Privacy Policy

Privacy Policy

Unless otherwise stated below, the provision of your personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.

Contact

Controller
Contact us if you wish. The controller for data processing is: curameo AG, Hersbrucker Str. 23, 91244 Reichenschwand Germany, 091519669040, kundenservice@klosterkitchen.com

Initiative customer contact by email

If you contact us proactively by email for business purposes, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of processing and responding to your contact request.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., advice on purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our predominant legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to such processing of personal data concerning you, which is based on Art. 6 para. 1 lit. f GDPR, for reasons arising from your particular situation.
We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form When using the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of contacting you.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., advice on purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our predominant legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to such processing of personal data concerning you, which is based on Art. 6 para. 1 lit. f GDPR, for reasons arising from your particular situation. We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Use of address validation by Google Maps API
We use address validation from Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland "Google") on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and if necessary, supplementing missing data. For incorrectly entered data, alternative suggestions for correcting the data are displayed. For this purpose, the address data you entered is transmitted to the provider, stored and evaluated there.
Among other things, the following information can be transmitted to Google and processed there: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transmitted to the USA. An adequacy decision by the EU Commission exists for the USA, the EU-US Data Privacy Framework (DPF). Google has certified itself under the DPF and has thus committed to complying with European data protection principles.
The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our predominant legitimate interest in correct data for the fulfillment of our contractual obligations. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It will be deleted by the provider as soon as the status of the entered data has been determined, but at the latest after 30 days.
Further information on terms of use and data protection at Google can be found at: https://cloud.google.com/maps-platform/terms (https://cloud.google.com/maps-platform/terms) or at https://www.google.de/policies/privacy/ (https://policies.google.com/privacy?gl=de).

Collection and Processing of Applications by Email
Website visitors interested in vacant positions advertised on our website can apply by email. In doing so, we collect your personal data only to the extent provided by you. This includes your contact details (e.g., name, email address, telephone number), information on your professional qualifications and education, information on further professional training, and performance-related certificates.
The data processing serves the purpose of establishing contact and making a decision regarding the establishment of an employment relationship with you. The provision of the data is necessary to carry out the application process. Failure to provide it means that the application process cannot be carried out. The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG for the implementation of pre-contractual measures (carrying out the application process as initiation of an employment contract).
Insofar as you have given us consent to process personal data for inclusion in our applicant pool, e.g., by checking a checkbox, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until withdrawal.
If, within the scope of the application process, special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants, such as information on the degree of severe disability, this is done on the basis of Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and the law of social security and social protection and fulfill our corresponding obligations.
We store your personal data for as long as this is necessary for the decision on your application. Your data will then be deleted after six months at the latest, unless you have consented to further processing and use. If an employment relationship arises after the application process, the provided data will be further processed on the basis of Art. 6 para. 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG for the purpose of carrying out the employment relationship and subsequently transferred to the personnel file.

Collection and processing when using the application form
When using the application form, we collect your personal data only to the extent provided by you. This includes your contact details (e.g., name, email address, telephone number), information on your professional qualifications and education, information on further professional training, and performance-related certificates.
The data processing serves the purpose of establishing contact and making a decision regarding the establishment of an employment relationship with you. The provision of the data is necessary to carry out the application process. The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG for the implementation of pre-contractual measures (carrying out the application process as initiation of an employment contract).
Insofar as you have given us consent to process personal data for inclusion in our applicant pool, e.g., by checking a checkbox, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until withdrawal.

If, within the scope of the application process, special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants, such as information on the degree of severe disability, this is done on the basis of Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and the law of social security and social protection and fulfill our corresponding obligations.

