Privacy Policy
Privacy Policy
Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.
contact
Responsible
Please contact us if you wish. The data controller is: YOVANA GmbH, Ruhrorter Str. 112, 45478 Mülheim an der Ruhr, Germany, +49 2103-4180800, info@yogabox.de
Customer initiates contact via email
If you contact us proactively via email, we collect your personal data (name, email address, message text) only to the extent that you provide it. This data processing serves the purpose of processing and responding to your inquiry.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Data collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it. The data is processed for the purpose of contacting you.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Using Endereco's address validation
We use the address validation service provided by Endereco UG (limited liability) (Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany; “Endereco”) on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and supplementing any missing data. If incorrect data is entered, alternative suggestions for correcting the data are displayed.
Among other things, the following information may be transmitted to and processed by Endereco: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in a correct data basis for fulfilling our contractual obligations. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
The data is processed separately by the provider and is not combined with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days.
Further information on data protection at Endereco can be found at: https://www.endereco.de/datenschutzerklaerung/ .
If you contact us for business purposes via WhatsApp, we use the WhatsApp Business version provided by WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number registered with WhatsApp, your name if provided, and other data to the extent you have made it available. We use a mobile device for this service whose address book contains only data from users who have contacted us via WhatsApp. Therefore, no personal data is shared with WhatsApp without your prior consent to this.
Your data will be transferred by WhatsApp to servers of Meta Platforms Inc. in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. is certified under the TADPF and has thus committed to complying with European data protection principles. If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice regarding a potential purchase, preparing a quote) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) GDPR.
If contact is made for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in providing quick and easy contact options and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We use your personal data only to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Further information on terms of service and data protection when using WhatsApp can be found athttps://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy .
Customer account Orders
Customer account
When you open a customer account, we collect your personal data to the extent specified there. This data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal. Your customer account will then be deleted.
Reviews Advertising
Data collection when writing a comment or review
When you comment on or rate an article or post, we collect your personal data (name, email address, comment text) only to the extent that you provide it. This data is processed for the purpose of enabling and displaying comments and ratings.
For the purpose of verifying your rating/comment, we also collect the following data: order number , invoice number, .
By submitting your comment/review, you consent to the processing of the data you provide. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of processing based on consent before its withdrawal. Your personal data will then be deleted.
When your comment/review is published, only the name you provided will be published.
Sharing of the email address with shipping companies to inform about the shipping status
We will share your email address with the shipping company as part of the order processing, provided you have expressly consented to this during the ordering process. This sharing is for the purpose of informing you about the shipping status via email. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time by notifying us or the shipping company, without affecting the lawfulness of processing based on consent before its withdrawal.
Use of an external merchandise management system
We use an enterprise resource planning (ERP) system for order processing. For this purpose, your personal data collected during the ordering process will be transferred to...
plentysystems AG, Johanna-Waescher-Straße 7, 34131 Kassel .
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6 para. 1 lit. b GDPR.
Payment service provider
Using PayPal Express
We use the PayPal Express payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of enabling you to pay via the PayPal Express payment service.
To integrate this payment service, PayPal needs to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies may also be used for this purpose. These cookies enable your browser to be recognized.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telemedia Act (TDDG ) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6(1)(b) GDPR.
Further information on data processing when using the PayPal Express payment service can be found in the corresponding privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS
Using PayPal Checkout
We use the PayPal Checkout payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of offering you the option of paying via this service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.
Cookies may be stored that allow your browser to be recognized. The resulting data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit reference agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, which may incorporate address data, among other factors. Your legitimate interests are protected in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protecting against payment defaults when PayPal provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying PayPal. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.
Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is also based on Article 6(1)(b) GDPR. Local third-party providers may include, for example:
Purchase on account via PayPal
When paying via invoice, the data required for payment processing is initially transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstrasse 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR. Ratepay may conduct a credit check using mathematical-statistical methods (probability or score values) with credit agencies, following the procedure described above. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6 Paragraph 1 Letter f GDPR, due to our overriding legitimate interest in protecting against payment defaults when Ratepay provides services in advance. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ .
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
Cookies
Our website uses cookies. Cookies are small text files that are stored in or by the internet browser on a user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is visited again.
Storage duration
After complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.
Rights of the data subject
Provided the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
Furthermore, pursuant to Article 21 Paragraph 1 GDPR, you have the right to object to processing based on Article 6 Paragraph 1 f GDPR, as well as to processing for direct marketing purposes.
Right to lodge a complaint with the supervisory authority
According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful.
You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Tel.: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de
Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.
After an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
Last updated: October 22, 2024
Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.
Server log files
You can visit our websites without providing any personal information.
Each time you access our website, your internet browser transmits usage data to us or our web host/IT service provider, which is then stored in log files (server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
The processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our services.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.The processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our services.
contact
Responsible
Please contact us if you wish. The data controller is: YOVANA GmbH, Ruhrorter Str. 112, 45478 Mülheim an der Ruhr, Germany, +49 2103-4180800, info@yogabox.de
Customer initiates contact via email
If you contact us proactively via email, we collect your personal data (name, email address, message text) only to the extent that you provide it. This data processing serves the purpose of processing and responding to your inquiry.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Data collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it. The data is processed for the purpose of contacting you.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Using Endereco's address validation
We use the address validation service provided by Endereco UG (limited liability) (Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany; “Endereco”) on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and supplementing any missing data. If incorrect data is entered, alternative suggestions for correcting the data are displayed.
