Privacy Policy (GDPR compatible)
Data protection
1. Information about the collection of personal data and contact details of the person responsible
2. Data collection when visiting our website
3. Contact
4. Cookies
5. Data processing for order processing
6. Data processing when opening a customer account and for contract processing
7. Use of your data for direct marketing
8. Contacting You for a Review Reminder
9. Rights of the data subject
10. Duration of storage of personal data
1. Information about the collection of personal data and contact details of the person responsible
1.1. Thank you for visiting our website. In the following we would like to inform you about the handling of your personal data when using our website. Personal data is basically all data with which you can be personally identified.
1.2. Responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Barbara Horacsek
Märkische Strasse 24
40625 Dusseldorf
Germany
Tel: 0173 3442935
Email: shop@organiqa.de.
1.3. In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) via HTTPS.
2. Data collection when visiting our website
Each time our website is accessed, our system automatically records data and information that your browser transmits to our server (so-called "server log files"). The following data that is technically required for us is collected:
We reserve the right to subsequently check the server log files if there are concrete indications of illegal use. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
3. Contact
If you contact us using the contact form, the data entered in the input mask will be transmitted to us and saved. The data collected can be found in the respective input mask. When contacting us by email, only the data you enter there will be transmitted to us.
The data will only be used to process the conversation and your request. The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent. The legal basis for the processing of data that is transmitted in the course of sending an e-mail is Article 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and provided there are no legal storage requirements to the contrary. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified. The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
4.Cookies
Our website uses cookies.
Cookies are text files that are stored on the user's end device. If a user calls up a website, a cookie can be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles. Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR also lies in the above purposes.
In addition, our website may use cookies that enable an analysis of the surfing behavior of users (so-called third-party cookies). You can find more detailed information on the scope, purpose, legal basis and objection options in the respective sections of the respective chapter of this data protection declaration.
As a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website, you may no longer be able to use all the functions of the website to their full extent. You can prevent the transmission of Flash cookies by changing the Flash Player setting.
You can find help with the settings in the respective help menu of your browser under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-allow-and-reject
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie.
5. Data processing for order processing
5.1. If you would like to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to process your order.
We sometimes work with external service providers to process your order. For this we have to pass on the necessary personal data.
If we commission transport companies to deliver your goods, we will pass on your data required for the delivery of the goods to the respective transport company. In order to process the payments, we will pass on your data to the commissioned bank as far as is necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the transfer of your data is Article 6 (1) (b) GDPR.
5.2. Use of payment service providers
5.3. Apple Pay
If you select the "Apple Pay" payment method (a service of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), payment is processed via the "Apple Pay" function of your iOS, watchOS or macOS device end device by debiting a payment card you have stored with "Apple Pay".
Your transaction is protected by the security functions of the hardware and software of your device. If a payment is to be approved, it must be approved by entering a code and verifying it using the "Face ID" or "Touch ID" function of your device.
The information you provide during the ordering process together with the information about your order will be passed on to Apple in encrypted form for the purpose of payment processing. This data is then re-encrypted by Apple and then transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website on which the order was placed can access the payment data.
After payment, Apple sends the device account number and a transaction-specific dynamic security code to the store website to confirm the payment.
Personal data can be processed for the curtains mentioned. In this case, this is done for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
When using Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. In doing so, Apple can process or store data. However, this is done in a format that does not identify you personally.
Information on Apple Pay data protection is available here: https://support.apple.com/de-de/HT203027
5.4. Google Pay
When selecting the "Google Pay" payment method (a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), payment processing is mediated via the "Google Pay" application Your Android (at least 4.4 "KitKat") mobile device with an NFC function. Payment is made using one of your payment cards stored with Google Pay or a payment system verified there (e.g. PayPal). In order to authorize a payment via Google Pay of more than EUR 25, you must first unlock your mobile device. The information you provide when ordering will be passed on to Google for the purpose of payment processing. Google generates a unique transaction number that is sent to the ordering website to verify payment. This transaction number is just a numeric token that does not contain any information about your data. The actual transaction is carried out between the user and the ordering website by debiting the means of payment stored with Google Pay. Personal data can be processed in the processes described. In this case, the processing takes place for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
The terms of use of Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de Further information on data protection with Google Pay can be found at the following Internet address :https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
-Paypal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal, the payment will be processed by PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
We pass on your personal data to PayPal to the extent necessary in accordance with Article 6 (1) (b) GDPR. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal.
For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR due to PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method.
The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values.
