GDPR Privacy Policy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this Privacy Policy.
1. Name and address of the Controller
The Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
Colosol Coatings GmbH
Buchäckerring 36
74906 Bad Rappenau
Germany
Email:
Website: www.colosol.de
2. General information on data processing
2.1 Scope of the processing of personal data
We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons, and the processing of the data is permitted by statutory provisions.
2.2 Legal basis for the processing of personal data
In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. If the legal basis is not mentioned in this Privacy Policy, the following applies: The legal basis for obtaining consents is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for the processing for the performance of our services and the implementation of contractual measures as well as the response to inquiries is Art. 6(1)(b) GDPR; the legal basis for the processing to fulfill our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. If vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.
2.3 Changes and updates to the Privacy Policy
We kindly ask you to regularly check the content of our Privacy Policy. We will adapt the Privacy Policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or any other individual notification.
2.4 Security measures
In accordance with Art. 32 GDPR, taking into account the state of the art, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transfer, ensuring availability, and separation of the data concerning their further processing. Among the security measures is the encrypted transmission of data between your browser and our server.
We also have procedures in place that ensure data subjects’ rights can be exercised, data can be deleted, and we can respond to threats to data. Furthermore, we take the protection of personal data into account already when developing or selecting hardware, software, and procedures, in line with the principle of data protection by design and by default (Art. 25 GDPR).
2.5 Provision of contractual services
We process personal data, such as names and addresses, and contact details of users, as well as contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing our services in accordance with Art. 6(1)(b) GDPR. The mandatory fields in online forms are required for concluding the contract.
2.6 Cooperation with processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is necessary for contract performance pursuant to Art. 6(1)(b) GDPR), if you have consented, if a legal obligation provides for it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties to process data based on a so-called “data processing agreement,” this is done on the basis of Art. 28 GDPR.
2.7 Deletion of data and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also occur if this is required by European or national legislators in EU regulations, laws, or other provisions to which the Controller is subject. Blocking or deletion of data also takes place when a storage period prescribed by the mentioned standards expires, unless there is a necessity to further store the data for concluding or fulfilling a contract.
3. Your rights as a user
This list names all rights of data subjects according to the GDPR. Rights that are not relevant for the respective website do not have to be mentioned, so the list can be shortened accordingly… If personal data concerning you is processed, you are the data subject within the meaning of the GDPR, and you have the following rights against the Controller:
3.1 Right of access
You may request confirmation from us or our Controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you can request information from the Controller about the following details:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information about this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the Controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether personal data concerning you is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
In the case of data processing for scientific, historical, or statistical research purposes:
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes, and the restriction is necessary for the fulfillment of the research or statistical purposes.
3.2 Right to rectification
You have the right to obtain rectification and/or completion from the Controller if the personal data processed concerning you is incorrect or incomplete. The Controller must make the correction without undue delay.
In the case of data processing for scientific, historical, or statistical research purposes:
Your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes, and the restriction is necessary for the fulfillment of the research or statistical purposes.
3.3 Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of your personal data:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use;
(3) the Controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise, or defense of legal claims; or
(4) if you have objected to processing pursuant to Art. 21(1) GDPR and it is not yet clear whether the legitimate grounds of the Controller override your grounds.
If the processing of your personal data has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted according to the above conditions, you will be informed by the Controller before the restriction is lifted.
In the case of data processing for scientific, historical, or statistical research purposes:
Your right to restriction of processing may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes, and the restriction is necessary for the fulfillment of the research or statistical purposes.
3.4 Right to erasure
a) Obligation to erase
You have the right to request that the Controller erase the personal data concerning you without undue delay, and the Controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the Controller is subject.
(6) The personal data concerning you was collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.
b) Information to third parties
If the Controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase it, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Controllers processing the personal data that you, as the data subject, have requested the erasure by such Controllers of any links to, or copies or replications of, this personal data.
c) Exceptions
The right to erasure does not exist to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, to the extent that the right referred to in point a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishment, exercise, or defense of legal claims.
3.5 Right to be informed
If you have exercised your right to rectification, erasure, or restriction of processing against the Controller, the Controller is obliged to communicate this rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the Controller about those recipients.
