Data privacy statement

1) Introduction and contact details of the responsible party

1.1 We appreciate your visit to our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data that can be used to identify you personally.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is KEEGO Technologies GmbH, Margaretenstrasse 106/4, 1050 Vienna, Austria, Tel.: n/a, email: shop@keego.at. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 The controller has appointed a data protection officer who can be reached as follows: "Lukas Angst, KEEGO, Margaretenstrasse 106/4, 1050 Vienna, +4366565162044, office(at)keego.at"

2) Data collection when you visit our website

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/Reference from which you accessed the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

In order to make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period of time and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.

Insofar as personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the event of consent or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Judge.me

For review reminders, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom

Exclusively on the basis of your express consent in accordance with Art. 6 Para. 1 lit. a GDPR, we will transmit your email address and, if applicable, other customer data to the provider so that they can contact you by email with a review reminder.

You can withdraw your consent to us or to the provider at any time with effect for the future.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2 Freshdesk

We use the e-mail ticketing system of the following provider to process customer inquiries: Freshworks, Inc., 2950 S. Delaware Street, Suite 201, San Mateo, California 94403, USA

If you send us contact requests via email through our website, these are stored and organized in the ticket system to enable chronological processing and improve the service experience. You can always view the current status of your request using the individually assigned ticket number.

For the organization and processing of inquiries, personal data is collected according to the extent of its provision, but in any case name, first name and e-mail address, transmitted to the provider, stored there and read out.

The legal basis for processing this data is our legitimate interest in the efficient design of our customer service, in answering your request as quickly as possible, and in optimizing our service offering in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

5.3 When you contact us (e.g. via contact form or e-mail), personal data will be processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Data processing when opening a customer account

In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can see which data is required for opening an account in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the above-mentioned address of the responsible party. After deletion of your customer account, your data will be deleted, provided that all contracts concluded through it have been fully processed, there are no legal retention periods to the contrary and we have no legitimate interest in continuing to store it.

7) Use of customer data for direct advertising

7.1 Registration for our e-mail newsletter

When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified email address.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. We store your IP address registered by the Internet Service Provider (ISP), as well as the date and time of registration, in order to trace any possible misuse of your email address at a later point in time. The data collected by us when you register for the newsletter will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the responsible party named at the beginning. After you unsubscribe, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this to the extent permitted by law and about which we inform you in this declaration.

7.2 Sending the e-mail newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email, similar to those already purchased. For this, according to § 7 para. 3 UWG, we do not need to obtain separate consent from you. Data processing is based solely on our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you any emails.

You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the responsible party named at the beginning. For this, you will only incur transmission costs according to the basic rates. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.

7.3 Klaviyo

Our email newsletters and other promotional email communications are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly email marketing, we pass on the data you provided during registration to this provider in accordance with Art. 6 (1) lit. f GDPR so that they can send emails on our behalf.

Subject to your express consent in accordance with Art. 6 (1) (a) GDPR, the provider also conducts a statistical evaluation of the success of email campaigns using web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the content of the newsletter. In doing so, terminal device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to email tracking at any time with future effect.

We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.

7.4 MailChimp

Our e-mail newsletters are sent via this provider: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration to this provider in accordance with Art. 6 Para. 1 lit. f GDPR so that they can handle the newsletter dispatch on our behalf.

Subject to your express consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns by means of web beacons or tracking pixels in the e-mails sent, which can measure opening rates and specific interactions with the content of the newsletter. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data records.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.

7.5 E-mail notification of product availability

For temporarily unavailable items, you can sign up to receive email notifications of availability. We will then send you a one-time email notification about the availability of the item you have selected. The only mandatory information for sending this notification is your email address. Providing further data is voluntary and may be used to address you personally. For sending emails, we use the so-called double opt-in procedure, which ensures that you will only receive a notification if you have expressly confirmed your consent by clicking on a verification link sent to the specified email address.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. We store your IP address registered by the Internet Service Provider (ISP), as well as the date and time of registration, in order to trace any possible misuse of your email address at a later point in time. The data collected by us when you register for our email notification service regarding product availability will be used strictly for the intended purpose.

