Data Protection

– Inventory data (e.g., names, addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Contract data (e.g., subject matter of the contract, duration, customer category).
– Payment data (e.g., bank details, payment history).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of Affected Persons:

– Customers, prospects, visitors, and users of the online offering, business partners.
– Visitors and users of the online offering.
Hereinafter, we also refer to the affected persons collectively as "users."

Purpose of Processing:

– Provision of the online offering, its content, and shop functions.
– Delivery of contractual services, service, and customer care.
– Response to contact inquiries and communication with users.
– Marketing, advertising, and market research.
– Security measures.

As of: 10/2023

1. Terms Used
1.1. "Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific features that are an expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1.2. "Processing" is any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data.

1.3. The "controller" is the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.

2. Applicable Legal Bases
In accordance with Article 13 of the GDPR, we provide you with the legal bases for our data processing activities. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR. The legal basis for processing to fulfill our services and perform contractual measures as well as to respond to inquiries is Article 6(1)(b) of the GDPR. The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) of the GDPR. If processing is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

3. Changes and Updates to the Privacy Policy
We request that you regularly review the content of our privacy policy. We will adjust the privacy policy as necessary when changes to our data processing activities require it. We will inform you when changes necessitate your participation (e.g., consent) or any other individual notification.

4. Security Measures
4.1. In accordance with Article 32 of the GDPR, and taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. These measures include, in particular, ensuring the confidentiality, integrity, and availability of data through controlling physical access to the data, as well as access, input, transmission, availability, and separation of the data. Additionally, we have established procedures to enable the exercise of data subject rights, data deletion, and responses to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in line with the principle of data protection by design and by default (Article 25 GDPR).

5. Disclosure and Transfer of Data
5.1. If, as part of our processing, we disclose data to other persons and companies (processors or third parties), transfer them to these parties, or otherwise grant access to the data, this is done only on the basis of a legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is required for the performance of a contract pursuant to Article 6(1)(b) GDPR), if you have given consent, if a legal obligation requires it, or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, financial, and legal advisors, customer service, accounting, billing, and similar services that allow us to efficiently and effectively fulfill our contractual obligations, administrative tasks, and duties).

5.2. If we engage third parties to process data based on a so-called "Data Processing Agreement," this is done in accordance with Article 28 GDPR.

6. Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using services of third parties or disclosing or transferring data to third parties, this only happens if it is necessary for the fulfillment of our (pre)contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will process or have the data processed in a third country only if the specific conditions of Articles 44 et seq. of the GDPR are met. This means that processing occurs, for example, on the basis of special guarantees, such as an officially recognized determination of an adequate level of data protection equivalent to that of the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called "Standard Contractual Clauses").

7. Rights of the Data Subjects
7.1. You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as additional information and a copy of the data in accordance with Article 15 GDPR.

7.2. You have the right, pursuant to Article 16 GDPR, to request the completion of incomplete data concerning you or the rectification of inaccurate data concerning you.

7.3. You have the right to request, pursuant to Article 17 GDPR, that data concerning you be deleted immediately or, alternatively, to request a restriction on the processing of the data pursuant to Article 18 GDPR.

7.4. You have the right to receive the data concerning you that you have provided to us, in accordance with Article 20 GDPR, and to request its transfer to other controllers.

7.5. Furthermore, you have the right, according to Article 77 GDPR, to lodge a complaint with the competent supervisory authority.

8. Right of Withdrawal
You have the right to withdraw any consents given in accordance with Article 7(3) GDPR with effect for the future.

9. Right to Object
You may object to the future processing of your data in accordance with Article 21 GDPR at any time. The objection may specifically be made against processing for purposes of direct marketing.

10. Cookies and Right to Object to Direct Marketing
10.1. "Cookies" are small files that are stored on users' computers. Within cookies, various information can be stored. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Cookies that are deleted after a user leaves an online offer and closes their browser are referred to as temporary cookies, "session cookies," or "transient cookies." For example, such a cookie might store the contents of a shopping cart in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as "persistent" or "permanent" cookies. For example, a login status might be stored if users visit the site again after several days. Similarly, a persistent cookie may store user interests for reach measurement or marketing purposes. "Third-party cookies" are cookies set by providers other than the controller operating the online offer (otherwise, if they are only the controller’s cookies, they are called "first-party cookies").

10.2. We use both temporary and permanent cookies and provide information about them in our privacy policy.
If users do not wish to have cookies stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to limitations in the functionality of this online offer.

