Privacy Policy
Privacy Policy
Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This only applies unless otherwise stated during the subsequent processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.
contact
Person responsible
Please contact us if you wish. The controller responsible for data processing is: YOVANA GmbH, Auf dem Sand 27, 40721 Hilden , Germany, +49 2103 4180800, info@yogabox.de
Customer's proactive contact via email
If you initiate business contact with us via email, we will only collect your personal data (name, email address, message text) to the extent you provide it. This data processing serves to process and respond to your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing serves the purpose of establishing contact.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Using Endereco's address validation
We use address validation on our website from the provider Endereco UG (limited liability) (Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany; “Endereco”).
The purpose of data processing is to check your entries in our address forms in real time for input and spelling errors, and to supplement any missing data if necessary. If data is entered incorrectly, alternative suggestions for correcting the data will be displayed.
Among other things, the following information may be transmitted to Endereco and processed there: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your personal data is processed on the basis of Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in maintaining a correct data basis to fulfill our contractual obligations. You have the right to object to this processing of personal data concerning you at any time for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days later.
Further information on data protection at Endereco can be found at: https://www.endereco.de/datenschutzerklaerung/ .
If you contact us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "WhatsApp"). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number stored with WhatsApp, your name if provided, and other data to the extent you provide it. We use a mobile device for the service, whose address book only stores data from users who have contacted us via WhatsApp. Personal data will therefore not be passed on to WhatsApp without your prior consent.
Your data will be transmitted by WhatsApp to Meta Platforms Inc. servers in the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has certified itself according to the TADPF and is thus committed to complying with European data protection principles. If the contact serves to carry out pre-contractual measures (e.g., advice in the event of a purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in providing quick and easy contact and answering your inquiry. In this case, you have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation.
We use your personal data only to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Further information on terms of use and data protection when using WhatsApp can be found athttps://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy .
Customer account orders
Customer account
When you open a customer account, we collect your personal data to the extent specified therein. The data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your customer account will then be deleted.
Reviews Advertising
Data collection when writing a comment or review
When you comment on or rate an article or post, we collect your personal data (name, email address, comment text) only to the extent you provide it. This processing serves the purpose of enabling commenting/rating and displaying comments/ratings.
For the purpose of verifying your rating/comment, we also collect the following data: order number, , invoice number, .
By submitting the comment/review, you consent to the processing of the submitted data. This processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your personal data will then be deleted.
When your comment/review is published, only the name you provide will be published.
Passing on the email address to shipping companies to inform them about the shipping status
We will share your email address with the shipping company as part of the contract processing, provided you have expressly consented to this during the ordering process. This sharing serves the purpose of informing you about the shipping status by email. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us or the shipping company, without affecting the legality of the processing carried out on the basis of your consent until the revocation.
Use of an external inventory management system
We use a merchandise management system to process your order. For this purpose, your personal data collected during the order process will be transferred to
plentysystems AG, Johanna-Waescher-Straße 7, 34131 Kassel .
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6 (1) (b) GDPR.
Payment service providers
Using PayPal Express
We use the PayPal Express payment service provided by PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to offer you payment via the PayPal Express payment service.
To integrate this payment service, PayPal is required to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, and device location) when you visit the website. Cookies may also be used for this purpose. These cookies enable your browser to be recognized.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) (s) 1 of the Telemedia Act (TDDDG) in conjunction with Article 6 (1) (a) of the GDPR. Your personal data is processed with your consent in accordance with Article 6 (1) (a) of the GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR.
Further information on data processing when using the PayPal Express payment service can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS
Using PayPal Check-Out
We use the PayPal Check-Out payment service provided by PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. Data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR.
Cookies may be stored that enable your browser to be recognized. The resulting data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object to this processing of personal data concerning you at any time for reasons arising from your particular situation.
Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal
For certain payment methods such as credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. Your legitimate interests will be taken into account in accordance with the statutory provisions. The data processing serves the purpose of the credit check for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protection against payment default if PayPal makes an advance payment.
You have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time by notifying PayPal, for reasons related to your particular situation. Providing this data is necessary for concluding the contract using your preferred payment method. Failure to provide this data will result in the contract not being concluded using your chosen payment method.