You can unsubscribe from availability notifications at any time by sending a message to the responsible party named above. After unsubscribing, your email address will be immediately deleted from our distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

7.6 Shopping cart reminders via e-mail

If you cancel your purchase from us before completing the order, you have the option of being reminded once by email of the contents of your virtual shopping cart.

The only mandatory information for sending this reminder is your email address. Providing further data is voluntary and may be used to address you personally. For sending emails, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking on a verification link sent to the specified email address.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR for sending you a shopping cart reminder. We store your IP address registered by the Internet Service Provider (ISP), as well as the date and time of registration, in order to trace any possible misuse of your email address at a later point in time. The data collected by us when you register for our email notification service will be used strictly for the intended purpose.

You can unsubscribe from the shopping cart reminders at any time by sending a message to the responsible party named above. After unsubscribing, your email address will be immediately deleted from our distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

8) Data processing for order processing

8.1 Insofar as this is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the transport company and the credit institution commissioned in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we will process the contact details you provided when ordering in order to inform you personally within the scope of our legal information obligations in accordance with Art. 6 Para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us to the extent that this is necessary for the respective information.

To process your order, we also work together with the following service provider(s), who support us in full or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 LOGSTA

We use the following provider for order processing: LOGSTA Germany GmbH, Elbestraße 2, 84453 Mühldorf am Inn, Germany

Name, address and, if applicable, other personal data will be passed on to the provider in accordance with Art. 6 Para. 1 lit. b GDPR exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for processing the order.

8.3 Disclosure of personal data to shipping service providers

- Deutsche Post

As a transport service provider, we use the following company: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

In accordance with Art. 6 Para. 1 lit. a GDPR, we will forward your email address and/or telephone number to the provider before the goods are delivered for the purpose of coordinating a delivery date or to announce the delivery, provided that you have given your express consent for this in the order process. Otherwise, in accordance with Art. 6 Para. 1 lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery. The data will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to announce the delivery.

The consent can be withdrawn at any time with effect for the future vis-à-vis the controller designated above or vis-à-vis the provider.
- DHL

As a transport service provider, we use the following company: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

The consent can be withdrawn at any time with effect for the future vis-à-vis the controller designated above or vis-à-vis the provider.
- DPD

As a transport service provider, we use the following company: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

The consent can be withdrawn at any time with effect for the future vis-à-vis the controller designated above or vis-à-vis the provider.
- GLS

As a transport service provider, we use the following company: General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein, Germany

The consent can be withdrawn at any time with effect for the future vis-à-vis the controller designated above or vis-à-vis the provider.
- Austrian Post

As a transport service provider, we use the following company: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria

The consent can be withdrawn at any time with effect for the future vis-à-vis the controller designated above or vis-à-vis the provider.
- UPS

As a transport service provider, we use the following company: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany

The consent can be withdrawn at any time with effect for the future vis-à-vis the controller designated above or vis-à-vis the provider.

8.4 Use of payment service providers

- Apple Pay

If you choose to pay using “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment will be processed via the “Apple Pay” function on your iOS, watchOS, or macOS device by charging a payment card stored in “Apple Pay.” Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. To authorize a payment, you must enter a code you have previously set, as well as verification using the “Face ID” or “Touch ID” function on your device.

For the purpose of payment processing, your information provided during the order process, together with the information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for the purpose of processing the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.

Insofar as personal data is processed during the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you've made in Safari on your Mac, the Mac and the authorizing device communicate over an encrypted channel on Apple's servers. Apple doesn't process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac".