10.3. A general objection to the use of cookies for online marketing purposes can be declared for a variety of services, particularly in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Additionally, the storage of cookies can be achieved by disabling them in the browser settings. Please note that not all features of this online offer may be available if cookies are disabled.

11. Data Deletion
11.1. The data we process will be deleted or restricted in processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and there are no legal retention obligations preventing deletion. If the data cannot be deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

11.2. Germany: According to legal requirements, retention occurs primarily for 6 years in accordance with § 257 Abs. 1 HGB (Commercial Books, Inventories, Opening Balances, Annual Financial Statements, Commercial Letters, Booking Records, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (Books, Records, Management Reports, Booking Records, Commercial and Business Letters, Tax-related Documents, etc.).

12. Order Processing in the Online Shop and Customer Account
12.1. We process our customers' data within the framework of the order processes in our online shop to enable them to select and order the chosen products and services, as well as to process their payment and delivery or execution.

12.2. The data processed includes master data, communication data, contract data, payment data, and the affected persons are our customers, prospects, and other business partners. The processing is carried out for the purpose of providing contractual services within the operation of an online shop, billing, delivery, and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

12.3. The processing is based on Art. 6 Abs. 1 lit. b (Processing of Orders) and c (Legally Required Archiving) GDPR. The information marked as necessary is required for the establishment and performance of the contract. We only disclose data to third parties within the framework of delivery, payment, or within legal allowances and obligations to legal advisors and authorities. Data is processed in third countries only if this is necessary for the performance of the contract (e.g., at the customer's request for delivery or payment).

12.4. Users can optionally create a user account, where they can view their orders, among other things. During registration, the necessary mandatory information is provided to users. User accounts are not public and cannot be indexed by search engines. If users cancel their user account, their data related to the user account will be deleted, subject to retention as required for commercial or tax reasons pursuant to Art. 6 Abs. 1 lit. c GDPR. Information in the customer account remains until its deletion with subsequent archiving in case of legal obligations. It is the users' responsibility to secure their data before the end of the contract in case of cancellation.

12.5. During registration, re-logins, and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users' interest in protection against abuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary for the enforcement of our claims or there is a legal obligation according to Art. 6 Abs. 1 lit. c GDPR.

12.6. Deletion takes place after the expiry of legal warranty and comparable obligations. The necessity of data retention is checked every three years; in the case of legal archiving obligations, deletion occurs after their expiry (end of commercial (6 years) and tax (10 years) retention periods); information in the customer account remains until its deletion.

13. Credit Check
13.1. If we provide services in advance (e.g., when purchasing on invoice), we reserve the right to obtain a credit report and assess the credit risk using mathematical and statistical methods from specialized service providers (credit agencies) to protect our legitimate interests.

13.2. As part of the credit check, we will transmit the following personal data of the customer (name, postal address, date of birth, contract type, bank details) to the following credit agencies: SCHUFA Holding AG (Kormoranweg 5, 65201 Wiesbaden), Privacy Policy: https://www.schufa.de/de/ueber-uns/daten-scoring/.

13.3. We process the information received from the credit agencies regarding the statistical probability of default in the context of a reasonable decision-making process concerning the establishment, execution, and termination of the contractual relationship. We reserve the right to refuse to provide services in advance or any other prepayment in the event of a negative result from the credit check.

13.4. The decision on whether to provide services in advance is made according to Art. 22 GDPR solely based on an automated decision in individual cases, which is made by our software based on the credit agency's information.

13.5. If we obtain explicit consent from you, the legal basis for the credit check and the transmission of customer data to credit agencies is the consent according to Art. 6 Abs. 1 lit. a, 7 GDPR. If no consent is obtained, our legitimate interests in ensuring the reliability of our payment claims constitute the legal basis according to Art. 6 Abs. 1 lit. f GDPR.

14. Contact and Customer Service
14.1. When contacting us (via contact form or email), the user's information is processed to handle and manage the contact request in accordance with Art. 6 Abs. 1 lit. b) GDPR.

14.2. The user's information may be stored in our Customer Relationship Management System (“CRM System”) or a similar inquiry management system.

14.3. We delete the inquiries once they are no longer necessary. We review the necessity of storing inquiries every two years; inquiries from customers with a customer account are stored permanently and are subject to the deletion provisions applicable to the customer account. Additionally, legal archiving requirements apply.