3.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another Controller without hindrance from the Controller to whom the personal data has been provided, where
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one Controller to another, where technically feasible. Freedoms and rights of other persons must not be adversely affected.
The right to data portability does not apply to a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
3.7 Right to object
You have the right, on grounds relating to your particular situation, at any time to object to the processing of personal data concerning you, which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
The Controller will no longer process the personal data concerning you unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option of exercising your right to object by automated means using technical specifications in the context of the use of information society services, notwithstanding Directive 2002/58/EC.
In the case of data processing for scientific, historical, or statistical research purposes:
You also have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR.
Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes, and the restriction is necessary for the fulfillment of the research or statistical purposes.
3.8 Right to withdraw the data protection consent declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
3.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the Controller,
(2) is authorized by Union or Member State law to which the Controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place.
With regard to the cases referred to in (1) and (3), the Controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view, and to contest the decision.
3.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
4. Cookies
Our website uses cookies. Cookies are text files. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie allows the browser to be uniquely identified the next time the website is accessed.
We use cookies to make our website more user-friendly. Some elements of our internet site require that the requesting browser can be identified even after a page change. In these cookies, the following data is stored and transmitted:
Language settings
Items in a shopping cart
Log-in information
4.1 Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.
4.2 Purpose of data processing
We use technically necessary cookies on our website to make its use easier for you. The use of these cookies is necessary because some features of our website cannot be offered otherwise. These features require that the browser be recognized even after a page change. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website that uses cookies does not have to re-enter his login details every time he visits the website because these are taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online shop remembers the articles that a customer has placed in the virtual shopping cart via a cookie.
We need cookies for the following applications:
(1) Adoption of language settings
(2) Shopping cart
(3) Storing search terms
The user data collected by technically necessary cookies is not used to create user profiles.
We use analysis cookies to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our services.
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6(1)(f) GDPR.
4.3 Duration of storage, objection, and removal option
The cookies we use, both those that are technically necessary and those that are not, are stored on the user’s computer and transmitted to our site. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser and thus permanently object to the setting of cookies. Cookies that have already been stored can be deleted at any time. Please note that if cookies are disabled for our website, you may no longer be able to use all of its features fully.
The transmission of Flash cookies cannot be prevented via the browser settings but by changing the settings of the Flash Player.
We use “session cookies,” which are only stored for the duration of your current visit to our online presence (e.g., to enable the storage of your login status or the shopping cart function and thus to make the use of our online offer possible in the first place). A session cookie stores a randomly generated unique identification number, a so-called session ID. It also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you finish using our online offer and, for example, log out or close the browser.
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6(1)(f) GDPR. With the tracking measures we use, we want to ensure a demand-oriented design and the ongoing optimization of our website. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
5.1 Google Analytics
For the purpose of demand-oriented design and ongoing optimization of our pages, we use Google Analytics, a web analytics service of Google Inc. (https://www.google.de/ intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as
Browser type/version,
used operating system,
Referrer URL (the previously visited page),
Hostname of the accessing computer (IP address),
Time of the server request,
is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities, and to provide other services related to website usage and internet usage for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with any other data from Google. We only use Google Analytics with activated IP anonymization. This means that the user’s IP address is shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area, making a personal reference impossible (IP masking). Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser will not be merged with other data from Google.
You can prevent the installation of cookies by selecting the appropriate settings on your browser software; however, please note that in this case, you may not be able to use all the features of this website to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on https://tools.google.com/dlpage/gaoptout. An opt-out cookie will be set that prevents the future collection of your data when visiting this website. The opt-out cookie only applies to this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must reset the opt-out cookie.
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de). Information and the applicable data protection provisions of Google can be accessed at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.
Further information on how Google uses data as well as settings and opt-out options can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information Google uses to serve you ads”).
5.2 Google Adwords Conversion Tracking
In order to statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In this process, Google Adwords sets a cookie on your computer, provided you have accessed our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. Each Adwords customer receives a different cookie. Cookies cannot be tracked through the websites of Adwords customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers find out the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.
If you do not wish to participate in the tracking process, you can refuse the setting of a cookie required for this purpose – for example, by adjusting your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. Google’s privacy policy regarding conversion tracking can be found here (https://services.google.com/sitestats/de.html).
