Skip to content

Cart

Your cart is empty

Privacy policy

1. Introduction

This website is operated by: Jan-Willem van den Bosch, One House.

It is very important to us to treat the data of our website visitors with confidentiality and to protect it as best as possible. For this reason, we make every effort to comply with the requirements of the GDPR.

Below, we explain how we process your data on our website. We use clear and transparent language so that you really understand what happens to your data.

2. General

2.1 Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means any data that can be used to identify you personally. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when “something happens to it.” Here, for example, the IP address is transmitted from the browser to our provider and automatically stored there. This is then considered processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable regulations/laws – GDPR, BDSG, and TDDDG

The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TDDDG supplements the provisions of the GDPR with regard to the use of cookies.

2.3 The controller

The controller is responsible for data processing on this website within the meaning of the GDPR. This is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

You can contact the controller at:

One House

Pestalozzistrasse 40A, 80469 Munich

info@onehouse.de

2.4 How data is processed on this website

As we have already stated, there is data (e.g., IP address) that is collected automatically. This data is primarily required for the technical provision of the website. If we use personal data beyond this or collect other data, we will inform you of this or ask for your consent.

You provide other personal data to us consciously.

You can find detailed information on this below.

2.5 Your rights

The GDPR grants you comprehensive rights. These include, for example, the right to obtain information free of charge about the origin, recipient, and purpose of your stored personal data. You can also request the correction, blocking, or deletion of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.

You can find details of these rights and how to exercise them in the last section of this privacy policy.

2.6 Data protection – our view

Data protection is more than just a chore for us! Personal data is extremely valuable, and careful handling of this data should be a matter of course in our digitalized world. Furthermore, as a visitor to our website, you should be able to decide for yourself what happens to your data, when, and by whom. We therefore undertake to comply with all legal provisions, collect only the data that is necessary for us, and treat it as confidential.

2.7 Disclosure and deletion

The transfer and deletion of data are also important and sensitive issues. We would therefore like to inform you in advance about our general approach to this.

Data will only be transferred on a legal basis and only if this is unavoidable. This may be the case in particular if a so-called processor is involved and a processing agreement has been concluded in accordance with Art. 28 GDPR.

We will delete your data when the purpose and legal basis for processing no longer apply and there are no other legal obligations preventing deletion. Art. 17 GDPR also provides a 'good' overview of this.

Please refer to this privacy policy for further information and contact the controller if you have any specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes automatically collected and stored log files (see below for more details) as well as all other data provided by website visitors.

External hosting is carried out for the purpose of providing our website in a secure, fast, and reliable manner and, in this context, serves to fulfill our contractual obligations toward our potential and existing customers.

The legal basis for processing is Art. 6 (1) lit. a, b, and f GDPR, as well as § 25 (1) TDDDG, insofar as consent includes the storage of cookies or access to information on the website visitor's or user's end device within the meaning of the TDDDG.

Our host only processes data that is necessary to fulfill its performance obligations and acts as our processor, which means that it is subject to our instructions. We have concluded a corresponding contract for order processing with our host.

We use the following host:

Shopify

Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

https://www.shopify.com/legal/privacy.

2.9 Legal basis

The processing of personal data always requires a legal basis. The GDPR provides the following options in Art. 6 (1) sentence 1:

a) The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for each type of processing.

3. What happens on our website

When you visit our website, we process personal data about you.

In order to protect this data as best as possible against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the https:// or a lock symbol in the address bar of your browser.

Below you will find information about what data is collected when you visit our website, for what purpose this is done, and on what legal basis.

3.1 Data collection when you visit the website

When you visit the website, information is automatically stored in so-called server log files. This information includes:

• Browser type and browser version

• Operating system

• Referrer URL

• Host name of the accessing computer

• Time of the server request

• IP

This data is required temporarily in order to display our website permanently and without problems. In particular, this data is used for the following purposes:

• System security of the website

• System stability of the website

• Troubleshooting on the website

• Establishing a connection to the website

• Display of the website

Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in processing this data, in particular our interest in the functionality and security of the website.

This data is pseudonymized wherever possible and deleted once the respective purpose has been fulfilled.

Insofar as the server log files enable the identification of the data subject, the data will be stored for a maximum period of 14 days. An exception to this is when a security-related event occurs. In this case, the server log files will be stored until the security-related event has been eliminated and finally clarified.

Otherwise, no merging with other data takes place.

3.2 Cookies

3.2.1 General

This website uses cookies. These are data sets, pieces of information that are stored in the browser of your device and are related to our website.

Cookies make it easier for visitors to navigate the website.

In our cookie consent tool, you will find all information about the cookies we use on our website (with your consent, where applicable).

3.2.2 Rejecting cookies

You can manage all cookies that are not technically necessary directly via our cookie consent tool.

You can prevent cookies from being set by adjusting your browser settings.

Here you will find the corresponding links to frequently used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=de

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac. If you use a different browser, we recommend entering the name of your browser and “delete and manage cookies” in a search engine and following the official link to your browser.

Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.

However, we must point out that blocking/deleting cookies may impair the use of the website.

3.2.3 Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c and/or f GDPR.

3.2.4 Technically unnecessary cookies

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of website visitors or to offer website functions that are not technically necessary.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Cookies that are not technically necessary are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3 Data processing through user input

3.3.1 Own data collection

We offer the following (service) on our website: Consulting, sales, chat, .

For this purpose, we collect the following data:

Name

Email address

Address

Phone

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose no longer applies and it is possible to do so in accordance with legal requirements.

3.3.2 Reviews

On our website, we offer the option of writing and submitting a review. This can then be published on our website.

The data provided by the user when submitting the review will be processed.

This includes, in particular, the name, contact details (if applicable), and the content of the review.

The legal basis for data processing is consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.

If the review is published, the name and content may be made available to the public.

3.3.3 Contact

a) Email

If you contact us by email, we will process your email address and any other data contained in the email. These will be stored on the mail server and, in some cases, on the respective end devices. Depending on the request, the legal basis for this is generally Art. 6 (1) lit. f GDPR or Art. 6 (1) lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible to do so in accordance with legal requirements.

b) Telephone

If you contact us by telephone, the call data may be stored in pseudonymized form on the respective end device and by the telecommunications provider used. Personal data collected during the telephone call will only be processed to handle your request. Depending on the nature of your request, the legal basis for this is generally Art. 6 (1) lit. f GDPR or Art. 6 (1) lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible to do so in accordance with legal requirements.

c) Contact form

We offer a contact form. This is used to contact our company.

In this form, we usually process your first and last name, your telephone number, your email address, a postal address, and the content of the message. The data is stored on our web server and forwarded internally to the relevant email addresses.

The legal basis for data processing is Art. 6 (1) lit. f GDPR, as we have a legitimate interest in responding to your request and in providing you with an easy way to contact us. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR.

We delete this data no later than 3 months after receipt, unless it is required for an existing contractual relationship.

