Privacy policy
1) Introduction and Contact Details of the Data Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data refers to all data that can personally identify you.
1.2 The data controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Waldin sp. z o.o, Rozbórz Długi 66b, 37-560 Pruchnik, Poland, Tel.: +48 668 892 335, Email: info@waldinshop.nl. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When you visit our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Used browser
- Used operating system
- Used IP address (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or used for any other purposes. However, we reserve the right to check the server log files later if there are specific indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” string and the lock symbol in your browser’s address bar.
3) Hosting & Content Delivery Network (CDN)
For hosting our website and displaying the content of the pages, we use a provider that provides its services either itself or through selected subcontractors exclusively on servers located within the European Union.
All data collected on our website is processed on these servers.
We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
4) Cookies
To make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing your browser (so-called “session cookies”), while others remain on your device for a longer period and allow saving of site settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies we use, the processing is carried out either in accordance with Art. 6 (1) lit. b GDPR for the performance of the contract, in accordance with Art. 6 (1) lit. a GDPR in the case of given consent, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can configure your browser to inform you about the setting of cookies and to decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contacting Us
5.1 Trusted Shops
For review reminders, we use the services of the following provider: Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany.
Exclusively based on your explicit consent in accordance with Art. 6 (1) lit. a GDPR, we transmit your email address and, if applicable, other customer data to the provider so that they can contact you via email with a review reminder.
You can revoke your consent at any time with future effect by informing us or the provider.
We are jointly responsible with the provider for the aforementioned data processing in accordance with Art. 26 GDPR. The contract on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO
5.2 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the “Business Version” of WhatsApp for this purpose.
If you contact us via WhatsApp in connection with a specific business transaction (e.g., a placed order), we will store and use the mobile number you use on WhatsApp, as well as – if provided – your first and last name, in accordance with Art. 6 (1) lit. b GDPR, to process and respond to your inquiry. On the same legal basis, we may also ask you to provide additional data (order number, customer number, address, or email address) via WhatsApp in order to associate your inquiry with a specific transaction.
If you contact us via WhatsApp for general inquiries (e.g., about our service range, availability, or our website), we store and use the mobile number you use on WhatsApp and – if provided – your first and last name, in accordance with Art. 6 (1) lit. f GDPR, based on our legitimate interest in efficiently and promptly providing the requested information.
Your data will only be used to respond to your inquiry via WhatsApp. It will not be shared with third parties.
Please note that WhatsApp Business has access to the address book of the mobile device we use for this service and automatically transfers the phone numbers stored in the address book to a server belonging to WhatsApp’s parent company, Meta Platforms Inc., in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book only stores WhatsApp contact details of users who have contacted us via WhatsApp.
This ensures that each person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 (1) lit. a GDPR when they first used the app on their device by accepting WhatsApp’s terms of use. Consequently, no data is transferred for users who do not use WhatsApp and/or have not contacted us via WhatsApp.
For the purpose and scope of data collection, as well as the further processing and use of data by WhatsApp, and your related rights and privacy settings, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have entered into a data processing agreement with the provider to protect our website visitors’ data and prohibit disclosure to third parties.
In the context of the aforementioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider is part of the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
5.3 Contact via Form or Email
In the context of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) lit. f GDPR. If your contact aims to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted once it is clear from the circumstances that the matter has been conclusively resolved and provided no legal retention obligations exist.
6) Data Processing When Creating a Customer Account
In accordance with Art. 6 (1) lit. b GDPR, personal data is collected and processed as necessary when you provide it to us when creating a customer account. The specific data required for opening an account can be found in the input form on our website.
You can delete your customer account at any time by sending a message to the aforementioned address of the controller. After your customer account has been deleted, your data will be erased, provided that all contracts concluded via the account have been fully executed, no statutory retention periods apply, and there is no legitimate interest on our part in further retention.
7) Use of Customer Data for Direct Marketing
Newsletter Subscription
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for sending the newsletter is your email address. Providing additional data is voluntary and used to address you personally. We use the so-called double opt-in procedure for the newsletter, ensuring that you only receive newsletters if you have expressly confirmed your consent to receive them by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit. a GDPR. At this point, we store your IP address provided by the Internet Service Provider (ISP), along with the date and time of the registration, to trace any possible misuse of your email address at a later time. The data we collect during the newsletter registration is strictly used for the purpose of sending the newsletter.
