Privacy Policy

 

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This only applies insofar as no other indication is given in the subsequent processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.


Server log files
You can visit our website without providing any personal information about yourself.
Every time you access our website, usage data is transmitted to us or our web host / IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, date and time of access, IP address, amount of data transferred and the requesting provider.
Processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and in improving our services.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s standard contractual clauses.

Contact

Controller
Please contact us if you wish. The controller responsible for data processing is: Kevin Ludwig, Talstr. 18, 71116 Gärtringen, Germany, +49 7034 6557262, k.ludwig@klmedia.info

Customer-initiated contact by email
If you initiate business contact with us by email, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing is carried out for the purpose of handling and responding to your contact request.
If the contact is made for the purpose of carrying out pre-contractual measures (e.g. advice on purchase interest, preparing an offer) or concerns an existing contract between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR.
We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing is carried out for the purpose of contacting you.
If the contact is made for the purpose of carrying out pre-contractual measures (e.g. advice on purchase interest, preparing an offer) or concerns an existing contract between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR. If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR. We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Customer account Orders

Customer account
When you open a customer account, we collect your personal data to the extent indicated there. Data processing is carried out for the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation. Your customer account will then be deleted.


Collection, processing and transfer of personal data for orders
When you place an order, we collect and process your personal data only insofar as this is necessary to fulfil and process your order and to handle your enquiries. The provision of data is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is carried out on the basis of Art. 6 (1) (b) GDPR and is necessary for the performance of a contract with you.
Your data will be passed on, for example, to the shipping companies and dropshipping providers you have selected, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to the minimum necessary.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s standard contractual clauses.

Reviews Advertising

Trustami customer reviews
To display collected reviews and social media feedback, the Trustami trust seal is integrated on this website. This serves to implement our legitimate interests in the optimal marketing of our offer on our own website in accordance with Art. 6 (1) sentence 1 (f) GDPR. When the Trustami trust seal is accessed, the web server automatically stores data (access data) in the form of a server log file, which contains the name of the website accessed, the file, the date and time of access, your IP address in truncated form, the amount of data transferred, the report of successful retrieval, the browser type, the operating system of the user, the referrer URL (the previously visited page) and the requesting provider. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your site visit. The Trustami trust seal and the services advertised with it are an offer of Trustami GmbH, Schröderstraße 5, 10115 Berlin. The privacy policy of Trustami at www.trustami.com/datenschutz applies to the processing of data collected by Trustami.

Use of email address for sending newsletters
We use your email address, independent of contract processing, exclusively for our own advertising purposes for sending newsletters, provided you have expressly consented to this. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.

Shipping service providers Inventory management

Transfer of email address to shipping companies for information on shipping status
We pass on your email address to the transport company within the scope of contract processing, provided you have expressly consented to this during the ordering process. The transfer serves the purpose of informing you by email about the shipping status. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You may revoke your consent at any time by notifying us or the transport company, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation.

Use of an external inventory management system
We use an inventory management system as part of order processing. For this purpose, the personal data collected in the course of the order is transmitted to:
Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany.

The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 (1) (b) GDPR.

Payment service providers Credit check

Use of Amazon Payments
We use the Amazon Payments payment service of Amazon Payments Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg; “Amazon Payments”) on our website.
Data processing serves the purpose of being able to offer you payment via the Amazon Payments payment service.
To integrate this payment service, it is necessary for Amazon Payments to collect, store and analyse data (e.g. IP address, device type, operating system, browser type, location of your device) when the website is accessed. Cookies may also be used for this purpose. Cookies enable your browser to be recognised.
The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in a customer-oriented offering of various payment methods. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
By selecting and using “Amazon Payments”, the data required for payment processing is transmitted to Amazon Payments in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR.
Further information on data processing when using the Amazon Payments payment service can be found in the associated privacy policy at: https://pay.amazon.com/de/help/201212490

Data collection and processing when registering for instalment purchase via easyCredit
When paying by instalment purchase via easyCredit, the supplementary data protection information for instalment purchase from easyCredit applies: https://www.easycredit-ratenkauf.de/wp-content/uploads/2020/04/rk_ergaenzende_datenschutzhinweise_zum_ratenkauf_by-easycredit_2.0.pdf


Use of Klarna payment options
We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”) on our website. By selecting and using payment via Klarna, the data required for payment processing is transmitted to Klarna in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR.

