Privacy Policy

As of May 16, 2025

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Person responsible for data processing

The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

If you have any questions about the collection, processing or use of your personal data, information, correction, restriction or deletion of data, as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details provided above.

2. Access data and hosting via Shopify

You can visit our website without providing any personal information. Each time you access a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address (in anonymized form, if supported by the host), the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.

This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our offering. Pursuant to Art. 6 (1) (f) GDPR, this serves to safeguard our legitimate interests in the accurate presentation of our offering, which prevail within the context of a balancing of interests. All access data will be deleted no later than seven days after your visit to the site, unless longer retention is required for evidentiary purposes.

Hosting by Shopify:

Our online shop is hosted on the e-commerce platform Shopify. The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Shopify provides us with the infrastructure, e-commerce platform, storage space, and database services that we use to operate this online shop. Shopify processes all data generated during the use of this website or in forms provided for this purpose in the online shop (e.g., order data, customer data, contact data, usage data, metadata, and communication data) on our behalf. This is based on our legitimate interest in the efficient and secure provision of our online offering (Art. 6 (1) (f) GDPR) and for the performance of the contract (Art. 6 (1) (b) GDPR). We have concluded a Data Processing Addendum (DPA) with Shopify. Shopify may also process data on servers in Canada and the USA. For Canada, there is an adequacy decision from the EU Commission. For data transfers to the USA, Shopify relies on the EU Commission's adequacy decision ("EU-US Data Privacy Framework"), provided the recipients are certified under it, or on the EU Commission's standard contractual clauses. Details can be found in Shopify's privacy policy: https://www.shopify.com/legal/privacy

3. Data collection and use for contract processing and when contacting us

We collect personal data when you voluntarily provide it to us as part of your order or when you contact us (e.g. via contact form, email or Shopify Inbox). Mandatory fields are marked as such, since in these cases we absolutely need the data to process the contract or to process your contact, and without this information you cannot complete or send the order or contact. Which data is collected can be seen from the respective input forms or as part of the communication. We use the data you provide to us in accordance with Art. 6 (1) (b) GDPR to process the contract and process your inquiries.

Customer account: If you have given your consent in accordance with Art. 6 (1) (a) GDPR by deciding to open a customer account, we will use your data for the purpose of opening and managing your customer account. Your customer account can be deleted at any time and can be done either by sending a message to the contact option described above or via a function provided for this purpose in the customer account. After the contract has been fully processed or your customer account has been deleted, your data will be restricted for further processing and deleted after the retention periods under tax and commercial law have expired (in accordance with Art. 6 (1) (c) GDPR), unless you have expressly consented to further use of your data (Art. 6 (1) (a) GDPR) or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration.

Shopify Inbox: If you contact us via the "Shopify Inbox" chat function, the text you enter, your contact details (if provided by you or evident from your customer account), and communication metadata (e.g., timestamp, IP address) will be processed by Shopify on our behalf to process your inquiry. The legal basis is Art. 6 (1) (b) GDPR (inquiry processing, contract initiation).

4. Data transfer

a) For contract fulfillment (shipping): For contract fulfillment in accordance with Art. 6 (1) (b) GDPR, we will pass on your data (name, address, email address, and telephone number for notification if applicable) to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. We work with the following shipping service providers for this purpose:

• Deutsche Post DHL Group (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany)
• GLS Germany GmbH & Co. OHG, GLS Germany-Straße 1–7, 36286 Neuenstein, Germany

If you have given us your express consent to do so during or after your order in accordance with Art. 6 (1) (a) GDPR, we will pass on your email address and/or telephone number to the selected shipping service provider so that they can contact you prior to delivery for the purpose of notifying you of the delivery or coordinating the delivery. You can revoke your consent at any time by sending us a message or contacting the shipping service provider directly. After revocation, we will delete the data you provided for this purpose unless you have expressly consented to further use or there is legal permission.

b) Payment service providers: Depending on which payment service provider you select during the ordering process (e.g. via Shopify Payments, PayPal, Klarna, Apple Pay, Google Pay, Amazon Pay, credit card payment), we will pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service in order to process payments. The legal basis is Art. 6 (1) (b) GDPR. In some cases, the selected payment service providers also collect this data themselves if you create or have created an account with them. In this case, you must log in to the payment service provider using your access data during the ordering process. The data protection declaration of the respective payment service provider applies in this respect (e.g. PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full , Klarna: https://www.klarna.com/de/datenschutz/ ). Some payment service providers may be based outside the EU/EEA (e.g. USA). For data transfers to such countries, we ensure that appropriate safeguards are in place (e.g. adequacy decisions such as the EU-US Data Privacy Framework, standard contractual clauses).

c) Use of Shopify Apps: We use various third-party applications ("apps") within the Shopify platform to provide certain functions or optimize our business processes. These apps may access your data in order to fulfill their function. Processing is based on Art. 6 (1) (b) GDPR (contractual performance, e.g., shipping) or Art. 6 (1) (f) GDPR (our legitimate interest in efficient business processes and an optimized online offering). We ensure that your data is protected by selecting the providers and, where necessary, by concluding order processing agreements.