6. Contact options via our website
Our website provides you with a quick electronic means of contacting us via a contact form, which is handled through a general email address.
We would like to point out that, despite existing certifications and legally required encryption, the transmission of data via the internet cannot be 100% secured. Please use our email address only if you have no other possibility of reaching us by more secure means.
If you nonetheless contact us by email or via our contact form, we draw your attention to the fact that the personal data you transmit to us this way (at least your email address, IP address) is automatically stored. Such personal data transmitted on a voluntary basis by you is processed (and thus stored) for the purpose of dealing with your contact request and its handling with you pursuant to Art. 6(1)(b) GDPR. In this context, there is no transfer of your personal data to third parties.
Unless there are statutory retention obligations that prevent it, we will delete your request as soon as it has been processed and is no longer required to be kept. In the event of statutory archiving obligations, the data will be deleted after these periods expire (end of the commercial [6 years] and tax [10 years] retention period). The Data Protection Officer named in our Privacy Policy is also available to you as a contact in this context.
User information may be stored in our Customer Relationship Management system (“CRM system”) or a similar request organization tool.
7. Your registration on our website
You can register on our website by providing personal data. Only the personal data required for registration, which you see in the input mask, is transmitted to us voluntarily. The personal data you enter is collected and stored exclusively for our internal use and for our own purposes. The storage of your personal data during registration is for us to be able to present you with our products and/or services and content that we offer only to registered users. We also wish to point out that we may forward your data to one or more processors, e.g., mail and/or parcel service providers, who use your personal data exclusively for internal use, specifically for handling the order attributable to the Controller, in order to deliver our products and services to you.
In addition to the personal data voluntarily entered by you, the IP address assigned by your internet service provider (ISP), the date, and the time of your registration are also stored. This data storage is necessary only to prevent misuse of our services and, if necessary, to enable criminal offenses to be investigated. In this respect, the storage of such data is required for our security. This data will not be disclosed to third parties unless there is a legal obligation to do so or the disclosure serves the purpose of criminal prosecution.
Note:
We explicitly point out that you may at any time change the personal data you entered during registration or have it completely deleted from our database.
If you have registered with us, you are also entitled at any time, upon request, to receive information about what personal data we have stored about you.
We are also obliged, at your request, to rectify or erase your personal data stored with us, unless this is prevented by statutory retention obligations. The Data Protection Officer named in our Privacy Policy is also available to you as a contact in this context.
8. Our blog on our website (including subscription to comments)
Our users/customers can use our blog located on our website and post individual comments on the blog entries that are published there. Our blog is a publicly accessible medium in which we post articles and information on various topics. These posts can be commented on by third parties, including you.
Furthermore, there is an option on our blog to subscribe to comments. This offering is primarily used by commenters who want to see subsequent comments on their own postings. If you choose this option and wish to subscribe to comments, we will send you an automated confirmation email following your registration in order to verify in a double opt-in procedure that the owner of the email address indeed chose this option. You can unsubscribe from this subscription at any time.
A person who comments on a post on our blog will automatically leave the IP address assigned to them by the internet service provider (ISP). In addition, other data is automatically logged, such as information about when the relevant comment was entered, as well as the username (including the pseudonym) chosen by the commenting person. All of this data, which can provide insight into the identity of the commenter, is stored and processed.
Note:
Commenting is only possible with your consent to the processing of your personal data. The legal basis is Art. 6(1)(a) GDPR. Your consent is obtained during the registration process, and this Privacy Policy is referenced.
We reserve the right to store personal data, particularly the commenter’s IP address, for our protection. This is based on Art. 6(1)(f) GDPR to protect our legitimate interests if unlawful content is posted via the comments, thereby violating the rights and interests of third parties (e.g., prohibited propaganda, content glorifying violence, or insults). In these cases, we as the operator of the blog can be held criminally and civilly liable. Therefore, we are interested in the identity of the commenter for evidentiary purposes. The storage of this personal data is for a period of 7 days and in our own interest.
The personal data collected in this context will not be disclosed to third parties unless we are legally obliged to disclose it, or it serves our legal defense.
If you have any further questions in this context, the Data Protection Officer named in our Privacy Policy is available to you as a contact person.