15. Collection of Access Data and Logfiles
15.1. Based on our legitimate interests as defined in Art. 6 Abs. 1 lit. f GDPR, we collect data on every access to the server on which this service is hosted (so-called server logfiles). The access data includes the name of the retrieved webpage, file, date and time of the retrieval, transferred data volume, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

15.2. Logfile information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of seven days and then deleted. Data that is required to be kept for evidentiary purposes remains stored until the respective incident is fully clarified.

16. Online Presences in Social Media
16.1. Based on our legitimate interests as defined in Art. 6 Abs. 1 lit. f GDPR, we maintain online presences on social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

16.2. Unless otherwise stated in our privacy policy, we process the data of users when they communicate with us within social networks and platforms, e.g., by posting on our online presences or sending us messages.

If the "Remarketing" or "Google Analytics Audiences" functions are used, the following section regarding these functions should be added as a second point:

16.3. We use Google Analytics to display ads within Google's advertising services and its partners only to users who have shown interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined based on visited websites) that we transmit to Google (so-called "Remarketing" or "Google Analytics Audiences"). Through Remarketing Audiences, we aim to ensure that our ads match the potential interest of users and do not appear intrusive.

17. Google Analytics
17.1. Based on our legitimate interests (i.e., interest in analyzing, optimizing, and operating our online offering economically according to Art. 6 Abs. 1 lit. f GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transmitted to a Google server in the USA and stored there.

17.2. Google is certified under the Privacy Shield framework and thus provides a guarantee of compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

17.3. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide other services related to the use of this online offering and internet use. Pseudonymous user profiles may be created from the processed data.

17.4. We use Google Analytics only with IP anonymization enabled. This means that Google will shorten the IP address of users within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

17.5. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offering, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

17.6. For more information on Google's data usage, options for settings, and objections, please visit the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you ads”).

18. Facebook Social Plugins
18.1. We use social plugins (“Plugins”) from the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering according to Art. 6 Abs. 1 lit. f GDPR). The plugins may include interactive elements or content (e.g., videos, graphics, or text posts) and are recognizable by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Gefällt mir” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin.” The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

18.2. Facebook is certified under the Privacy Shield framework and thus provides a guarantee of compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

18.3. When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. This may result in Facebook creating usage profiles of users based on the processed data. We therefore have no influence over the scope of data Facebook collects using this plugin and inform users according to our knowledge.

18.4. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example, by pressing the Like button or posting a comment, the corresponding information is transmitted directly from the user's device to Facebook and stored there. Even if a user is not a Facebook member, there is a possibility that Facebook will learn and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

18.5. The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the rights and privacy settings to protect users, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

18.6. If a user is a Facebook member and does not want Facebook to collect data about them through this online offering and link it with their Facebook membership data, they must log out of Facebook before using our online offering and delete their cookies. Further settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Settings are platform-independent, meaning they apply to all devices such as desktop computers or mobile devices.

19. Kommunikation via Post, E-Mail, Fax oder Telefon
19.1 We use communication channels such as postal mail, telephone, or email for business transactions and marketing purposes. In doing so, we process master data, address and contact data, as well as contract data of customers, participants, prospects, and communication partners.

19.2 The processing is based on Art. 6 Abs. 1 lit. a, Art. 7 GDPR, and Art. 6 Abs. 1 lit. f GDPR in connection with legal requirements for commercial communications. Contact is only made with the consent of the contacts or within the framework of legal permissions, and the processed data will be deleted as soon as they are no longer required or otherwise in case of objection/withdrawal or the cessation of legal basis or legal archiving obligations.

Note: Please specify in the registration form, i.e., in the registration form, the content of the newsletter and the evaluation of opening and click behavior, e.g.:

Our newsletter contains information about our products, offers, promotions, and our company. Information on data protection, revocation, logging, and the success measurement covered by the consent can be found in our Privacy Policy.

If you use a shipping service provider, you must include information about them and can refer to the following examples (use of a provider from the EU and one from a third country):

Shipping Service Provider: The newsletter is sent using CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, hereinafter referred to as “Shipping Service Provider”. The data protection regulations of the shipping service provider can be viewed here: https://www.cleverreach.com/de/datenschutz/.

Shipping Service Provider: The newsletter is sent using “MailChimp,” a newsletter shipping platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the shipping service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield framework and thus provides a guarantee of compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

Note on the legal basis: Please choose the option for Germany or Austria for the legal basis information. Please note that in Austria, due to a provision in the E-Commerce Act (ECG), the so-called “ECG list” must be considered. This list is maintained by the Regulatory Authority for Telecommunications and Broadcasting (RTR-GmbH): https://www.rtr.at/de/tk/TKKS_Spam. It contains email addresses to which emails must not be sent.

