Privacy policy
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:
VONMÄHLEN GmbH
Vor dem Bardowicker Tore 49
21339 Lüneburg
Germany
Telephone: +49 (0) 4131 220 95 25
Email: d.stumpf@vonmaehlen.com
Name and address of the data protection officer
The controller’s data protection officer is:
D-ISO GmbH
Thomas Seßner
Hofstettener Weg 1
91154 Roth
0175/7230808
Thomas.Sessner@d-iso.com
General information on data processing
Legal basis for the processing of personal data
In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing activities. Unless the legal basis is specifically stated in the privacy notice, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR. The legal basis for processing for the performance of our services and the implementation of contractual measures as well as for responding to inquiries is Art. 6 para. 1 lit. b GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR. If the processing of your data is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Data deletion and storage duration
We adhere to the principles of data minimization pursuant to Art. 5 para. 1 lit. c GDPR and storage limitation pursuant to Art. 5 para. 1 lit. e GDPR. We store your personal data only for as long as is necessary to achieve the purposes stated here or as required by the retention periods provided for by law. Once the respective purpose ceases to apply or these retention periods expire, the corresponding data will be deleted as quickly as possible.
Notice on data transfer to third countries
Tools from companies based in third countries are also integrated on our website. If these tools are active, your personal data may be transferred to the servers of the respective companies. The level of data protection in third countries generally does not correspond to EU data protection law. There is therefore a risk that your data may be passed on to authorities in these countries. We have no influence over these processing activities.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any website outside our responsibility, please note that these websites have their own privacy information. We assume no responsibility or liability for these external websites and their privacy notices. Therefore, before using these websites, please check whether you agree with their privacy policies.
You can recognize external links either by the fact that they are somewhat color-highlighted from the rest of the text or underlined. Your cursor will indicate external links when you move it over such a link. Your personal data is only transferred to the target of the link when you click on an external link. In particular, the operator of the other website receives your IP address, the time at which you clicked the link, the page on which you clicked the link, and other information that you can find in the privacy notices of the respective provider.
Please also note that individual links may lead to data being transferred outside the European Economic Area. As a result, foreign authorities could gain access to your data. You may not have any legal remedies against these data accesses. If you do not want your personal data to be transferred to the link destination or to be exposed to access by foreign authorities, please do not click on any links.
Rights of the data subject
As a data subject within the meaning of the GDPR, you have the possibility to assert various rights. The data subject rights arising from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right to withdraw consent:
Some data processing operations can only take place with your express consent. You have the option to withdraw your consent at any time. However, the lawfulness of the data processing carried out until the withdrawal remains unaffected by this.
Right to object:
If the processing is based on Art. 6 para. 1 lit. e or f GDPR, you as the data subject may object at any time to the processing of your personal data for reasons arising from your particular situation. This right also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR. Unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims, we will refrain from processing your data once you have objected.
If personal data is processed for the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling insofar as it is connected with direct marketing. In this case too, we will no longer process personal data as soon as you object.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement.
Right to data portability:
If your data is processed automatically on the basis of consent or in fulfillment of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. In addition, you have the right to request the transfer and provision of the data to another controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to receive information about your processed personal data with regard to the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions on this topic or on other topics relating to personal data, you can of course contact us using the contact options provided in the legal notice.
Right to restriction of processing:
You may request the restriction of the processing of your personal data at any time. To do so, one of the following conditions must be met:
- You contest the accuracy of the personal data. For the duration of the verification of the accuracy, you have the right to request restriction of processing.
- If processing is unlawful, you may request the restriction of the use of the data instead of erasure.
- If we no longer need your personal data for the purposes of processing, but you need the data for the establishment, exercise or defense of legal claims, you may request the restriction of processing instead of erasure.
- If you have objected to processing pursuant to Art. 21 para. 1 GDPR, a balancing of your interests and our interests will be carried out. Until this balancing has taken place, you have the right to request restriction of processing.
If processing has been restricted, these personal data may – apart from storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Provision of the website (web host)
Our website is hosted by:
Shopify International Ltd.