We use the following Shopify apps, among others:

• Order Printer Pro: For creating and printing order documents (invoices, delivery notes). Processes order data.
• easyGLS: For handling shipping with GLS, creating shipping labels, and tracking. Processes order, address, and parcel data.
• Post & DHL Shipping (official): For handling shipping with DHL/Deutsche Post, creating shipping labels, and tracking. Processes order, address, and package data.
• Facebook & Instagram App: For synchronizing our product catalog with Facebook and Instagram, for displaying advertising, and, if applicable, for tracking conversions (see also the Meta Pixel section). Can process product, order, and customer data. The legal basis for marketing/tracking is your consent (Art. 6 (1) (a) GDPR).
• Google & YouTube App: For integration with Google services, e.g., synchronization of the product catalog for Google Shopping, display of ads (see also sections on Google Analytics and Google Ads). Can process product, order, and customer data. The legal basis for marketing/tracking is your consent (Art. 6 (1) (a) GDPR).
• AdressHero: For validating and auto-completing address data during the ordering process to ensure correct delivery addresses and improve the user experience. Processes entered address parts.
• AccessPro Accessibility by Entangle Commerce: To improve the accessibility and user-friendliness of our website. Provider: Entangle Commerce Inc., USA. Can collect usage data and technical information to customize the website's appearance. Legal basis: Our legitimate interest in a barrier-free website (Art. 6 (1) (f) GDPR) or your consent (Art. 6 (1) (a) GDPR) if cookies are set beyond those technically necessary. Data transfer to the USA is based on standard contractual clauses or certification under the EU-US Data Privacy Framework. Details: https://entanglecommerce.com/privacy-policy/

Please also check the privacy policies of the respective app providers if they process data outside of Shopify or for their own purposes.

5. Email and SMS marketing, product reviews (omnisend)

If you subscribe to our newsletter, agree to receive marketing SMS messages, or submit a product review, we use the service provider Omnisend. The provider is Omnisend UAB, Verkiu g. 25C, LT-08223 Vilnius, Lithuania.

• Email newsletter and SMS marketing: We use the data required for this purpose or separately provided by you (email address, telephone number if applicable) to regularly send you our marketing messages based on your consent in accordance with Art. 6 (1) (a) GDPR. You can unsubscribe from the newsletter and/or marketing SMS messages at any time and can do so either by sending a message to the contact option described above or via a dedicated link or a stop instruction in the respective message.
• Product reviews: You have the opportunity to rate products in our shop. When you submit a review, we process the information you provide (star rating, review text, optionally your name, and the date the review was created). If you provide your name, it will be published on our website along with your review and the date. This serves the purpose of transparency and helps other customers with their purchasing decisions. The legal basis for processing and publishing your review (including your name, if provided) is your consent in accordance with Art. 6 (1) (a) GDPR, which you give when submitting your review. You can revoke your consent at any time by contacting us (the review will then be removed from the website).

Omnisend is a company based in the EU. We have entered into a data processing agreement with Omnisend. Omnisend may use subcontractors to provide its services, including in third countries. Omnisend ensures, through appropriate measures (e.g., standard contractual clauses), that an appropriate level of data protection is guaranteed in any data transfer by subcontractors. Details can be found in Omnisend's privacy policy: https://www.omnisend.com/privacy/

After unsubscribing from marketing or revoking your consent to the publication of reviews, we will delete your contact details or the personal data of your review from the relevant mailing list or from our website, unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law.

6. Cookies, web analytics and other technologies

To make visiting our website more attractive, enable the use of certain functions, display suitable products, or conduct market research, we use so-called cookies and similar technologies (e.g., pixels, scripts) on various pages. This is done on the basis of Section 25 (1) of the German Telemedia Act (TTDSG) (for storing and reading information on your device) and, where personal data is processed, on the basis of Article 6 (1) of the GDPR.

Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser the next time you visit (persistent cookies).

