Data Protection & Security

Timeshop24.de is a certified Trusted Shops member and therefore meets the high requirements of data security and guarantees the sensitive handling of customer data. Here you get to know more about the resulting data and how they are used.

Privacy Policy

The party responsible for data processing is:

Oliver Bolk

Rathausplatz 3

52152 Simmerath

Email: info@timeshop24.de

Phone: +49 (0) 2473-927100

We appreciate your interest in our website. Protecting your privacy is very important to us. Below, we provide you with detailed information regarding the handling of your data.

1. Access Data and Hosting

You can visit our websites without providing any personal information. With every access to a webpage, the web server automatically stores only a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access. This access data is analyzed exclusively for the purpose of ensuring the trouble-free operation of the site and improving our services. This serves to safeguard our legitimate interests—which, within the scope of a balancing of interests, are overriding—in the correct presentation of our services in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
All access data is deleted no later than seven days after the end of your visit to the site.
All access data is processed only for as long as is necessary to achieve the aforementioned processing purposes.

Hosting

The services for hosting and displaying this website are provided in part by our service providers as part of a data processing arrangement carried out on our behalf. Unless otherwise explained in this Privacy Policy, all access data, as well as all data collected via designated forms on this website, are processed on their servers. If you have questions regarding our service providers and the basis of our collaboration with them, please contact us using the contact options described in this Privacy Policy.

2. Data Processing for Contract Fulfillment and Contact Purposes

2.1 Data Processing for Contract Fulfillment

For the purpose of contract fulfillment (including inquiries regarding—and the handling of—any existing claims arising from warranty rights, performance disruptions, or rights of withdrawal, as well as any statutory update obligations) pursuant to Art. 6 Para. 1 S. 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us in the context of your order. Mandatory fields are marked as such, as in these cases we require the data to fulfill the contract and cannot process or ship your order without it. The specific data collected is evident from the respective input forms.

Further information regarding the processing of your data—specifically its transfer to our service providers for the purposes of order, payment, and shipping processing—can be found in the subsequent sections of this Privacy Policy.

Upon complete fulfillment of the contract, the processing of your data will be restricted; subsequently, once the retention periods required by tax and commercial law have expired, your data will be deleted in accordance with Art. 6 Para. 1 Sentence 1 lit. c GDPR, unless you have expressly consented to the further use of your data pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR, or unless we have reserved the right to use your data beyond this scope—provided such use is legally permissible and we have informed you thereof in this declaration.

2.2 Customer Account

Insofar as you have given your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR by choosing to open a customer account, we use your data for the purpose of opening the customer account as well as for storing your data for future orders on our website. You may delete your customer account at any time; this can be done either by sending a message to the contact address specified in this Privacy Policy or by using a dedicated function within the customer account interface. Upon deletion of your customer account, your data will be deleted, unless you have expressly consented to the continued use of your data pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR, or unless we reserve the right to use your data beyond this scope in a manner permitted by law—a right about which we inform you in this Policy.

Contacting Us

In the context of customer communication, we collect personal data—pursuant to Art. 6 Para. 1 S. 1 lit. b GDPR—for the purpose of processing your inquiries when you voluntarily provide such data to us upon contacting us (e.g., via contact form, live chat tool, or email). Mandatory fields are marked as such, as we require this data in these instances to process your inquiry. The specific data collected is evident from the respective input forms.

Once your inquiry has been fully processed, your data will be deleted, unless you have expressly consented to the further use of your data pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR, or unless we reserve the right to use your data beyond this scope—provided such use is legally permissible and we have informed you of it in this declaration.

Live Chat Tool: Userlike

For the purpose of customer communication, we use the live chat tool provided by Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany (“Userlike”). This serves to protect our overriding legitimate interests—established within the scope of a balancing of interests—in effective and improved customer communication, pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR. Userlike acts on our behalf and under our instructions.

Live Chat Tool: WhatsApp

For the purpose of customer communication, we use the live chat tool provided by WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“WhatsApp”). This serves to safeguard our legitimate interests—which, following a balancing of interests, are deemed to override other interests—in effective and improved customer communication, in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. WhatsApp acts as a processor on our behalf. The telephone numbers stored by us on our mobile device are automatically processed on servers belonging to Meta companies, headquartered at 1601 Willow Road, Menlo Park, California 94025, USA. In this process, only the telephone numbers of customers who have previously contacted us via WhatsApp—and who have therefore already accepted WhatsApp’s Terms of Service and Privacy Policy—are stored.

Our service providers are based in and/or utilize servers located in the following countries, for which the European Commission has determined, by means of an adequacy decision, that an adequate level of data protection exists: USA, Israel, United Kingdom.

The adequacy decision for the USA serves as the basis for data transfers to a third country, provided that the respective service provider holds the necessary certification. Such certification is in place.