We store your personal data for as long as this is necessary for the decision on your application. Your data will then be deleted after six months at the latest, unless you have consented to further processing and use. If an employment relationship arises after the application process, the provided data will be further processed on the basis of Art. 6 para. 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG for the purpose of carrying out the employment relationship and subsequently transferred to the personnel file. WhatsApp Business
If you contact us for business purposes via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "WhatsApp"). If you reside outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The data processing serves the purpose of processing and responding to your contact request. For this purpose, we collect and process your mobile phone number stored with WhatsApp, your name if provided, and other data to the extent provided by you. We use a mobile device for the service, in whose address book only data of users who have contacted us via WhatsApp are stored. Therefore, no personal data is passed on to WhatsApp without you having already consented to this with WhatsApp.
Your data will be transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA. For the USA, an adequacy decision by the EU Commission exists, the EU-US Data Privacy Framework (DPF). Meta Platforms Inc. has certified itself under the DPF and has thus committed to complying with European data protection principles. If the contact is for the purpose of carrying out pre-contractual measures (e.g., advice on purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our predominant legitimate interest in providing quick and easy contact and in responding to your request. In this case, you have the right to object at any time to such processing of personal data concerning you, which is based on Art. 6 para. 1 lit. f GDPR, for reasons arising from your particular situation.
We only use your personal data to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Further information on terms of use and data protection when using WhatsApp can be found at https://www.whatsapp.com/legal/#terms-of-service (https://www.whatsapp.com/legal/#terms-of-service) and https://www.whatsapp.com/legal/#privacy-policy (https://www.whatsapp.com/legal/#privacy-policy).

Customer Account Orders

Customer Account
When opening a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until withdrawal. Your customer account will then be deleted.

Collection, Processing, and Transfer of Personal Data for Orders
When you place an order, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order and for handling your inquiries. The provision of data is necessary for the conclusion of a contract. Failure to provide it means that no contract can be concluded. The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and is necessary for the fulfillment of a contract with you.
Your data may be passed on, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to a minimum.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the USA. For Canada, an adequacy decision by the EU Commission exists. For the USA, an adequacy decision by the EU Commission exists, the EU-US Data Privacy Framework (DPF). Shopify is not certified under the DPF. This data transfer is based on contractual obligations comparable to those of the standard contractual clauses of the EU Commission.

Reviews Advertising

Review Reminder
After your order, we would like to ask you to rate your purchase with us.
For this purpose, we use your personal data (name, email address, order information) independently of contract execution, to send you a review reminder by email after an order has been placed, provided you have expressly consented to this.
The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by using the corresponding link in the email or by notifying us, without affecting the legality of the processing carried out on the basis of the consent until withdrawal.
Use of your personal data for sending postal advertising
We use your personal data (name, address) that we received in the context of the sale of goods or services to send you postal advertising, provided you have not objected to this use. The provision of this data is necessary for the conclusion of a contract. Failure to provide it means that no contract can be concluded.
The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our predominant legitimate interest in direct advertising. You can object to this use of your address data at any time by notifying us. The contact details for exercising the objection can be found in the imprint.

Use of email address for sending newsletters
We use your email address to send you information and offers via newsletter, provided you have expressly consented to this. The data processing serves exclusively the purpose of promotional communication. For this purpose, we process your email address and, if applicable, other data that you voluntarily provided when registering for our newsletter.
The processing is based on Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out based on the consent until withdrawal.
You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a so-called blacklist to prevent you from receiving newsletter emails from us in the future. This storage is based on Art. 6 (1) lit. f GDPR due to our and your legitimate interest in preventing the re-use of your email address for sending our newsletter. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

Use of email address for sending direct marketing
We use your email address, which we received in the context of the sale of a good or service, for the electronic sending of advertising for our own goods or services that are similar to those you have already purchased from us, unless you have objected to this use. The provision of the email address is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. The processing is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in direct marketing. You can object to this use of your email address at any time by notifying us. The contact details for exercising the objection can be found in the imprint. You can also use the link provided in the promotional email. There are no costs for this other than the transmission costs according to the basic tariffs.