20. Newsletter
20.1. With the following information, we inform you about the content of our newsletter as well as the registration, delivery, and statistical evaluation procedures, as well as your rights to object. By subscribing to our newsletter, you agree to receive the newsletter and the described procedures.

20.2. Content of the Newsletter: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter "Newsletter") only with the consent of the recipients or with legal permission. If the content of the newsletter is specifically described during the registration, it is decisive for the consent of the users. Otherwise, our newsletters contain information about our products, offers, promotions, and our company.

20.3. Double-Opt-In and Logging: The registration for our newsletter occurs using a double-opt-in procedure. This means you will receive an email after registration asking you to confirm your registration. This confirmation is necessary to prevent unauthorized sign-ups using foreign email addresses. The registrations are logged to provide proof of the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation times, as well as the IP address. Changes to the data stored with the shipping service provider are also logged.

20.4. Shipping Service Provider: The newsletter is sent using "MailChimp," a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the shipping service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield framework and thus provides a guarantee of compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

20.5. If we use a shipping service provider, the provider may use this data in pseudonymous form, i.e., without association with a user, to optimize or improve their own services, e.g., for technical optimization of delivery and presentation of newsletters or for statistical purposes to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to address them themselves or to pass the data on to third parties.

20.6. Registration Data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal addressing in the newsletter.

20.7. Success Measurement: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server, or if we use a shipping service provider, from their server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and system, as well as your IP address and the time of retrieval, are collected. This information is used for technical improvement of the services based on technical data or target groups and their reading behavior based on retrieval locations (which can be determined using the IP address) or access times. Statistical data collected also includes whether newsletters are opened, when they are opened, and which links are clicked. Although this information can technically be assigned to individual newsletter recipients, it is neither our goal nor, if used, that of the shipping service provider, to monitor individual users. The evaluations are intended to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

20.8. Germany: The sending of newsletters and success measurement is based on the consent of the recipients in accordance with Art. 6 Abs. 1 lit. a, Art. 7 GDPR in conjunction with § 7 Abs. 2 Nr. 3 UWG or on the basis of the legal permission in accordance with § 7 Abs. 3 UWG.

20.9. Austria: The sending of newsletters and success measurement is based on the consent of the recipients in accordance with Art. 6 Abs. 1 lit. a, Art. 7 GDPR in conjunction with § 107 Abs. 2 TKG or on the basis of the legal permission in accordance with § 107 Abs. 2 and 3 TKG.

20.10. The logging of the registration process is based on our legitimate interests in accordance with Art. 6 Abs. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.

20.11. Newsletter recipients can unsubscribe from our newsletter at any time, i.e., withdraw their consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. This will simultaneously cancel your consent to success measurement. Separate revocation of success measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled. Upon unsubscribing from the newsletter, personal data will be deleted unless their retention is legally required or justified, in which case their processing will be restricted to these exceptional purposes. In particular, we may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them for the purpose of newsletter delivery, to be able to prove a previously given consent. The processing of this data will be limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is also confirmed.

21. Google Ads Conversion-Tracking

21.1. On our website, we use the online advertising program "Google Ads" and within this program, we use Conversion Tracking (action evaluation). Google's Conversion Tracking is an analysis tool provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).

21.2. When you click on a Google ad, a cookie for conversion tracking is stored on your computer. These cookies are valid for a limited time only, do not contain personal information, and therefore cannot be used for personal identification.

21.3. If you visit specific pages on our website while the cookie is still active, both Google and we can track that you clicked on the ad and were redirected to this specific page. Each Google Ads customer receives a unique cookie, ensuring that cookies cannot be tracked across other Ads customers' websites.

21.4. The conversion cookie collects information to create conversion statistics. This allows us to know the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that enables personal identification of the users.