Further information on data protection at Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method from a provider where you make advance payment (such as credit card payment), your payment data (including name, address, bank and payment card information, currency and transaction number) provided during the order process, as well as information about the content of your order, will be transmitted to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where the provider makes advance payment (such as purchase on account, hire purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative means of payment) during the order process.

In order to protect our legitimate interest in determining the solvency of our customers, this data will be forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 Para. 1 lit. f GDPR. The provider checks on the basis of the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option you have selected can be granted with regard to payment and/or default risks.

In addition to internal provider criteria, identity and creditworthiness information from the following credit agencies may also be included in the decision-making process as part of the application review in accordance with Art. 6 Para. 1 lit. f GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit check may contain probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
- Paypal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from a provider where you make advance payment, your payment data (including name, address, bank and payment card information, currency and transaction number) provided during the order process, as well as information about the content of your order, will be transmitted to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where we make advance payment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative means of payment) during the order process.

In order to protect our legitimate interest in determining your solvency in such cases, this data will be forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 Para. 1 lit. f GDPR. The provider checks on the basis of the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option you have selected can be granted with regard to payment and/or default risks.

One or more online payment methods from the following provider are available on this website: Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden

One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

9) Online Marketing

Own affiliate program

In connection with the product presentations on our website, we maintain our own affiliate program, within the framework of which we provide interested third-party website operators with partner links for placement on their websites, which lead to our offers. Cookies are used for the affiliate program, which are generally set on the partner page after clicking on a corresponding partner link and for which we are not responsible under data protection law. Cookies are small text files that are stored on your end device in order to trace the origin of transactions (e.g. “sales leads”) that were generated via such links. Among other things, we can recognize that you have clicked on the partner link and were forwarded to our website. This information is required for payment processing between us and the affiliate partners. If the information also contains personal data, the processing described takes place on the basis of our legitimate financial interest in the processing of commission payments in accordance with Art. 6 Para. 1 lit. f GDPR.

If you want to block the evaluation of user behavior via cookies, you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.

10) Web Analytics Services

10.1 Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows us to analyze your use of our website.

By default, when you visit the website, Google (Universal) Analytics sets cookies, which are small text files that are stored on your device and collect certain information. This information includes your IP address, which Google truncates by the last digits to prevent direct personal identification.

The information is transferred to Google's servers and processed there. This may also involve transfers to Google LLC, which is based in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services related to website usage and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The data collected as part of the use of Google (Universal) Analytics is stored for a period of two months and then deleted.

All processing operations described above, especially the setting of cookies on the terminal device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR.
Without your consent, Google (Universal) Analytics will not be used during your visit to the site. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information on Google (Universal) Analytics can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google (Universal) Analytics uses the special function "demographic characteristics" and can use it to create statistics that provide information about the age, gender and interests of website visitors. This is done by analyzing advertising and information from third parties. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and will be deleted after a storage period of two months.

Google Signals
As an extension to Google (Universal) Analytics, Google Signals can be used on this website to generate cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop the cross-device analysis, you can deactivate the "Personalized advertising" function in the settings of your Google account. To do this, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de
You can find more information about Google Signals at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
The "UserIDs" function can be used on this website as an extension to Google (Universal) Analytics. If you have consented to the use of Google (Universal) Analytics in accordance with Art. 6 Para. 1 lit. a GDPR, have set up an account on this website and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.

10.2 Hotjar

This website uses the web analysis service of the following provider: Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading out terminal device and browser information), the service collects and stores pseudonymized visitor data, including information from the terminal device used, such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this makes it possible to evaluate movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g. text input, scrolling, clicks and mouse-overs). The pseudonymization generally excludes a direct personal reference. A combination with clear data about your person collected in other ways does not take place.