Consent management (consent management tool): We use a consent management tool to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this consent in compliance with data protection regulations. When you enter our website, this tool informs you about the technologies used and allows you to make your selections. You can also use this tool to view a detailed overview of the cookies and technologies used (name, provider, purpose, storage period, category) and revoke your consent at any time with future effect (often accessible via a "Cookie Settings" link/button in the footer of the website).

• Technically necessary cookies/technologies: Some cookies and technologies are technically necessary so that you can visit our website and use its basic functions (e.g., shopping cart function, login status). Your consent is not required for their use according to Section 25 (2) No. 2 TTDSG. The processing of data collected by technically necessary cookies is based on Art. 6 (1) (f) GDPR to protect our legitimate interests in a user-friendly and functional presentation of our offering or on the basis of Art. 6 (1) (b) GDPR, insofar as they are necessary for the initiation or execution of a contract.
• b GDPR, insofar as they are necessary for the initiation or execution of a contract.
• Cookies/technologies for analysis, marketing and other purposes (subject to consent): We only use all other cookies and technologies (e.g. for analysis, marketing, personalization) with your express consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, which you give via our consent management tool.

Browser settings: You can set your browser to inform you about the use of cookies and to decide whether to accept them individually, or to deny them in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser. If you do not accept cookies, the functionality of our website may be limited.

Below we inform you about the technologies we use that require your consent and their providers:

• Google Tag Manager: We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Tag Manager is a service that allows us to manage website tags via an interface. The Tag Manager itself merely implements tags. This means: no cookies are used and no personal data is collected beyond that necessary for technical provision (e.g., IP address for communication). Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, this deactivation remains in effect for all tracking tags implemented with Google Tag Manager. The Tag Manager is used to protect our legitimate interests in the efficient integration and management of website tags (Art. 6 (1) (f) GDPR). Data may be transferred to Google LLC in the USA; Google LLC is certified under the EU-US Data Privacy Framework, which ensures an appropriate level of data protection. Alternatively, standard contractual clauses may be used.
• Google Analytics 4: If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, this website uses Google Analytics 4, a web analysis service provided by Google Ireland Limited. Google Analytics uses cookies and similar technologies to help the website analyze how users use the site. The information recorded includes information about your interactions with the website (e.g. page views, clicks), information about your device (e.g. operating system, browser), your approximate geographical location, and possibly other data in accordance with your Google Analytics settings. By default, Google Analytics 4 does not log or store your IP address, but it may be temporarily processed for regional analysis. The information about your use of this website is generally transferred to a Google server in the USA and stored there. Google LLC is certified under the EU-US Data Privacy Framework. We have entered into a data processing agreement with Google. The data is used to evaluate website usage, compile reports on website activity, and provide us with other services related to website activity and internet usage. The data collected as part of Google Analytics is deleted after a period of time specified by us (e.g., 14 months). You can revoke your consent at any time with effect for the future by changing your settings in the consent management tool. You can also prevent Google from collecting and processing data by downloading and installing the browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de Further information: https://policies.google.com/privacy
• Google Ads (Conversion Tracking & Remarketing): If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, we use Google Ads Conversion Tracking and Remarketing. The provider is Google Ireland Limited. Conversion Tracking: We recognize whether a user has performed certain actions after clicking on our ad. Remarketing: We can present interest-based advertisements to users of our website on other websites within the Google advertising network. For this purpose, cookies are stored on users' devices. Data (pseudonymous user IDs, cookie information, usage data) is transferred to Google LLC in the USA (EU-US Data Privacy Framework certified). We have concluded a contract for order processing and agreements on joint responsibility with Google. You can revoke your consent at any time using our consent management tool. Deactivate personalized advertising by Google: https://adssettings.google.com/authenticated Further information: https://policies.google.com/privacy
• Google AdSense: If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, we integrate Google AdSense on this website. The provider is Google Ireland Limited. Google AdSense enables the integration of third-party advertisements and uses cookies and web beacons. Collected information (clicks, technical information, IP address) is used to display personalized or non-personalized advertising and for billing purposes and is transferred to Google LLC in the USA (EU-US Data Privacy Framework certified). We have concluded corresponding agreements with Google. You can revoke your consent at any time using our consent management tool. Deactivate personalized advertising: https://adssettings.google.com/authenticated Further information: https://policies.google.com/technologies/ads
• Microsoft Clarity: If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, we use Microsoft Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Clarity is an analytics tool that records behavioral metrics, heat maps, and session repetitions (click, scroll, mouse movement behavior, technical data). Sensitive data in input fields is masked. The data is transferred to Microsoft servers in the USA. Microsoft Corporation is certified under the EU-US Data Privacy Framework. We have concluded a data processing agreement with Microsoft. You can revoke your consent at any time using our consent management tool. Further information: https://clarity.microsoft.com/terms , https://privacy.microsoft.com/de-de/privacystatement
• TikTok Pixel: If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, we use the TikTok Pixel. Provider for the EEA and Switzerland: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). The pixel enables conversion tracking and retargeting in the TikTok network. Cookies are set and data such as IP address, device/browser information, and website activity are transferred to TikTok. Data may be transferred to TikTok servers worldwide (USA, Singapore) (basis: standard contractual clauses or similar). We have concluded corresponding agreements with TikTok. You can revoke your consent at any time using our consent management tool. Adjust settings in your TikTok account. Further information: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
• Meta Pixel (Facebook & Instagram): If you have given your consent in accordance with Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR, we use the Meta Pixel. Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). The pixel enables conversion tracking and the creation of custom audiences/retargeting. If you consent, a direct connection is established to Meta servers. Data (IP address, browser information, pages visited, actions) is transferred to Meta. If you are logged in, Meta can assign this to your account. Data is transferred to Meta Platforms Inc. in the USA on the basis of the EU-US Data Privacy Framework or standard contractual clauses. For joint controllership (e.g., conversion tracking), we have concluded an agreement with Meta in accordance with Art. 26 GDPR: https://www.facebook.com/legal/controller_addendum You can revoke your consent at any time using our consent management tool. Settings: https://www.facebook.com/settings?tab=ads (login required). Further information: https://www.facebook.com/policy.php
• Pinterest Tag/Pixel: If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR via our consent management tool, we use the Pinterest Tag (also known as Pinterest Pixel) on our website. This service is provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The Pinterest Tag enables us to measure the effectiveness of our advertisements on Pinterest (conversion tracking) by tracking user actions after they have seen or clicked on a Pinterest ad. We can also use the tag to create target groups for our advertisements on Pinterest (retargeting) by later displaying relevant advertisements on Pinterest to visitors to our website who have already shown interest in certain products or content. Cookies are stored on your device or similar technologies are used for this purpose. The following data may be transferred to Pinterest:
  • Information about your device and browser (e.g. IP address, device type, operating system, browser type)
  • The pages visited and actions performed on our website (e.g., products viewed, items added to the shopping cart, purchases made)
  • Information about Pinterest ads viewed or clicked
  • A pseudonymized user ID or cookie ID
  This data is processed by Pinterest to achieve the purposes stated above, to compile reports on ad performance, and to optimize Pinterest's advertising systems. The data may be transferred to Pinterest Inc. servers in the USA and stored there. Pinterest Inc. is certified under the EU-US Data Privacy Framework, which ensures an appropriate level of data protection for data transfers to the USA. We have concluded appropriate data processing agreements with Pinterest where necessary (e.g., standard contractual clauses as additional safeguards or provisions for joint responsibility). You can revoke your consent to the use of the Pinterest Tag at any time with future effect via our consent management tool. In addition, you can adjust settings for personalized advertising in your Pinterest account (if you are registered there) or generally restrict the collection of data by the Pinterest Tag through appropriate browser settings or browser add-ons (e.g., deactivating third-party cookies). Further information on data protection at Pinterest can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy
• X Ads Pixel (formerly Twitter Pixel): If you have given your consent in accordance with Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR via our consent management tool, we use the X Ads Pixel (formerly Twitter Pixel) on our website. The provider of this service for users outside the United States is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X Ireland”). For users in the United States, the provider is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The X Ads Pixel enables us to track the effectiveness of our advertising campaigns on the X platform (conversion tracking). We can use it to record which actions users perform on our website after seeing or clicking on one of our ads on X. We also use the pixel to create and optimize target groups for our ads on X (retargeting/tailored audiences) by displaying interest-based advertising on X to users who have visited our website. By integrating the pixel, cookies or similar technologies are stored on your device. The following data may be collected and transferred to X Ireland or X Corp.:
  • Information about your browser and device (e.g. IP address, browser type, operating system, device identifier)
  • The pages visited and actions performed on our website (e.g. searches, products viewed, purchases)
  • Timestamp of actions
  • Information about whether you came to our site via an X ad
  • A pseudonymous pixel ID or cookie ID
  This data is used to measure conversions, analyze ad performance, compile reports, and personalize and optimize our advertising efforts on X. The data may be transferred to X Corp. servers in the USA. X Corp. is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection for data transfers to the USA. Where appropriate, we have concluded standard contractual clauses of the EU Commission with X Ireland/X Corp. or agreed on other appropriate safeguards for data transfer. You can revoke your consent to the use of the X Ads Pixel at any time with future effect via our consent management tool. In addition, you have the option of specifying how X may use your data for advertising purposes in your personal data protection settings on X (if you have an account): https://twitter.com/settings/account/personalization Further information on data protection at X can be found in their privacy policy: https://twitter.com/de/privacy