Third-party providers
When paying using a third-party payment method, the data required for payment processing will be transmitted to PayPal. This processing is based on Art. 6 (1) (b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is based on Art. 6 (1) (b) GDPR. Local third-party providers can include, for example:
Purchase on account via PayPal
When paying via invoice, the data required for payment processing is first transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. Ratepay may conduct a credit check based on mathematical-statistical procedures (probability or score values) using credit agencies according to the process already described above. The data is processed for the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protecting against payment default when Ratepay makes advance payments. Further information on data protection and which credit agencies use Ratpay can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ .
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
Cookies
Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.
Duration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular those under tax and commercial law, and then deleted after the expiry of the period unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you are entitled to the following rights under Articles 15 to 20 GDPR: Right to information, to rectification, to erasure, to restriction of processing, to data portability.
In addition, according to Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) (f) GDPR and to processing for direct marketing purposes.
Right to lodge a complaint with the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is unlawful.
You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Phone: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de
Right of objection
If the personal data processing listed here is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation.
Once you have objected, the processing of the data in question will be stopped unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
last updated: 22.10.2024
Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This only applies unless otherwise stated during the subsequent processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.
Server log files
You can visit our websites without providing any personal information.
Each time you access our website, usage data is transmitted to us or our web host/IT service provider via your internet browser and stored in log files (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our offering.
Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. An adequacy decision of the EU Commission exists for Canada. An adequacy decision of the EU Commission exists for the USA: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our offering.
contact
Person responsible
Please contact us if you wish. The controller responsible for data processing is: YOVANA GmbH, Auf dem Sand 27, 40721 Hilden , Germany, +49 2103 4180800, info@yogabox.de
Customer's proactive contact via email
If you initiate business contact with us via email, we will only collect your personal data (name, email address, message text) to the extent you provide it. This data processing serves to process and respond to your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing serves the purpose of establishing contact.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Using Endereco's address validation
We use address validation on our website from the provider Endereco UG (limited liability) (Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany; “Endereco”).
The purpose of data processing is to check your entries in our address forms in real time for input and spelling errors, and to supplement any missing data if necessary. If data is entered incorrectly, alternative suggestions for correcting the data will be displayed.
Among other things, the following information may be transmitted to Endereco and processed there: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your personal data is processed on the basis of Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in maintaining a correct data basis to fulfill our contractual obligations. You have the right to object to this processing of personal data concerning you at any time for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days later.
Further information on data protection at Endereco can be found at: https://www.endereco.de/datenschutzerklaerung/ .
Using Google Maps API address validation
We use address validation from Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, “Google”) on our website.
The purpose of data processing is to check your entries in our address forms in real time for input and spelling errors, and to supplement any missing data. If data is entered incorrectly, alternative suggestions for correcting the data will be displayed. For this purpose, the address data you enter is transmitted to the provider, where it is stored and evaluated.
Among other things, the following information may be transmitted to Google and processed there: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is thus committed to complying with European data protection principles.
Your personal data is processed on the basis of Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in maintaining a correct data basis to fulfill our contractual obligations. You have the right to object to this processing of personal data concerning you at any time for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days later.
Further information on Google's terms of use and data protection can be found at: https://cloud.google.com/maps-platform/terms or at https://www.google.de/policies/privacy/ .
WhatsApp BusinessWe use address validation from Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, “Google”) on our website.
The purpose of data processing is to check your entries in our address forms in real time for input and spelling errors, and to supplement any missing data. If data is entered incorrectly, alternative suggestions for correcting the data will be displayed. For this purpose, the address data you enter is transmitted to the provider, where it is stored and evaluated.
Among other things, the following information may be transmitted to Google and processed there: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is thus committed to complying with European data protection principles.
Your personal data is processed on the basis of Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in maintaining a correct data basis to fulfill our contractual obligations. You have the right to object to this processing of personal data concerning you at any time for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days later.
Further information on Google's terms of use and data protection can be found at: https://cloud.google.com/maps-platform/terms or at https://www.google.de/policies/privacy/ .
If you contact us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "WhatsApp"). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number stored with WhatsApp, your name if provided, and other data to the extent you provide it. We use a mobile device for the service, whose address book only stores data from users who have contacted us via WhatsApp. Personal data will therefore not be passed on to WhatsApp without your prior consent.
Your data will be transmitted by WhatsApp to Meta Platforms Inc. servers in the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has certified itself according to the TADPF and is thus committed to complying with European data protection principles. If the contact serves to carry out pre-contractual measures (e.g., advice in the event of a purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in providing quick and easy contact and answering your inquiry. In this case, you have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation.