9. Integration of payment services & credit checks
a) Payment services
If our customers use the payment services of third parties (e.g., PayPal or Sofortüberweisung), the terms and conditions and the privacy notices of the respective third-party providers apply, which can be accessed within the respective websites or transaction applications.
We use, within our online offer, on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR), content or service offerings from third-party providers to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content perceive the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymized information can also be stored in cookies on the user’s device and may include technical information on the browser and operating system, referring websites, visit times, as well as other information about the use of our online offer, and may also be linked to such information from other sources.
The following provides an overview of third-party providers, as well as their content, including links to their privacy policies, which contain further information on the processing of data and, in part already mentioned here, opt-out options:
9.1 Klarna
The Controller has integrated Klarna components on this website. Klarna is an online payment service provider that enables purchase on account or flexible installment payment. Klarna also offers additional services such as buyer protection or identity and credit checks. The operator of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If the data subject selects either “purchase on account” or “installment purchase” as a payment option during the order process in our online shop, data of the data subject is automatically transmitted to Klarna. By selecting one of these payment options, the data subject consents to the transmission of personal data required for the processing of the invoice or installment purchase, or for identity and credit checks.
The personal data transmitted to Klarna usually includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, as well as other data necessary for processing an invoice or installment purchase. Data that is related to the respective order is also required to process the sales contract. In particular, it may lead to a mutual exchange of payment information such as bank details, card number, expiry date and CVC code, number of articles, item number, data on goods and services, prices and tax levies, information on previous purchasing behavior, or other details about the financial situation of the data subject.
The transmission of the data aims, in particular, at identity verification, payment administration, and fraud prevention. The Controller will transmit personal data to Klarna in particular if there is a legitimate interest in such transmission. The personal data exchanged between Klarna and the Controller may be transmitted by Klarna to credit agencies. This transmission aims at identity and credit checks.
Klarna may also transfer the personal data to affiliated companies (Klarna Group) and service providers or subcontractors, provided this is necessary to fulfill contractual obligations or the data is to be processed on their behalf.
To decide on the establishment, implementation, or termination of a contractual relationship, Klarna collects and uses data and information on the previous payment behavior of the data subject, as well as probability values for their behavior in the future (so-called scoring). The calculation of the scoring is carried out on the basis of scientifically recognized mathematical-statistical methods.
The data subject has the option to revoke consent to the handling of personal data at any time vis-à-vis Klarna. A revocation does not affect personal data that must be processed, used, or transmitted in order to (contractually) process payments.
The applicable privacy policy of Klarna can be accessed at https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.
9.2 PayPal
The Controller has integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual private or business accounts. Moreover, PayPal offers the possibility of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classical account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. Furthermore, PayPal assumes trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of the personal data required for the payment processing.
Typically, the personal data transmitted to PayPal includes first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data required for payment processing. Personal data related to the respective order is also necessary to process the sales contract.
The transmission of the data is intended for payment processing and fraud prevention. The Controller will transmit personal data to PayPal in particular if there is a legitimate interest in such transmission. The personal data exchanged between PayPal and the Controller may be transmitted by PayPal to credit agencies. This transmission aims at identity and credit checks.
PayPal may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill its contractual obligations or if the data is to be processed on its behalf.
The data subject has the option to revoke consent to PayPal’s handling of personal data at any time. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.
The applicable privacy policy of PayPal can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
9.3 Sofortüberweisung
The Controller has integrated Sofortüberweisung components on this website. Sofortüberweisung is a payment service that enables cashless payment of products and services on the Internet. Sofortüberweisung provides a technical procedure whereby the online merchant immediately receives a payment confirmation. This puts a merchant in a position to deliver goods, services, or downloads to the customer immediately after the order.
The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany. If the data subject selects “Sofortüberweisung” as a payment option during the ordering process in our online shop, data of the data subject is automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transmission of the personal data required for payment processing.
In the case of a purchase transaction via Sofortüberweisung, the buyer transmits the PIN and the TAN to Sofort GmbH. Sofortüberweisung then carries out a technical check of the account balance and retrieves further data to check the account coverage, and then transfers the amount to the online merchant. The online merchant is then automatically notified of the financial transaction’s execution.
The personal data exchanged with Sofortüberweisung typically includes first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The transmission of data is intended for payment processing and fraud prevention. The Controller will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in such transmission. The personal data exchanged between Sofortüberweisung and the Controller may be transmitted by Sofortüberweisung to credit agencies. This transmission aims at identity and credit checks.