Our service providers are based in and/or utilize servers located in the following countries: Singapore. For these countries, no adequacy decision has been issued by the European Commission. Our collaboration with these providers is based on the following safeguards: Standard Contractual Clauses of the European Commission.

3. Data Processing for the Purpose of Shipping Processing

For the fulfillment of the contract pursuant to Art. 6 Para. 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of the ordered goods. If you have questions regarding our service providers and the basis of our cooperation with them, please contact us using the contact options described in this Privacy Policy.

Data Transfer to Shipping Service Providers for the Purpose of Shipping Notifications

If you have given us your express consent to do so during or after your order, we will—based on this consent pursuant to Art. 6 Para. 1 lit. a GDPR—pass on your email address and telephone number to the selected shipping service provider so that they may contact you prior to delivery for the purpose of delivery notification or coordination.
You may revoke your consent at any time by sending a message to the contact address described in this Privacy Policy. Upon revocation, we will delete the data you provided for this purpose, unless you have expressly consented to the continued use of your data or we reserve the right to use your data beyond this scope in a manner permitted by law, of which we inform you in this Privacy Policy. If you have questions regarding our service providers and the basis of our cooperation with them, please contact us using the contact options described in this Privacy Policy.

4. Data Processing for Payment Processing

When processing payments in our online shop, we collaborate with the following partners: technical service providers, credit institutions, and payment service providers.

4.1 Data Processing for Transaction Processing

Depending on the selected payment method, we transmit the data necessary for processing the payment transaction to our technical service providers, to the commissioned credit institutions, or to the selected payment service provider, insofar as this is required to process the payment. This serves the fulfillment of the contract pursuant to Art. 6 Para. 1 lit. b GDPR. In some cases, the payment service providers collect the data required for payment processing themselves—for example, on their own website or via technical integration within the ordering process. In this regard, the privacy policy of the respective payment service provider applies.

Depending on the selected payment method, data transfers to third countries outside the EU/EEA may occur for which the European Commission has established an adequate level of data protection by means of a decision.

Insofar as data transfers take place to third countries outside the EU/EEA for which the European Commission has not issued an adequacy decision regarding an appropriate level of data protection, our cooperation is based on the Standard Contractual Clauses issued by the European Commission.

If you have any questions regarding our payment processing partners or the basis of our cooperation with them, please contact us using the contact details provided in this Privacy Policy.

4.2 Data Processing for the Purposes of Fraud Prevention and Optimizing Our Payment Processes

Where applicable, we may provide the aforementioned service providers with additional data, which they use—together with the data necessary for processing the payment—for the purposes of fraud prevention and optimizing our payment processes (e.g., invoicing, handling disputed payments, supporting accounting). In accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR, this serves to safeguard our legitimate interests—which, following a balancing of interests, are deemed to be overriding—in protecting ourselves against fraud and in ensuring efficient payment management.

4.3 Credit Checks

Insofar as you have granted us your explicit consent to do so pursuant to Art. 6 Para. 1 Sentence 1 lit. a and Art. 22 Para. 2 lit. c GDPR, we reserve the right to obtain identity and creditworthiness information from specialized service providers (credit agencies). To this end, we transmit the personal data required for a credit check to:

SCHUFA Holding AG
Kormoranweg 5
65201 Wiesbaden
Germany

Appropriate measures to safeguard your rights, freedoms, and legitimate interests are taken into account in this process. You have the opportunity to present your point of view and challenge the decision by contacting us via the contact details provided in this Privacy Policy. Upon the full fulfillment of the contract, the data processed for this purpose will be deleted, unless you have expressly consented to the continued use of your data, or unless we reserve the right to use your data beyond this scope—provided such use is legally permissible and we have informed you of it in this Policy. You may revoke your consent at any time by sending a message to the contact details listed below. This may result in us no longer being able to offer you certain payment options.

4.4 Identity and Credit Checks When Selecting Klarna Payment Services

Klarna Direct Debit, Purchase on Account via Klarna, Klarna Installment Purchase
If you choose to use the payment services provided by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"), we request your consent pursuant to Art. 6 Para. 1 Sentence 1 lit. a of the GDPR to transmit the data necessary for processing the payment—as well as for conducting an identity and credit check—to Klarna. In Germany, the credit agencies specified in Klarna’s Privacy Policy may be utilized for the purpose of identity and credit checks. Klarna uses the information received regarding the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. You may revoke your consent at any time by sending a message to the contact address specified in this Privacy Policy. This may result in us no longer being able to offer you certain payment options.

You may also revoke your consent to this use of personal data at any time, including directly vis-à-vis Klarna.