We use your personal data only to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Further information on terms of use and data protection when using WhatsApp can be found athttps://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy .
Customer account orders
Customer account
When you open a customer account, we collect your personal data to the extent specified therein. The data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your customer account will then be deleted.
Collection, processing and transfer of personal data when placing orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to process your inquiries. Providing this data is required to conclude a contract. Failure to provide this data will result in no contract being concluded. Processing is based on Art. 6 (1) (b) GDPR and is necessary to fulfill a contract with you.
Your data may be shared with, for example, shipping companies, dropshipping or fulfillment providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to a minimum.
Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. An adequacy decision of the EU Commission exists for Canada. An adequacy decision of the EU Commission exists for the USA: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.Reviews Advertising
Data collection when writing a comment or review
When you comment on or rate an article or post, we collect your personal data (name, email address, comment text) only to the extent you provide it. This processing serves the purpose of enabling commenting/rating and displaying comments/ratings.
For the purpose of verifying your rating/comment, we also collect the following data: order number, , invoice number, .
By submitting the comment/review, you consent to the processing of the submitted data. This processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your personal data will then be deleted.
When your comment/review is published, only the name you provide will be published.
Shop information customer review
We use the rating tool “shopauskunft.de” of Händlerbund Management AG (Kohlgartenstraße 11 - 13, 04315 Leipzig; “Shopauskunft”) for our website.
After placing your order, we would like to ask you to rate and comment on your purchase. For this purpose, we will contact you by email using the "Legally Secure Review Request (RBA)" technical system. We will process the data related to your order (order number/invoice number, purchase value, and shipping costs) as well as your email address. If necessary, we may also use this data to verify your review.
We use the rating tool “shopauskunft.de” of Händlerbund Management AG (Kohlgartenstraße 11 - 13, 04315 Leipzig; “Shopauskunft”) for our website.
After placing your order, we would like to ask you to rate and comment on your purchase. For this purpose, we will contact you by email using the "Legally Secure Review Request (RBA)" technical system. We will process the data related to your order (order number/invoice number, purchase value, and shipping costs) as well as your email address. If necessary, we may also use this data to verify your review.
The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent, provided that you have expressly agreed to the transfer of your data and to receiving the request for evaluation.
You can revoke your consent at any time by using the corresponding link in the email or by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation.
Further information on data protection when using Shopauskunft can be found at:
https://www.shopauskunft.de/datenschutz .
You can revoke your consent at any time by using the corresponding link in the email or by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation.
Further information on data protection when using Shopauskunft can be found at:
https://www.shopauskunft.de/datenschutz .
Shop information widget
The Shopauskunft widget is integrated into our website. Its purpose is to display the number and results of the reviews we have received through Shopauskunft so far, and to promote them.
To display the widget, it is technically necessary to transmit usage data via your internet browser to the Shopauskunft server and store it in log files (so-called server log files) for 7 days. This stored data includes the name and URL of the retrieved file, the date and time of retrieval, the IP address of the requesting computer, the website from which access was made (referrer URL), the browser used, and, if applicable, the operating system of your computer, as well as the name of your access provider.
Processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in promoting our offers by displaying customer reviews we have already received. This data is not stored together with other personal data.
Use of email address for availability notifications
We offer a product availability notification service on our website. If an item is temporarily unavailable, you have the option of entering your email address for the respective item and being informed by email when it becomes available, provided you have consented to this. You will receive a one-time notification by email about the availability of the respective item. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation. You can unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the mailing list.
Shipping service provider merchandise managementWe offer a product availability notification service on our website. If an item is temporarily unavailable, you have the option of entering your email address for the respective item and being informed by email when it becomes available, provided you have consented to this. You will receive a one-time notification by email about the availability of the respective item. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation. You can unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the mailing list.
Passing on the email address to shipping companies to inform them about the shipping status
We will share your email address with the shipping company as part of the contract processing, provided you have expressly consented to this during the ordering process. This sharing serves the purpose of informing you about the shipping status by email. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us or the shipping company, without affecting the legality of the processing carried out on the basis of your consent until the revocation.
Use of an external inventory management system
We use a merchandise management system to process your order. For this purpose, your personal data collected during the order process will be transferred to
plentysystems AG, Johanna-Waescher-Straße 7, 34131 Kassel .