Use of Klaviyo
We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") for sending newsletters as part of a commissioned processing.
We pass on the information you provide during newsletter registration (email address, possibly first and last name) to Klaviyo. The data processing serves the purpose of sending newsletters and their statistical evaluation.
To evaluate newsletter campaigns, the sent newsletters contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device, and the time. Usage profiles can be created from this data under a pseudonym. The collected data is not used to identify you personally. The collected data is only used for statistical evaluation to improve newsletter campaigns.
Your data is usually transferred to Klaviyo's servers in the USA and stored there. An adequacy decision by the EU Commission exists for the USA, the EU-US Data Privacy Framework (DPF). Klaviyo has certified under the DPF and thus committed to complying with European data protection principles.
The processing of your personal data is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in a targeted, advertising-effective, and user-friendly newsletter system. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.
Further information on data protection at Klaviyo can be found at https://www.klaviyo.com/legal/privacy-notice (https://www.klaviyo.com/legal/privacy-notice) and at https://www.klaviyo.com/legal/data-processing-agreement (https://www.klaviyo.com/legal/data-processing-agreement).

Use of email address for availability notifications
We offer an item availability notification service on our website. If an item is temporarily unavailable, you have the option to enter your email address for the respective item and be informed by email when it becomes available, provided you have consented to this. You will receive a one-time email notification about the availability of the respective item when it becomes available. The processing is based on Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out based on the consent until withdrawal. You can unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the mailing list.
Merchandise Management

Use of an external merchandise management system
We use a merchandise management system for contract processing as part of a commissioned processing. For this purpose, your personal data collected during the order process will be transmitted to
Xentral ERP Software GmbH, Fuggerstraße 11, 86150 Augsburg

The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6 (1) lit. b GDPR.

Payment Service Provider Credit Check

Use of Klarna payment options
We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; "Klarna") on our website. By selecting and using payment via Klarna, the data required for payment processing will be transmitted to Klarna in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) lit. b GDPR.

Cookies may be stored here, which enable the recognition of your browser. The data processing taking place as a result is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of various payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

"Pay Later" (invoice), "Pay Now" (payment by direct debit, credit card, instant transfer), "Financing" (instalment purchase)
For individual payment methods such as "Pay Later" (invoice), "Pay Now" (payment by direct debit, credit card, instant transfer), "Financing" (instalment purchase), Klarna reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address, and data related to the order, to a credit agency for identity and credit check purposes, and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, and their calculation includes, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit checking for the initiation of a contract. The processing is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protection against payment default when Klarna provides advance payment. You have the right to object at any time to this processing of your personal data based on Art. 6 (1) lit. f GDPR by notifying Klarna, for reasons arising from your particular situation. The provision of the data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with your chosen payment method.
Further information, in particular to which credit agencies Klarna transmits your personal data, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies (https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies).

General information about Klarna can be found at: https://www.klarna.com/de/ (https://www.klarna.com/de/). Your personal data will be treated by Klarna in accordance with applicable data protection regulations and as stated in Klarna's data protection regulations at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy (https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy).

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is called up again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies already stored can be deleted at any time. However, we would like to point out that you may then not be able to use all functions of this website to their full extent.

You can find out how to manage (including deactivating) cookies in the most important browsers using the following links:
Chrome: https://support.google.com/accounts/answer/61416?hl=en (https://support.google.com/accounts/answer/61416?hl=de)
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09 (https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09)
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen)
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac (https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac)

Technically necessary cookies
Unless otherwise stated below in the privacy policy, we only use these technically necessary cookies for the purpose of making our offer more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again even after a page change.

The use of cookies or similar technologies is based on Section 25 (2) TDDDG. The processing of your personal data is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer.
You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.

Use of Usercentrics
We use the consent management tool Usercentrics from Usercentrics GmbH (Rosenthal 4, 80331, Munich; "Usercentrics") on our website.
The tool allows you to grant consent for data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent already given. The data processing serves the purpose of obtaining and documenting necessary consents for data processing and thus complying with legal obligations. Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to Usercentrics: date and time of the page view, information about the browser you are using and the device you are using, anonymized IP address, opt-in and opt-out data.
Usercentrics uses the Google Cloud Platform of Google Ireland Limited, which may result in your data being transferred to the USA. There is no adequacy decision by the EU Commission for the USA. The data transfer is based, among other things, on standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks (https://policies.google.com/privacy/frameworks).
Data processing takes place to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR.
The revocation receipt of previously given consent is stored for a period of three years.
Further information on data protection at Usercentrics can be found at: https://usercentrics.com/privacy-policy/ (https://usercentrics.com/privacy-policy/)

Analysis Ad Tracking Affiliate

Use of Google Analytics 4

We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. For this purpose, Google will, on behalf of the operator of this website, use the information obtained to evaluate your use of the website, to compile reports on website activities and to provide other services related to website use and internet use to the website operator. Among other things, the following information can be collected: IP address, date and time of page view, click path, information about the browser you are using and the device you are using, visited pages, referrer URL (website from which you accessed our website), location data, purchasing activities. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices, and any other data that Google has about you.

The IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google uses technologies such as cookies, web storage in the browser, and tracking pixels that enable an analysis of your use of the website. The use of cookies or similar technologies is based on your consent pursuant to Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR.

The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on the consent until revocation.

In this context, we also use the Google Signals service. Google Signals enables cross-device tracking. Your data can thus be analyzed across devices if you have activated "personalized advertising" in your account settings and your end devices are linked to your Google account. This makes it possible to recognize on which device you are searching for products and later return to complete purchases on another device, such as a tablet.

The cross-device reports created in this context contain only aggregated data. We therefore only receive statistics created on the basis of Google Signals. To prevent data collection and storage by Google Signals across devices, you can deactivate the "personalized ads" function in your Google account settings. Further information on this can be found at https://support.google.com/ads/answer/2662922?hl=en (https://support.google.com/ads/answer/2662922?hl=de).
Further information on data processing and data protection for Google Signals can be found at https://support.google.com/analytics/answer/7532985?hl=en (https://support.google.com/analytics/answer/7532985?hl=de).
We use the advanced implementation of the consent mode (Advanced Consent Mode). In this case, user data is also transmitted to Google in the form of "pings" even if no consent has been given. These pings can contain, among other things, the following information: IP address to derive the IP country (the IP address is not logged), date and time of the page view, URL of the visited pages, user agent, referrer URL (website via which our website was accessed) or information about the triggering of website events such as a conversion. Based on this information, Google models usage data in order to be able to carry out a comprehensive usage analysis despite the denial of consent.

The information generated about your use of this website is usually transmitted to a Google server in the USA and stored there. An adequacy decision by the EU Commission exists for the USA, the EU-US Data Privacy Framework (DPF). Google has certified under the DPF and thus committed to complying with European data protection principles. Both Google and US government authorities have access to your data.

Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites (https://policies.google.com/technologies/partner-sites) and at https://policies.google.com/privacy?hl=en&gl=en (https://policies.google.com/privacy?hl=de&gl=de).

Use of Shopify Statistics
We use the statistics and analysis functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of order processing. Shopify is an affiliated company of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
Data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and provided in reports, analyses and statistics. Among other things, the following device information is collected and processed: information about the web browser, the IP address, the time zone, and some of the cookies installed on your device. When you navigate the website, information about visited web pages or products, the referrer URL (website from which you accessed our website), and information about how you interact with the website are also collected. Technologies such as cookies, as well as web beacons, tags, and pixels (electronic files used to record information about how you navigate the website) are used for this purpose.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the USA. For Canada, an adequacy decision from the EU Commission exists. For the USA, an adequacy decision from the EU Commission exists, the EU-US Data Privacy Framework (DPF). Shopify is not certified under the DPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the legality of the processing carried out based on the consent until withdrawal.
Further information on data protection at Shopify can be found at https://www.shopify.com/de/legal/datenschutz (https://www.shopify.com/de/legal/datenschutz), information on the data processing agreement at https://www.shopify.com/de/legal/dpa (https://www.shopify.com/de/legal/dpa), and information on the cookies used at https://www.shopify.com/de/legal/cookies (https://www.shopify.com/de/legal/cookies).