4.5 Identity and Credit Checks When Selecting "Purchase on Account" via PayPal and Ratepay

If you choose the payment method "Purchase on Account" (offered via Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (hereinafter "Ratepay") and PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter "PayPal")), we request your consent pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR to transmit the data necessary for payment processing and for an identity and credit check to Ratepay. In Germany, the credit agencies listed in Ratepay's Privacy Policy may be utilized for the identity and credit check. Ratepay uses the information received regarding the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. You may revoke your consent at any time by sending a message to the contact address specified in this Privacy Policy. As a result, we may no longer be able to offer you certain payment options. You can find additional information regarding data protection at PayPal here.

4.6 Installment Payment Option

If you select the installment payment option and grant the necessary consent under data protection law pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR, personal data (first name, last name, address, email, telephone number, date of birth, IP address, gender) will be transmitted—together with data required for transaction processing (product, invoice amount, due dates, total amount, invoice number, taxes, currency, order date, and time of order)—to our partner, Klarna Bank AB, German Branch (Chausseestraße 117, 10115 Berlin, Germany), for the purpose of processing this payment method.
To verify the customer's identity and/or creditworthiness, our partner conducts inquiries and obtains information from publicly accessible databases and credit reporting agencies. For details regarding the providers from whom information—and, where applicable, creditworthiness data based on mathematical-statistical procedures—is obtained, as well as further details concerning the processing of your data following its transmission to our partner Klarna Bank AB, German Branch, please refer to their Privacy Policy, which can be found here: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf
Our partner, Klarna Bank AB, German Branch, uses the information received regarding the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. You have the opportunity to present your point of view and challenge the decision by contacting our partner, Klarna Bank AB, German Branch. The consent to the transfer of data, provided during the order process by means of your affirmative action, may be revoked at any time—even without stating reasons—with effect for the future, by notifying us.

5. Advertising via E-Mail and Post

5.1 E-Mail Newsletter with Registration and Newsletter Tracking

If you subscribe to our newsletter, we will use the data required for this purpose—or data separately provided by you—to regularly send you our e-mail newsletter based on your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR. You may unsubscribe from the newsletter at any time; this can be done either by sending a message to the contact option described below or by using the dedicated link provided within the newsletter itself. After you unsubscribe, we will delete your e-mail address from our recipient list, unless you have expressly consented to the continued use of your data pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR, or unless we have reserved the right to use your data beyond this scope in a manner permitted by law—a right about which we inform you in this declaration.

Please note that when we send out the newsletter, we analyze your user behavior. To this end, we analyze your interaction with our newsletter by measuring, storing, and evaluating opening rates and click-through rates for the purpose of optimizing the design of future newsletter campaigns (“Newsletter Tracking”).

For the purpose of this analysis, the e-mails sent out contain single-pixel technologies (e.g., so-called web beacons or tracking pixels) which are stored on our website. For analysis purposes, we specifically link the following "newsletter data":

the page from which the current page was requested (the so-called referrer URL),
the date and time of access,
a description of the type of web browser used,
the IP address of the requesting computer,
the email address,
the date and time of registration and confirmation,

and the one-pixel tracking technologies with your email address or IP address, and—where applicable—with a unique ID. Links contained within the newsletter may also include this ID.

If you do not wish to be subject to newsletter tracking, you may unsubscribe from the newsletter at any time, as described above.

This information is stored for as long as you remain subscribed to the newsletter.

E-Mail Newsletter Without Registration and Your Right to Object

If we receive your e-mail address in connection with the sale of goods or services, we reserve the right to regularly send you offers via e-mail for products from our range that are similar to those you have already purchased. We will not send you such offers if you have already objected to this use of your e-mail address or if you are listed on a statutory opt-out register (such as a Robinson List).

You may object to this use of your e-mail address at any time—easily and free of charge—either by sending a message to the contact address specified in this Privacy Policy or by using the dedicated link provided in the promotional e-mail. This means that you will incur no costs other than the standard transmission costs at basic rates. Upon unsubscribing, we will delete your e-mail address from our recipient list, unless you have expressly consented to the continued use of your data pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR, or unless we have reserved the right to use your data beyond this scope in a manner permitted by law—a right about which we inform you in this Policy.

5.2 Newsletter Distribution

The newsletter—along with the newsletter tracking described above—may, where applicable, also be distributed by our service providers acting as data processors on our behalf.

If you have questions regarding our service providers and the basis of our collaboration with them, please contact us using the contact options described in this Privacy Policy.

Our service providers are based in and/or utilize servers located in the following countries, for which the European Commission has determined—by means of a decision—that an adequate level of data protection exists: USA, United Kingdom.

The adequacy decision for the USA serves as the basis for data transfers to a third country, provided that the respective service provider is certified. Such certification is in place.

Our service providers are based in and/or utilize servers located in the following countries: Australia, Singapore. No adequacy decision from the European Commission currently exists for these countries. Our collaboration with these providers is based on the following safeguards: Standard Contractual Clauses issued by the European Commission.