You can unsubscribe from the newsletter at any time by clicking on the link provided in the newsletter or by sending a message to the contact information mentioned at the beginning. After unsubscribing, your email address will be immediately removed from our newsletter distribution list unless you have expressly consented to further use of your data or if we reserve the right to use it for other purposes that are legally permitted and about which we inform you in this statement.
8) Data Processing for Order Fulfillment
8.1 To the extent necessary for contract fulfillment for delivery and payment purposes, the personal data we collect will be shared with the appointed transport company and the designated financial institution in accordance with Art. 6 (1) lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data (name, address, email address) you provided during the order to inform you in accordance with our legal information obligations as per Art. 6 (1) lit. c GDPR via appropriate communication channels (e.g., postal or email) about upcoming updates within the legally required period. Your contact details will be used strictly for the purpose of providing notifications about updates we owe and will only be processed as necessary for each communication.
To fulfill your order, we also work with the following service providers who support us, in whole or in part, in the execution of contracts. Personal data will be shared with these service providers according to the information below.
8.2 Transfer of Personal Data to Shipping Providers
- DHL
As a shipping provider, we use the following company: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.
We will share your email address and/or telephone number with DHL prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, in accordance with Art. 6 (1) lit. a GDPR, if you have expressly consented to this during the order process. Otherwise, we will only share the recipient’s name and delivery address with DHL for the purpose of delivery, in accordance with Art. 6 (1) lit. b GDPR. The transfer will only occur as far as necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification with DHL will not be possible.
You can revoke your consent at any time with future effect by notifying the controller mentioned above or DHL.
- DHL Express
As a shipping provider, we use the following company: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany.
We will share your email address and/or telephone number with DHL Express prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, in accordance with Art. 6 (1) lit. a GDPR, if you have expressly consented to this during the order process. Otherwise, we will only share the recipient’s name and delivery address with DHL Express for the purpose of delivery, in accordance with Art. 6 (1) lit. b GDPR. The transfer will only occur as far as necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification with DHL Express will not be possible.
You can revoke your consent at any time with future effect by notifying the controller mentioned above or DHL Express.
- DPD
As a shipping provider, we use the following company: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany.
We will share your email address and/or telephone number with DPD prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, in accordance with Art. 6 (1) lit. a GDPR, if you have expressly consented to this during the order process. Otherwise, we will only share the recipient’s name and delivery address with DPD for the purpose of delivery, in accordance with Art. 6 (1) lit. b GDPR. The transfer will only occur as far as necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification with DPD will not be possible.
You can revoke your consent at any time with future effect by notifying the controller mentioned above or DPD.
- DPD Austria
As a shipping provider, we use the following company: DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, Leopoldsdorf 2333, Austria.
We will share your email address and/or telephone number with DPD Austria prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, in accordance with Art. 6 (1) lit. a GDPR, if you have expressly consented to this during the order process. Otherwise, we will only share the recipient’s name and delivery address with DPD Austria for the purpose of delivery, in accordance with Art. 6 (1) lit. b GDPR. The transfer will only occur as far as necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification with DPD Austria will not be possible.
You can revoke your consent at any time with future effect by notifying the controller mentioned above or DPD Austria.
8.3 Use of Payment Service Providers (Payment Services)
- Apple Pay
If you choose the “Apple Pay” payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” function on your iOS, watchOS, or macOS device by charging a payment card stored in “Apple Pay.” Apple Pay uses security features built into your device’s hardware and software to protect your transactions. To authorize a payment, you will need to enter a previously defined code and verify using the “Face ID” or “Touch ID” function on your device.
For the purpose of processing the payment, the information you provide during the order process, along with information about your order, will be transmitted to Apple in encrypted form. Apple re-encrypts this data using a developer-specific key before sending it to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment information. After the payment has been completed, Apple sends a device account number and a transaction-specific dynamic security code to the originating website to confirm the payment.