Cookies may be stored in this context, which enable your browser to be recognised. The resulting data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in a customer-oriented offering of various payment methods. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.

“Pay Later” (invoice), “Pay Now” (direct debit), “Financing” (instalment purchase)
For individual payment methods such as “Pay Later” (invoice), “Pay Now” (direct debit), “Financing” (instalment purchase), Klarna reserves the right, if necessary, to obtain a credit report on the basis of mathematical-statistical methods using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address, as well as data related to the order, to a credit agency for the purpose of identity and credit assessment and uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, performance or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognised mathematical-statistical methods and into which address data, among other things, is included. Your legitimate interests are taken into account in accordance with the statutory provisions. Data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protection against payment default when Klarna makes advance payments. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR by notifying Klarna. The provision of data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide it means that the contract cannot be concluded with the payment method you have chosen.
Further information, in particular which credit agencies Klarna passes your personal data on to, can be found for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies and for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/credit_rating_agencies
General information about Klarna is available for Germany at: https://www.klarna.com/de/ and for Austria at https://www.klarna.com/at/. Your personal data will be processed by Klarna in accordance with the applicable data protection regulations and as specified in Klarna’s privacy notices for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy and for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.

Use of SOFORT
We use the payment service provider SOFORT GmbH (Theresienhöhe 12, 80339 Munich, Germany; “SOFORT”) for payment processing on our website. Sofort GmbH is a company of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden). Data processing serves the purpose of being able to offer you various payment methods via the payment service provider SOFORT. If you choose this payment option, the data required for payment processing will be transmitted to SOFORT. This data processing is carried out on the basis of Art. 6 (1) (b) GDPR. Further information on data processing when using the SOFORT payment service provider can be found at https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/ and https://www.klarna.com/sofort/.


Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent.

You can find out how to manage (including deactivate) cookies in the most important browsers via the links below:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies
Unless otherwise stated in this privacy policy below, we only use these technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Cookies also enable our systems to recognise your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised again after a page change.

The use of cookies or comparable technologies is based on Section 25 (2) TTDSG. The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website and in designing our offering in a user-friendly and effective manner.
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
Use of Consentmanager
We use the consent management tool Consentmanager of Consentmanager AB (Håltegelvägen 1b, 72348 Västerås, Sweden; “Consentmanager”) on our website.
The tool enables you to grant consent to data processing via the website, in particular the setting of cookies, as well as to exercise your right to withdraw consent already given.
Data processing serves the purpose of obtaining and documenting the necessary consents to data processing and thus complying with legal obligations.
Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to Consentmanager: date and time of page access, information about the browser you use and the device you use, anonymised IP address, opt-in and opt-out data. This data is not passed on to any other third parties.
Data processing is carried out for the fulfilment of a legal obligation on the basis of Art. 6 (1) (c) GDPR.
Further information on data protection at Consentmanager can be found at: https://www.consentmanager.net/privacy.php

Communication

Use of the Smartsupp live chat system
We use the live chat system of Smartsupp.com, s.r.o. (Šumavská 31, 602 00 Brno, Czech Republic; “Smartsupp”) on our website as part of order processing.
Data processing serves the purpose of direct and efficient communication between you and us as the provider. Anonymised data is also collected and stored for marketing and optimisation purposes, from which user profiles can be created under a pseudonym.
When our website is accessed, the chat widget is loaded in the form of a JavaScript file from AWS Cloudfront, which technically enables the chat.
Cookies are also used to operate the live chat system, which enable the browser to be recognised. The following information, among others, may be collected and processed: IP address, pages visited, information about the browser used and the device used, as well as personal data you provide when using the chat system.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation.
Further information on data processing at Smartsupp can be found at https://www.smartsupp.com/help/privacy-policy/ and https://www.smartsupp.com/help/privacy/