5.3 Postal Advertising and Your Right to Object

Furthermore, we reserve the right to use your first and last name, as well as your postal address, for our own advertising purposes—for instance, to send you interesting offers and information regarding our products via postal mail. This serves to safeguard our legitimate interests—which, following a balancing of interests, are deemed to be overriding—in directly marketing to our customers, in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. You may object to the storage and use of your data for these purposes at any time by sending a message to the contact address specified in this Privacy Policy.
Upon revocation of your consent, we will remove your address from the recipient list, unless you have expressly consented to the continued use of your data pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR, or unless we reserve the right to use your data beyond this scope in a manner permitted by law—regarding which we inform you in this Policy.

These promotional mailings are distributed by a service provider acting as a processor on our behalf, to whom we transmit your data for this purpose. Should you have any questions regarding our service providers or the basis of our collaboration with them, please contact us using the contact details provided in this Privacy Policy.

6. Cookies and Other Technologies

6.1 General Information

To make visiting our website attractive and to enable the use of certain functions, we employ various technologies—including so-called cookies—on different pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session—that is, after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser the next time you visit (persistent cookies). You can find information regarding the storage duration in the overview within your web browser's cookie settings.

Protection of Privacy on Devices

When you use our online services, we deploy strictly necessary technologies in order to provide the digital service you have expressly requested. In this regard, the storage of information on your device, or access to information already stored on your device, does not require your consent.

For functions that are not strictly necessary, the storage of information on your device—or access to information already stored on your device—requires your consent. Please note that if you do not grant your consent, certain parts of the website may not be fully usable.

Any consents you may have granted remain in effect until you adjust or reset the corresponding settings on your device.

Subsequent Data Processing via Cookies and Other Technologies

We utilize technologies that are strictly necessary for the use of certain features on our website. These technologies collect and process your IP address, the time of your visit, device and browser information, as well as information regarding your usage of our website. Based on a balancing of interests, this serves our overriding legitimate interests in optimizing the presentation of our services, in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

Furthermore, we employ technologies to fulfill legal obligations to which we are subject (e.g., to be able to demonstrate that we have obtained consent for the processing of your personal data), as well as for web analytics and online marketing purposes. Further information regarding this—including the respective legal basis for the data processing—can be found in the subsequent sections of this Privacy Policy.

Cookie Settings

You can find the cookie settings for your browser at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

Insofar as you have consented to the use of technologies in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, you may revoke your consent at any time by sending a message to the contact address specified in the Privacy Policy. Alternatively, you may click on the Privacy button. If you do not accept cookies, the functionality of our website may be limited.

6.2 Cookiebot Consent Management Platform

On our website, we use Cookiebot to inform you about the cookies and other technologies we employ on our site, as well as to obtain, manage, and document—where required—your consent to the processing of your personal data by these technologies. This is necessary pursuant to Art. 6 Para. 1 Sentence 1 lit. c GDPR in order to fulfill our legal obligation under Art. 7 Para. 1 GDPR to be able to demonstrate that we have obtained your consent to the processing of your personal data—an obligation to which we are subject. Cookiebot is a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, which processes your data on our behalf.
After you submit your cookie declaration on our website, Cookiebot’s web server stores your anonymized IP address, the date and time of your declaration, browser information, the URL from which the declaration was sent, information regarding your consent behavior, and an anonymous, random key. Additionally, a cookie is placed that contains the information regarding your consent behavior and the key. Your data will be deleted after twelve months, unless you have expressly consented to the continued use of your data in accordance with ...have consented pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR, or where we reserve the right to use data beyond this scope—provided such use is legally permissible and we inform you of it in this declaration.

Our service providers are based in and/or utilize servers located in the following countries, for which the European Commission has determined, by means of a decision, that an adequate level of data protection exists: USA.

The adequacy decision for the USA serves as the basis for data transfers to third countries, provided that the respective service provider is certified. Pending certification of our service providers, data transfers continue to rely on the following basis: the Standard Contractual Clauses issued by the European Commission.

7. Use of Cookies and Other Technologies

We use the following cookies and other third-party technologies on our website. Unless otherwise specified for individual technologies, this usage is based on your consent pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR. Once the specific purpose ceases to apply or we discontinue the use of the respective technology, the data collected in this context will be deleted. You may revoke your consent at any time with effect for the future. Further information regarding your options for revocation can be found in the section titled "Cookies and Other Technologies." Additional information—including the legal basis for our collaboration with the individual providers—can be found within the descriptions of the specific technologies. Should you have any questions regarding the providers or the basis of our collaboration with them, please contact us using the contact details provided in this Privacy Policy.

7.1 Use of Google Services

We use the technologies described below provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information regarding your use of our website that is automatically collected by Google’s technologies is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers concluded for the respective technology in accordance with Art. 26 GDPR. Further information regarding data processing by Google can be found in Google’s Privacy Policy.

Our service providers are based in and/or use servers located in countries outside the EU and the EEA for which the European Commission has determined, by means of a decision, that an adequate level of data protection exists.