All processing operations described above, especially the reading or storing of information on the terminal device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

11) Retargeting/Remarketing and Conversion Tracking

11.1 Meta Pixel with advanced data matching

Within our online offering, we use the "Meta Pixel" service from the following provider in the extended data matching mode: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

When a user clicks on an advertisement placed by us on Facebook or Instagram, "Meta Pixel" is used to add a parameter to the URL of our linked page. This URL parameter is then entered into the user's browser after redirection by a cookie that our linked page sets itself. In addition, this cookie collects specific customer data such as the email address that we collect on our website linked to the Facebook or Instagram ad during processes such as purchase completions, account logins or registrations (extended data matching). The cookie is then read out and enables the transmission of the data, including the specific customer data, to Meta.

We use "Meta Pixel" with advanced data matching to make our advertisements (so-called "ads") on Facebook and/or Instagram more effective and to ensure that they correspond to the interests of users or have certain characteristics (e.g. interests in certain topics or products that are determined based on the websites visited), which we transmit to Meta (so-called "Custom Audiences").

In addition, we analyze the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an ad (conversion). Compared to the standard version of "Meta Pixel," the enhanced data matching feature helps us better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.

All transmitted data is stored and processed by Meta, so that an assignment to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the data usage guidelines of Meta (https://www.facebook.com/about/privacy/). The data can enable Meta and its partners to place ads on and off Facebook.

All processing operations described above, especially the setting of cookies for reading information on the terminal device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transferred to a Meta server and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA.

11.2 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing only takes place if you have agreed with Google that your Internet and app browser history is linked to your Google account and information from your Google account is used to personalize advertisements that you view on the web. If you are logged in to Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked to Google Analytics data by Google in order to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transferred to the servers of Google LLC. in the USA.

All processing operations described above, especially the setting of cookies for reading information on the terminal device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You can withdraw your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie-Consent-Tool" provided on the website.

Details about the processing initiated by Google and Google's handling of website data can be found here: https://policies.google.com/technologies/partner-sites

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11.3 Taboola

This website uses retargeting technology from the following provider: Taboola Inc., 16 Madison Square West 7th Floor, New York, NY 10010, USA

This enables us to target visitors to our website with personalized, interest-based advertising who have already shown interest in our shop and our products. The advertising material is displayed on the basis of a cookie-based analysis of previous and current usage behavior.

In cases of retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymized data about your interests and thus tailor advertising to the stored information. These cookies are small text files that are stored on your computer or mobile device. This allows you to see advertising that is highly likely to match your product and information interests.

All processing operations described above, especially the setting of cookies for reading information on the terminal device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You can withdraw your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie-Consent-Tool" provided on the website.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

11.4 Google Marketing Platform

This website uses the online marketing tool Google Marketing Platform of the operator Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").

GMP uses cookies to serve ads that are relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to track which ads are shown in which browser and can prevent them from being displayed multiple times. In addition, GMP can use cookie IDs to track conversions related to ad requests. This is the case, for example, when a user sees a GMP ad and later visits the advertiser's website and buys something through that website using the same browser. According to Google, GMP cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server.

We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge as follows: By integrating GMP, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address. As part of the use of GMP, personal data may also be transferred to the servers of Google LLC. in the USA.

You can find the GMP by Google data protection regulations here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11.5 Microsoft Advertising Universal Event Tracking

This website uses conversion tracking technology from the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

To use Universal Event Tracking, a tag is stored on each page of our website that interacts with the conversion cookie set by Microsoft. This interaction makes user behavior on our website traceable and sends the information collected in this way to Microsoft. The purpose of this is to statistically record and evaluate certain predefined goals, such as purchases or leads, in order to make the orientation and content of our offers more tailored to your interests. The tags are never used for personal identification of users.

All processing operations described above, especially the setting of cookies for reading information on the terminal device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You can withdraw your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie-Consent-Tool" provided on the website.

12) Page Functionalities

12.1 Facebook-Plugins

Our website uses plugins from the following social network provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when you visit our website, the plugins are initially deactivated using a so-called "2-click" or "Shariff" solution integrated into the page.

This integration ensures that when you access a page on our website that contains such plugins, no connection is established with the provider's servers.