We integrate the contact form from

Shopify

Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

https://www.shopify.com/legal/privacy

on our website.

d) Chat

e) Missive Live Chat

https://missiveapp.com/

f) WhatsApp Business

The WhatsApp Business service, operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is used on this website. WhatsApp Business enables communication via the WhatsApp platform to process inquiries and messages. In doing so, personal data such as phone numbers, message content, metadata (e.g., timestamps, IP addresses), and technical information about the devices used are processed. The purpose of data processing is to process and respond to inquiries made via WhatsApp and to improve customer service. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfillment of (pre-)contractual obligations, as well as Art. 6 para. 1 lit. f GDPR based on the legitimate interest in efficient communication with customers and interested parties. WhatsApp Business does not use cookies to provide the communication function. Data may be transferred to third countries, in particular to the USA. An adequate level of data protection is ensured by the Standard Contractual Clauses (SCC) of the EU Commission. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected or deletion is requested. Statutory retention periods remain unaffected. Further information on data processing can be found here: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

g) Appointment scheduling tool

Calendly

In order to enable you to schedule an appointment with us, we integrate the functions of Calendly on our website. This service is provided by Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA.

The data requested for this purpose is used for planning, executing, and following up on the appointment and is stored on Calendly's servers.

Calendly uses cookies to collect and store data on our website. These cookies are only set with your consent. You can revoke and manage your consent at any time in our cookie consent tool. The legal basis for this is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's end device or the storage of cookies within the meaning of the TDDDG.

In addition, the legal basis for the use of Calendly is Art. 6 (1) lit. f GDPR, as we have a legitimate interest in communicating directly with customers, potential customers, and other interested parties and in processing inquiries immediately and as quickly as possible.

The data will be stored until the data subject requests deletion, revokes consent to storage, or the purpose for storage no longer applies. Mandatory legal provisions regarding retention periods remain unaffected.

When transferring data to the US, the Standard Contractual Clauses (SCC) of the EU Commission apply.

You can find more information here:

https://calendly.com/de/pages/privacy

https://calendly.com/pages/dpa.

3.4 Cookie consent tool

3.4.1 Shopify

To ensure that only cookies for which there is a legal basis are set on our website, we use the consent management tool from Shopify. This is a service provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

We use Shopify to obtain the consent of the website visitor to store certain cookies in their browser or to use certain technologies and to document this in accordance with data protection regulations.

When this website is accessed, the consent given or withdrawn by the website visitor is stored in the website visitor's browser. For this purpose, a connection to Shopify's servers is established.

The legal basis is Art. 6 para. 1 lit. c GDPR. Shopify is used to obtain the legally required consent for the use of cookies.

The data collected will be stored until the website visitor requests deletion, Shopify deletes it, or the purpose for storing the data no longer applies. This does not affect the mandatory statutory retention periods.

Further information:

https://www.shopify.de/legal/datenschutz.

3.5 Website construction kit system

3.5.1 Shopify

We use Shopify to create our website. This is a service provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

This service enables us to display our online shop.

Shopify uses cookies for security purposes during browsing, to prevent cross-site request forgery (session cookies), and to ensure secure transactions.

The service is technically necessary to display our website. The legal basis for processing is Art. 6 para. 1 lit. f GDPR.

We have entered into a data processing agreement with Shopify. The data collected on our website is processed on Shopify's servers. If the data is transferred to Shopify Inc. in Canada, the adequacy decision of the EU Commission applies. If the data is transferred to Shopify Inc. in the USA, the standard contractual clauses apply.

Further information:

https://www.shopify.de/legal/datenschutz.

3.6 Newsletter

3.6.1 Klaviyo

We use Klaviyo to provide our newsletter. This service is offered by Klaviyo, Inc., 125 Summer Street, Boston MA, 02111, USA.

This service allows the sending of newsletters to be organized and analyzed. The data entered to receive the newsletter is stored on the service's servers.

With the help of Klaviyo, interactions with the newsletter can be analyzed. In addition, conversion rates can be determined and newsletter users can be categorized in order to tailor the newsletter to different target groups.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time by unsubscribing from the newsletter. The legality of any processing already carried out remains unaffected by any revocation. 

We also use additional email services from Klaviyo to fulfill our contractual obligations and for customer management. The legal basis for this is Art. 6 (1) lit. b GDPR.

The data will be deleted between us and Klaviyo at the end of the contract, unless the website visitor revokes their consent beforehand. If this is the case, the data will be deleted from the distribution list.

When data is transferred to the US, the Standard Contractual Clauses (SCC) of the EU Commission apply. This contract text can be viewed here: https://www.klaviyo.com/privacy/dpa.

Further details:

https://www.klaviyo.com/legal/privacy/privacy-notice.

3.7 Analysis and tracking tools

3.7.1 Google Analytics

We use Google Analytics on this website. Google Analytics is a web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies to recognize the user and thus analyze their usage behavior. These cookies are only set with consent. Consent can be revoked at any time and managed in our cookie consent tool.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

The information collected here is usually transferred to a Google server in the USA and stored there. On July 10, 2023, the European Commission adopted an adequacy decision for the USA. Google LLC is certified under the EU-US Privacy Framework. However, since Google's servers are located worldwide and data transfer to third countries (e.g., Singapore) cannot be ruled out, the Standard Contractual Clauses (SCC) of the EU Commission apply.

IP anonymization is enabled through the use of Google Analytics. The IP address of the respective user is shortened within the member states of the EU (or the European Economic Area) on servers within the EU in such a way that it can no longer be traced back to a natural person. In addition, Google undertakes to provide adequate data protection via the Google Ads data processing terms and conditions, evaluates website usage and website activity, and provides the services associated with usage. The Google Ads data processing terms apply to companies that are subject to the EU General Data Protection Regulation (GDPR) of the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) or similar regulations.

An additional browser plugin can prevent the collected information (such as the IP address) from being sent to Google and used by Google. The plugin and further information can be found at https://tools.google.com/dlpage/gaoptout?hl=de.

Otherwise, the storage period depends on the type of data processed. Each customer can choose how long Google Analytics stores data before it is automatically deleted. The maximum lifetime of a Google Analytics cookie is two years.

Further information on data use by Google can also be found at https://support.google.com/analytics/answer/6004245?hl=de. If you have any further questions, you can also contact support-deutschland@google.com directly.

3.7.2 YouTube

We embed YouTube videos on this website. YouTube is an online video platform. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As soon as you start a video on our website, a connection to YouTube's servers is established. After a video is started, YouTube may place cookies on the website visitor's device to store settings and preferences and subsequently display personalized advertising. The information obtained in this way is also used for video statistics, to improve user-friendliness, and to prevent fraud attempts.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's device or the storage of cookies within the meaning of the TDDDG. This consent can be revoked at any time.

Further information:

https://policies.google.com/privacy?hl=de.

3.7.3 Google Conversion Tracking

This website uses Google Conversion Tracking. Google Conversion Tracking is a web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking uses cookies for identification purposes. We learn the number of users and what actions were taken on the website by the website visitors.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

The data will be deleted as soon as it is no longer required for processing purposes.

Further details:

https://policies.google.com/privacy?hl=de.

3.7.4 Google Ads Remarketing

We use Google Ads Remarketing on this website. Google Ads Remarketing is a web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing uses cookies for the following purpose: Website visitors can be assigned to a specific target group and provided with personalized advertising accordingly.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Further details:

https://www.google.com/settings/ads/onweb/

https://policies.google.com/technologies/ads?hl=de.

3.7.5 Google Tag Manager

We use Google Tag Manager on this website. Google Tag Manager is a web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager does not store cookies and does not analyze data independently. It is used solely to manage the tools integrated through it. However, the IP address of the website visitor is collected and may be transferred to Google's parent company in the USA.

The legal basis for processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in integrating and managing various tools on our website in an uncomplicated manner.

Further details:

https://policies.google.com/privacy?hl=en.