Our service providers are based in and/or use servers located in countries outside the EU and the EEA. No adequacy decision by the European Commission exists for these countries. Our cooperation with them is based on the Standard Contractual Clauses issued by the European Commission.

Google Analytics

For the purpose of website analysis, data (IP address, time of visit, device and browser information, as well as information regarding your use of our website) is automatically collected and stored using Google Analytics; from this data, usage profiles are created using pseudonyms. Cookies may be used for this purpose.

If you visit our website from within the EU, your IP address is stored on a server located within the EU for the purpose of deriving location data and is subsequently deleted immediately before the traffic is forwarded to other Google servers for processing. This data processing is carried out on the basis of a data processing agreement with Google.

For the purpose of optimizing the marketing of our website, we have enabled the data-sharing settings for "Google Products and Services." This allows Google to access the data collected and processed by Google Analytics and subsequently use it to improve Google's services. The sharing of data with Google under these data-sharing settings is based on an additional agreement between the respective data controllers. We have no influence over the subsequent data processing carried out by Google.

For the purpose of optimizing the marketing of our website, we utilize the so-called User-ID feature. This feature allows us to assign a unique, persistent ID to your interaction data across one or more sessions on our online properties, thereby enabling us to analyze your user behavior across different devices and sessions.

For web analytics purposes, the Google Analytics extension feature known as Google Signals enables "cross-device tracking." Provided that your internet-enabled devices are linked to your Google Account and you have enabled the "Personalized Ads" setting within your Google Account, Google can generate reports on your usage behavior (specifically, cross-device user counts)—even if you switch devices. We do not process any personal data in this context; we merely receive statistics generated on the basis of Google Signals.

For web analytics and advertising purposes, the Google Analytics extension feature known as the DoubleClick cookie enables the recognition of your browser when you visit other websites. Google will use this information to compile reports on website activity and to provide other services related to website usage.

Google Ads

For advertising purposes within Google search results as well as on third-party websites, a so-called Google Remarketing cookie is placed when you visit our website. This cookie automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, as well as information regarding your usage of our website) using a pseudonymous Cookie ID and based on the pages you have visited. Any data processing beyond this scope takes place only if you have enabled the "personalized advertising" setting in your Google account. In this case, if you are logged into Google while visiting our website, Google uses your data—combined with Google Analytics data—to create and define audience lists for cross-device remarketing.

For the purposes of website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent user behavior after you have reached our website via a Google Ads advertisement. To this end, cookies may be deployed and data collected (IP address, time of visit, device and browser information, as well as information regarding your usage of our website based on events defined by us—e.g., visiting a specific page or signing up for a newsletter); this data is then used to create user profiles based on pseudonyms.

If you do not grant us consent—pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR—for the use of Google Ads, no cookies will be stored on or read from your device. The data processing described in the preceding paragraphs will not take place. To fill gaps in web analytics through behavioral and conversion modeling, "pings" containing data (User-Agent, information regarding your consent status, screen resolution, IP address, page URL, and information on ad clicks contained in URL parameters) are sent to Google.

Your IP address is used to determine your country based on your IP location.

Google Maps

For the visual display of geographical information, Google Maps collects data regarding your use of the Maps features—specifically your IP address and location data—transmits this data to Google, and subsequently processes it. We have no influence over this subsequent data processing.

Google reCAPTCHA

To protect against the misuse of our web forms and against spam generated by automated software (so-called "bots"), Google reCAPTCHA collects data (IP address, time of visit, browser information, and information regarding your use of our website) and analyzes your usage of our website using JavaScript and cookies. Additionally, other cookies stored in your browser by Google services are evaluated. This data processing is carried out pursuant to a data processing agreement with Google. Users of a client who access websites protected by reCAPTCHA are no longer subject to Google's Privacy Policy and Terms of Service.

Google Fonts

To ensure the consistent visual presentation of content on our website, the script code "Google Fonts" collects data (IP address, time of visit, device and browser information), transmits this data to Google, and subsequently processes it. We have no influence over this subsequent data processing.

Google Tag Manager

Google Tag Manager allows us to manage various codes and services on our website. During the implementation of individual tags, Google may also process personal data (e.g., IP address, online identifiers [including cookies]). This data processing is carried out on the basis of a data processing agreement with Google.

The use of Google Tag Manager enables the integration of various services and technologies.
If you do not wish to use specific tracking services—and have therefore deactivated them—this deactivation will remain in effect for all relevant tracking tags integrated via Google Tag Manager.

YouTube Video Plugin

To integrate third-party content, the YouTube Video Plugin—operating in the "Enhanced Privacy Mode" we employ—collects data (IP address, time of visit, device and browser information), transmits it to Google, and Google subsequently processes it; this occurs only when you play a video.