If you are logged into an existing user profile on the provider's social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation has no influence on the data that has already been transmitted to the provider.

Data may also be transferred to: Meta Platforms Inc., USA

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

12.2 Instagram-Plugins

Our website uses plugins from the following social network provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when you visit our website, the plugins are initially deactivated using a so-called "2-click" or "Shariff" solution integrated into the page.

This integration ensures that when you access a page on our website that contains such plugins, no connection is established with the provider's servers.

Only when you activate the plugins and thereby give your consent to the data transfer in accordance with Art. 6 Para. 1 lit. a GDPR, your browser establishes a direct connection to the servers of the provider. In this process, regardless of whether you are logged into an existing user profile, a certain amount of information about your device (including your IP address), your browser and your page history is transmitted to the provider and may be further processed there.

If you are logged into an existing user profile on the provider's social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation has no influence on the data that has already been transmitted to the provider.

Data may also be transferred to: Meta Platforms Inc., USA

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

12.3 LinkedIn-Plugins

Our website uses plugins from the following social network provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when you visit our website, the plugins are initially deactivated using a so-called "2-click" or "Shariff" solution integrated into the page.

This integration ensures that when you access a page on our website that contains such plugins, no connection is established with the provider's servers.

Data may also be transferred to: LinkedIn Inc., USA

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

12.4 Youtube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC., USA

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the content, at the latest when the video is played. Certain information, including your IP address, is transmitted to the provider.

If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics and prevent abusive behavior.

If you are logged into a user account with the provider during your visit to the site, your data will be directly assigned to your account when you click on a video. If you do not want the assignment to your account, you must log out before pressing the playback button.

All of the aforementioned processing operations, in particular the setting of cookies for reading information on the terminal device used, will only take place if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website.

12.5 Google Web Fonts

This site uses web fonts from the following provider for the uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly and establishes a direct connection to the provider's servers. Certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA

The processing of personal data in the course of contacting the font provider will only take place if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

12.6 Weglot

This website uses the translation service of the following provider via an API integration: Weglot SAS, 7 cité Paradis, 75010 Paris, France

In order for the translation into your choice of a national language to be displayed automatically, the browser you are using connects to the servers of the provider. The provider uses so-called "cookies", which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a server of the provider and stored there.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

12.7 Google Customer Reviews (formerly Google Certified Shops program)

We work with Google as part of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program gives us the opportunity to obtain customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to participate in an email survey from Google.

If you give your consent in accordance with Art. 6 Para. 1 lit. a GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchase experience on our website. The rating you submit will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. In addition, your rating will be used for Google Seller Ratings. As part of the use of Google Customer Reviews, personal data may also be transferred to the servers of Google LLC. in the USA.

You can withdraw your consent at any time by sending a message to the data controller or to Google.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

12.8 Google Forms

We use the services of the following provider for conducting surveys or online forms: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

In addition to a transfer of data to the aforementioned provider location, data can also be transferred to: Google LLC, USA

The provider enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter in the forms, information about your operating system, browser, date and time of your visit, referrer URL and your IP address are also collected, transmitted to the provider and stored on the provider's servers.

The information you enter in the forms is stored password-protected to ensure that third-party access is excluded and that only we can evaluate the data for the purpose stated in the form.

When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 Para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to the processing of your data, the processing takes place on the basis of Art. 6 Para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

12.9 Shopsync for Shopify

This website uses the Shopify app "Shopsync" from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the newsletter service "Mailchimp" is synchronized with our Shopify account in such a way that, on the one hand, updates in email lists from Mailchimp (such as an opt-out by a newsletter recipient) are automatically stored on Shopify and, on the other hand, new contact data generated via contracts on Shopify are automatically transferred to the email lists of Mailchimp.

In the former case, data processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in the effective and system-wide maintenance of advertising address files and the efficient observance of legally significant status changes.