3.7.6 Google Ads

We use Google Ads on this website. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The service enables us to link advertisements in the Google search engine to specific keywords and to display targeted advertisements based on existing user data. Cookies are used for conversion tracking.

The legal basis for processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

When data is transferred to the US, the Standard Contractual Clauses (SCC) of the EU Commission apply.

Further details:

https://privacy.google.com/businesses/controllerterms/mccs/.

3.7.7 Google AdSense

We use Google AdSense on this website. Google AdSense is a service that integrates advertisements into a website. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When selecting advertisements, so-called “contextual information” (e.g., location, content of the website) is used in non-personalized mode. Google AdSense uses cookies to prevent fraud and abuse.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

When data is transferred to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

Further details:

https://privacy.google.com/businesses/controllerterms/mccs/

https://adssettings.google.com/authenticated

https://policies.google.com/technologies/ads

https://www.google.de/intl/de/policies/privacy/.

3.7.8 Meta Pixel

We use Meta Pixel on this website. Meta Pixel is a conversion tracking tool. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Meta Pixel enables us to track the behavior of website visitors after they have been redirected to the website via a Facebook advertisement.

Meta Pixel uses cookies for its own advertising purposes. The data is stored and processed by Facebook so that a connection to the respective user profile can be established.

The data collected is also transferred to the US and other third countries.

The Standard Contractual Clauses (SCC) of the EU Commission apply to data transfers to the USA.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

If personal data is collected on this website using Meta Pixel and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for data processing in accordance with Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of data to Facebook. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum.

We are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant integration of the tool on the corresponding website. Facebook, on the other hand, is responsible for the data security of its products. It follows that data subjects' rights regarding the data processed by Facebook must be asserted directly with Facebook.

Further details:

https://de-de.facebook.com/about/privacy/

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_scrnen

http://www.youronlinechoices.com/de/praferenzmanagement/

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381.

3.7.9 Clarity

We use Clarity on this website. Clarity is a web analytics service. This service is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Clarity enables us to analyze user behavior on our website. For this purpose, graphical representations of mouse movements (heat maps) are created. Videos documenting page usage may also be recorded.

Clarity uses cookies to recognize website visitors and analyze user behavior. These cookies are only set with consent. Consent can be revoked at any time.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's terminal device or the storage of cookies within the meaning of the TDDDG.

The information collected is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

The Standard Contractual Clauses (SCC) of the EU Commission apply to data transfers to the USA.

https://docs.microsoft.com/en-us/clarity/faq.

For more information on data processing by Microsoft, please visit: https://privacy.microsoft.com/de-de/privacystatement.

3.7.10 Facebook Conversion API

We use Facebook Conversion API on this website. Facebook Conversion API is a web analytics service. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

With the help of Facebook Conversion API, we can track the interaction of the website visitor with the website and transmit it to Facebook in order to optimize advertising performance on Facebook.

The data collected is also transferred to the US and other third countries.

When data is transferred to the US, the Standard Contractual Clauses (SCC) of the EU Commission apply.

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

If personal data is collected on this website using Meta Pixel and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for data processing in accordance with Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of data to Facebook. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum.

We are responsible for providing data protection information when using the Facebook tool and for ensuring that the tool is integrated into the website in a manner that complies with data protection regulations. Facebook, on the other hand, is responsible for the data security of its products. This means that data subjects must exercise their rights regarding the data processed by Facebook directly with Facebook.

Further details:

https://de-de.facebook.com/about/privacy/.

3.7.11 Facebook Custom Audiences

We use Facebook Custom Audiences on this website. Facebook Custom Audiences is a web analytics service. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When using the online offer, personal data of the website visitor(s) is collected. If the website visitor has given us consent to use Facebook Custom Audiences, this data will be transmitted to Facebook in order to display appropriate advertising to the website visitor and to define target groups.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

When data is transferred to the USA, the Standard Contractual Clauses (SCC) of the EU Commission apply.

https://www.facebook.com/legal/terms/customaudience

https://www.facebook.com/legal/terms/dataprocessing.

3.7.12 Pinterest Tag

We use Pinterest Tag on this website. Pinterest Tag is a web analytics service. This service is provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Pinterest Tag can be used to track interactions on a website. This data can then be used to display interest-based advertising to the website visitor on other websites in the Pinterest Tag advertising network.

Pinterest Tag uses cookies to recognize the website visitor and analyze user behavior.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's terminal device or the storage of cookies within the meaning of the TDDDG.

The data collected is also transferred to the USA and other third countries. When data is transferred to the USA, the Standard Contractual Clauses (SCC) of the EU Commission apply.

Further information:

https://policy.pinterest.com/de/privacy-policy

https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.

3.7.13 Shopify Analytics

We integrate the functions of Shopify Analytics on our website. This service is provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Shopify Analytics provides comprehensive insights into the business performance of an online store by analyzing and visualizing data such as sales reports, customer behavior, marketing campaigns, and inventory levels.

For this purpose, Shopify Analytics collects two bytes of the IP address of the website visitor's system, the website visited, the website from which the website visitor arrived at the visited website (referrer), the subpages visited from the visited website, the length of time spent on the website, and the frequency with which the website is accessed. Shopify Analytics may set cookies. The legal basis for processing is then Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's end device or the storage of cookies within the meaning of the TDDDG. In all other respects, the legal basis for processing is Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing our website. Further information: https://www.shopify.com/de/legal/privacy/app-users.

3.7.14 Calendly

We use the Calendly service for analysis and tracking purposes. This service is provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA. Calendly enables us to analyze usage data and interactions on our website in order to improve the user experience and optimize the performance of our services.

The data processed in this context includes technical information such as IP addresses, browser types, operating systems, error logs, and usage data. This data is used to improve the stability and performance of our web applications and to identify and fix technical problems. The service in question stores the data on servers worldwide, including the US, and may set cookies for data collection and storage. These cookies are only set with your consent. This consent can be revoked at any time. The legal basis for the use of cookies is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's end device or the storage of cookies within the meaning of the TDDDG.

The legal basis for the processing of the collected data is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in using this tool to optimize our website and to integrate analysis and tracking functionalities.

The data will be stored until the data subject requests deletion, revokes consent to storage, or the purpose for storage no longer applies. Mandatory legal provisions regarding retention periods remain unaffected.

When data is transferred to the US, the Standard Contractual Clauses (SCC) of the EU Commission apply.

Further information:

https://calendly.com/legal/privacy-notice.

3.7.15 Google Search Console

We integrate the Google Search Console service, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, into our website. Google Search Console is a service that enables us to monitor the indexing status of our website and optimize its visibility in Google search results.

Various data is processed, including information about website performance, clicks, visits, and technical errors that occur on the website. The purpose of data processing is to improve search engine optimization (SEO), analyze the technical performance of the website, and fix errors.

The legal basis for data processing is Art. 6 (1) lit. f GDPR, as we have a legitimate interest in optimizing our website in search results and ensuring its functionality.

Google Search Console does not set any cookies on our website. However, data may be transferred to third countries, in particular to the USA, as Google operates servers worldwide. The standard contractual clauses (SCCs) of the EU Commission are used to ensure an adequate level of data protection.

The data is stored for as long as it is necessary for the respective processing purpose or until the user requests deletion.

Further information on data processing can be found at: https://policies.google.com/privacy.