2nd Floor 1 and 2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32
Ireland
The server location is Canada.
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.
These are:
- IP address of the website visitor’s device
- Device used
- Hostname of the accessing computer
- Visitor’s operating system
- Browser type and version
- Name of the retrieved file
- Time of the server request
- Amount of data
- Information on whether the retrieval of the data was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we may also have it operated on the server of an external service provider (hosting company), which we named above in this case. The personal data collected by this website is then stored on the servers of the hosting company. In addition to the data mentioned above, the web host also stores contact inquiries, contact details, names, website access data, meta and communication data, contract data and other data generated via a website for us, for example.
The legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed in order to enter into contract negotiations with us or to conclude a contract, the further legal basis is Art. 6 para. 1 lit. b GDPR. In the event that we have commissioned a hosting company, an order processing agreement exists with this service provider.
Use of local storage items, session storage items and cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the “day mode” or “night mode” of a website, and remains until you manually delete the data. Session storage is very similar to local storage, although the storage duration only lasts for the current session, i.e. until the current tab is closed. Afterwards, the session storage items are deleted from your end device. Cookies are pieces of information that a web server (server that provides web content) stores on your end device in order to identify that end device. They are either stored temporarily for the duration of a session (session cookies) and deleted after the end of your visit to a website or stored permanently (persistent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects may also be stored on your end device by third-party companies when you enter our site (third-party requests). This enables us as the operator and you as the visitor of this website to make use of certain services provided by third parties that are installed on this website. Examples include the processing of payment services or the display of videos.
These mechanisms have a wide range of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and convenience of website use and also carry out analyses of visitor flows and behavior. Depending on the individual functions, they must be classified under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or serve to optimize the website (e.g. cookies for measuring visitor behavior), they are used on the basis of Art. 6 para. 1 lit. f GDPR. As website operator, we have a legitimate interest in storing local storage items, session storage items and cookies for the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are stored only on the basis of your express consent (Art. 6 para. 1 lit. a GDPR).
Insofar as local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you of this separately within the framework of this privacy notice. Your required consent will be requested and can be revoked at any time.
Use of external services
External services are used on our website. External services are services from third-party providers that are used on our website. This may occur for various reasons, for example for embedding videos or for the security of the website. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a legitimate interest in the use of these services, we obtain your revocable consent as a visitor to our website before using them (Art. 6 para. 1 lit. a GDPR).
Analytics
To analyze user behavior, we process personal data of website visitors. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This enables us to improve the user-friendliness of our website. The analysis tools used may, for example, be used to create user profiles for the display of targeted or interest-based advertising messages, recognize our website visitors on their next visit to our website, measure their click/scroll behavior, their downloads, create heatmaps, recognize page views, measure the duration of visits or bounce rates, and trace the origin of website visitors (city, country, from which page the visitor came). With the help of the analysis tools, we can improve our market research and marketing activities.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Analytics
We use the service Google Analytics on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.
The service uses the following cookies on our website:
| Name | Storage duration | Type | Purpose |
|---|---|---|---|
| _ga | 400 days | 1st-Party Cookie |
Contains a randomly generated user ID. Based on this ID, Google Analytics can recognize returning users on this website and merge data from previous visits. |
| _ga_2QJ7QZWLH5 | 400 days | 1st-Party Cookie |
Collects data on how often a user has visited a website, as well as data for the first and last visit. |
Microsoft Clarity
We use the service Microsoft Clarity on our website. The provider of the service is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://privacy.microsoft.com/de-de/privacystatement.
The service uses cookies on our website and stores data in the browser’s local or session storage:
| Name | Storage duration | Type | Purpose |
|---|---|---|---|
| _clck | Session | 1st-Party Cookie |
This cookie is used to store a unique user ID. |
| _clsk | Session | 1st-Party Cookie |
This cookie is used to store a user’s page views and combine them into a single session recording. |
| _cltk | Session | 1st-Party Session Storage | Stored by Microsoft Clarity on the local end device. |
Shopify Analytics
We use the service Shopify Analytics on our website. The provider of the service is Shopify International Ltd., 2nd Floor 1 and 2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
By using the service, data may be transferred to a third country (Canada). The European Commission has confirmed an adequate level of data protection for the country by means of an adequacy decision.