Plugins and other tools


Use of Google Tag Manager
We use Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
This application is used to manage JavaScript tags and HTML tags that are used in particular to implement tracking and analytics tools. Data processing serves the purpose of designing and optimising our website in line with demand.
Google Tag Manager itself does not store cookies nor does it process personal data. However, it enables the triggering of additional tags that can collect and process personal data.
Further information on terms of use and data protection can be found here: https://www.google.com/intl/de/tagmanager/use-policy.html
Use of social plugins via “Shariff”
We use plugins from social networks on our website. To ensure that you retain control over your data, we use the privacy-safe “Shariff” buttons.
Without your explicit consent, no connections are made to the servers of the social networks and consequently no data is transmitted.
“Shariff” is a development by the specialists at the computer magazine c’t. It enables more privacy on the internet and replaces the usual “Share” buttons of social networks. More information about the Shariff project can be found here: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
When you click the buttons, a popup window appears in which you can log in to the respective provider with your data. Only after you actively log in will a direct connection to the social networks be established.
By logging in, you give your consent to the transfer of your data to the respective social media provider. Among other things, your IP address and information about which of our pages you have visited will be transmitted. If you are simultaneously logged into one or more of your social network accounts, the collected information will also be assigned to your respective profiles. You can only prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons. The social networks listed below are integrated using the “Shariff” function.
Further information on the scope and purpose of data collection and use, as well as your rights in this regard and options for protecting your privacy, can be found in the linked privacy notices of the providers.

Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://www.facebook.com/policy.php
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and is therefore obliged to comply with European data protection principles.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland): https://help.instagram.com/155833707900388
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and is therefore obliged to comply with European data protection principles.

Pinterest by Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF.

X, formerly called Twitter (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)
https://twitter.com/privacy
https://twitter.com/personalization
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). X is not certified under the TADPF.

Use of Google reCAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. The query serves the purpose of distinguishing whether the input is made by a human or by automated, machine processing. Your input is transmitted to Google and further used there for this purpose. In addition, the IP address and any other data required by Google for the reCAPTCHA service are transmitted to Google. This data is processed by Google within the European Union and may also be transmitted to servers of Google LLC in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation.
Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy
Use of Google Maps
We use the function for embedding Google Maps maps from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The function enables the visual display of geographical information and interactive maps. When the pages in which Google Maps maps are embedded are accessed, Google also collects, processes and uses data about visitors to the websites.
Your data may also be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation.
Further information on the collection and use of data by Google can be found in Google’s privacy notices at https://www.google.com/privacypolicy.html. There you can also change your settings in the privacy centre so that you can manage and protect your data processed by Google.

Use of YouTube
We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website. YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The function displays videos stored on YouTube in an iFrame on the website. The “extended data protection mode” option is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video are information about it transmitted to YouTube and stored there. Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation.
Further information on the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy can be found in YouTube’s privacy notices at https://www.youtube.com/t/privacy

Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
Data processing serves the purpose of the uniform display of fonts on our website. To load the fonts, a connection to Google’s servers is established when the page is accessed. Cookies may be used in this context. Your IP address and information about the browser you use are processed and transmitted to Google, among other things. This data is not linked to your Google account.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of the consent before its revocation.
Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ and https://developers.google.com/fonts/faq

Rights of data subjects and storage period

Storage period
After complete performance of the contract, the data will initially be stored for the duration of the warranty period and then, taking into account statutory, in particular tax and commercial law retention periods, and deleted after expiry of these periods, unless you have consented to further processing and use.

Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
You also have the right to object under Art. 21 (1) GDPR to processing based on Art. 6 (1) (f) GDPR, as well as to processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority
Under Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you consider that the processing of your personal data is not lawful.

You can lodge a complaint, among other things, with the supervisory authority responsible for us, which you can contact using the following details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart
Germany
Tel.: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de

Right to object
Where the processing of personal data specified here is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to such processing with effect for the future.
After an objection has been made, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defence of legal claims.

Last updated: 29/11/2023