3.7.16 Google Merchant

We use Google Merchant, a service for managing and optimizing product data for online commerce, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Merchant processes personal data such as product information, technical data about website usage, IP addresses, and tracking data that may be collected through linked tools such as Google Analytics. The purpose of data processing is to provide and optimize product ads and improve user experiences through precise data analysis and targeted marketing strategies. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR, insofar as consent for analysis or marketing measures has been obtained, as well as Art. 6 (1) lit. f GDPR, based on our legitimate interest in optimizing our marketing measures. Google Merchant sets cookies, in particular analysis and tracking cookies, to collect data about user experiences and website interactions. These cookies are only set with consent. The legal basis for this is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Data is transferred to the USA. This is done using standard contractual clauses (SCC) of the EU Commission, which are intended to ensure an adequate level of data protection. Data is stored until the purpose for which it was processed no longer applies, the data subject requests its deletion, or statutory retention periods expire. Further information on data processing can be found here: https://policies.google.com/privacy.

3.7.17 Klaviyo

We use services provided by Klaviyo, a marketing and analytics provider operated by Klaviyo Inc., 125 Summer Street, Boston, MA 02110, USA, on our website.

Klaviyo enables the creation and analysis of email marketing campaigns and the evaluation of user behavior for the optimization of marketing measures.

Personal data such as email address, IP address, device and browser information, location data, usage behavior, opening and click rates, and other tracking data are processed.

The purpose of the processing is to target specific user groups, carry out marketing campaigns, and analyze the success of these measures.

The legal basis for processing is Art. 6 (1) lit. a GDPR, based on consent to the use of cookies and similar technologies in accordance with § 25 (1) TDDDG.

Klaviyo uses cookies and similar technologies to analyze user behavior on the website and in connection with email campaigns. These cookies are only used with prior consent.

Personal data is transferred to the USA. Klaviyo implements appropriate safeguards in accordance with Art. 46 GDPR, in particular by concluding standard contractual clauses.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected or statutory retention periods have expired.

Further information on data processing by Klaviyo can be found at: https://www.klaviyo.com/legal/privacy.

3.8 Social media plugins

3.8.1 Facebook

Elements of the social network Facebook are integrated into this website. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the Facebook servers and their IP address is transmitted to Facebook. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

If personal data is collected on this website with the help of Facebook and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland, are jointly responsible for data processing in accordance with Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of data to Facebook. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum. We are responsible for providing data protection information when using the Facebook tool and for ensuring that the tool is integrated into the relevant website in a manner that complies with data protection laws. Facebook, on the other hand, is responsible for the data security of its products. This means that data subjects must exercise their rights regarding the data processed by Facebook directly with Facebook.

When data is transferred to the US, the Standard Contractual Clauses (SCC) of the EU Commission apply.

Further information:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381

https://www.facebook.com/policy.php

https://de-de.facebook.com/privacy/explanation.

3.8.2 Instagram

Elements of the social network Instagram are integrated into this website. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the Instagram servers and their IP address is transmitted to Instagram. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. As the website operator, we have no knowledge of the content of the data transmitted.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

If personal data is collected on this website with the help of Facebook or Instagram and forwarded to Meta, the website operator and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for data processing in accordance with Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of data to Facebook or Instagram. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum.

The website operator is responsible for providing data protection information when using the Instagram tool and for ensuring that the tool is integrated into the website in a manner that complies with data protection regulations. Facebook and Instagram, on the other hand, are responsible for the data security of their products. This means that data subjects must exercise their rights regarding the data processed by Facebook and Instagram directly with Facebook and Instagram.

When data is transferred to the US, the Standard Contractual Clauses (SCC) of the EU Commission apply.

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381

https://www.facebook.com/policy.php

https://instagram.com/about/legal/privacy/.

3.8.3 LinkedIn

Elements of the LinkedIn social network are integrated into this website. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the LinkedIn servers and their IP address is transmitted to LinkedIn. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. The website operator does not gain any knowledge of the content of the transmitted data.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

The Standard Contractual Clauses (SCC) of the EU Commission apply to data transfers to the USA.

https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de.

Further information:

https://www.linkedin.com/legal/privacy-policy.

3.8.4 Pinterest

Elements of the social network Pinterest are integrated into this website. This service is provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the Pinterest servers in the USA, and their IP address, browser type and settings, date and time of the request, and cookies are transmitted to Pinterest. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. The website operator does not gain any knowledge of the content of the data transmitted.

The legal basis for the processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Further details:

https://policy.pinterest.com/de/privacy-policy.

3.8.5 TikTok

Elements of the social network TikTok are integrated into this website. This service is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

If the social media element is activated, a direct connection between the website visitor and the TikTok servers is established and their IP address is transmitted to TikTok. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. The website operator does not gain any knowledge of the content of the transmitted data.

The legal basis for the processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

When data is transferred to the US, the standard contractual clauses (SCC) of the EU Commission apply.

Further information:

https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE?tid=331689749201

https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

3.8.6 WhatsApp channels

We link to our WhatsApp channel on our website. This service is provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. WhatsApp channels allow information and relevant messages to be sent directly to WhatsApp by subscribing to channels from people and organizations. When you subscribe to a channel, messages are sent in the form of text messages, links to information, images, or videos. Channels are public, which means that anyone can find, follow, and view them. Because channels are public and the number of users is unlimited, channel status messages are visible to everyone and to WhatsApp. This also means that channel status messages are among the information that WhatsApp collects and uses to improve the security and integrity of the channels. WhatsApp collects information from users, such as their reactions, their choice of language, and the channels they follow. The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time. Further details: https://www.whatsapp.com/legal/channels-privacy-policy-eea?lang=de_DE.

3.9 Social media profiles

In addition to our website, our company is also present on social networks. Here, we want to present our company and create the opportunity to get in touch with us.

We also use social media to place advertisements and job advertisements.

Below, we provide information about what data we and the respective social network process when you visit and interact with our profile.

3.9.1 LinkedIn

We operate a LinkedIn profile at https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

a) Interaction with our company profile

When you visit our LinkedIn profile and interact with us through it, we process personal data. On the one hand, this includes the data made publicly available on the profile. On the other hand, we also process personal data contained in posts, comments, or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 (1) lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our LinkedIn profile.

Insofar as a request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

b) Page Insights

LinkedIn provides us with summarized statistics and insights (so-called Page Insights) that tell us how people interact with our company page. Among other things, we receive information about the number of profiles that view, comment on, or otherwise interact with our posts, as well as aggregated demographic and other information that helps us learn about the interaction with our page or LinkedIn profile. Page Insights provided to us by LinkedIn consist of aggregated data, whereby LinkedIn does not provide us with any personal data of members in relation to Page Insights. We also have no way of linking Page Insights to individual members.

When placing advertisements, LinkedIn provides us with information about the types of people who see our ads and the success of our ads. Personal data is only passed on to us if the person has consented to such processing. We also receive information from LinkedIn that allows us to understand which of our ads led to a purchase or action being taken.

The processing of this data serves the purpose of analyzing our reach and adapting our content and ads to user interests. By evaluating this data, we can see how our content, profile, and advertising are consumed. This enables us to create content tailored to specific target groups and place ads to better market our company and services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of so-called Page Insights, the processing is carried out in joint responsibility with LinkedIn in accordance with Art. 26 para. 1 GDPR.

We have entered into a corresponding agreement with LinkedIn, which can be viewed here (https://legal.linkedin.com/pages-joint-controller-addendum).