Further information can be found in the provider’s privacy policy at the following URL: https://www.shopify.com/legal/privacy?shpxid=1c1444d0-C70E-43BB-AD1E-BB3774A7C8C0.
The service uses the following cookies on our website:
| Name | Storage duration | Type | Purpose |
|---|---|---|---|
| _shopify_s | 30 minutes | 1st-Party Cookie |
This cookie is used in connection with Shopify Analytics. |
| _shopify_y | 365 days | 1st-Party Cookie |
This cookie is used in connection with Shopify Analytics. |
Review platform
We use review platforms to display collected reviews on our website and thereby build trust among users. The collected reviews are published on our website. When the website is accessed, a connection to the respective provider is established and data of the website visitor is transmitted. Personal data processed in this context includes, for example, the IP address.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Content Delivery Network (CDN)
We use a Content Delivery Network (CDN) in order to optimize the performance and availability of our website. For this purpose, your IP address and the information as to when you visited our website are processed by this service provider providing the network. Further information on data processing by this service provider can be found in its privacy notices.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest in using a Content Delivery Network lies in being able to present our website as quickly, securely and reliably as possible.
Amazon CloudFront
We use the service Amazon CloudFront on our website. The provider of the service is Amazon Web Services EMEA S.à r.l., 38 Avenue John F. Kennedy L-1855, Luxembourg.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://aws.amazon.com/de/privacy/.
Google APIs CDN
We use the service Google APIs CDN on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.
Image optimization tool
We use tools that assist us in optimizing image content on the website. This enables us to make our website clearer and more appealing.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
ImgIX
We use the service ImgIX on our website. The provider of the service is Zebrafish Labs Inc., 423 Tehama St, San Francisco, California, 94103, USA.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://imgix.com/privacy.
Hosting
Hosting means providing web space and the files located on it by a web host.
This involves the transfer and storage of personal data on the servers of the web host. In particular, the IP addresses, meta and communication data of users as well as data on website accesses are processed. When a website visitor accesses the site, a connection to the servers of the web host is established. In this process, personal data of the website visitor is processed.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest lies in being able to display our website and make it available on the internet.
Amazon Web Services
We use the service Amazon Web Services on our website. The provider of the service is Amazon Web Services EMEA S.à r.l., 38 Avenue John F. Kennedy L-1855, Luxembourg.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://aws.amazon.com/de/privacy/.
Marketing
Tools are used on our website that offer services relating to campaigns, web analytics and personalization. This enables a central and cross-application collection of all data, which in turn is necessary for the optimization and planning of digital campaigns. These services may be set and used via our website by our advertising partners in order to create a profile of your interests and show you relevant advertisements on other websites.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
PushOwl
We use the service PushOwl on our website. The provider of the service is Creatorbox Softwares Private Limited, 463, Shri Krishna Temple Rd, Indira Nagar 1st Stage, Bengaluru-560038, Karnataka, India.
As this service is hosted locally on the web server, no data is transferred to third parties.