If personal data is processed during these transmissions, it is done solely for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.
Apple stores anonymized transaction data, such as the approximate purchase amount, date, and time, as well as whether the transaction was successful. The anonymization ensures that personal identification is entirely excluded. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made through Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on Apple servers. Apple does not process or store this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac by adjusting the settings on your iPhone. Go to “Wallet & Apple Pay” and disable “Allow Payments on Mac.”
For more information on Apple Pay’s privacy practices, please visit: https://support.apple.com/en-us/HT203027
- iDeal
This website offers one or more online payment methods from the following provider: Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands.
When you choose a payment method from the provider where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and credit card information, currency, and transaction number) provided during the order process, as well as information about your order, will be forwarded to the provider in accordance with Art. 6 (1) lit. b GDPR. Your data will be transmitted solely for the purpose of processing the payment with the provider and only to the extent necessary.
- Klarna
This website offers one or more online payment methods from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.
When you choose a payment method from the provider where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and credit card information, currency, and transaction number) provided during the order process, as well as information about your order, will be forwarded to the provider in accordance with Art. 6 (1) lit. b GDPR. Your data will be transmitted solely for the purpose of processing the payment with the provider and only to the extent necessary.
When selecting a payment method where the provider advances the payment (e.g., invoice or installment purchase, direct debit), you will also be required to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly data related to an alternative payment method) during the ordering process.
To protect our legitimate interest in assessing our customers’ creditworthiness, this data will be transmitted to the provider for the purpose of a credit check, in accordance with Art. 6 (1) lit. f GDPR. The provider will evaluate whether the payment option selected by you can be granted based on your personal data and additional data (such as shopping cart contents, invoice amount, order history, and payment experiences).
For credit checks, Klarna may also include identity and credit information from the following agencies in its assessment in accordance with Art. 6 (1) lit. f GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_us/credit_rating_agencies
The credit report may include probability values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values may include, but is not limited to, address data.
You may object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if it is necessary for the contractual payment processing.
- Masterpayment
This website offers one or more online payment methods from the following provider: Masterpayment LTD, 483 Green Lanes, London, N13 4BS, United Kingdom.
When selecting a payment method where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and credit card information, currency, and transaction number) provided during the order process, as well as information about your order, will be forwarded to the provider in accordance with Art. 6 (1) lit. b GDPR. Your data will be transmitted solely for the purpose of processing the payment with the provider and only to the extent necessary.
When selecting a payment method where the provider advances the payment (e.g., invoice or installment purchase, direct debit), you will also be required to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly data related to an alternative payment method) during the ordering process.
To protect our legitimate interest in assessing our customers’ creditworthiness, this data will be transmitted to the provider for the purpose of a credit check, in accordance with Art. 6 (1) lit. f GDPR. The provider will evaluate whether the payment option selected by you can be granted based on your personal data and additional data (such as shopping cart contents, invoice amount, order history, and payment experiences).
For credit checks, Masterpayment may also include identity and credit information from the following agencies in its assessment in accordance with Art. 6 (1) lit. f GDPR:
- Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany
- CRIF GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Germany
- SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Germany
The credit report may include probability values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values may include, but is not limited to, address data.
You may object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if it is necessary for the contractual payment processing.
When data is transferred to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
- Mollie
This website offers one or more online payment methods from the following provider: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands.
When selecting a payment method where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and credit card information, currency, and transaction number) provided during the order process, as well as information about your order, will be forwarded to the provider in accordance with Art. 6 (1) lit. b GDPR. Your data will be transmitted solely for the purpose of processing the payment with the provider and only to the extent necessary.
- PayPal Checkout
This website uses PayPal Checkout, an online payment system provided by PayPal, which consists of PayPal’s own payment methods and local third-party payment methods.
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – where offered – “Pay Later” via PayPal, we will share your payment data with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) for payment processing, in accordance with Art. 6 (1) lit. b GDPR. Data is only transmitted to the extent necessary for payment processing.
