Login

Country

Cart

Your cart is empty

Privacy policy

Unless otherwise stated below, the provision of your personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This only applies if no other information is provided in the following processing operations. "Personal data" means any information relating to an identified or identifiable natural person.

Server log files

You can visit our website without providing any personal data. Each time you access our website, usage data is transmitted to us or our web host / IT service provider by your Internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in ensuring the trouble-free operation of our website and to improve our offer.

Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.

Contact details

Responsible person

Please contact us on request. The controller responsible for data processing is: Regina Immes / B&F Oberwerth GmbH & Co KG, Friedrich- Mohr-Str. 13, 56070 Koblenz Germany, 026198882444, info@oberwerth.com

Proactive contact of the customer by e-mail

If you contact us by e-mail on your own initiative, we will only collect your personal data (name, e-mail address, message text) to the extent provided by you. The data processing serves to process and respond to your contact request. If the purpose of the contact is to take steps prior to entering into a contract (e.g. consultation in the event of an interest in purchasing, preparation of an offer) or relates to a contract already concluded between you and us, this data processing takes place on the basis of Art. 6 para. 1 lit. b GDPR. If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR. We will only use your e-mail address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form

When you use the contact form, we only collect your personal data (name, e-mail address, message text) to the extent that you provide it. The data processing serves the purpose of establishing contact. If the purpose of the contact is to carry out pre-contractual measures (e.g. advice on an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR. We will only use your e-mail address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the revocation button

If you have concluded a contract via our online presence, we provide you with a revocation function (revocation button), which you can use to submit your revocation declaration directly. When you use the revocation function, we collect your personal data (name, e-mail address, information to identify the contract or part of the contract that you wish to revoke and the time (date and time) of sending the declaration of revocation) only to the extent provided by you. The purpose of data processing is to provide you with the legally prescribed option to withdraw from your contract and to process your withdrawal properly. If the contact concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Otherwise, the data processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR, as we are legally obliged to provide you with a revocation function on our online presence. We will only use your e-mail address to process your revocation. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use. The processing of your personal data serves the purpose of fulfilling the legal requirements for the design of the revocation function in a legally secure manner and is carried out on the basis of Art. 6 para. 1 lit. c GDPR. This data processing is also carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in being able to provide you with a user-friendly revocation option. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR.

WhatsApp Business

If you contact us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "WhatsApp"). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA). The purpose of data processing is to process and respond to your contact request. For this purpose, we collect and process your mobile phone number stored with WhatsApp, your name if provided and other data to the extent provided by you. We use a mobile device for the service, the address book of which only contains data from users who have contacted us via WhatsApp. Personal data will not be passed on to WhatsApp without your prior consent. Your data will be transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. If the contact is made for the purpose of implementing pre-contractual measures (e.g. advice on purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in providing a quick and easy way to contact you and to answer your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 para. 1 lit. f GDPR. We only use your personal data to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use. You can find more information on terms of use and data protection when using WhatsApp at https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.

Customer account orders

Customer account

When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your customer account will then be deleted. Collection, processing and forwarding of personal data for orders When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to process your inquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and is necessary for the performance of a contract with you. Your data will be passed on, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transfer is kept to a minimum. Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.

Advertising reviews

Data collection when writing a comment or rating When you comment/rate an article or post, we only collect your personal data (name, email address, comment text) to the extent provided by you. The processing serves the purpose of enabling a comment/rating and displaying comments/ratings. We also collect the following data for the purpose of verifying your rating/comment: Email - tracked via Reviews.io. By submitting the comment/review, you consent to the processing of the data transmitted. The processing takes place on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your personal data will then be deleted. If your comment/review is published, only the name you have provided will be published.

Use of the e-mail address for sending newsletters

We use your e-mail address to send you information and offers by newsletter, provided you have expressly consented to this. The data processing serves the sole purpose of advertising. For this purpose, we process your e-mail address and any other data that you have voluntarily provided when registering for our newsletter. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your e-mail address in a so-called blacklist to prevent you from receiving future newsletter e-mails from us. This storage takes place on the basis of Art. 6 para. 1 lit. f GDPR out of our and your legitimate interest in preventing the reuse of your e-mail address for sending our newsletter. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

Use of Klaviyo

We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") for sending newsletters as part of order processing. We pass on the information you provide to Klaviyo when you register for the newsletter (e-mail address, first name and surname if applicable). The data processing serves the purpose of sending the newsletter and its statistical evaluation. In order to evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device as well as the time. This data can be used to create user profiles under a pseudonym. The data collected will not be used to identify you personally. The data collected is only used for statistical analysis to improve newsletter campaigns. Your data is generally transmitted to Klaviyo servers in the USA and stored there. An adequacy decision of the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles. Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation. You can find more information on data protection at Klaviyo at https://www.klaviyo.com/legal/privacy-notice and at https://www.klaviyo.com/legal/data-processing-agreement.