Use of Microsoft Clarity
We use the analysis tool "Microsoft Clarity" from Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; "Microsoft") on our website. Microsoft is an affiliated company of Microsoft Corporation (One Microsoft Way, Redmond, Washington 98052, USA).
Data processing serves the purpose of demand-oriented design, optimization, and analysis of our website. The tool records movements of website visitors on the website on a sample basis. This creates a log of mouse movements, scrolling behavior, dwell time, and clicks on the website (so-called heatmap).
For this purpose, cookies or similar technologies are used. The following information may be collected, among others: IP address, time of access, click path, information about the device you are using (device type, screen size and resolution, unique device identifier, operating system), information about the browser you are using (browser type and browser version), location data, preferred language for displaying the website, visited subpages, dwell time, viewed content, requested website or file.
User profiles are created from this data under a pseudonym. The data is not used to personally identify the visitor to the website and is not merged with personal data of the pseudonym holder. Microsoft is contractually prohibited from selling the collected data to other third parties.
Your data may be transferred to the USA. For the USA, an adequacy decision from the EU Commission exists, the EU-US Data Privacy Framework (DPF). Microsoft has certified itself under the DPF and has thus committed to complying with European data protection principles.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the legality of the processing carried out based on the consent until withdrawal.
Detailed information on the cookies used and their function can be found at https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-list (https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-list). Information on the storage period of the collected information can be found at https://learn.microsoft.com/en-us/clarity/setup-and-installation/data-retention (https://learn.microsoft.com/en-us/clarity/setup-and-installation/data-retention). Further information on data protection when using Microsoft Clarity can be found at https://learn.microsoft.com/en-us/clarity/faq#privacy (https://learn.microsoft.com/en-us/clarity/faq#privacy), https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data (https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data) and https://clarity.microsoft.com/terms (https://clarity.microsoft.com/terms). General information on data protection at Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement (https://privacy.microsoft.com/de-de/privacystatement).

 

Use of Meta Pixel
We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website.
Meta and we are joint controllers for the collection of your data and the transfer of this data to Meta when the service is integrated. This is based on an agreement between us and Meta on the joint processing of personal data, in which the respective responsibilities are defined. The agreement can be viewed at https://de-de.facebook.com/legal/terms/businesstools (https://de-de.facebook.com/legal/terms/businesstools). Accordingly, we are particularly responsible for fulfilling the information obligations according to Art. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling data subject rights according to Art. 15 - 20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects Meta's obligations under the joint processing agreement.
The application serves the purpose of specifically addressing website visitors with interest-based advertising on the social networks Facebook and Instagram. For this purpose, Meta's remarketing tag has been implemented on the website. Through this tag, a direct connection to Meta's servers is established when you visit the website. This transmits to Meta's server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. If you then visit the social networks Facebook or Instagram, personalized, interest-based ads will be displayed to you.
The application also serves the purpose of creating conversion statistics. In doing so, we learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, as well as what actions are taken after being redirected to this website. However, we do not receive any information that allows users to be personally identified.
Your data may be transferred to the USA. For the USA, an adequacy decision from the EU Commission exists, the EU-US Data Privacy Framework (DPF). Meta has certified itself under the DPF and has thus committed to complying with European data protection principles.
The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the legality of the processing carried out based on the consent until withdrawal.
You can deactivate the remarketing function "Custom Audiences" here. Further information on the collection and use of data by Meta, on your rights in this regard and options for protecting your privacy can be found in Meta's privacy policy at https://www.facebook.com/about/privacy/ (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0).  