Which other data is collected by PayPal can be found in PayPal's respective data protection declaration. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- SOFORT
If you select the "SOFORT" payment method, the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT").
We pass on your personal data and the information about your order in accordance with Article 6 Paragraph 1 Letter b GDPR to SOFORT exclusively for the purpose of payment processing and only to the extent necessary.
Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden).
SOFORT's data protection regulations can be viewed here: https://www.klarna.com/sofort/datenschutz
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we send the information you provided during the ordering process together with the information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Article 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. For more information about Shopify Payments' privacy policy, visit the following web address: https://www.shopify.com/legal/privacy
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
6. Data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data will be collected and processed in accordance with Article 6 (1) (b) GDPR. The scope of the data can be seen from the input form. The data you enter will be stored and used by us to process the contract.
You can delete your customer account at any time. This can be done by sending a message to the address of the person responsible or, if offered, directly in the customer account. In this case, we will also block your data with regard to tax and commercial law retention periods and delete it after these periods have expired. This can only be opposed to your consent to permanent storage or a legally permitted further use of data on our part.
7. Use of your data for direct marketing
7.1. Newsletter
You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used to address you personally.
The legal basis for the processing of your data after registering for the newsletter is Article 6(1)(a) GDPR if the user has given his or her consent. We obtain this by sending you a confirmation email containing a confirmation link after registering for the newsletter. If you click on this link, you also give your consent to receive the newsletter.
When you send your registration for the newsletter, we save your IP address and the date and time of registration. This storage serves to trace possible misuse of your e-mail address.
We use the data we collect when registering for the newsletter exclusively for the purpose of sending the newsletter.
You can cancel your subscription to the newsletter at any time. For this purpose, there is a corresponding link in every newsletter. This also enables a revocation of the consent to the storage of the personal data collected during the registration process.
7.2. Newsletter for existing customers
If you purchase goods or services on our website and enter your e-mail address, this can subsequently be used by us to send a newsletter. In such a case, only direct advertising for your own similar goods or services will be sent via the newsletter.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG and Article 6 (1) (f) GDPR. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct advertising.
If you have already objected to the use of your email address for direct marketing purposes, you will not receive this newsletter. However, you also have the option of objecting to the use of your e-mail address for the advertising purpose mentioned here later and at any time with effect for the future by notifying us. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
8. Contacting You for a Review Reminder
Own review reminder
After your express consent in accordance with Article 6 (1) (a) GDPR, you will receive an e-mail from us as a one-off reminder to submit an evaluation of your order. You can revoke your consent at any time by sending a message to the person responsible for processing your data.
9. Rights of the data subject
9.1. The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the person responsible with regard to the processing of your personal data, about which we will inform you below:
- Right to information according to Art. 15 GDPR:
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by the person responsible. In addition, you have a right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of other rights such as correction of the data or the existence of a right of appeal to a supervisory authority, the origin of your data, if these were not collected by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as your right to information about the guarantees according to Art. 46 DSGVO forwarding of your data to third countries;
- Right to rectification according to Art. 16 GDPR:
You have the right to the immediate correction of incorrect data concerning you and/or the completion of your incomplete data stored by us; the correction or completion must be made immediately.
- Right to restriction of processing in accordance with Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data, if you change your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed. If the restriction of processing has been restricted, you will be informed by the person responsible before the restriction is lifted.
- Right to erasure according to Art. 17 GDPR:
You have the right to have your personal data deleted immediately if the requirements of Article 17 (1) GDPR are met. However, this right to erasure does not exist in particular - but not exclusively - if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims
- Right to information according to Art. 19 GDPR:
If you have exercised your right to rectification, erasure or restriction of processing, the person responsible is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this is impossible or involves a disproportionate effort effort is involved. You also have the right to be informed about these recipients.
- Right to data portability according to Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically possible;
- Right of revocation according to Art. 7 Para. 3 GDPR:
You have the right to object at any time to the processing of your personal data, which is based on Article 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
- Right to complain according to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates violates the GDPR.
9.2. Right to object
You have the right to object to the processing of your data at any time with effect for the future if we process your data based on our overriding legitimate interest after weighing up the interests.
If you make use of this right of objection, we will terminate the processing of your data if there are no demonstrably overriding, compelling reasons worthy of protection preventing the termination or if further processing serves to exercise or defend legal claims.
10. Duration of storage of personal data
The duration of the storage of personal data depends on the statutory retention periods. After its expiry, we routinely delete the data if they are no longer required to fulfill or initiate a contract and/or we have no legitimate interest in further storage.