Sofortüberweisung may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed on its behalf.
The data subject can revoke consent to Sofortüberweisung’s handling of personal data at any time. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.
The applicable privacy policy of Sofortüberweisung can be accessed at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.
10. Third-party services
10.1 jQuery
External code of the JavaScript framework “jQuery,” provided by the third-party provider jQuery Foundation, https://jquery.org.
10.2 Google Fonts
External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts takes place by calling up a Google server (usually in the USA). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
10.3 Google Maps
We use the functions of the “Google Maps” map service by Google Inc. on our website. The link “Map view” is integrated as specified in the terms of use as a Google Maps API. As soon as you click on this link, you are redirected to the third-party provider’s website. The operator of that site is “Google Maps,” run by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We cannot say which data Google Maps actually processes, i.e., collects, stores, and forwards. You can find more detailed information on data processing by Google in Google’s data protection information. There you can also change your personal data protection settings in the Privacy Center.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
10.4 YouTube
The Controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to upload video clips free of charge, and other users to view, rate, and comment on them. YouTube permits the publication of all types of videos, which is why full movie and TV broadcasts, as well as music videos, trailers, or videos made by users themselves, can be accessed via the internet portal.
The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
By calling up any of the individual pages of this website that is operated by the Controller and in which a YouTube component (YouTube video) is integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. In the course of this technical procedure, YouTube and Google become aware of which specific subpage of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage containing a YouTube video was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will always receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the time of accessing our website, regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish such information to be transmitted to YouTube and Google, they can prevent this transmission by logging out of their YouTube account before visiting our website.
The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing, and use of personal data by YouTube and Google. Opt-Out: https://adssettings.google.com/authenticated.
10.5 Newsletter2Go
If you would like to receive the newsletter offered on the website, we require an email address from you and information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter.
In order to ensure that the newsletter is sent with your consent, we use the so-called double opt-in procedure. As part of this process, the potential recipient is added to a distribution list. Subsequently, the user receives a confirmation email giving them the opportunity to legally confirm the registration. Only if the confirmation is received will the address be actively added to the distribution list.
We use this data exclusively for sending the requested information and offers.
As newsletter software, we use Newsletter2Go. Your data is transmitted to Newsletter2Go GmbH in this process. It is prohibited for Newsletter2Go to sell your data or to use it for purposes other than sending newsletters. Newsletter2Go is a German, certified provider that has been selected in accordance with the requirements of the GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz).
Further information can be found here: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
You can revoke the consent given to store the data, the email address, and its use to send the newsletter at any time, for example via the “Unsubscribe” link in the newsletter.
Data protection measures are always subject to technical updates, which is why we ask you to inform yourself about our data protection measures at regular intervals by consulting our Privacy Policy.
11. Facebook Social Plugins
We use social media plugins from Facebook on our website to personalize their use. We do so on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR). These used social media plugins are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). It is an offering by Facebook.
Facebook is certified under the Privacy Shield Agreement, thereby offering a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website.
Through this integration, Facebook receives information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook at the time. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can associate your visit to our website directly with your Facebook account. If you interact with the plugins, for example by clicking the “LIKE” or “SHARE” button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. If a user is not a member of Facebook, there is still a possibility that Facebook will obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
Facebook may use this information for advertising, market research, and customized design of Facebook pages. For this purpose, Facebook creates usage, interest, and relationship profiles, e.g., in order to evaluate your use of our website regarding the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide other services associated with the use of Facebook.
If you do not want Facebook to associate the data collected via our web presence with your Facebook account, you must log out of Facebook before visiting our website.
For the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for protecting your privacy, please refer to Facebook’s Data Policy (https://www.facebook.com/about/privacy/).
If you are a Facebook member and do not want Facebook to collect data about you via this online offer and link it to your stored Facebook member data, you must log out of Facebook and delete your cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e., they apply to all devices, such as desktop computers or mobile devices.
12. Currency and changes to this Privacy Policy
This Privacy Policy is currently valid and has the status as of 04/2025.
Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this Privacy Policy. The most current version of the Privacy Policy can be accessed and printed out by you at any time on our website.