Use of Google Ads Conversion Tracking
On our website, we use the online advertising program "Google Ads" and, within this framework, conversion tracking (visitor action evaluation). Google Conversion Tracking is an analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).
When you click on an ad served by Google, a cookie for conversion tracking is placed on your computer. These cookies have a limited validity, contain no personal data, and thus do not serve for personal identification. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. Thus, there is no possibility that cookies can be tracked across Ads customer websites.
The information collected with the help of the conversion cookie serves the purpose of creating conversion statistics. In doing so, we learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that allows users to be personally identified. We use the extended implementation of consent mode (Advanced Consent Mode). In this case, even if consent is not given, user data is transmitted to Google in the form of "pings." These pings may contain, among other things, the following information: IP address to derive the IP country (the IP address is not logged), date and time of page view, URL of the visited pages, user agent, referrer URL (website from which our website was accessed), or information about the triggering of website events, such as a conversion. Based on this information, Google models user data to enable comprehensive usage analysis despite the refusal of consent.
Your data may be transferred to Google LLC servers in the USA. For the USA, an adequacy decision from the EU Commission exists, the EU-US Data Privacy Framework (DPF). Google has certified itself under the DPF and has thus committed to complying with European data protection principles.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the legality of the processing carried out based on the consent until withdrawal.
Further information and Google's privacy policy can be found at: https://www.google.de/policies/privacy/ (https://www.google.de/policies/privacy/)
Use of Google AdSense
On our website, we use the AdSense function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). The data processing serves the purpose of renting advertising space on the website and specifically addressing website visitors with interest-based advertising on these spaces. Through this function, personalized, interest-based advertising ads from the Google Display Network are displayed to website visitors. Google uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. For the USA, an adequacy decision from the EU Commission exists, the EU-US Data Privacy Framework (DPF). Google has certified itself under the DPF and has thus committed to complying with European data protection principles. Google may transfer this information to third parties if required by law or insofar as third parties process this data on behalf of Google. Google will under no circumstances associate your IP address with other data held by Google.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the legality of the processing carried out based on the consent until withdrawal.
Further information and Google's privacy policy can be found at: https://www.google.com/policies/technologies/ads/ (https://www.google.com/policies/technologies/ads/) and https://www.google.de/policies/privacy/ (https://www.google.de/policies/privacy/)

Use of the Google Inc. remarketing or "similar audiences" function
On our website, we use the remarketing or "similar audiences" function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").
The application serves the purpose of analyzing visitor behavior and visitor interests. To carry out the analysis of website usage, which forms the basis for creating interest-based advertisements, Google uses cookies. The cookies record visits to the website and anonymized data about the use of the website. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas.
Your data may be transferred to Google LLC servers in the USA. For the USA, an adequacy decision from the EU Commission exists, the EU-US Data Privacy Framework (DPF). Google has certified itself under the DPF and has thus committed to complying with European data protection principles.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the legality of the processing carried out based on the consent until withdrawal.
Further information on Google Remarketing and the associated privacy policy can be found at: https://www.google.com/privacy/ads/ (https://www.google.com/privacy/ads/)
Use of Microsoft Advertising
On our website, we use Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft").
Data processing serves marketing and advertising purposes and the purpose of measuring the success of advertising measures (conversion tracking). We learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, personal identification of these users is not possible. Microsoft Advertising uses technologies such as cookies and tracking pixels that enable an analysis of your use of the website. When you click on an ad placed by Microsoft Advertising, a cookie for conversion tracking is placed on your computer. This cookie has a limited validity and does not serve for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognize that you clicked on the ad and were redirected to this page. The following information can be collected, among others: IP address, identifiers (tags) assigned by Microsoft, information about the browser you are using and the device you are using, referrer URL (website from which you accessed our website), URL of our website.
Your data may be transferred to the USA. For the USA, an adequacy decision from the EU Commission exists, the EU-US Data Privacy Framework (DPF). Microsoft has certified itself under the DPF and has thus committed to complying with European data protection principles.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the legality of the processing carried out based on the consent until withdrawal.
Further information on data protection and the cookies used by Microsoft can be found here (https://privacy.microsoft.com/de-de/privacystatement).

Use of Pinterest Tag
We use the Pinterest Tag from Pinterest Europe Limited (Palmerston House, 2nd, Fenian Street, Floor, Dublin 2, Ireland "Pinterest") on our website.
The purpose of the application is to specifically target website visitors with interest-based advertising on the Pinterest social network. For this purpose, Pinterest's conversion tag has been implemented on the website. This tag establishes a direct connection to Pinterest's servers when you visit the website. This transmits to the Pinterest server which of our pages you have visited. Pinterest associates this information with your personal Pinterest user account if you are logged into the social network. When you visit Pinterest, you will then be shown personalized, interest-based Pinterest Ads.
If you access our website via a pin on the Pinterest social network, a cookie for conversion tracking is placed on your computer. These cookies have a limited validity, do not contain any personal data, and therefore do not serve for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Pinterest and we can recognize that you clicked on the pin and were redirected to this page. The information collected with the help of the conversion cookie serves the purpose of creating conversion statistics and thus optimizing our website. The following information, among others, can be processed: total number of users who clicked on one of our pins and were redirected to our website, sub-pages visited on our website (e.g., category or product pages), search queries on our website, your shopping cart contents, completed transactions.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the EU-US Data Privacy Framework (DPF). Pinterest is not certified under the DPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de).
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on the collection and use of data by Pinterest, your rights in this regard, and options for protecting your privacy can be found in Pinterest's privacy policy at https://policy.pinterest.com/de/privacy-policy (https://policy.pinterest.com/de/privacy-policy).