1. Information about the collection of personal data and contact details of the person responsible
2. Data collection when visiting our website
3. Contact
4. Cookies
5. Data processing for order processing
6. Data processing when opening a customer account and for contract processing
7. Use of your data for direct marketing
8. Contacting You for a Review Reminder
9. Rights of the data subject
10. Duration of storage of personal data
1. Information about the collection of personal data and contact details of the person responsible
1.1. Thank you for visiting our website. In the following we would like to inform you about the handling of your personal data when using our website. Personal data is basically all data with which you can be personally identified.
1.2. Responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Barbara Horacsek
Märkische Strasse 24
40625 Dusseldorf
Germany
Tel: 0173 3442935
Email: shop@organiqa.de.
1.3. In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) via HTTPS.
2. Data collection when visiting our website
Each time our website is accessed, our system automatically records data and information that your browser transmits to our server (so-called "server log files"). The following data that is technically required for us is collected:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Operating system used
- Browser used
- IP address used (if necessary: in anonymous form
We reserve the right to subsequently check the server log files if there are concrete indications of illegal use. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
3. Contact
If you contact us using the contact form, the data entered in the input mask will be transmitted to us and saved. The data collected can be found in the respective input mask. When contacting us by email, only the data you enter there will be transmitted to us.
The data will only be used to process the conversation and your request. The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent. The legal basis for the processing of data that is transmitted in the course of sending an e-mail is Article 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and provided there are no legal storage requirements to the contrary. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified. The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
4.Cookies
Our website uses cookies.
Cookies are text files that are stored on the user's end device. If a user calls up a website, a cookie can be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles. Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR also lies in the above purposes.
In addition, our website may use cookies that enable an analysis of the surfing behavior of users (so-called third-party cookies). You can find more detailed information on the scope, purpose, legal basis and objection options in the respective sections of the respective chapter of this data protection declaration.
As a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website, you may no longer be able to use all the functions of the website to their full extent. You can prevent the transmission of Flash cookies by changing the Flash Player setting.
You can find help with the settings in the respective help menu of your browser under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-allow-and-reject
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie.
5. Data processing for order processing
5.1. If you would like to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to process your order.
We sometimes work with external service providers to process your order. For this we have to pass on the necessary personal data.
If we commission transport companies to deliver your goods, we will pass on your data required for the delivery of the goods to the respective transport company. In order to process the payments, we will pass on your data to the commissioned bank as far as is necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the transfer of your data is Article 6 (1) (b) GDPR.
5.2. Use of payment service providers
5.3. Apple Pay
If you select the "Apple Pay" payment method (a service of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), payment is processed via the "Apple Pay" function of your iOS, watchOS or macOS device end device by debiting a payment card you have stored with "Apple Pay".
Your transaction is protected by the security functions of the hardware and software of your device. If a payment is to be approved, it must be approved by entering a code and verifying it using the "Face ID" or "Touch ID" function of your device.
The information you provide during the ordering process together with the information about your order will be passed on to Apple in encrypted form for the purpose of payment processing. This data is then re-encrypted by Apple and then transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website on which the order was placed can access the payment data.
After payment, Apple sends the device account number and a transaction-specific dynamic security code to the store website to confirm the payment.
Personal data can be processed for the curtains mentioned. In this case, this is done for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
When using Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. In doing so, Apple can process or store data. However, this is done in a format that does not identify you personally.
Information on Apple Pay data protection is available here: https://support.apple.com/de-de/HT203027
5.4. Google Pay
When selecting the "Google Pay" payment method (a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), payment processing is mediated via the "Google Pay" application Your Android (at least 4.4 "KitKat") mobile device with an NFC function. Payment is made using one of your payment cards stored with Google Pay or a payment system verified there (e.g. PayPal). In order to authorize a payment via Google Pay of more than EUR 25, you must first unlock your mobile device. The information you provide when ordering will be passed on to Google for the purpose of payment processing. Google generates a unique transaction number that is sent to the ordering website to verify payment. This transaction number is just a numeric token that does not contain any information about your data. The actual transaction is carried out between the user and the ordering website by debiting the means of payment stored with Google Pay. Personal data can be processed in the processes described. In this case, the processing takes place for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
The terms of use of Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de Further information on data protection with Google Pay can be found at the following Internet address :https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
-Paypal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal, the payment will be processed by PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
We pass on your personal data to PayPal to the extent necessary in accordance with Article 6 (1) (b) GDPR. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal.
For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR due to PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method.
The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values.