PayPal reserves the right to conduct a credit check for credit card payments via PayPal, direct debit via PayPal, or – where offered – “Pay Later” via PayPal. For this purpose, PayPal may share your payment data with credit agencies in accordance with Art. 6 (1) lit. f GDPR based on PayPal’s legitimate interest in determining your creditworthiness. The result of the credit check will determine PayPal’s decision to provide the respective payment method. The credit check may include probability values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values may include, but is not limited to, address data.
You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if it is necessary for the contractual payment processing.
If the PayPal “Purchase on Invoice” payment method is available and selected, your payment data will first be transmitted to PayPal to prepare the payment, and PayPal will then forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to process the payment. The legal basis is Art. 6 (1) lit. b GDPR. In this case, RatePay will conduct an identity and credit check in its own name to determine creditworthiness, according to the principle described above, and will transmit your payment data to credit agencies in accordance with Art. 6 (1) lit. f GDPR, based on the legitimate interest in determining creditworthiness. A list of the credit agencies Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using a local third-party payment method, your payment data will first be transmitted to PayPal to prepare the payment in accordance with Art. 6 (1) lit. b GDPR. Depending on your selection of a local payment method, PayPal will then transmit your payment data to the respective provider for payment processing, in accordance with Art. 6 (1) lit. b GDPR.
The following local payment methods are available through PayPal:
- Apple Pay (Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
- iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
- bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
For more information about PayPal’s privacy practices, please refer to the PayPal privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
9) Online Marketing
Google AdSense
This website uses Google AdSense, a web advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses cookies, which are text files stored on your computer that allow for the analysis of how you use the website. Additionally, Google AdSense uses web beacons (small invisible graphics) to collect information, allowing simple actions like visitor traffic on the website to be recorded, collected, and evaluated. The information generated by the cookie and/or web beacon (including your IP address) about your use of this website is usually transmitted to a Google server and stored there. This may also involve the transmission of data to Google LLC’s servers in the USA.
Google uses the information it collects to evaluate your usage of the website in relation to the AdSense ads. The IP address transmitted by your browser as part of Google AdSense is not merged with other Google data. The information collected by Google may be transferred to third parties if required by law and/or if third parties process the information on Google’s behalf.
All the aforementioned processing, especially reading information from your device via cookies and/or web beacons, will only be carried out if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without this consent, Google AdSense will not be used during your visit to the website.
You can revoke your consent at any time with future effect by disabling this service through the “Cookie Consent Tool” provided on the website.
For data transfers to the USA, the provider adheres to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further information on Google’s privacy policies can be found here:
https://business.safety.google/intl/en/privacy/
https://www.google.com/policies/privacy/
10) Web Analytics Services
10.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which allows for the analysis of your use of our website.
By default, when you visit the website, Google Analytics 4 sets cookies that are stored on your device as small text files and collect certain information. This information includes your IP address, which is truncated by Google to exclude direct personal identification.
The information is transmitted to and processed on Google’s servers. Data transfers to Google LLC in the USA may also occur.
Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide additional services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics and truncated by Google is not merged with other Google data. The data collected via Google Analytics 4 will be stored for two months and then deleted.
All of the aforementioned processing, particularly the setting of cookies on your device, will only occur if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the website. You can revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service through the “Cookie Consent Tool” provided on the website.
We have entered into a data processing agreement with Google that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For more legal information on Google Analytics 4, please visit:
https://business.safety.google/intl/en/privacy/
https://policies.google.com/privacy?hl=en
https://policies.google.com/technologies/partner-sites
Demographic Features
Google Analytics 4 uses the special “demographic features” function to create statistics about the age, gender, and interests of website visitors. This is done through the analysis of ads and third-party information. Target audiences for marketing activities can be identified through this data. However, the collected data cannot be attributed to any specific individual and will be deleted after two months.