Use of the mobile phone number for sending SMS advertising

We use your mobile phone number exclusively for our own advertising purposes for sending SMS advertising, irrespective of contract processing, provided you have expressly consented to this. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us without affecting the lawfulness of processing based on consent before its withdrawal. Your mobile phone number will then be removed from the mailing list. Your mobile phone number will be passed on to a service provider for SMS dispatch as part of order processing.

Use of the e-mail address for availability notifications

We offer an availability notification service on our website. If an item is temporarily unavailable, you have the option of entering your e-mail address on the relevant item and being informed by e-mail when it becomes available, provided you have given your consent. You will receive a one-time notification by e-mail about the availability of the respective item. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the availability notification at any time by notifying us. Your e-mail address will then be removed from the mailing list.

Shipping service provider merchandise management

Forwarding of the e-mail address to shipping companies for information about the shipping status

We will pass on your e-mail address to the shipping company as part of the contract processing if you have expressly consented to this during the ordering process. The purpose of this disclosure is to inform you of the shipping status by e-mail. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us or the transport company without affecting the lawfulness of processing based on consent before its withdrawal.

Use of an external merchandise management system

We use a merchandise management system to process contracts as part of order processing. For this purpose, your personal data collected as part of the order will be transmitted to weclapp GmbH, Friedrich-Ebert-Straße 28, 97318 Kitzingen. The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Payment service provider

Use of PayPal Express We use the PayPal Express payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L- 2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to be able to offer you payment via the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store and analyze data (e.g. IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies may also be used for this purpose. The cookies enable your browser to be recognized. Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of various payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation. By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Further information on data processing when using the PayPal Express payment service can be found in the associated privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.

Use of PayPal Check-Out

We use the PayPal Check-Out payment service from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to be able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Cookies may be stored that enable your browser to be recognized. The resulting data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a customer-oriented offer of different payment methods. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.

Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal

For individual payment methods such as credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right to obtain credit information on the basis of mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes address data, among other things. Your legitimate interests are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in protection against payment default if PayPal makes advance payments. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6(1)(f) GDPR by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide the data means that the contract cannot be concluded with the payment method you have selected.

Third-party providers

When paying via the payment method of a third-party provider, the data required for payment processing is transmitted to PayPal. This processing takes place on the basis of Art. 6 para. 1 lit. b GDPR. To process this payment method, the data may then be forwarded by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Local third-party providers may be, for example Apple Pay (Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)

Purchase on account via PayPal

When paying via the payment method purchase on account, the data required for payment processing is first transmitted to PayPal. In order to process this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Ratepay may carry out a credit check on the basis of mathematical-statistical procedures (probability or score values) using credit agencies in accordance with the procedure described above. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in protection against payment default if Ratepay makes advance payments. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legalpayment- dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.

Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of Shopify Payments

We use the payment service "Shopify Payments" from Shopify International Limited (2nd Floor Victoria Buildings, 1- 2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. In this case, payment processing is carried out by the payment service provider Stripe Payments Europe, Ltd (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; "Stripe"). The purpose of data processing is to be able to offer you payment via the Shopify Payments payment service. By selecting and using a corresponding "Shopify Payments" payment method, the data required for payment processing will be transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Stripe reserves the right to obtain credit information on the basis of mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes address data, among other things. Your legitimate interests are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in protection against payment default if Stripe makes advance payments. You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 para. 1 lit. f GDPR by notifying Stripe. The provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide the data means that the contract cannot be concluded with the payment method you have selected. Further information on data processing when using the Shopify Payments payment service can be found in Shopify's privacy policy at: https://www.shopify.com/de/legal/datenschutz. For more information on data processing for payment processing via the payment service provider Stripe, please refer to Stripe's privacy policy at: https://stripe.com/de/privacy.

Cookies

Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on a user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your Internet browser, you can be notified before cookies are set and decide whether to accept them individually and prevent the storage of cookies and transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent.

You can find out how to manage (including deactivating) cookies in the most important browsers by clicking on the links below:

Chrome: https://support.google.com/accounts/answer/61416?hl=de

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9- 2a946a29ae09

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies

Unless otherwise stated below in the privacy policy, we only use these technically necessary cookies for the purpose of making our website more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. The use of cookies or comparable technologies is based on § 25 para. 2 TDDDG. Your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

Use of the Shopify Consent Tool (Shopify Privacy & Compliance)

We use the "Shopify Privacy & Compliance" consent tool from Shopify International Ltd (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Shopify is a company affiliated with Shopify Inc (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada). The tool enables you to give your consent to data processing via the website, in particular the setting of cookies, and to make use of your right of revocation for consent already given. The purpose of data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations. Cookies may be used for this purpose. User information, including your IP address, is collected and transmitted to Shopify. Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses. The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. You can find more information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz.