In the second case, exclusively on the basis of the user's express consent in accordance with Art. 6 Para. 1 lit. a GDPR after a contract has been concluded on Shopify, their first and last name, address and email address together with transaction-related information (purchase amount, time and date of purchase) are transmitted to Mailchimp by ShopSync for inclusion in the Mailchimp list.

Data transferred in this way is not stored or retained by ShopSync after synchronization. All information synchronized between Shopify and Mailchimp is transmitted via SSL (Secure Socket Layer) technology, and all transmitted information remains encrypted during the synchronization process.

The synchronization process requires the transfer of information via a secure connection to servers hosted by Amazon Web Services in the USA.

Further data protection information on ShopSync can be found here: https://www.shop-sync.com/privacy-policy

12.10 Job applications by email

On our website, we post current job vacancies in a separate section, which interested parties can apply for by sending an email to the contact address provided.

Applicants must provide all personal data necessary for a well-founded assessment, including general information such as name, address and contact details, as well as performance-related evidence and, where applicable, health-related information. Details on how to apply can be found in the job advertisement.

After receipt of the application by e-mail, the data will be stored and evaluated exclusively for the purpose of processing the application. If we have any questions, we will use either the applicant's e-mail address or telephone number. The processing is based on Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG), in the sense of which going through the application process is regarded as initiating an employment contract.

To the extent that special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data such as information on severe disability) are requested from applicants during the application process, processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our related obligations.

Cumulatively or alternatively, the processing of special categories of data can also be based on Art. 9 para. 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the working capacity of the applicant, for medical diagnostics, the provision of care or treatment in the health or social sector or for the management of systems and services in the health or social sector.

If the applicant is not selected or withdraws their application prematurely, their transmitted data and all electronic correspondence, including the application email, will be deleted no later than 6 months after notification. This period is based on our legitimate interest in answering any follow-up questions about the application and, if necessary, being able to meet our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 Para. 1 lit. b GDPR (in the case of processing in Germany in conjunction with Section 26 Para. 1 BDSG) for the purpose of carrying out the employment relationship.

13) Tools and Other

13.1Billbee

We use the service of the cloud-based accounting software from the following provider to handle our accounting: Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany

The provider processes incoming and outgoing invoices and, if applicable, the bank transactions of our company in order to automatically record invoices, match them to the transactions and use this to create the financial accounting in a partially automated process.

If personal data is also processed in this context, the processing is based on our legitimate interest in the efficient organization and documentation of our business transactions in accordance with Art. 6 Para. 1 lit. f GDPR.

13.2 Cookie Consent Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies requiring consent and cookie-based applications. The "cookie consent tool" is displayed to users in the form of an interactive user interface when they access the site, where they can give their consent for certain cookies and/or cookie-based applications by ticking a box. Through the use of the tool, all cookies/services requiring consent are only loaded when the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only placed on the user's device if consent has been given.

The tool uses technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.

If personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our website.

A further legal basis for the processing is Art. 6 Para. 1 lit. c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the user's consent.

If necessary, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

14) Rights of the Data Subject

14.1 The applicable data protection law grants you the following rights as a data subject (rights to information and intervention) with regard to the processing of your personal data by the controller, whereby reference is made to the legal basis cited for the respective conditions of exercise:

Right to information in accordance with Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to information according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw consent according to Art. 7 para. 3 GDPR;
Right to complain according to Art. 77 GDPR.

14.2 RIGHT OF OBJECTION

IF, WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

15) Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if applicable - additionally on the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data based on explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are legal retention periods for data that is processed on the basis of Art. 6 Para. 1 lit. b GDPR within the framework of contractual or quasi-contractual obligations, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in its continued storage.

When processing personal data on the basis of Art. 6 Para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 Para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 Para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 Para. 2 GDPR.

Unless otherwise stated in the other information within this declaration regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

As of: June 2, 2026, 4:07:05 a.m.