The service stores the following data in the browser’s local or session storage:
| Name | Storage duration | Type | Purpose |
|---|---|---|---|
| pushowl_current_config_key | Session | 1st-Party Session Storage |
This cookie is used to manage the configuration settings of PushOwl notifications for users visiting a website. |
| pushowl_landing_page_url | Session | 1st-Party Session Storage | Stored by PushOwl on the local end device. |
| pushowl_landing_page_url_params | Session | 1st-Party Session Storage | Stored by PushOwl on the local end device. |
| pushowl_original_url_params | Persistent | 1st-Party Local Storage | Stored by PushOwl on the local end device. |
| pushowl_referrer | Session | 1st-Party Session Storage | Stored by PushOwl on the local end device. |
| pushowl_session_token | Session | 1st-Party Session Storage | Stored by PushOwl on the local end device. |
| pushowl_shopify_config-1.5-f586bcfd-ba73-40b5-aab1-21af2ad30cdc | Session | 1st-Party Session Storage | Stored by PushOwl on the local end device. |
| pushowl_subdomain | Session | 1st-Party Session Storage | Stored by PushOwl on the local end device. |
| pushowl_visitor_token | Persistent | 1st-Party Local Storage | Stored by PushOwl on the local end device. |
Newsletter tools
As part of our marketing activities, we offer you the option of subscribing to our newsletter via our website. To subscribe to the newsletter, you go through a registration process during which we verify whether you are the owner of the email address provided and whether you agree to receive our newsletter. The data remains with us or with the newsletter service provider commissioned by us for the duration of your voluntary subscription until you unsubscribe from the newsletter. If you unsubscribe from the newsletter, you will be deleted from the mailing list. This list is not merged with other data. However, unsubscribing from the newsletter does not result in data stored for other purposes (e.g. customer accounts) also being deleted.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Brevo
We use the service Brevo on our website. The provider of the service is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is used for sending emails, in particular newsletters as well as transactional emails. In this context, personal data (e.g. email address, name as well as interaction data such as open and click rates) may be processed.
Processing is generally carried out on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR or for the implementation of pre-contractual measures or for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.
Brevo also enables the analysis of user behavior in connection with sent emails. For this purpose, emails may contain so-called tracking pixels or links that enable an analysis of opening and clicking behavior. This data is used to optimize content and improve the relevance of future communication.
A transfer of data to third countries cannot be ruled out. However, Brevo uses suitable safeguards (e.g. standard contractual clauses) to ensure an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL:
https://de.sendinblue.com/legal/privacypolicy/
Project management
The use of a project management tool enables clear planning, control and monitoring of pending projects. This allows us to handle pending projects more efficiently and better monitor the ongoing process. This involves the processing of personal data such as names, personnel numbers or working time records.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Interface software
Business processes become more cost-effective, faster and less error-prone when they are automated by means of software via interfaces. In this way, they can be integrated efficiently into company processes via your own website or via social networks. We use interface software on our website in order to link different applications and to securely transfer personal data from one application to another.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google APIs
We use the service Google APIs on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.
Search Engine
In order to make content on our website easier to find, a search engine from a third-party provider has been integrated. By integrating the search engine on the website, technical data such as the IP address is transmitted to the third-party provider.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
We use the service Google on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.
Social media
We use social media plugins to connect our website with our social media channels. The integration of the plugins is intended to make it easier for visitors to our website to follow our channels on social networks, share, like or comment on content. Some social media plugins make it possible to analyze the behavior of website visitors with regard to their behavior on social networks. The use of plugins is intended to increase the awareness and number of followers of our channels.
Personal data is also processed by the plugins and data is transferred to these social networks. This transfer occurs as soon as the website is accessed. Processed data includes, for example: name, address, email address, telephone number, access time, device information, IP address.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
We use the service Facebook on our website. The provider of the service is Meta Plattform Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, D02x525,, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://www.facebook.com/privacy/policy.
The service uses cookies on our website and stores data in the browser’s local or session storage:
| Name | Storage duration | Type | Purpose |
|---|---|---|---|
| _fbp | 90 days | 1st-Party Cookie |
This cookie is used to provide you with more relevant advertising on Facebook. |
| lastExternalReferrer | Persistent | 1st-Party Local Storage |
This cookie is used for attribution purposes. It makes it possible to determine via which link or which page a user reached the current page. |
| lastExternalReferrerTime | Persistent | 1st-Party Local Storage |
Determines how the user reached the website by recording their last URL address. |
Facebook Connect
We use the service Facebook Connect on our website. The provider of the service is Meta Plattform Ireland Limited (Marketplace), 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://de-de.facebook.com/policy.php.
Web security
We use tools on our website that protect against unauthorized access, spam or other attacks. This increases the security of our website.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest lies in being able to ensure the security of our website and to protect ourselves against unauthorized access, spam and other attacks.