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6 (1) (b) GDPR.
Payment service providers
Using PayPal Express
We use the PayPal Express payment service provided by PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to offer you payment via the PayPal Express payment service.
To integrate this payment service, PayPal is required to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, and device location) when you visit the website. Cookies may also be used for this purpose. These cookies enable your browser to be recognized.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) (s) 1 of the Telemedia Act (TDDDG) in conjunction with Article 6 (1) (a) of the GDPR. Your personal data is processed with your consent in accordance with Article 6 (1) (a) of the GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR.
Further information on data processing when using the PayPal Express payment service can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS
Using PayPal Check-Out
We use the PayPal Check-Out payment service provided by PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. Data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR.
Cookies may be stored that enable your browser to be recognized. The resulting data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object to this processing of personal data concerning you at any time for reasons arising from your particular situation.
Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal
For certain payment methods such as credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. Your legitimate interests will be taken into account in accordance with the statutory provisions. The data processing serves the purpose of the credit check for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protection against payment default if PayPal makes an advance payment.
You have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time by notifying PayPal, for reasons related to your particular situation. Providing this data is necessary for concluding the contract using your preferred payment method. Failure to provide this data will result in the contract not being concluded using your chosen payment method.
Third-party providers
When paying using a third-party payment method, the data required for payment processing will be transmitted to PayPal. This processing is based on Art. 6 (1) (b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is based on Art. 6 (1) (b) GDPR. Local third-party providers can include, for example:
- Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Purchase on account via PayPal
When paying via invoice, the data required for payment processing is first transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. Ratepay may conduct a credit check based on mathematical-statistical procedures (probability or score values) using credit agencies according to the process already described above. The data is processed for the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protecting against payment default when Ratepay makes advance payments. Further information on data protection and which credit agencies use Ratpay can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ .
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
Use of the payment service provider Mollie
We use the payment service provider Mollie BV (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; "Mollie") to process payments on our website. The purpose of this data processing is to offer you various payment methods through payment processing via the payment service provider Mollie. If you have chosen one of the payment options offered by the payment service provider Mollie, the data required for payment processing will be transmitted to Mollie. This includes your payment details (e.g., bank account number or credit card number), your IP address, your internet browser and device type, and in some cases, your first and last name, your address details, and information about the product or service you have purchased from us. This data processing is based on Art. 6 (1) (b) GDPR. Further information on data processing when using the payment service provider Mollie can be found in the associated privacy policy: https://www.mollie.com/de/privacy
We use the payment service provider Mollie BV (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; "Mollie") to process payments on our website. The purpose of this data processing is to offer you various payment methods through payment processing via the payment service provider Mollie. If you have chosen one of the payment options offered by the payment service provider Mollie, the data required for payment processing will be transmitted to Mollie. This includes your payment details (e.g., bank account number or credit card number), your IP address, your internet browser and device type, and in some cases, your first and last name, your address details, and information about the product or service you have purchased from us. This data processing is based on Art. 6 (1) (b) GDPR. Further information on data processing when using the payment service provider Mollie can be found in the associated privacy policy: https://www.mollie.com/de/privacy
Cookies
Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide whether to accept them individually, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies already stored can be deleted at any time. However, please note that in this case, you may not be able to use all the functions of this website to their full extent.
The following links will tell you how to manage (including deactivate) cookies in the most important browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablassen
Technically necessary cookies
Unless otherwise stated in the privacy policy below, we only use technically necessary cookies to make our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you change pages and to offer you services. Some functions of our website cannot be offered without the use of cookies. These require that the browser is recognized even after you change pages.
The use of cookies or similar technologies is based on Section 25 (2) of the Telemedia Act (TDDDG). Your personal data is processed on the basis of Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offering.
You have the right to object to the processing of personal data concerning you at any time for reasons related to your particular situation.
Rights of data subjects and storage periodDuration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular those under tax and commercial law, and then deleted after the expiry of the period unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you are entitled to the following rights under Articles 15 to 20 GDPR: Right to information, to rectification, to erasure, to restriction of processing, to data portability.
In addition, according to Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) (f) GDPR and to processing for direct marketing purposes.
Right to lodge a complaint with the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is unlawful.
You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Phone: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de
Right of objection
If the personal data processing listed here is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation.
Once you have objected, the processing of the data in question will be stopped unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
last updated: 22.10.2024