Google Signals
As an extension of Google Analytics 4, this website may use Google Signals to create cross-device reports. If you have personalized ads enabled and have linked your devices to your Google account, Google may analyze your usage behavior across devices and create database models, including cross-device conversions, subject to your consent to use Google Analytics in accordance with Art. 6 (1) lit. a GDPR. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the “Personalized Ads” function in your Google account settings by following the instructions here: https://support.google.com/ads/answer/2662922?hl=en
Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=en
User IDs
As an extension of Google Analytics 4, this website may use the “User IDs” feature. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, created an account on this website, and log in across different devices, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, the provider adheres to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
10.2 Google Tag Manager
This website uses “Google Tag Manager,” a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analysis services, and for calibrating, controlling, and linking them via a unified user interface. Google Tag Manager itself does not store or read information on user devices. It also does not perform its own data analysis. However, Google Tag Manager transmits your IP address to Google upon page loading, where it may be stored. Data transfers to Google LLC’s servers in the USA may also occur.
This processing will only occur if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google Tag Manager will not be used during your visit to the website. You can revoke your consent at any time with future effect by disabling this service in the “Cookie Consent Tool” provided on the website.
We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider adheres to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further legal information on Google Tag Manager can be found at:
https://business.safety.google/intl/en/privacy/
https://policies.google.com/privacy?hl=en
11) Retargeting/Remarketing and Conversion Tracking
11.1 Google Ads Remarketing
This website uses the retargeting technology of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
For this purpose, Google places a cookie in your device’s browser, which automatically enables interest-based advertising using a pseudonymous cookie ID based on the pages you visit. Further data processing only occurs if you have agreed with Google that your internet and app browsing history will be linked to your Google account and that information from your Google account will be used to personalize ads you view on the web. If you are logged into Google during your visit to our website, Google uses your data along with Google Analytics data to create and define cross-device remarketing audience lists. To do this, Google temporarily links your personal data with Google Analytics data to form audiences. As part of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.
All the processing described above, particularly the setting of cookies for reading information on your device, will only be carried out if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without this consent, retargeting technology will not be used during your website visit.
You can revoke your consent at any time with future effect. To exercise your revocation, please disable this service through the “Cookie Consent Tool” provided on the website.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Details on Google’s processing and how Google handles website data can be found here:
https://policies.google.com/technologies/partner-sites
Further information on Google’s privacy policy can be found here:
https://business.safety.google/intl/en/privacy/
https://www.google.com/policies/privacy/
11.2 Google Ads Conversion Tracking
This website uses the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offers on external websites through advertising materials (so-called Google AdWords). We can determine how successful each advertising measure is by analyzing the data of the advertising campaigns. Our goal is to show you advertisements that are of interest to you, make our website more appealing, and achieve a fair calculation of advertising costs.
The cookie for conversion tracking is set when a user clicks on a Google Ads advertisement. Cookies are small text files stored on your device. These cookies typically expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of Google Ads customers. The information collected through the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that could personally identify users. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC in the USA.
Details on the processing initiated by Google Ads Conversion Tracking and how Google handles website data can be found here:
https://policies.google.com/technologies/partner-sites
All the processing described above, particularly the setting of cookies for reading information on your device, will only be carried out if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by disabling this service in the “Cookie Consent Tool” provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in available at the following link:
https://www.google.com/settings/ads/plugin?hl=en
Please note that certain functions of this website may not be available or may be limited if you have disabled the use of cookies.
Google’s privacy policy can be viewed here:
https://business.safety.google/intl/en/privacy/
https://www.google.com/policies/privacy/
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
11.3 Google Marketing Platform
This website uses the online marketing tool Google Marketing Platform (GMP) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“GMP”).
GMP uses cookies to serve relevant ads to users, improve campaign performance reports, or prevent users from seeing the same ads multiple times. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being shown multiple times. Additionally, GMP can track conversions associated with ad requests using cookie IDs. This happens, for example, when a user sees a GMP ad and later visits the advertiser’s website using the same browser and makes a purchase. According to Google, GMP cookies do not contain personally identifiable information.
Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server.
We have no control over the extent and further use of the data collected through the use of this tool by Google and can only inform you based on our level of knowledge: By integrating GMP, Google receives the information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or are not logged in, there is a possibility that the provider may obtain your IP address and store it. As part of the use of GMP, personal data may also be transmitted to the servers of Google LLC in the USA.