Analysis of advertising tracking communication

Use of Google Analytics 4

We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The following information may be collected: IP address, date and time of the page view, click path, information about the browser and device you are using, pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and all other data that Google has about you. The IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Your personal data is processed with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. Both Google and US government authorities have access to your data. You can find more information on terms of use and data protection at https://policies.google.com/technologies/partner-sites and at https://policies.google.com/privacy?hl=de&gl=de.

Use of Hotjar

We use the analysis tool of Hotjar Ldt (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; "Hotjar") on our website. The purpose of data processing is the needs-based design, optimization and analysis of our website. The tool is used to randomly record the movements of site visitors on the website. This creates a log of mouse movements, scrolling behavior, length of stay and clicks on the website (so-called heatmap). Hotjar uses cookies, among other things, for this purpose. The following information may be collected in the process IP address (in anonymized form), information about the device you are using (screen size, devices, unique device identifier), information about the browser you are using, location data (country only), preferred language for displaying the website, operating system used. Detailed information on the cookies used, their function and storage duration can be found here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies. User profiles are created from this data under a pseudonym. The data is not used to personally identify the website visitor and is not merged with the personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the collected data to other third parties. Your data may be transferred to the USA. An adequacy decision by the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Hotjar is not certified under the TADPF. The data transfer takes place, among other things, on the basis of appropriate protective measures. Hotjar will provide you with further information on the measures taken on request. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Further information on data protection when using Hotjar can be found here: https://www.hotjar.com/legal/policies/privacy#enduserenglish.

Use of HeatMap

We use the analysis tool of HeatMap Inc (6724 Monroe Ave, Eldersburg, Maryland 21784, USA, "HeatMap") on our website as part of order processing. The data processing serves the purpose of designing, optimizing and analyzing our website in line with requirements. The tool is used to record the movements of site visitors on the website. This creates a log of mouse movements, scrolling behavior, time spent and clicks on the website (so-called heat map). HeatMap uses cookies for this purpose. The following information may be collected: Information about the device you are using (screen size, devices, unique device identifier), information about the browser you are using, location data (country only). This data can be used to create user profiles under a pseudonym. The data is not used to personally identify the visitor to the website and is not merged with personal data of the bearer of the pseudonym. Your data may be transferred to third countries, such as the USA. An adequacy decision of the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Heatmap is not certified under the TADPF. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can find more information on the collection and use of your data by HeatMap at: https://heatmap.com/privacy.

Use of the Shopify statistics

We use the statistics and analysis functions of Shopify International Ltd (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of order processing. Shopify is a company affiliated with Shopify Inc (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada). The purpose of data processing is to analyze this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and provided in reports, analyses and statistics. Among other things, the following device information is collected and processed: Web browser information, IP address, time zone and some of the cookies installed on your device. When you navigate the website, information is also collected about the web pages or products you have accessed, the referrer URL (the website from which you accessed our website) and information about how you interact with the website. Technologies such as cookies, web beacons, tags and pixels (electronic files used to collect information about how you navigate the website) are used for this purpose. Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can find more information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz, information on the order processing contract at https://www.shopify.com/de/legal/dpa and information on the cookies used at https://www.shopify.com/de/legal/cookies.

Use of Microsoft Clarity

We use the "Microsoft Clarity" analysis tool from Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; "Microsoft") on our website. Microsoft is a company affiliated with Microsoft Corporation (One Microsoft Way, Redmond, Washington 98052, USA). The purpose of data processing is to design, optimize and analyze our website in line with requirements. The tool is used to randomly record the movements of page visitors on the website. This creates a log of mouse movements, scrolling behavior, length of stay and clicks on the website (so-called heat map). Cookies or similar technologies are used for this purpose. The following information may be collected: IP address, time of access, click path, information about the device you are using (device type, screen size and resolution, unique device identifier, operating system), information about the browser you are using (browser type and browser version), location data, preferred language for displaying the website, subpages visited, length of stay, content viewed, website or file requested. These data are used to create user profiles under a pseudonym. The data is not used to personally identify the visitor to the website and is not merged with personal data of the bearer of the pseudonym. Microsoft is contractually prohibited from selling the collected data to other third parties. Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Detailed information on the cookies used and their function can be found at https://learn.microsoft.com/en-us/clarity/setupand- installation/cookie-list. Information on the storage duration of the information collected can be found at https://learn.microsoft.com/enus/ clarity/setup-and-installation/data-retention. Further information on data protection when using Microsoft Clarity can be found at https://learn.microsoft.com/en-us/clarity/faq#privacy, https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data and https://clarity.microsoft.com/terms. General information on data protection at Microsoft can be found at https://privacy.microsoft.com/dede/ privacystatement.