7.2 Use of Microsoft Services

We use the technologies described below provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). Data processing is carried out on the basis of a joint controller agreement pursuant to Art. 26 of the GDPR. Information regarding your use of our website, which is automatically collected by Microsoft technologies, is generally transmitted to a server operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and stored there.

Further information regarding data processing by Microsoft can be found in Microsoft’s Privacy Statement.

Our service providers are located in and/or utilize servers in countries outside the EU and the EEA for which the European Commission has determined, by means of a decision, that an adequate level of data protection exists.

Our service providers are located in and/or utilize servers in countries outside the EU and the EEA. For these countries, no adequacy decision by the European Commission is available. Our cooperation with them is based on the Standard Contractual Clauses issued by the European Commission.

Microsoft Advertising

For advertising purposes—specifically within Bing, Yahoo, and MSN search results, as well as on third-party websites—a so-called Microsoft Advertising Remarketing cookie is placed when you visit our website. This cookie automatically enables interest-based advertising by collecting and processing data (including IP address, time of visit, device and browser information, and details regarding your usage of our website) using a pseudonymous Cookie ID and based on the specific pages you have visited.

For the purposes of website analytics and event tracking, we use Microsoft Advertising Universal Event Tracking (UET) to measure your subsequent usage behavior if you have arrived at our website via a Microsoft Advertising advertisement. To this end, cookies may be deployed and data collected (including IP address, time of visit, device and browser information, and details regarding your usage of our website based on specific events defined by us—such as visiting a particular page or subscribing to a newsletter); this data is then used to create usage profiles based on pseudonyms. Furthermore, provided that your internet-enabled devices are linked to your Microsoft account and you have not disabled the "Interest-based advertising" setting within your Microsoft account, Microsoft may generate reports on usage behavior (specifically regarding cross-device user counts)—even if you switch devices—a practice known as "Cross-Device Tracking."

We do not process personal data in this context; we merely receive statistics generated on the basis of Microsoft UET.

7.3 Use of Meta Services

Use of Meta Pixel

We use the Meta Pixel as part of the technologies described below, provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”). The Meta Pixel automatically collects and stores data (IP address, time of visit, device and browser information, as well as information regarding your use of our website based on events defined by us—such as visiting a specific page or subscribing to a newsletter), from which usage profiles are created using pseudonyms. Furthermore, as part of so-called “Advanced Matching,” hashed information—which can be used to identify individuals (e.g., names, email addresses, and phone numbers)—is collected and stored for matching purposes. To this end, when you visit our website, the Meta Pixel automatically places a cookie that, by means of a pseudonymous Cookie ID, enables your browser to be recognized automatically when you visit other websites. Meta Platforms Ireland will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website usage—specifically personalized and group-based advertising.
The information regarding your use of our website, which is automatically collected via Meta Platforms Ireland’s technologies, is generally transmitted to a server operated by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Further information regarding data processing by Meta Platforms Ireland can be found in the Meta Platforms Ireland Privacy Policy.

Our service providers are based in and/or utilize servers located in the following countries, for which the European Commission has determined—by means of an adequacy decision—that an adequate level of data protection exists: Brazil, USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision regarding the USA serves as the basis for data transfers to this third country, provided that the respective service provider holds the necessary certification. Such certification is in place.

Our service providers are based in and/or utilize servers located in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico. No adequacy decision by the European Commission currently exists for these countries. Our collaboration with these providers is based on the following safeguards: the Standard Contractual Clauses issued by the European Commission.

Meta Ads Manager

We use Meta Ads Manager to advertise this website on Facebook (by Meta) as well as on other platforms. We determine the parameters of the respective advertising campaign. Meta Platforms Ireland is responsible for the precise implementation—specifically, the decision regarding the placement of ads to individual users. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of a joint controller agreement pursuant to Art. 26 of the GDPR. This joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this arrangement.

7.4 Other Providers of Web Analytics and Online Marketing Services

Use of the Pinterest Tag for Web Analytics and Advertising Purposes

For the purposes of web analytics and advertising on Pinterest as well as on third-party websites, technologies provided by Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland (“Pinterest”), are utilized when you visit our website. This enables interest-based advertising—both on Pinterest and on third-party sites—through the automatic collection and processing of data (including IP address, time of visit, device and browser information, and information regarding your usage of our website based on events defined by us—such as visiting a specific page or subscribing to a newsletter), by means of a pseudonymous cookie ID, and based on the pages you have visited. Usage profiles are created from the collected data using pseudonyms. Pinterest will combine this information with other data from your Pinterest account and use it to compile reports on website activity and to provide other services related to website usage. We have no influence over the data processing carried out by Pinterest; we merely receive statistics generated based on the Pinterest Tag. In this way—for the purposes of website analysis and event tracking—we measure your subsequent usage behavior if you have reached our website via a Pinterest advertisement. The information automatically collected by Pinterest is generally transmitted to a server belonging to Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there.