Webshop
We offer our products and/or services via our webshop. As part of the sale of products and/or services, we collect, process and use your personal data (e.g. your name, your contact details, but also access times, device information or your IP address) for the processing of the purchase and payment process.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest lies in the error-free presentation and optimization of our webshop.
Shopify
We use the service Shopify on our website. The provider of the service is Shopify International Ltd., 2nd Floor 1 and 2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
By using the service, data may be transferred to a third country (Canada). The European Commission has confirmed an adequate level of data protection for the country by means of an adequacy decision.
Further information can be found in the provider’s privacy policy at the following URL: https://www.shopify.com/legal/privacy?shpxid=1c1444d0-C70E-43BB-AD1E-BB3774A7C8C0.
The service uses the following cookies on our website:
| Name | Storage duration | Type | Purpose |
|---|---|---|---|
| _shop_app_essential | 365 days | 3rd-Party Cookie, .shop.app | Stored by Shopify on the local end device. |
| _shopify_essential | 365 days | 1st-Party Cookie | Stored by Shopify on the local end device. |
Advertising
Tools are used on our website that facilitate or enable the placing of advertisements and the evaluation of the success of placed advertisements. For this purpose, personal data is processed, in particular the IP address, access times and device information.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Ads
We use the service Google Ads on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.
Google AdSense
We use the service Google AdSense on our website. The provider of the service is Google Ireland Limited (GV), Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.
The service uses the following cookies on our website:
| Name | Storage duration | Type | Purpose |
|---|---|---|---|
| _gcl_au | 90 days | 1st-Party Cookie |
The cookie is used by Google AdSense to experiment with advertising efficiency on websites using their services. |
Amazon CloudFront (CDN)
We use the content delivery network “Amazon CloudFront” from Amazon Web Services EMEA S.à r.l., 38 Avenue John F. Kennedy, L-1855 Luxembourg, to deliver our website worldwide with high performance and security. In this process, your IP address is transmitted to CDN servers and stored in log files.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the fast and stable provision of our online services. A data transfer to third countries (in particular the USA) is possible and takes place on the basis of suitable safeguards pursuant to Art. 46 GDPR.
Amazon Web Services (Hosting)
In addition to Shopify, we use infrastructure from Amazon Web Services (AWS) to provide individual functions of our website. In this context, server log files and other technical data required for the operation and security of the website are processed.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the reliable and secure operation of the website. A data transfer to the USA is possible; it takes place on the basis of suitable safeguards pursuant to Art. 46 GDPR.
Facebook / Meta (Marketing pixel & cookies)
Marketing functions from Meta Platforms Ireland Limited are used on our website (e.g. via the “fbp” cookie) in order to measure conversions and display interest-based advertising on Facebook/Instagram.
The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR. A transfer to the USA is possible; it takes place using the safeguards employed by Meta pursuant to Art. 46 GDPR.
Google Ads / AdSense / DoubleClick
We use various Google marketing services such as Google Ads, Google AdSense and DoubleClick (provider: Google Ireland Limited) to display advertisements and measure their success. For this purpose, Google sets cookies (e.g. gclid/gclau, IDE), which are used to analyze your usage behavior and display interest-based advertising to you.
The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR. A data transfer to the USA is possible and takes place on the basis of the EU-U.S. Data Privacy Framework or standard contractual clauses pursuant to Art. 46 GDPR.
GSI / GP One (Web security)
To protect our website, we use security services from GP One GmbH (“GSI”). In this context, cookies such as “AnalyseUnique” and local storage entries (“gsitrix”) are used, among other things, to detect attacks and ensure the stability of our website.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure and error-free provision of our website.
ImgIX (Image optimization)
We use the service ImgIX (Zebrafish Labs Inc., USA) for the optimization and fast delivery of images. In this context, your IP address is transmitted to ImgIX servers when image content is loaded.
The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR (insofar as the service is integrated in a controllable way via the consent tool); otherwise Art. 6 para. 1 lit. f GDPR with the legitimate interest in a performant presentation of our website.