All the processing described above, particularly the setting of cookies for reading information on your device, will only be carried out if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by disabling this service in the “Cookie Consent Tool” provided on the website.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
GMP by Google’s privacy policy can be found here:
https://business.safety.google/intl/en/privacy/
https://www.google.com/policies/privacy/
12) Site Functionalities
12.1 Trusted Shops Trustbadge
Our website integrates graphical elements from the following provider to display external customer reviews and/or a certification mark: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany.
When you access a page on our website that contains such graphical elements, your browser establishes a direct connection with the provider’s servers to load the elements properly. During this process, certain browser information, including your IP address, is transmitted to the provider.
If personal data is processed, it is done in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in the optimal marketing of our offering and the appealing design of our website.
In the case of an online order, additional processing may occur.
Depending on your explicit consent according to Art. 6 (1) lit. a GDPR, after completing an order, your order information (order total, order number, possibly purchased product) and your email address will be encrypted and transmitted to the provider to verify if there is a registration for the provider’s services (especially buyer protection) and potentially enable new registration.
In the case of a verified existing registration or a new registration for the provider’s services (especially buyer protection), your order information (order total, order number, purchased product) and your email address will be transmitted to the provider and processed in accordance with the contractual agreement with the provider under Art. 6 (1) lit. b GDPR to provide the services (especially buyer protection).
We are jointly responsible with the provider for the above-described processing under Art. 26 GDPR. The joint responsibility agreement can be viewed here: https://help.etrusted.com/hc/en/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO
12.2 Google Maps
This website uses an online map service from the following provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service that allows interactive maps to visually display geographical information. By using this service, our location will be shown to you, and directions may be easier to find.
When you access the subpages where Google Maps is integrated, information about your usage of our website (e.g., your IP address) is transmitted to Google’s servers and stored there, including possible data transfers to the servers of Google LLC in the USA. This occurs whether or not Google provides a user account through which you are logged in. If you are logged into Google, your data will be directly associated with your account. If you do not want the association with your Google profile, you must log out before activating the button. Google stores your data (even for users not logged in) as usage profiles and evaluates them.
This collection, storage, and evaluation are carried out in accordance with Art. 6 (1) lit. f GDPR based on Google’s legitimate interest in personalized advertising, market research, and/or the tailored design of Google websites. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree with future transmission of your data to Google when using Google Maps, you can disable the Google Maps web service entirely by turning off JavaScript in your browser. Google Maps, and thus the map display on this website, will then not be usable.
Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the procedures described above to object.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further information on Google’s privacy policies can be found here: https://business.safety.google/intl/en/privacy/
12.3 Google Maps API
To allow real-time error detection in the address form of our webshop’s checkout process, we use the services of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transferred to: Google LLC, USA.
The provider validates the entered address, verifies the spelling, and adds missing data if necessary. For unclear addresses, correct alternative suggestions are shown. For this, the address data you entered will be transmitted to the provider, stored, and evaluated.
This processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in properly recording correct customer address data to fulfill our contractual delivery obligations and prevent contract execution issues.
The provider processes the affected data separately, does not merge it with other data sets, and deletes it as soon as its status or accuracy is confirmed, but no later than 30 days.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further information on Google’s privacy policies can be found here: https://business.safety.google/intl/en/privacy/
12.4 FontAwesome
This website uses web fonts provided by the following provider to ensure uniform font display: Fonticons, Inc., 710 Blackhorn Dr, Carl Junction, 64834, MO, USA.
When you visit a page, your browser loads the required web fonts into its cache to display texts and fonts correctly and establishes a direct connection with the provider’s servers. Certain browser information, including your IP address, is transmitted to the provider.
Processing of personal data in connection with accessing the font provider’s servers only occurs if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by disabling this service through the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a default font from your computer will be used.
For data transfers to the USA, the provider relies on the European Commission’s standard contractual clauses to ensure compliance with European data protection standards.
12.5 Google Web Fonts
This website uses web fonts provided by the following provider for uniform font display: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you visit a page, your browser loads the required web fonts into its cache to display texts and fonts correctly and establishes a direct connection with the provider’s servers. Certain browser information, including your IP address, is transmitted to the provider.
Data may also be transferred to: Google LLC, USA.