The contact details for LinkedIn are as follows:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

You can contact LinkedIn's data protection officer at the following link:

https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

3.9.2 Processing by LinkedIn

In connection with your visit to our company profile, LinkedIn may also process additional personal data. In this case, the processing is carried out under the sole responsibility of LinkedIn and without our knowledge. You can find more information from LinkedIn on this at:

https://de.linkedin.com/legal/privacy-policy.

3.9.3 Facebook

We operate a Facebook fan page at https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

a) Interaction with our company profile

When you visit our Facebook profile and interact with us via this channel, we process personal data. This includes the data that is publicly available on the profile, as well as personal data contained in posts, comments, or direct messages sent to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 (1) lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Facebook profile.

Insofar as a request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 (1) lit. b GDPR.

b) Page Insights

As explained in the Meta Privacy Policy under “How do we use your information?”, Meta also collects and uses information to provide analytics services, known as Page Insights, to website operators. This also applies to our Facebook page.

Page Insights are aggregated statistics that are created based on certain interactions of visitors with pages and the content associated with them (e.g., viewing a page or video, subscribing to a page, marking a page with “Like” or “Dislike,” etc.) and logged by Meta servers.

Meta provides us with summarized statistics and insights in connection with Page Insights that tell us how people interact with our company page. We do not have access to personal data, only to the summarized Page Insights. With the help of Page Insights, we can view anonymous statistics, e.g., the reach of our account, page views, likes, etc. These also include evaluations based on the age, gender, and location of users (as specified by them in their respective Facebook profiles). To evaluate the reach, we can adjust settings or apply filters to select a time period, view a specific post, and view demographic groups. This data is anonymized. We cannot draw any conclusions about specific individuals.

The processing of this data serves the purpose of analyzing our reach and adapting our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. Based on the evaluation of this data, we can see how our content, profile, and advertising are consumed. This enables us to create target group-specific content and place advertisements in order to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of so-called page insights, this is done in joint responsibility with Facebook in accordance with Art. 26 para. 1 GDPR.

We have entered into a corresponding agreement with Facebook, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum).

Facebook's contact details are as follows:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal address: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

You can contact Facebook's data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about page insights:

https://de-de.facebook.com/legal/terms/page_cntroller_addendum

c) Processing of personal data and cookies by Meta

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses). Facebook also stores information about its users' devices (e.g., as part of the “login notification” feature); this may enable Facebook to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to recognize that you have visited this site and how you have used it. Facebook buttons embedded in websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to tailor content or advertising to you.

Information on how personal data can be managed or deleted can be found in Facebook's Privacy Center:

https://www.facebook.com/privacy/center/.

Further information on how Facebook handles data can be found here:

http://de-de.facebook.com/about/privacy.

3.9.4 Instagram

We operate an Instagram profile. This social media platform is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

a) Interaction with our company profile

When you visit our Instagram profile and interact with us via this platform, we process personal data. This includes the data that is publicly available on the profile, as well as personal data contained in posts, comments, or direct messages sent to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 (1) lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile.

Insofar as a request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 (1) lit. b GDPR.

b) Insights

As explained in the Meta Privacy Policy under “How do we use your information?” (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as Insights, to website operators. This also applies to our Instagram profile.

Insights are aggregated statistics that are created based on certain interactions of visitors with pages and the content associated with them and are logged by Meta servers. This includes the following information, among other things

• How many people see our products, services, or content, such as posts, videos, Instagram pages, listings, shops, and advertisements (if the advertising is shown on Meta products), and interact with them;

• How people interact with our content, websites, apps, and services;

• Which group of people interacts with our content or which group of people uses our services.

Meta provides us with summary reports and insights that tell us how well our content, features, products, and services are performing.

We do not have access to personal data, only to the summary reports.

To evaluate the reach, we can adjust settings or apply filters to select a time period, view a specific post, or view demographic groups. This data is anonymized. We cannot draw any conclusions about specific individuals.

This data is processed for the purpose of analyzing our reach and tailoring our content and ads to user interests so that visitors can get the most out of them. By evaluating this data, we can see how our content, profile, and advertising are being consumed. This enables us to create content tailored to specific target groups and place advertisements to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of so-called insights, the processing is carried out in joint responsibility with Meta in accordance with Art. 26 (1) GDPR.

We have entered into a corresponding agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum.).

Meta's contact details are as follows:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal address: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Instagram, you can contact the data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about Insights:

https://de-de.facebook.com/help/pages/insights.

You can find Instagram's complete privacy policy here:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta

When you access an Instagram page, the IP address assigned to your device is transmitted to Meta. According to Meta, this IP address is anonymized (for “German” IP addresses). Meta also stores information about its users' devices (e.g., as part of the “login notification” feature); this may enable Meta to assign IP addresses to individual users. If you are currently logged in to Instagram, a cookie containing your Instagram ID is stored on your device. This enables Meta to track that you have visited this page and how you have used it. Meta can use Meta buttons embedded in websites to track your visits to these websites and link them to your Instagram profile. This data can be used to tailor content or advertising to you.

Further information:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

3.9.5 Pinterest

We operate a Pinterest profile. Pinterest is provided by Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street Dublin 2 Ireland.

a) Joint responsibility

We are jointly responsible for our profile with Pinterest. The underlying joint controller agreement can be viewed here: https://business.pinterest.com/de/pinterest-advertising-services-agreement/rest-of-apac/.

Pinterest's data protection officer can be contacted here: https://help.pinterest.com/de/data-protection-officer-contact-form.

b) Data processing by Pinterest

When you visit our Pinterest page, Pinterest collects, among other things, log data that your browser automatically transmits when you visit the website (e.g., IP address, search history, browser type and settings, date and time of the request, etc.). Device information is also processed by Pinterest (e.g., device type, operating system).

For more information, please visit:

https://policy.pinterest.com/de/technical-information-we-collect-when-you-use-our-service and

https://policy.pinterest.com/de/privacy-policy.

Pinterest may also set cookies. Some of the data processed in this way is assigned to the user's account.

Further information can be found at:

https://policy.pinterest.com/de/cookies.

c) Data processing by us

When Pinterest users communicate with us via our Pinterest profile, we receive the respective message from the user (including their Pinterest username).

We also process the comments published by users.

Our data processing serves the purpose of presenting our published content on Pinterest and communicating with users.

The legal basis for this is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in presenting relevant information to interested users and communicating about it.

Our Pinterest profile provides us with the “Pinterest Analytics” function, which allows us to view statistical evaluations.

The data we receive from Pinterest in this context is merely anonymous statistics about visitors to our Pinterest profile. These statistics are not personal and do not allow any conclusions to be drawn about individual users.

d) Transfer of data

When we receive messages from users, we do not forward the content of these messages to other recipients.

Information about the transfer of data to third parties by Pinterest can be found here:

https://policy.pinterest.com/de/privacy-policy and https://help.pinterest.com/de/article/ads-performance-reporting.

e) Storage period

In connection with our Pinterest profile, we only store messages that we receive when Pinterest users communicate with us via our Pinterest profile. We delete these messages at the latest after the expiry of the statutory retention period.

The respective storage period by Pinterest is described in their data policy at https://policy.pinterest.com/de/privacy-policy.

3.9.6 TikTok

We operate a TikTok channel. TikTok is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter “TikTok Ireland”). Our TikTok channel allows us to present ourselves to TikTok users and to interact with them.

a) Interactions with our TikTok channel

Users can interact with our TikTok channel via their TikTok account, for example by liking or commenting on our posts. In doing so, we process the associated data, such as the user name and profile picture.