Data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 of the GDPR.

Our service providers are located in and/or utilize servers in countries outside the EU and the EEA. For these countries, no adequacy decision by the European Commission is available. Our collaboration with them is based on the Standard Contractual Clauses issued by the European Commission.

Use of Amazon Services for Online Marketing

Through our advertising partner Amazon Europe Core S.à.r.l., 38 avenue John F. Kennedy, L-1855, Luxembourg (“Amazon”), we market advertising space for third-party providers on Amazon. These advertisements are displayed to you at various locations on this website. By means of cookies, Amazon is able to track the progress of the respective order and, in particular, to determine that you clicked on the specific advertisement and subsequently ordered the product. To this end, data (IP address, time of visit, device and browser information, as well as information regarding your use of our website) is collected, transmitted to Amazon, and processed by Amazon. We have no influence over this data processing. Data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 of the GDPR. Information regarding your use of our website, which is automatically collected by Amazon, is generally transmitted to a server belonging to Amazon, Inc., 2021 7th Ave, Seattle, WA 98121, USA, and stored there.

Our service providers are based in and/or utilize servers located in countries outside the EU and the EEA for which the European Commission has, by means of a decision, determined that an adequate level of data protection exists.

Our service providers are based in and/or utilize servers located in countries outside the EU and the EEA. For these countries, no adequacy decision by the European Commission is available. Our cooperation with them is based on the Standard Contractual Clauses issued by the European Commission.

Use of Criteo for Online Marketing

Through our advertising partner Criteo SA, 32 Rue Blanche, 75009 Paris, France (“Criteo”), we advertise this website in search results as well as on third-party websites. When you visit our website, a retargeting cookie is automatically placed by Criteo or its partners; this cookie enables interest-based advertising by means of a pseudonymous Cookie ID and based on the pages you have visited. Data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 of the GDPR. We determine the parameters of the respective advertising campaign. Criteo is responsible for the precise implementation (e.g., the decision regarding the placement of individual advertisements). The data automatically collected by Criteo (IP address, time of visit, device and browser information, as well as information regarding your use of our website) may be combined by Criteo with information from other sources and transmitted to Criteo advertising partners.

Our service providers are located in and/or use servers in countries outside the EU and the EEA for which the European Commission has determined, by means of a decision, that an adequate level of data protection exists.

Our service providers are located in and/or use servers in countries outside the EU and the EEA. For these countries, no adequacy decision by the European Commission is available.

Our collaboration with them is based on the Standard Contractual Clauses of the European Commission.

8. Integration of the Trusted Shops Trustbadge / Other Widgets

Provided that you have given your consent pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR, Trusted Shops widgets are integrated into this website for the purpose of displaying Trusted Shops services (e.g., the Trustmark, collected reviews) and for offering Trusted Shops products to buyers following an order.

The Trustbadge and the services advertised thereby are an offering of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we act as joint controllers under data protection law pursuant to Art. 26 GDPR. In the context of this Privacy Policy, we hereby inform you of the essential terms of this joint arrangement pursuant to Art. 26 Para. 2 GDPR.

Within the scope of the joint controllership existing between us and Trusted Shops SE, please direct any data protection inquiries—and requests to exercise your rights—primarily to Trusted Shops, using the contact options provided in their Privacy Policy. Regardless of this, you may, of course, always contact the controller of your choice. Your inquiry will then, if necessary, be forwarded to the other controller for a response.

Data Processing Upon Integration of the Trustbadge / Other Widgets

The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider. An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available for the USA here. Service providers utilized from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. In cases where utilized service providers are not certified under the DPF, Standard Contractual Clauses have been concluded as an appropriate safeguard.

When the Trustbadge is accessed, the web server automatically stores a so-called server log file; this file contains your IP address, the date and time of access, the volume of data transferred, and the requesting provider (access data), thereby documenting the access event. The IP address is anonymized immediately after collection so that the stored data cannot be attributed to you personally. The anonymized data is used primarily for statistical purposes and for error analysis.

Data Processing After Order Completion

Provided that you have granted your consent, the Trustbadge—following the completion of your order—accesses order information stored on your device (order total, order number, and, where applicable, the product purchased) as well as your email address; your email address is then hashed using a one-way cryptographic function. The hash value is subsequently transmitted to Trusted Shops, together with the order information, in accordance with Art. 6 Para. 1 S. 1 lit. a of the GDPR.
This serves to verify whether you are already registered for Trusted Shops services. If this is the case, further processing is carried out in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services, or if you do not grant your consent for automatic recognition via the Trustbadge, you will subsequently be given the opportunity to manually register for the use of the services or to conclude the Buyer Protection coverage within the scope of any existing user agreement you may have.