Among other things, the following information may be transmitted to and processed by Endereco: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in a correct data basis for fulfilling our contractual obligations. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
The data is processed separately by the provider and is not combined with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days.
Further information on data protection at Endereco can be found at: https://www.endereco.de/datenschutzerklaerung/ .
Using the address validation of the Google Maps API
We use the address validation service provided by Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland “Google”) on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and supplementing any missing data. If incorrect data is entered, alternative suggestions for correction are displayed. For this purpose, the address data you enter is transmitted to the provider, stored there, and analyzed.
Among other things, the following information may be transmitted to and processed by Google: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in a correct data basis for fulfilling our contractual obligations. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
The data is processed separately by the provider and is not combined with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days.
Further information on Google's terms of service and privacy policy can be found at: https://cloud.google.com/maps-platform/terms or at https://www.google.de/policies/privacy/ .
WhatsApp BusinessWe use the address validation service provided by Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland “Google”) on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and supplementing any missing data. If incorrect data is entered, alternative suggestions for correction are displayed. For this purpose, the address data you enter is transmitted to the provider, stored there, and analyzed.
Among other things, the following information may be transmitted to and processed by Google: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in a correct data basis for fulfilling our contractual obligations. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
The data is processed separately by the provider and is not combined with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days.
Further information on Google's terms of service and privacy policy can be found at: https://cloud.google.com/maps-platform/terms or at https://www.google.de/policies/privacy/ .
If you contact us for business purposes via WhatsApp, we use the WhatsApp Business version provided by WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number registered with WhatsApp, your name if provided, and other data to the extent you have made it available. We use a mobile device for this service whose address book contains only data from users who have contacted us via WhatsApp. Therefore, no personal data is shared with WhatsApp without your prior consent to this.
Your data will be transferred by WhatsApp to servers of Meta Platforms Inc. in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. is certified under the TADPF and has thus committed to complying with European data protection principles. If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice regarding a potential purchase, preparing a quote) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) GDPR.
If contact is made for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in providing quick and easy contact options and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We use your personal data only to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Further information on terms of service and data protection when using WhatsApp can be found athttps://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy .
Customer account Orders
Customer account
When you open a customer account, we collect your personal data to the extent specified there. This data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal. Your customer account will then be deleted.
Collection, processing and transfer of personal data during orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for entering into a contract. Failure to provide this data will result in the contract not being concluded. This processing is based on Article 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data will be shared with, for example, shipping companies, dropshipping and fulfillment providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to the minimum necessary.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.Reviews Advertising
Data collection when writing a comment or review
When you comment on or rate an article or post, we collect your personal data (name, email address, comment text) only to the extent that you provide it. This data is processed for the purpose of enabling and displaying comments and ratings.
For the purpose of verifying your rating/comment, we also collect the following data: order number , invoice number, .
By submitting your comment/review, you consent to the processing of the data you provide. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of processing based on consent before its withdrawal. Your personal data will then be deleted.
When your comment/review is published, only the name you provided will be published.
Shop information - customer rating
We use the rating tool “shopauskunft.de” from Händlerbund Management AG (Kohlgartenstraße 11 - 13, 04315 Leipzig; “Shopauskunft”) for our website.
After placing your order, we would like to ask you to rate and comment on your purchase. For this purpose, we will contact you by email using the "Legally Compliant Rating Request (RBA)" system. We will process your order data (order number/invoice number, purchase value, and shipping costs) as well as your email address. We may also use this data to verify your rating.
We use the rating tool “shopauskunft.de” from Händlerbund Management AG (Kohlgartenstraße 11 - 13, 04315 Leipzig; “Shopauskunft”) for our website.
After placing your order, we would like to ask you to rate and comment on your purchase. For this purpose, we will contact you by email using the "Legally Compliant Rating Request (RBA)" system. We will process your order data (order number/invoice number, purchase value, and shipping costs) as well as your email address. We may also use this data to verify your rating.
The processing is based on Art. 6 para. 1 lit. a GDPR with your consent, provided that you have expressly agreed to the transfer of your data and the receipt of the review request.
You can withdraw your consent at any time by using the corresponding link in the email or by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Further information on data protection when using Shopauskunft can be found at:
https://www.shopauskunft.de/datenschutz .
You can withdraw your consent at any time by using the corresponding link in the email or by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Further information on data protection when using Shopauskunft can be found at:
https://www.shopauskunft.de/datenschutz .
Shop information widget
Our website includes a widget from Shopauskunft. This serves the purpose of displaying and promoting the number and results of the reviews we have received through Shopauskunft.
To display the widget, it is technically necessary for your internet browser to transmit usage data to the Shopauskunft server and store it in log files (server log files) for 7 days. This stored data includes the name and URL of the accessed file, the date and time of access, the IP address of the requesting computer, the website from which access was made (referrer URL), the browser used, and, if applicable, your computer's operating system and the name of your internet service provider.