Which other data is collected by PayPal can be found in PayPal's respective data protection declaration. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- SOFORT
If you select the "SOFORT" payment method, the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT").
We pass on your personal data and the information about your order in accordance with Article 6 Paragraph 1 Letter b GDPR to SOFORT exclusively for the purpose of payment processing and only to the extent necessary.
Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden).
SOFORT's data protection regulations can be viewed here: https://www.klarna.com/sofort/datenschutz
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we send the information you provided during the ordering process together with the information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Article 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. For more information about Shopify Payments' privacy policy, visit the following web address: https://www.shopify.com/legal/privacy
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
6. Data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data will be collected and processed in accordance with Article 6 (1) (b) GDPR. The scope of the data can be seen from the input form. The data you enter will be stored and used by us to process the contract.
You can delete your customer account at any time. This can be done by sending a message to the address of the person responsible or, if offered, directly in the customer account. In this case, we will also block your data with regard to tax and commercial law retention periods and delete it after these periods have expired. This can only be opposed to your consent to permanent storage or a legally permitted further use of data on our part.
7. Use of your data for direct marketing
7.1. Newsletter
You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used to address you personally.
The legal basis for the processing of your data after registering for the newsletter is Article 6(1)(a) GDPR if the user has given his or her consent. We obtain this by sending you a confirmation email containing a confirmation link after registering for the newsletter. If you click on this link, you also give your consent to receive the newsletter.
When you send your registration for the newsletter, we save your IP address and the date and time of registration. This storage serves to trace possible misuse of your e-mail address.
We use the data we collect when registering for the newsletter exclusively for the purpose of sending the newsletter.
You can cancel your subscription to the newsletter at any time. For this purpose, there is a corresponding link in every newsletter. This also enables a revocation of the consent to the storage of the personal data collected during the registration process.
7.2. Newsletter for existing customers
If you purchase goods or services on our website and enter your e-mail address, this can subsequently be used by us to send a newsletter. In such a case, only direct advertising for your own similar goods or services will be sent via the newsletter.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG and Article 6 (1) (f) GDPR. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct advertising.
If you have already objected to the use of your email address for direct marketing purposes, you will not receive this newsletter. However, you also have the option of objecting to the use of your e-mail address for the advertising purpose mentioned here later and at any time with effect for the future by notifying us. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
8. Contacting You for a Review Reminder
Own review reminder
After your express consent in accordance with Article 6 (1) (a) GDPR, you will receive an e-mail from us as a one-off reminder to submit an evaluation of your order. You can revoke your consent at any time by sending a message to the person responsible for processing your data.
9. Rights of the data subject
9.1. The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the person responsible with regard to the processing of your personal data, about which we will inform you below:
- Right to information according to Art. 15 GDPR:
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by the person responsible. In addition, you have a right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of other rights such as correction of the data or the existence of a right of appeal to a supervisory authority, the origin of your data, if these were not collected by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as your right to information about the guarantees according to Art. 46 DSGVO forwarding of your data to third countries;
- Right to rectification according to Art. 16 GDPR:
You have the right to the immediate correction of incorrect data concerning you and/or the completion of your incomplete data stored by us; the correction or completion must be made immediately.
- Right to restriction of processing in accordance with Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data, if you change your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed. If the restriction of processing has been restricted, you will be informed by the person responsible before the restriction is lifted.
- Right to erasure according to Art. 17 GDPR:
You have the right to have your personal data deleted immediately if the requirements of Article 17 (1) GDPR are met. However, this right to erasure does not exist in particular - but not exclusively - if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims
- Right to information according to Art. 19 GDPR:
If you have exercised your right to rectification, erasure or restriction of processing, the person responsible is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this is impossible or involves a disproportionate effort effort is involved. You also have the right to be informed about these recipients.
- Right to data portability according to Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically possible;
- Right of revocation according to Art. 7 Para. 3 GDPR:
You have the right to object at any time to the processing of your personal data, which is based on Article 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
- Right to complain according to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates violates the GDPR.
9.2. Right to object
You have the right to object to the processing of your data at any time with effect for the future if we process your data based on our overriding legitimate interest after weighing up the interests.
If you make use of this right of objection, we will terminate the processing of your data if there are no demonstrably overriding, compelling reasons worthy of protection preventing the termination or if further processing serves to exercise or defend legal claims.
10. Duration of storage of personal data
The duration of the storage of personal data depends on the statutory retention periods. After its expiry, we routinely delete the data if they are no longer required to fulfill or initiate a contract and/or we have no legitimate interest in further storage.