21.5. Your data may be transferred to Google LLC servers in the USA. There is no adequacy decision by the EU Commission for the USA. The data transfer is based, among other things, on the standard contractual clauses as appropriate safeguards for the protection of personal data, which can be viewed at the following links: https://policies.google.com/privacy/frameworks and https://business.safety.google/adscontrollerterms/. The use of cookies or similar technologies is based on your consent in accordance with § 25 Abs. 1 S. 1 TTDSG in conjunction with Art. 6 Abs. 1 lit. a GDPR. The processing of your personal data is also based on your consent under Art. 6 Abs. 1 lit. a GDPR. You have the right to withdraw your consent at any time without affecting the legality of the processing of your data up to the point of withdrawal. For more information and Google's privacy policy, please visit: https://www.google.de/policies/privacy/

22. Google Tag Manager

22.1. On our website, we use Google Tag Manager, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). This application allows for the management of JavaScript and HTML tags, which are used primarily for implementing tracking and analysis tools. The data processing aims to target and optimize our website. The Google Tag Manager itself does not store cookies or process personal data. However, it enables the triggering of additional tags that may collect and process personal data.

The implementation of Google Tag Manager is carried out in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in the efficient integration and management of various tools on their website.

If consent has been obtained, data processing is carried out exclusively based on Article 6(1)(a) GDPR and § 25(1) of the Telemedia Act (TTDSG), provided that the consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) according to the TTDSG. The consent given can be revoked at any time.

For more information about terms of use and data protection, please visit: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/

23. Integration of Third-Party Services and Content
23.1. We use third-party content or service offers within our online presence based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online presence according to Art. 6 (1) (f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as "Content"). This always requires that the third-party providers of this content perceive the users' IP address, as they could not send the content to their browser without the IP address. Therefore, the IP address is necessary for the display of this content. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through these "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users' device and may contain technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online presence, and can be connected with such information from other sources.

23.2. The following overview provides information about third-party providers and their content, along with links to their privacy policies, which include further details on data processing and, in some cases, already mentioned opt-out options (so-called opt-out):
– If our customers use third-party payment services (e.g., PayPal or instant transfer), the terms and privacy notices of the respective third-party providers apply, which can be accessed on the respective websites or transaction applications.

– External fonts from Google, LLC, https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts is done through a server request to Google (usually in the USA). Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

– Maps from the service “Google Maps” provided by third-party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

– Videos from the “YouTube” platform provided by third-party Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

– Functions of the Google+ service are integrated within our online presence. These functions are offered by third-party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the content of our pages with your Google+ profile by clicking the Google+ button. This allows Google to associate your visit to our pages with your user account. Please note that as the provider of the pages, we have no knowledge of the content of the transmitted data and how Google+ uses it. Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

– Functions of the Instagram service are integrated within our online presence. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Please note that as the provider of the pages, we have no knowledge of the content of the transmitted data and how Instagram uses it. Privacy policy: http://instagram.com/about/legal/privacy/.

– We use social plugins from the social network Pinterest, operated by Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA (“Pinterest”). When you visit a page containing such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transmits log data to Pinterest’s server in the USA. This log data may include your IP address, the address of visited websites also containing Pinterest functions, browser type and settings, date and time of the request, your use of Pinterest, and cookies. Privacy policy: https://about.pinterest.com/de/privacy-policy.

– Functions of the Twitter service or platform may be integrated within our online presence (hereinafter referred to as “Twitter”). Twitter is an offering of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include displaying our posts within Twitter on our online presence, linking to our Twitter profile, as well as the possibility to interact with Twitter’s posts and functions, and to measure whether users come to our online presence through the ads we place on Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield agreement and provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

Shopware Analytics
Purpose of processing: Together with our store software service provider, we evaluate certain information from our customer base under joint responsibility (e.g. customer group, pages visited, click paths, date and time of the visit, information about the end device used (resolution, resolution density, operating system), referrer URL, information about the browser used, locale, search queries and time zone). This information is processed by an external service provider and forwarded to us in approximate real time so that we can monitor the use of our website and improve our offerings.
Legal basis: Art. 6 para. 1 letter f GDPR
Data categories: Derived from core and contact data (the customer group, no individual customer data), usage data, connection data
Recipients of the data: shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller), IT service provider
The essence of joint responsibility: The joint responsibility exists between us and shopware AG; the data is collected in our store and then transferred to servers of shopware or its service providers; with the exception of obtaining your consent for the use of cookies or comparable technologies and the fulfillment of these information obligations, all obligations, in particular the implementation of the rights of data subjects, are the responsibility of shopware AG, which you can reach at legal@shopware.com. You can also assert your data subject rights with us; we will then forward your request to shopware AG accordingly. shopware AG can derive behavior patterns on our store from the data collected, but cannot assign this data to you as a person.
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? Yes, see Consent Management for details.