We use this data to optimize our content and its presentation and to tailor it to the respective user interests.

It is also possible to send us direct messages on our TikTok channel. Here, too, the user name and profile picture are displayed to us.

The legal basis for data processing is Art. 6 (1) lit. f GDPR. We have a legitimate interest in optimizing our TikTok channel and the content published there. We also have a legitimate interest in communicating with users in order to answer questions, respond to criticism, build relationships, and exchange information. This enables us to improve our services and respond to the needs of potential customers. By communicating via TikTok, we are able to reach younger customers in particular.

Comments are stored on the channel for an unlimited period of time and can be viewed by other users. The same applies to the use of the like function and direct messages.

b) TikTok analysis

When you visit and use our TikTok channel, additional data is processed for TikTok analysis. This is aggregated statistics that are created and logged by TikTok based on certain interactions of visitors with our TikTok channel and provide information about how our channel is being used.

This data includes, but is not limited to:

• • Follower growth

• • Video views

• • Profile views

• • Likes, comments, and shares

• • Average viewing time

• • Percentage of viewers who watch the entire video

• • Sources of traffic (e.g., profile, For You feed)

• • Geographic distribution of the audience

• • Activity times of followers.

The data is provided to us in aggregated form as statistics. We do not have access to personal data, only to the summarized statistics.

Further information on TikTok analytics can be found here:

https://www.tiktok.com/creators/creator-portal/en-us/tiktok-content-strategy/understanding-your-analytics/.

This data is processed solely for the purpose of analyzing and improving the content on our TikTok channel. By evaluating this data, we can see how our content and our TikTok channel are being consumed. This enables us to create content tailored to specific target groups and, if necessary, place advertisements to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

When processing personal data in the course of TikTok analyses, the processing is carried out in joint responsibility with TikTok in accordance with Art. 26 (1) GDPR.

We have entered into a corresponding agreement with TikTok, which can be viewed here

.

TikTok's contact details are as follows:

Online contact: https://privacytiktok.zendesk.com/hc/en-us/requests/new.

Postal address: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

You can contact TikTok's data protection officer using this form:

https://www.tiktok.com/legal/report/DPO.

c) Processing of personal data by TikTok

When you use TikTok's services, TikTok processes personal data about you. This includes data such as your IP address, location data, time zone settings, advertising IDs, app and browser versions, and data about your device (system, network type, device ID, screen resolution, operating system, audio settings, and connected audio devices). The TikTok profiles and channels you visit, likes, messages, and other usage data are also processed. If you are logged in with your own TikTok account, this data will be assigned to your account.

Further information on the processing of data by TikTok can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de.

3.9.7 WhatsApp channel

We operate a WhatsApp channel. The channel is run by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. WhatsApp channels allow information and relevant messages to be sent directly to WhatsApp by subscribing to channels from people and organizations. When a channel is subscribed to, messages are sent in the form of text messages, links to information, images, or videos. Channels are public, meaning that anyone can find, follow, and view them. Since channels are public and the number of users is unlimited, channel status messages are visible to everyone and to WhatsApp. WhatsApp collects information from users, such as their reactions, language preferences, and the channels they follow. However, we as operators do not have access to any personal data. WhatsApp channels are designed so that operators do not receive any information such as the identity or contact details of users.

Information about data processing by WhatsApp: https://www.whatsapp.com/legal/channels-privacy-policy-eea?lang=de_DE.

3.9.8 YouTube

We operate a profile on YouTube. This is a video platform provided by Google Ireland Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland, which allows us to publish video content and interact with our audience.

a) Data processing by us

We also process the data of profile visitors. In doing so, we process data from your use of our profile that is made available to us by YouTube.

This information includes statistics on visits to our profile, reports on the playback time of our videos, user interaction (e.g., “Likes” or comments), as well as information about individuals who actively interact with our site, e.g., by subscribing or using YouTube's communication features.

The data entered on YouTube, in particular the user name and the content published under the account, is made visible and processed by us through interactions with our profile.

We process this data to enable communication and to optimize our content in terms of reach and target group.

The legal basis for processing is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR for the purposes mentioned.

b) Data processing by YouTube

When you visit our YouTube channel or interact with our YouTube channel, YouTube collects personal data such as your IP address, device information, geographical information, and your activities on the platform, including the videos you view, interactions such as likes, comments, and subscriptions. This data may be collected through cookies and similar technologies stored on your device.

YouTube uses this information to operate and improve the platform, to display personalized advertising, and to perform analytics and measurements to understand how users interact with the content. In addition, data processing helps to evaluate and improve the reach and effectiveness of the content.

YouTube processes the data on the basis of your consent, which is expressed by accepting the cookie policy on YouTube.

The data collected by YouTube may be transferred within the Google group of companies and to third parties who may be located in countries outside the European Union, including the US. Google LLC is certified under the EU-US Data Privacy Framework, which ensures that an adequate level of data protection is maintained even when data is transferred to third countries.

We have no influence on the scope of data processed by YouTube, the type of processing and use, or the disclosure of this data to third parties. We also have no effective means of control in this regard.

Information about which data is processed by YouTube and for what purposes can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de&gl=de.

3.9.9 Google company profile

We have a Google company profile. To do this, we use the information service provided by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

a) Data processing by Google

The Google site and its functions are used on your own responsibility. This applies in particular to the use of social and interactive functions (e.g., commenting, sharing, rating, direct messages). When you visit and interact with our Google Business Profile entry, Google also collects your IP address and other information that is stored on your device in the form of cookies. This may enable Google to assign IP addresses to individual users or user accounts. This information is used to provide us, as the operator of the Google company profile entry, with statistical information about the use of Google services. The data collected in this context is processed by Google and may be transferred to countries outside the European Union. Google provides general information about what information Google receives and how it is used in its privacy policy.

If you contact us via our Google company profile entry or other Google services by direct message, we cannot rule out that these messages may also be read and evaluated by Google (both by employees and automatically). We therefore advise you not to provide us with any personal data there. Instead, another form of communication should be chosen as soon as possible.

The use of this service is subject to Google's privacy policy, which you have already agreed to by using it.

Further information can be found in the privacy policy at the following link: https://policies.google.com/privacy?hl=de.

b) Data processing by us

As the provider of our Google company profile entry, we do not collect or process any further data from the use of this Google service.

If you contact us or publish a review about us, we will process your published profile data and the content of the review/comment.

The legal basis is Art. 6 (1) lit. f GDPR. We have a legitimate interest in presenting our company and enabling the evaluation of our services in order to present our company and our services to the public in a positive light.

3.10 Third-party content

3.10.1 Google Fonts

We use Google Fonts on this website. Google Fonts is a tool that enables the uniform display of fonts (so-called Google Fonts). This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As soon as a website visitor visits a website that uses Google Fonts, the browser used must connect to the Google servers. No cookies are set during this process. However, the IP address of the website visitor is recorded and used for analysis purposes.

The legal basis for processing is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as this consent includes access to information on the user's end device or the storage of cookies within the meaning of the TDDDG. This consent can be revoked at any time.

Details can be found here:

https://developers.google.com/fonts/faq?hl=de

https://policies.google.com/privacy?hl=de. We use Google Fonts on our website. Fonts are provided by Google and used to display them correctly. This service is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

3.10.2 Judge.me

We use the services of judge.me. This is a review platform provided by Judge.me LLC, PO Box 7403, Jackson, Wyoming 83002, USA.

