you have already given the respective operator of the social media platform effective consent to the corresponding data processing, the processing of your personal data will also be based on this consent (Art. 6 I S. 1 a GDPR).
6. Third-party services
6.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google and operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), and collects and stores data via this web analytics service from which usage profiles are created using pseudonyms. The user profiles created in this way serve to evaluate visitor behavior in order to design and improve the offer presented on this website in line with demand. Google Analytics uses so-called "cookies", small text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. Also, the user profiles maintained under a pseudonym are not merged with the personal data of the user without the express and separately declared consent of the user. Thus, the weighing of interests shows that there are no overriding interests on your part that conflict with this (Art. 6 I S. 1 f GDPR). You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
6.2 Google Translate
This site uses the translation service Google Translate via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you have your habitual residence in the EEA or Switzerland, the company responsible for processing your data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Translate it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Translate is in the interest of easy accessibility and barrier-free access to our online services for international visitors. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
You can view Google's data protection information here: https://www.google.de/intl/de/policies/privacy/ .
6.3 Firebase authentication
We use Firebase Authentification, a Google login and authentication service operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To simplify the sign-in and authentication process, Firebase Authentication may use third-party identity services and store the information on its platform.
6.4 Google Cloud Storage
We use the Google Cloud Storage service for the storage of images, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Both when storing and retrieving images, your IP address is transmitted to Google.
We use MongoDB, a NoSQL database from MongoDB Inc, 1633 Broadway, 38th Floor, New York, NY 10019, USA, for storing and managing user-generated content.
We use Sendinblue, a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany ("Sendinblue"), to send our newsletter. Sendinblue is a service that allows us to organize and analyze the delivery of our newsletters. The information you enter to subscribe to the newsletter (e.g., email address) is stored on SendinBlue's servers. Our newsletters sent with Sendinblue enable us to analyze the behavior of the newsletter recipients. This can include analyzing how many recipients opened the newsletter message and how often each link in the newsletter was clicked. All links in the e-mail are so-called tracking links, which can be used to count your clicks. If you do not want Sendinblue to analyze your newsletter, you must unsubscribe. We provide a link to do this in every newsletter message. Furthermore, you can also revoke your consent at any time with future effect by sending an e-mail to the address given in our imprint. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and Sendinblue's servers after you unsubscribe from the newsletter. Data which has been stored by us for other purposes (e.g., e-mail addresses for the members' area) remains unaffected.
We use the search technology Algolia via an API. The provider is Algolia, Inc. 301 Howard Street, 3rd Floor, San Francisco, CA 94105, USA.
To use the functions of the Algolia search, it is necessary to store your IP address and your search query. This information is usually transferred to an Algolia server in Europe or the USA and stored there. The provider of this site has no influence on this data transfer.
The use of the Algolia search is in the interest of good accessibility and easy findability of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
Further information on the handling of user data can be found in the Algolia data protection declaration: https://www.algolia.com/policies/privacy.
We use imgix, a service for scaling images in real-time. The provider is imgix Inc, 423 Tehama St, San Francisco, CA 94103, USA.
Your IP address will be transmitted. The service has committed itself to comply with the European data protection guidelines and has also joined the Privacy Shield Agreement. Questions regarding data protection will be answered by email@example.com.
6.9 Social media links
We have our own social media pages at third-party providers that can be reached via links from this website. By using the links you will be able to reach the respective websites of the third-party providers (e.g., Facebook, Twitter). In order to avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a link, so that the use of the link does not result in the creation of user profiles by the third-party provider.
7. Affiliate links and advertising
8. Contacting us
To contact us regarding data protection, you are welcome to use the following contact options. Responsible in the sense of the GDPR:
Alina Zito and David Olszowski