7. Affiliate Marketing

a) Goaffpro: We participate in the Goaffpro affiliate program. The provider is Goaffpro Inc., USA (please verify the exact company name and registered office). Partners advertise our products and receive a commission if a sale is successful via their partner link. If you access our site via a partner link, Goaffpro or we via Goaffpro will place a cookie or use other tracking technologies on your device to assign the click and any subsequent order to the partner. Pseudonymous click IDs, click time, and order data may be processed. The cookie to track the click is only set with your consent in accordance with Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR via our consent management tool. The subsequent processing for commission settlement is based on our legitimate interest (Art. 6 (1) (f) GDPR). Data transfer to the USA is based on the EU-US Data Privacy Framework (if Goaffpro is certified) or standard contractual clauses. You can revoke your consent at any time using our consent management tool. Further information: [Link to Goaffpro's privacy policy – please add]

b) Amazon Partner Program: We participate in the partner program of Amazon EU S.à rl. The provider is Amazon Europe Core S.à rl, 38 avenue John F. Kennedy, L-1855 Luxembourg ("Amazon"). To trace the origin of an order, Amazon uses cookies or similar tracking technologies. This only occurs with your consent in accordance with Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR via our consent management tool. The subsequent processing for commission settlement is based on our legitimate interest (Art. 6 (1) (f) GDPR). Data may be transferred to Amazon companies in the USA (Amazon.com Inc. is certified under the EU-US Data Privacy Framework). You can revoke your consent at any time via our consent management tool. Further information: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010

8. Map services

a) Google Maps: If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, we use Google Maps. The provider is Google Ireland Limited. To use this service, your IP address must be stored and transmitted to Google. Location data may be processed. This service is used in the interest of an attractive presentation and easy findability. Data is transferred to the USA to Google LLC (EU-US Data Privacy Framework certified). Joint controllership with Google is possible (details: https://privacy.google.com/intl/de/businesses/mapscontrollerterms/ ). Revocation via consent management tool. Google Maps will not load without consent. Further information: https://policies.google.com/privacy

b) Bing Maps: If you have given your consent in accordance with Section 25 (1) TTDSG and Article 6 (1) (a) GDPR, we use Bing Maps. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For use, your IP address and usage information must be transferred to Microsoft. This is used in the interest of an attractive presentation and easy findability. Data is transferred to the USA to Microsoft Corporation (EU-US Data Privacy Framework certified). Revocation via consent management tool. Bing Maps will not load without consent. Further information: https://privacy.microsoft.com/de-de/privacystatement

9. Protection against spam (Google reCAPTCHA)

To protect against misuse of our online forms and spam, we use Google reCAPTCHA. The provider is Google Ireland Limited. reCAPTCHA uses various characteristics (IP address, length of stay, mouse movements, etc.) to check whether the input was made by a human or a program. Processing is based on our legitimate interest in protecting our website and systems (Art. 6 (1) (f) GDPR). Data is transferred to the USA to Google LLC (EU-US Data Privacy Framework certified). Further information: https://policies.google.com/privacy , https://www.google.com/recaptcha/about/

10. Web fonts

Google Fonts: We use Google Fonts to ensure consistent font display. The provider is Google Ireland Limited. When you visit a page, your browser loads the fonts. For this purpose, your IP address is transmitted to Google. This is done in the legitimate interest of consistent presentation (Art. 6 (1) (f) GDPR). The integration takes place locally from our server or in such a way that a direct connection to Google servers is only established with your consent via the consent management tool to address data protection concerns. Data is transferred to the USA to Google LLC (EU-US Data Privacy Framework certified). Further information: https://developers.google.com/fonts/faq , https://policies.google.com/privacy

