Privacy Policy
Unless otherwise stated below, the provision of your personal data is neither legally or contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it will have no consequences. This applies only as long as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.
Server log files
You can visit our websites without providing any personal information.
Each time our website is accessed, usage data is transmitted to us or our web host / IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the accessed page, the date and time of access, the IP address, the amount of data transferred and the requesting provider.
Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offer.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the USA. For Canada, an adequacy decision of the EU Commission exists. For the USA, an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), is available. Shopify is not certified under TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's standard contractual clauses.Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offer.
Contact
Controller
Contact us if you wish. The controller for data processing is: Milan Dobras, Dellbrücker Straße, 258, 51469 Bergisch Gladbach Deutschland, 0179 1525304, milan.dobras@gmx.de
Customer's proactive contact by e-mail
If you proactively contact us by e-mail for business purposes, we collect your personal data (name, e-mail address, message text) only to the extent provided by you. The data processing serves to process and answer your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice on purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) lit. b GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right to object at any time to the processing of your personal data based on Art. 6 (1) lit. f GDPR, for reasons arising from your particular situation.
We only use your e-mail address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Orders
Collection, processing and transfer of personal data for orders
When placing an order, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order and for handling your inquiries. The provision of data is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is carried out on the basis of Art. 6 (1) lit. b GDPR and is necessary for the performance of a contract with you.
Your data is passed on, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transmission is limited to a minimum.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the USA. For Canada, an adequacy decision of the EU Commission exists. For the USA, an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), is available. Shopify is not certified under TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's standard contractual clauses.Inventory Management
Use of an external inventory management system
We use an inventory management system within the framework of order processing to handle contracts. For this purpose, the personal data collected during the order process is transmitted to
Shopify
.
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 (1) lit. b GDPR.
Payment service providers
Use of PayPal Check-Out
We use the PayPal Check-Out payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR.
Cookies may be stored that enable the recognition of your browser. The data processing that takes place as a result is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in offering various customer-oriented payment methods. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation.
Credit card via PayPal, direct debit via PayPal & "Pay Later" via PayPal
For individual payment methods such as credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may include probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of a credit check for initiating a contract. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protection against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of your personal data based on Art. 6 (1) lit. f GDPR, for reasons arising from your particular situation, by notifying PayPal. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with your chosen payment method.
Third-party providers
When paying via a third-party payment method, the data required for payment processing will be transmitted to PayPal. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR. To carry out this payment method, the data may then be passed on by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR. Local third-party providers may include, for example:
- Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Invoice purchase via PayPal
When paying via the invoice purchase payment method, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR. Ratepay may carry out a credit assessment based on mathematical-statistical procedures (probability or score values) using credit agencies according to the process already described above. The data processing serves the purpose of a credit check for initiating a contract. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protection against payment default when Ratepay makes advance payments. Further information on data protection and which credit agencies Ratepay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Use of the payment service provider Stripe
We use the payment service Stripe from Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR.
Stripe reserves the right, if necessary, to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may include probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of a credit check for initiating a contract. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protection against payment default when Stripe makes advance payments.
You have the right to object at any time to this processing of your personal data based on Art. 6 (1) lit. f GDPR, for reasons arising from your particular situation, by notifying Stripe. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with your chosen payment method.
All Stripe transactions are subject to the Stripe Privacy Policy. You can find it at https://stripe.com/de/privacy
We use "Shopify Payments" a payment service provided by Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. In this case, payment processing is handled by the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; "Stripe"). Data processing serves the purpose of offering you payment via the Shopify Payments service. By selecting and using a corresponding "Shopify Payments" payment method, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the chosen payment method. This processing is based on Art. 6 para. 1 lit. b GDPR.
Stripe reserves the right to obtain a credit report, if necessary, based on mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, which include address data, among other things, in their calculation. Your legitimate interests are taken into account in accordance with legal provisions. Data processing serves the purpose of credit checking for contract initiation. The processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Stripe makes advance payments.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. f GDPR by notifying Stripe. The provision of the data is required for the conclusion of the contract with your desired payment method. Failure to provide it will result in the contract not being able to be concluded with your chosen payment method.
Further information on data processing when using the Shopify Payments service can be found in Shopify's privacy policy at: https://www.shopify.com/de/legal/datenschutz.
Further information on data processing when processing payments via the payment service provider Stripe can be found in Stripe's privacy policy at: https://stripe.com/de/privacy.
Data subject rights and storage period
Duration of storage
After complete execution of the contract, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law, retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: Right to information, to rectification, to erasure, to restriction of processing, to data portability.
Furthermore, according to Art. 21 para. 1 GDPR, you have a right to object to processing based on Art. 6 para. 1 f GDPR, as well as to processing for the purpose of direct marketing.
Right to complain to the supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.
You can lodge a complaint, among other places, with the supervisory authority responsible for us, which you can reach at the following contact details:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Phone: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de
Right to object
If the personal data processing listed here is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR, you have the right, for reasons arising from your particular situation, to object at any time to this processing with effect for the future.
After an objection has been lodged, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.