Processing of personal data in connection with accessing the font provider’s servers only occurs if you have given your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by disabling this service through the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a default font from your computer will be used.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further information on Google’s privacy policies can be found here: https://business.safety.google/intl/en/privacy/
12.6 Google reCAPTCHA
This website uses the CAPTCHA service provided by: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transferred to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses “Google Fonts,” i.e., fonts loaded from the internet by Google. No further information is processed beyond what is already transmitted through the reCAPTCHA functionality.
The service checks whether an input is made by a human or abusively by machine and automated processing, blocking spam, DDoS attacks, and similar automated malicious access. To ensure that an action is taken by a human and not an automated bot, the provider collects the IP address of the device, identification data of the browser and operating system type used, and the date and duration of the visit, and transmits this information to the provider’s servers for analysis.
The legal basis is our legitimate interest in determining individual responsibility on the internet and preventing misuse and spam, in accordance with Art. 6 (1) lit. f GDPR.
We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/en/privacy/
12.7 Google Customer Reviews (formerly Google Certified Merchant Program)
We collaborate with Google as part of the “Google Customer Reviews” program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program allows us to collect customer reviews from users of our website. After making a purchase on our website, you will be asked whether you wish to participate in an email survey from Google.
If you provide your consent in accordance with Art. 6 (1) lit. a GDPR, we will transmit your email address to Google. You will then receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. The review you submit will be combined with our other reviews and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your review will also be used for Google Seller Ratings. As part of the Google Customer Reviews program, personal data may also be transferred to the servers of Google LLC in the USA.
You can revoke your consent at any time by sending a message to the data controller or directly to Google.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/en/privacy/
13) Tools and Other Services
Cookie Consent Tool
This website uses a “Cookie Consent Tool” to obtain valid user consent for cookies that require consent and cookie-based applications. The “Cookie Consent Tool” is displayed to users when the website is accessed in the form of an interactive user interface, allowing users to give consent for certain cookies and/or cookie-based applications by checking boxes. The tool ensures that only cookies that require consent are loaded when the respective user has provided consent by checking the relevant boxes. This ensures that such cookies are only set on the user’s device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is not processed in this context.
If, in individual cases, personal data (such as IP addresses) is processed for the purpose of storing, assigning, or logging cookie settings, this processing is carried out in accordance with Art. 6 (1) lit. f GDPR, based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management system for cookies and the legally compliant design of our website.
Another legal basis for the processing is Art. 6 (1) lit. c GDPR, as we are legally obliged to obtain user consent for non-essential cookies.
Where necessary, we have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
Further information about the operator and the configuration options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
14) Rights of the Data Subject
14.1 Under applicable data protection law, you are entitled to the following rights regarding the processing of your personal data, with respect to the data controller (referred to as “rights of access and intervention”). The specific conditions for exercising these rights are referenced by the applicable legal basis:
- Right to access according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing according to Art. 18 GDPR;
- Right to notification according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to withdraw consent according to Art. 7 (3) GDPR;
- Right to lodge a complaint according to Art. 77 GDPR.
14.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR PREDOMINANT LEGITIMATE INTERESTS AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA AFFECTED. HOWEVER, FURTHER PROCESSING MAY BE RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING. YOU CAN EXERCISE THIS RIGHT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
15) Duration of Storage of Personal Data
The duration of the storage of personal data depends on the respective legal basis, the processing purpose, and, if applicable, the relevant statutory retention period (e.g., commercial and tax retention periods).
When personal data is processed based on explicit consent in accordance with Art. 6 (1) lit. a GDPR, the data concerned will be stored until you withdraw your consent.
If there are statutory retention periods for data processed in the context of contractual or quasi-contractual obligations under Art. 6 (1) lit. b GDPR, such data will be routinely deleted after the retention periods have expired, provided they are no longer required for contract fulfillment or initiation, and/or there is no legitimate interest in continuing to store them.
When personal data is processed based on Art. 6 (1) lit. f GDPR, such data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
When personal data is processed for the purpose of direct marketing under Art. 6 (1) lit. f GDPR, such data will be stored until you exercise your right to object under Art. 21 (2) GDPR.
Unless otherwise indicated in the specific information of this declaration regarding particular processing situations, stored personal data will be deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.