Use of the Meta Pixel

We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website. Meta and we are jointly responsible for the collection of your data and the transmission of this data to Meta when the service is integrated. This is based on an agreement between us and Meta on the joint processing of personal data, which defines the respective responsibilities. The agreement is available at https://de-de.facebook.com/legal/terms/businesstools. According to this agreement, we are responsible in particular for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service and for compliance with the obligations pursuant to Art. 33, 34 GDPR, insofar as a breach of the protection of personal data affects our obligations under the joint processing agreement. Meta is responsible for enabling the rights of data subjects under Articles 15 - 20 GDPR, complying with the security requirements of Article 32 GDPR with regard to the security of the Service and the obligations under Articles 33, 34 GDPR to the extent that a personal data breach affects Meta's obligations under the Joint Processing Agreement. The purpose of the application is to target visitors to the website with interest-based advertising on the social networks Facebook and Instagram. For this purpose, Meta's remarketing tag has been implemented on the website. This tag is used to establish a direct connection to the Meta servers when the website is visited. This tells the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the Facebook or Instagram social networks, you will then be shown personalized, interest-based ads. The application also serves the purpose of creating conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag and what actions are taken after being redirected to this website. However, we do not receive any information with which users can be personally identified. Your data may be transferred to the USA. An adequacy decision by the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles. Your personal data is processed with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can deactivate the remarketing function "Custom Audiences" here. For more information on the collection and use of data by Meta, your rights in this regard and ways to protect your privacy, please refer to Meta's privacy policy at https://www.facebook.com/about/privacy/.

Use of Google Ads conversion tracking

We use the online advertising program "Google Ads" on our website and in this context conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google). When you click on an advertisement placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you have clicked on the ad and have been redirected to this page. Each Google Ads customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of Ads customers. The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. Your data may be transmitted to the servers of Google LLC in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can find more information and Google's privacy policy at: https://www.google.de/policies/privacy/

Use of Shopify Inbox

We use the Shopify Inbox live chat system from Shopify International Ltd (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of a data processing agreement. Shopify is a company affiliated with Shopify Inc (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada). The data processing serves the purpose of direct and efficient communication between you and us as the provider. Data is stored and processed for the operation of the system and for the purpose of optimizing the service. In order to operate the live chat system, cookies may be used that enable the browser to be recognized. The following information may be collected and processed IP address and personal data provided by you when using the chat system. Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can find more information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz and https://www.shopify.com/de/legal/dpa.

Plug-ins and miscellaneous

Use of the Google Tag Manager

We use the Google Tag Manager of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. This application is used to manage JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. The purpose of data processing is to design and optimize our website in line with requirements. The Google Tag Manager itself neither stores cookies nor does it process personal data. However, it enables the triggering of other tags that can collect and process personal data. You can find more information on terms of use and data protection here: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/

Use of YouTube

We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube") on our website.YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The function displays videos stored on YouTube in an iFrame on the website. The "Extended data protection mode" option is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video is information about it transmitted to YouTube and stored there. Your data may be transmitted to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. For more information on the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy, please refer to YouTube's privacy policy at https://www.youtube.com/t/privacy.

Integration of the Händlerbund member logo

The Händlerbund member logo (Händlerbund e.V., Kohlgartenstraße 11 - 13, 04315 Leipzig) is integrated on our website. When you visit our website, the browser used on your device automatically sends information to the Händlerbund e.V. server. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the accessed file,
  • the website from which access was made (referrer URL)
  • browser used and, if applicable, the operating system of your computer and the name of your access provider.

Temporary storage of the IP address by the system is necessary to enable delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of the information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

Integration of the buyer's seal logo

The Käufersiegel logo (Händlerbund Management AG, Kohlgartenstraße 11 - 13, 04315 Leipzig) is integrated on our website. When you visit our website, the browser used on your device automatically sends information to the Händlerbund Management AG server. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without any action on your part and stored until it is automatically deleted

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access was made (referrer URL),
  • browser used, protocol and, if applicable, the operating system of your computer and the name of your access provider.

Temporary storage of the IP address by the system is necessary to enable delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of the information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

Rights of data subjects and storage duration

Duration of storage

After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular under tax and commercial law, and then deleted after this period has expired, unless you have consented to further processing and use.

Rights of the data subject

If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability. You also have the right to object to processing based on Article 6(1)(f) GDPR and to processing for the purposes of direct marketing in accordance with Article 21(1) GDPR.

Right to lodge a complaint with the supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that your personal data is being processed unlawfully.

Right to object

If the personal data processing listed here is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation. Once you have objected, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

last update: 22.10.2024