We transmit the email addresses, order numbers, and order dates to the platform so that it can send a review reminder by email. The transfer only takes place if we have received your consent in accordance with Art. 6 para. 1 lit. a GDPR during or after the order.

The consent can be revoked at any time by sending a message to us or to the review platform Judge.me. Our website also includes functions for collecting and displaying product reviews from the Judge.me service. In this context, certain personal data is processed for the purpose of verifying customer reviews. If you submit a review on our website, your first name, last name, email address, order date and number, and, if applicable, international references (GTIN/ISDNF) will be collected, transmitted to Judge.me, and evaluated there in order to determine the legitimacy of a customer review for a specific order. This processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in ensuring the authenticity of customer reviews by ensuring that they are transaction-related and preventing misuse of reviews. Once the review has been checked and approved, the data will be deleted by Judge.me.

The transfer of personal data to servers of Judge.me LLC in the USA cannot be ruled out. In this case, the standard contractual clauses (SCC) of the EU Commission apply. Further information:

https://judge.me/privacy.

3.10.3 Dieter Live API

We use the Live API from Dieter macht den Datenschutz to display our privacy policy. This is a service provided by simply Legal GmbH, Burkarderstraße 36, 97082 Würzburg, Germany.

The API is a technical interface. When you access our privacy policy, a connection to the servers of simply Legal GmbH is established. Your IP address is transmitted to simply Legal GmbH.

Further information on how simply Legal GmbH handles data can be found at:

https://www.dieter-datenschutz.de/datenschutz/.

3.10.4 WhatsApp Business API

Functions of the WhatsApp Business API are integrated into this website. This service is provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The WhatsApp Business API enables companies to communicate with customers via the WhatsApp platform, including sending messages, notifications, and providing customer service. When using this service, personal data such as phone numbers, message content, metadata (e.g., timestamps), and technical data about the use of the API are processed. The purpose of data processing is to enable efficient and direct communication via WhatsApp in order to respond to inquiries, provide support, and provide information. The legal basis for data processing is Art. 6 (1) lit. f GDPR, as there is a legitimate interest in optimizing customer communication and support. WhatsApp uses cookies for functionality, analysis, and marketing purposes to collect usage data and optimize the platform. These cookies are only set with consent and can be revoked at any time. The legal basis for this is Art. 6 (1) lit. a GDPR. Personal data may be transferred to third countries, in particular to the USA, in connection with the use of the service. WhatsApp uses the Standard Contractual Clauses (SCC) of the EU Commission as guarantees for data protection when transferring data to third countries. The data will be stored for as long as it is necessary to fulfill the respective purposes or until deletion is requested, whereby mandatory statutory retention periods remain unaffected. Further information on data processing can be found at: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

3.10.5 Calendly

We integrate functions from Calendly, an online appointment scheduling service operated by Calendly LLC, 271 17th St NW, Suite 1000, Atlanta, GA 30363, USA, into our website.

Calendly allows appointments to be booked directly via an embedded form or widget on our website.

This involves the processing of personal data such as your IP address, browser and device data, location information, usage data, and the information entered in the form.

The purpose of data processing is to provide a simple and fast way to book appointments and to improve the user experience.

The legal basis for processing is Art. 6 (1) lit. a GDPR, based on consent to the display and use of embedded third-party content and the use of cookies in accordance with § 25 (1) TDDDG.

Calendly uses cookies and similar technologies to ensure the functionality and analysis of the embedded services. These technologies are only used with prior consent.

Personal data is transferred to the USA. In such cases, Calendly ensures that appropriate safeguards are in place in accordance with Art. 46 GDPR, in particular by concluding standard contractual clauses.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected or statutory retention periods have expired.

Further information on data processing by Calendly can be found at: https://calendly.com/privacy.

3.11 Data transfer to providers on our platform

When you use our platform to use services or purchase products, we pass on certain personal data to the providers (e.g., service providers, sellers) to enable them to perform the relevant services. This data transfer is necessary so that the providers can perform their services or deliver their products.

In doing so, we may pass on to the providers the name for identifying the user, the contact details for contacting them in case of queries or problems, the address for providing the service or delivering the products, the order data for transmitting details of the requested service or ordered products and, if necessary, payment information for processing the payment (this is usually encrypted and in accordance with the applicable security standards).

The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfillment of the contractual relationship between you and the provider.

The providers are obliged to use the transmitted data exclusively for the processing of the requested services or deliveries and to protect the data in accordance with the applicable data protection laws. They are direct contractual partners and therefore bear their own responsibility for the processing of personal data. If you have any questions about their data processing, you can contact the provider directly.

3.12 Payment services

3.12.1 PayPal

We use PayPal on our website. PayPal is a payment service provider. This service is provided by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

When data is transferred to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

3.12.2 Apple Pay

We use Apple Pay on this website. Apple Pay is a payment service provider. This service is provided by Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://www.apple.com/legal/privacy/de-ww/.

3.12.3 Google Pay

We use Google Pay on this website. Google Pay is a payment service provider. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. The respective contract and privacy provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 (1) lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 (1) lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://policies.google.com/privacy.

3.12.4 Klarna

We use Klarna on this website. Klarna is a payment service provider. This service is provided by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. The respective contract and privacy policy of the payment service provider applies to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

https://www.klarna.com/de/datenschutz/.

3.12.5 Instant transfer

We use instant transfer on this website. Instant transfer is a payment service provider. This service is offered by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. For this purpose, the PIN and a valid TAN are transmitted to Sofort GmbH, which logs into the online banking account. The account balance is checked and the corresponding transfer is carried out. In addition, the credit limit of the overdraft facility and the existence of other accounts and their account balances are queried. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://www.sofort.de/datenschutz.html

https://www.klarna.com/sofort/.

3.12.6 Shopify Payment

This website uses Shopify Payment. Shopify Payment is a payment service provider. This service is provided by Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. The respective contract and privacy policy of the payment service provider applies to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://www.shopify.de/legal/datenschutz.

3.12.7 American Express

We use American Express on this website. American Express is a payment service provider. This service is provided by American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

American Express may transfer the data to its parent company in the USA. American Express has Binding Corporate Rules (BCR) in place for this purpose.

Further details:

https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

3.12.8 Mastercard

We use Mastercard on this website. Mastercard is a payment service provider. This service is provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 (1) lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Mastercard may transfer the data to its parent company in the USA. Mastercard has Binding Corporate Rules (BCR) in place for this purpose.

Further details:

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf

https://www.mastercard.de/de-de/datenschutz.html.

3.12.9 VISA

We use VISA on this website. VISA is a payment service provider. This service is provided by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom.

For the purpose of payment processing, the payment data of the website visitor(s) is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

When data is transferred to the USA, the Standard Contractual Clauses (SCC) of the EU Commission apply.

Further details:

https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

3.12.10 Advance payment

We offer the option of paying in advance on our website. After you place your order, we will issue an invoice containing all the relevant information required for the transfer. This includes the amount to be paid, our bank details, and a reference number.

We store personal data as part of the prepayment process. This includes transaction details (date, time, and invoice amount), your IP address, email address, first and last name, address details (street, house number, city, and postal code), and account details (IBAN, BIC, account holder, and bank name).