For this purpose, immediately after the completion of your order, the Trustbadge accesses the following information stored on the device you are using: order total, order number, and e-mail address. This is necessary to enable us to offer you Buyer Protection. Data is transmitted to Trusted Shops only if you actively decide to conclude the Buyer Protection coverage by clicking the corresponding button within the so-called Trustcard. If you choose to use the services, further processing is governed by the contractual agreement with Trusted Shops pursuant to Art. 6 para. 1 lit. b GDPR, in order to complete your registration for Buyer Protection, secure your order, and—where applicable—subsequently send you review invitations via email.

Trusted Shops utilizes service providers in the areas of hosting, monitoring, and logging. The legal basis for this is Art. 6 para. 1 lit. f GDPR, for the purpose of ensuring uninterrupted operation. In this context, processing may take place in third countries (the USA, the United Kingdom, and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available here for the USA, here for the United Kingdom, and here for Israel. Service providers utilized from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. In cases where utilized service providers are not certified under the DPF, Standard Contractual Clauses have been concluded as an appropriate safeguard.

9. Social Media

Social Buttons from Facebook (by Meta), X (formerly: Twitter), Instagram (by Meta), Pinterest, Xing, WhatsApp

Our website uses social buttons from social networks. These are embedded in the page merely as HTML links; consequently, no connection is established with the servers of the respective provider when you simply access our website. If you click on one of the buttons, the website of the respective social network opens in a new browser window. There, you can, for example, click the "Like" or "Share" button.

Our Online Presence on Facebook (by Meta), X (formerly: Twitter), Instagram (by Meta), YouTube, Pinterest, LinkedIn, Xing

Provided that you have granted your consent to the respective social media operator in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media platforms mentioned above. From this data, usage profiles are created using pseudonyms. These profiles may be used, for example, to display advertisements—both within and outside the platforms—that are presumed to align with your interests. As a general rule, cookies are used for this purpose. For detailed information regarding the processing and use of data by the respective social media operator—as well as contact options, your rights in this regard, and settings options for protecting your privacy—please refer to the providers' privacy policies linked below.

Should you nevertheless require assistance in this regard, please feel free to contact us.

Facebook (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information regarding your use of our online presence on Facebook (by Meta)—which is automatically collected by Meta Platforms Ireland—is generally transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing in the context of visiting a Facebook (by Meta) Fanpage is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information regarding Insights data) can be found here.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Such certification is in place.

Our service providers are based in and/or utilize servers located in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
No adequacy decision by the European Commission exists for these countries. Our cooperation with them is based on the following safeguards: Standard Data Protection Clauses of the European Commission.

X is a service provided by X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”). Information regarding your use of our online presence on X, which is automatically collected by X, is generally transmitted to a server of X Corp., FM 1209, Building 2, Bastrop, TX 78602, USA, and stored there.

Our service providers are located in and/or use servers in countries outside the EU and the EEA. For these countries, no adequacy decision by the European Commission is available. Our cooperation with them is based on the Standard Contractual Clauses issued by the European Commission.

Instagram (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information regarding your use of our online presence on Instagram, which is automatically collected by Meta Platforms Ireland, is generally transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Data processing in the context of a visit to an Instagram (by Meta) Fanpage is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 of the GDPR. Further information (information regarding Insights data) can be found here.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Such certification is in place.

Our service providers are based in and/or utilize servers located in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
No adequacy decision from the European Commission exists for these countries. Our cooperation with these providers is based on the following safeguards: Standard Contractual Clauses issued by the European Commission.

YouTube is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google regarding your use of our online presence on YouTube is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Such certification is in place.

Our service providers are based in and/or utilize servers located in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
No adequacy decision from the European Commission exists for these countries. Our cooperation with these providers is based on the following safeguards: Standard Contractual Clauses issued by the European Commission.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us, to the extent specified therein;
pursuant to Art. 16 GDPR, the right to request the immediate rectification of inaccurate personal data stored by us, or the completion thereof;
pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is required:
- for the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation;
- for reasons of public interest; or
- for the establishment, exercise, or defense of legal claims;
pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as:
- the accuracy of the data is contested by you;
- the processing is unlawful, but you oppose its erasure;
- we no longer require the data, but you require it for the establishment, exercise, or defense of legal claims; or
- you have objected to the processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller;
pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority responsible for your habitual place of residence, your place of work, or our company headquarters.

Right to Object

Insofar as we process personal data—as explained above—in order to safeguard our legitimate interests, which are deemed overriding within the scope of a balancing of interests, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time, as described above. If the processing is carried out for other purposes, you have a right to object only if there are grounds arising from your particular situation.

After you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

This does not apply if the processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for this specific purpose.

10.2 Contact Options

If you have questions regarding the collection, processing, or use of your personal data; if you require information, correction, restriction, or deletion of data; or if you wish to revoke previously granted consents or object to a specific use of data, please contact us directly using the contact details provided in our Legal Notice.