Use of TikTok Pixel
We use the TikTok Pixel from TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; "TikTok Ireland") and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; "TikTok UK") on our website. Both companies are joint controllers for the data processing (hereinafter "TikTok").
The data processing serves the purpose of identifying and analyzing website access by our customers, as well as better customer engagement through targeted advertisements and evaluating the effectiveness of advertisements on TikTok. For this purpose, TikTok uses technologies such as cookies and pixels that enable your browser to be recognized. The following information, among others, can be collected and transmitted to TikTok: date and time of visit, information about the browser and device type you use, screen resolution, IP address. TikTok can associate this information with your personal TikTok user account. User profiles can be created from the data collected in this way using pseudonyms. However, personal identification of users is not possible.
Your data may be transferred to third countries, such as the USA. There is an adequacy decision by the EU Commission for the USA, the EU-US Data Privacy Framework (DPF). TikTok is not certified under the DPF. Data transfer to the USA and to third countries without an adequacy decision takes place, among other things, on the basis of standard contractual clauses as suitable safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de).
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data protection can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de (https://www.tiktok.com/legal/page/eea/privacy-policy/de) and https://ads.tiktok.com/i18n/official/policy/controller-to-controller (https://ads.tiktok.com/i18n/official/policy/controller-to-controller).

Use of the ADCELL Partner Program
We use the "ADCELL" partner program from Firstlead GmbH (Rosenfelder Str. 15-16, 10315 Berlin; "ADCELL").
ADCELL and we are jointly responsible for the collection of your data and the transmission of this data to ADCELL when the service is integrated. This is based on an agreement between us and ADCELL on the joint processing of personal data. The agreement can be viewed at https://www.adcell.de/datenverarbeitung (https://www.adcell.de/datenverarbeitung). According to this, we and ADCELL are equally responsible for fulfilling the obligations under the GDPR, in particular for fulfilling the information obligations under Articles 13, 14 GDPR and for guaranteeing the data subject rights under Articles 15 - 21 GDPR.
If you click on an advertisement with a partner link, ADCELL places a cookie for conversion tracking on your computer. The cookies serve the purpose of correct billing within the partner program by recording the success of an advertising medium. The cookies recognize that you clicked on the advertisement and the origin of the order with the advertiser can be traced. ADCELL also uses so-called tracking pixels. These can be used to evaluate information such as visitor traffic on the pages.
The information generated by cookies and tracking pixels about the use of this website (including the IP address) and the delivery of advertising formats is transmitted to an ADCELL server and stored there. Among other things, ADCELL can recognize that the partner link on this website was clicked. ADCELL may, under certain circumstances, pass on this (anonymized) information to contractual partners, but data such as the IP address is not merged with other stored data.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Plug-ins and Other

Use of Google Tag Manager
We use Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
This application manages JavaScript and HTML tags, which are used to implement tracking and analysis tools in particular. The data processing serves the purpose of tailoring and optimizing our website.
The Google Tag Manager itself does not store cookies or process personal data. However, it enables the triggering of other tags that can collect and process personal data.
Further information on terms of use and data protection can be found here (https://www.google.com/intl/de/tagmanager/use-policy.html).
Use of Google invisible reCAPTCHA
We use the invisible reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
This serves the purpose of distinguishing between input by a human and automated, machine processing. In the background, Google collects and analyzes usage data, which Invisible reCAPTCHA uses to distinguish regular users from bots. For this purpose, your input is transmitted to Google and further used there. In addition, the IP address and possibly other data required by Google for the Invisible reCAPTCHA service are transferred to Google.
This data is processed by Google within the European Union and may also be transferred to servers of Google LLC in the USA. There is an adequacy decision by the EU Commission for the USA, the EU-US Data Privacy Framework (DPF). Google has certified itself under the DPF and has thus committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html (https://www.google.com/recaptcha/intro/android.html) and https://www.google.com/privacy (https://www.google.com/privacy)