The legal basis is Art. 6 (1) lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

3.13 Services for processing orders

3.13.1 DHL

For the purpose of delivering orders, we pass on personal data (name, delivery address and, if applicable, other contact details) to DHL Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany.

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, as the transfer of data is necessary for the fulfillment of the contract. Without this data transfer, delivery of the order would not be possible.

If express consent has been given during the ordering process, the email address and/or telephone number will be passed on to DHL. This enables DHL to provide information about the status of the delivery or to coordinate the delivery date. The legal basis for this is Art. 6 (1) lit. a GDPR (consent). Consent given can be revoked at any time with effect for the future.

To the extent that DHL uses cookies on our website, these are, according to our research, of a functional nature and serve to technically enable the shipping process and shipment tracking; they are used on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).

The data is used exclusively for the stated purpose and deleted after completion of the delivery in accordance with the statutory retention periods.

Further information: https://www.dhl.de/de/geschaeftskunden/paket/information/datenschutz-gkp.html.

3.13.2 Deutsche Post AG

We integrate functions of Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany, on our website to support the ordering process.

These functions include address validation, the integration of location services for selecting branches or packing stations, and the display of the shipping status (shipment tracking).

Personal data such as name, address, postal code, IP address, location data (if disclosed), time stamp, and shipping information are processed in this context.

The purpose of the processing is to support a smooth and user-friendly ordering and shipping process, in particular to avoid incorrect deliveries, to improve the user experience, and to provide information on the shipping status.

The legal basis is Art. 6 (1) lit. b GDPR, insofar as processing is necessary for the implementation of pre-contractual measures or for the fulfillment of the contract, as well as Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in an efficient and secure shipping process.

Depending on the function used (e.g., postcode finder with map display), cookies or similar technologies may be used. These are only set with your prior consent. The legal basis is Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG.

No personal data is transferred to third countries.

The data will be deleted as soon as it is no longer required for the purposes stated or statutory retention periods have expired.

Further information on data processing by Deutsche Post AG can be found at: https://www.deutschepost.de/de/f/footer/datenschutz.html.

3.13.3 Microsoft Business Central

https://www.microsoft.com/de-de/dynamics-365/products/business-central

3.14 Shipping service providers

We work with various shipping service providers (e.g., DHL, DPD, UPS, Hermes) to ship goods ordered through our website. Within the scope of the necessary delivery of the goods, we pass on your data (name, delivery address, and any other information required for shipping) to the respective shipping service provider.

The data transfer is based on Art. 6 para. 1 lit. b GDPR for the fulfillment of our contract. We will only transfer your email address or telephone number to the shipping service provider if you have expressly consented to this during the ordering process, for example to enable a parcel notification. This consent can be revoked at any time in the future.

Further information on the data protection of our shipping service providers can be found in their respective privacy policies, which can be viewed on their websites.

3.15 CRM systems

3.15.1 Monday.com

We use the CRM (Customer Relationship Management) function of monday.com. Monday.com is provided by monday.com Ltd., 6 Yitzhak Sadeh St., Tel-Aviv 6777506, Israel.

CRM (Customer Relationship Management) is a system for managing all interactions and relationships between a company and its current and potential customers. It supports the automation and optimization of sales processes, marketing campaigns, customer service, and customer communication.

As soon as we collect your personal data on our website, it will be processed by us in the CRM system Kreativ Management CRM.

The legal basis for this is Art. 6 para. 1 lit. b GDPR. Data processing is carried out to fulfill (pre-)contractual obligations. Furthermore, processing is based on Art. 6 para. 1 lit. f GDPR, as the use of CRM functions is crucial for the growth and scaling of our company.

Further information:

https://monday.com/l/de/privatsphaere/datenschutzerklarung/.

3.15.2 Klaviyo

We use the CRM services of Klaviyo, operated by Klaviyo Inc., 125 Summer St, Boston, MA 02110, USA, on our website. Klaviyo enables customer relationship management and supports the sending of personalized marketing emails, the segmentation of target groups, and the analysis of usage behavior in order to carry out tailored marketing campaigns. The data processed includes personal data such as name, email address, purchase history, interactions with the emails sent, and technical data such as IP address and browser information. The purpose of data processing is to optimize customer communication and marketing strategies through targeted communication. The legal basis for data processing is Art. 6 (1) lit. a GDPR, as processing is based on the consent of the user, and Art. 6 (1) lit. f GDPR for legitimate interests in optimizing customer interaction. Klaviyo uses cookies and similar technologies to analyze user behavior, which are only set with the consent of the user. The legal basis for these cookies is Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Data is transferred to the USA. Klaviyo Inc. uses the standard contractual clauses (SCC) of the EU Commission as guarantees for data protection when transferring data to third countries. The data is stored until the purpose of storage no longer applies or the users request deletion. Mandatory statutory retention periods remain unaffected. Further information on data processing can be found here: https://www.klaviyo.com/legal.

3.15.3 Mircosoft Business Central

https://www.microsoft.com/de-de/dynamics-365/products/business-central

4. Other important information

Finally, we would like to provide you with detailed information about your rights and how you will be informed of any changes to the data protection requirements.

4.1 Your rights in detail

4.1.1 Right to information pursuant to Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information about the type of processing. A detailed list can be found in Art. 15 (1) (a) to (h) GDPR.

4.1.2 Right to rectification pursuant to Art. 16 GDPR

This right includes the rectification of inaccurate data and the completion of incomplete personal data.

4.1.3 Right to erasure pursuant to Art. 17 GDPR

This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the deletion of personal data by the controller. This is generally the case if the purpose of the data processing has ceased to exist, if consent has been revoked or if the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 (1) a) to f) GDPR. This “right to be forgotten” also corresponds to the controller's obligation under Art. 17 (2) GDPR to take appropriate measures to bring about the general deletion of the data.

4.1.4 Right to restriction of processing under Art. 18 GDPR

This right is subject to the conditions set out in Art. 18 (1) (a) to (d).

4.1.5 Right to data portability pursuant to Art. 20 GDPR

This regulates the fundamental right to receive your own data in a common format and to transfer it to another controller. However, this only applies to data processed on the basis of consent or a contract pursuant to Art. 20 (1) (a) and (b) and insofar as this is technically feasible.

4.1.6 Right to object pursuant to Art. 21 GDPR

You may object to the processing of your personal data at any time. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in processing and if the processing relates to direct marketing and/or profiling.

4.1.7 Right to “decision in individual cases” pursuant to Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. However, this right is also subject to restrictions and additions in Art. 22 (2) and (4) GDPR.

4.1.8 Further rights

The GDPR contains comprehensive rights to inform third parties whether or how you have exercised your rights under Articles 16, 17, and 18 GDPR. However, this only applies to the extent that this is possible or can be carried out with reasonable effort.

We would like to take this opportunity to remind you of your right to withdraw your consent in accordance with Article 7(3) GDPR. However, this does not affect the lawfulness of the processing carried out until that point.

We would also like to draw your attention to your rights under Sections 32 et seq. BDSG, which are largely identical in content to the rights described above.

4.1.9 Right to lodge a complaint pursuant to Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates this regulation.

5. What happens if the GDPR is abolished tomorrow or other changes take place?

The current status of this privacy policy is 06.05.2025. From time to time, it is necessary to adapt the content of the privacy policy to respond to actual and legal changes. We therefore reserve the right to change this privacy policy at any time. We will publish the amended version in the same place and recommend that you read the privacy policy regularly.

Created with the kind support of Dieter macht den Datenschutz