The processing is based on Article 6(1)(f) GDPR, stemming from our overriding legitimate interest in promoting our services by displaying customer reviews already received. This data is not stored together with other personal data.
Use of email address for availability notifications
We offer a stock availability notification service on our website. If an item is temporarily unavailable, you can enter your email address on the respective product page and be notified by email when it becomes available, provided you have consented to this. You will receive a one-time email notification when the item is available. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the availability notification at any time by contacting us. Your email address will then be removed from the mailing list.
Shipping service provider, inventory managementWe offer a stock availability notification service on our website. If an item is temporarily unavailable, you can enter your email address on the respective product page and be notified by email when it becomes available, provided you have consented to this. You will receive a one-time email notification when the item is available. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the availability notification at any time by contacting us. Your email address will then be removed from the mailing list.
Sharing of the email address with shipping companies to inform about the shipping status
We will share your email address with the shipping company as part of the order processing, provided you have expressly consented to this during the ordering process. This sharing is for the purpose of informing you about the shipping status via email. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time by notifying us or the shipping company, without affecting the lawfulness of processing based on consent before its withdrawal.
Use of an external merchandise management system
We use an enterprise resource planning (ERP) system for order processing. For this purpose, your personal data collected during the ordering process will be transferred to...
plentysystems AG, Johanna-Waescher-Straße 7, 34131 Kassel .
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6 para. 1 lit. b GDPR.
Payment service provider
Using PayPal Express
We use the PayPal Express payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of enabling you to pay via the PayPal Express payment service.
To integrate this payment service, PayPal needs to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies may also be used for this purpose. These cookies enable your browser to be recognized.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telemedia Act (TDDG ) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6(1)(b) GDPR.
Further information on data processing when using the PayPal Express payment service can be found in the corresponding privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS
Using PayPal Checkout
We use the PayPal Checkout payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of offering you the option of paying via this service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.
Cookies may be stored that allow your browser to be recognized. The resulting data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit reference agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, which may incorporate address data, among other factors. Your legitimate interests are protected in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protecting against payment defaults when PayPal provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying PayPal. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.
Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is also based on Article 6(1)(b) GDPR. Local third-party providers may include, for example:
- Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Purchase on account via PayPal
When paying via invoice, the data required for payment processing is initially transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstrasse 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR. Ratepay may conduct a credit check using mathematical-statistical methods (probability or score values) with credit agencies, following the procedure described above. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6 Paragraph 1 Letter f GDPR, due to our overriding legitimate interest in protecting against payment defaults when Ratepay provides services in advance. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ .
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
Using the payment service provider Mollie
We use the payment service provider Mollie BV (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; "Mollie") for payment processing on our website. The data processing serves the purpose of offering you various payment methods through payment processing via Mollie. If you have chosen one of Mollie's payment options, the data required for payment processing will be transmitted to Mollie. This includes your payment details (for example, bank account number or credit card number), your IP address, your internet browser and device type, and in some cases, your first and last name, your address, and information about the product or service you have purchased from us. This data processing is based on Article 6 Paragraph 1 Letter b GDPR. Further information on data processing when using the payment service provider Mollie can be found in their privacy policy: https://www.mollie.com/de/privacy
We use the payment service provider Mollie BV (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; "Mollie") for payment processing on our website. The data processing serves the purpose of offering you various payment methods through payment processing via Mollie. If you have chosen one of Mollie's payment options, the data required for payment processing will be transmitted to Mollie. This includes your payment details (for example, bank account number or credit card number), your IP address, your internet browser and device type, and in some cases, your first and last name, your address, and information about the product or service you have purchased from us. This data processing is based on Article 6 Paragraph 1 Letter b GDPR. Further information on data processing when using the payment service provider Mollie can be found in their privacy policy: https://www.mollie.com/de/privacy
Cookies
Our website uses cookies. Cookies are small text files that are stored in or by the internet browser on a user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is visited again.
Cookies are stored on your computer. Therefore, you have full control over their use. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that you may then not be able to fully utilize all the functions of this website.
The links below provide information on how to manage (including disable) cookies in the most common browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablassen
Technically necessary cookies
Unless otherwise stated in the privacy policy below, we only use these technically necessary cookies to make our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you navigate to a different page and to offer you services. Some features of our website cannot be offered without the use of cookies. For these features, it is necessary that the browser is recognized even after a page change.
The use of cookies or similar technologies is based on Section 25 Paragraph 2 of the German Telemedia Act (TDDG). The processing of your personal data is based on Article 6 Paragraph 1 Letter f of the GDPR, due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our services.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
Data subject rights and storage periodStorage duration
After complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.
Rights of the data subject
Provided the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
Furthermore, pursuant to Article 21 Paragraph 1 GDPR, you have the right to object to processing based on Article 6 Paragraph 1 f GDPR, as well as to processing for direct marketing purposes.
Right to lodge a complaint with the supervisory authority
According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful.
You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Tel.: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de
Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.
After an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
Last updated: October 22, 2024