Use of Google invisible reCAPTCHA
We use the invisible reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
This serves the purpose of distinguishing between input by a human and automated, machine processing. In the background, Google collects and analyzes usage data, which Invisible reCAPTCHA uses to distinguish regular users from bots. For this purpose, your input is transmitted to Google and further used there. In addition, the IP address and possibly other data required by Google for the Invisible reCAPTCHA service are transferred to Google.
This data is processed by Google within the European Union and may also be transferred to servers of Google LLC in the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thus committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy

Use of Cloudflare
We use the Cloudflare CDN (Content Delivery Network) from Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA; “Cloudflare”) on our website. This is a supra-regional network of servers in various data centers, to which our web server connects and through which certain content of our website is delivered.
The data processing serves the purpose of optimizing the loading times of our website and thus making our offer more user-friendly.
The following information, among others, may be collected: IP address, system configuration information, information about traffic to and from customer websites (so-called server log files).
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare has certified itself under the TADPF and has thus committed to complying with European data protection principles.
The processing of your personal data is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in the demand-oriented and targeted design of the website. You have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) lit. f GDPR, on grounds relating to your particular situation.
Further information on data protection when using Cloudflare can be found at https://www.cloudflare.com/de-de/privacypolicy/.

Use of YouTube
We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube") on our website. YouTube is an affiliated company of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
The function displays videos stored on YouTube in an iFrame on the website. The "Enhanced privacy mode" option is activated. This means that YouTube does not store any information about website visitors. Only when you watch a video is information about it transmitted to YouTube and stored there. Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the EU-US Data Privacy Framework (DPF). YouTube has certified itself under the DPF and has thus committed to complying with European data protection principles.
The use of cookies or similar technologies takes place with your consent on the basis of Section 25 (1) Sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on the collection and use of data by YouTube and Google, your rights in this regard, and options for protecting your privacy can be found in YouTube's privacy policy at https://www.youtube.com/t/privacy (https://www.youtube.com/t/privacy).

Use of Gorgias

We use the customer service software "Gorgias" from Gorgias Inc. (San Francisco, CA, 34 Harriet St, San Francisco, USA; "Gorgias") as part of a commissioned processing. The data processing serves the purpose of managing and answering support tickets.
Your data may be transmitted to and processed in third countries outside the EU, particularly the USA. An adequacy decision by the EU Commission, the EU-US Data Privacy Framework (DPF), exists for the USA. Gorgias is not certified under the DPF. To ensure that your data is nevertheless subject to adequate protection, we have agreed with Gorgias Inc. on standard data protection clauses of the EU Commission.
Gorgias uses AI to process and answer customer inquiries.
Further information on data protection at Gorgias can be found here: https://www.gorgias.com/privacy.

Data Subject Rights and Storage Period

Storage Period
After complete contract processing, the data will initially be stored for the duration of the warranty period, then taking into account statutory, in particular tax and commercial law, retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the Data Subject
Subject to the legal requirements, you have the following rights under Art. 15 to 20 GDPR: Right to information, to rectification, to erasure, to restriction of processing, to data portability.
Furthermore, under Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) (f) GDPR, as well as to processing for the purpose of direct marketing.

Right to lodge a complaint with the supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.

You can lodge a complaint, among others, with the supervisory authority responsible for us, which you can reach at the following contact details:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel.: +49 981 1800930
Fax: +49 981 180093800
E-Mail: poststelle@lda.bayern.de

Right to object
If the personal data processing listed here is based on our legitimate interest according to Art. 6 (1) (f) GDPR, you have the right to object to these processing operations at any time for reasons arising from your particular situation, with effect for the future.
After an objection, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.

If personal data is processed for direct marketing purposes, you can object to this processing at any time by notifying us. After an objection, we will stop processing the data concerned for direct marketing purposes.

Last updated: 23.04.2026