11. Artificial Intelligence (Chatbots - OpenAI & Google Gemini)

We use chatbots on our website that are based on technologies from OpenAI (provider: OpenAI OpCo, LLC, 3180 18th Street, San Francisco, CA 94110, USA) and Google Gemini (provider: Google Ireland Limited). When you interact with the chatbot, your input (text, questions) and metadata (timestamp, IP address in anonymized/abbreviated form) are transferred to the AI provider's servers to generate responses. Please do not enter any sensitive personal data in the chat. The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR (granted through active use and, if necessary, confirmation). Data may be used by the providers to improve their AI models; we endeavor to prevent this technically or to point out opt-out options. Please refer to the providers' privacy policies for more information. Data transfer to the USA (EU-US Data Privacy Framework certified or standard contractual clauses). Revocation by ending the interaction. OpenAI: https://openai.com/policies/privacy-policy Google: https://policies.google.com/privacy

12. Social Media Plugins (Shariff solution)

We use social buttons from social networks with the "Shariff" solution. This serves to protect our legitimate interests in optimal marketing (Art. 6 (1) (f) GDPR) without unnecessary data transfer. A connection to the respective network is only established when you actively click on a button (Facebook, Instagram, Pinterest, X, Xing, WhatsApp, LinkedIn). For the purpose and scope of data collection, please refer to the providers' privacy policies:

• Facebook: https://www.facebook.com/policy.php
• Instagram: https://help.instagram.com/155833707900388
• Pinterest: https://about.pinterest.com/de/privacy-policy
• X (Twitter): https://twitter.com/de/privacy
• Xing: https://privacy.xing.com/de/datenschutzerklaerung
• WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea
• LinkedIn: https://www.linkedin.com/legal/privacy-policy

13. Embedded Videos

YouTube Video Plugins: We embed videos from YouTube (provider: Google Ireland Limited) in "extended data protection mode." Data (IP address, visited page, etc.) is only transferred to Google when the video is played. This only occurs with your consent in accordance with Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR via our consent management tool or by clicking on the video. Data is transferred to the USA to Google LLC (EU-US Data Privacy Framework certified). Revocation via consent management tool. Further information: https://policies.google.com/privacy

14. Online presence in social media

We maintain online presences on Facebook, Instagram, Pinterest, X (Twitter), Xing, and LinkedIn to communicate with customers and interested parties. The operators' guidelines apply when accessing these sites. When communicating with you, we process your data based on Art. 6 (1) (b) (request processing) or (f) (effective communication) GDPR. For data transfers by platform providers (e.g., Meta Platforms Inc., USA), their specifications (DPF, SCCs) apply.

15. Search engine tools

Bing Search Console: We use the Bing Search Console from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to monitor and optimize the performance of our website in the Bing search engine. Aggregated performance data from our website may be transmitted to Microsoft. This serves our legitimate interest in improving our visibility and functionality (Art. 6 (1) (f) GDPR). Data may be transferred to the USA (Microsoft is certified under the EU-US Data Privacy Framework). Further information: https://privacy.microsoft.com/de-de/privacystatement

16. Data security

We take appropriate technical and organizational measures (TOMs) in accordance with legal requirements to ensure a level of protection appropriate to the risk. Shopify, our hosting provider, also takes extensive security measures.

17. Your rights as a data subject

• in accordance with Art. 15 GDPR, information about your data processed by us;
• in accordance with Art. 16 GDPR, correction of incorrect or incomplete data;
• according to Art. 17 GDPR deletion of your data under certain conditions;
• pursuant to Art. 18 GDPR, restriction of the processing of your data under certain conditions;
• according to Art. 20 GDPR data portability;
• according to Art. 7 Para. 3 GDPR, revocation of your consent once given;
• pursuant to Art. 77 GDPR, lodge a complaint with a supervisory authority (responsible for us: the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, or the authority of your usual place of residence/work).

18. Right of objection

If we process data on the basis of Art. 6 (1) (f) GDPR (legitimate interests), you can object to this processing with future effect. If data is processed for direct marketing purposes, you can object at any time. Otherwise, you only have the right to object if there are reasons related to your particular situation. After you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds or the processing serves to assert, exercise, or defend legal claims. This does not apply to direct marketing; in this case, no further processing takes place.

19. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to reflect current legal requirements or changes to our services. The new privacy policy will then apply to your next visit.

20. WhatsApp Newsletter

We use the KEAZ app to send you automated WhatsApp messages related to your order. For this purpose, your name, phone number, and order number will be transmitted to the operator of the KEAZ app, Pocket Agency GmbH. This data is required to enable communication via WhatsApp. If you provide your phone number, you will automatically receive a message about your order status. Further information on data protection and the detailed privacy policy can be found at the following link: www.keaz.app