FR
IE
IT
NL
ES
BE/NL
PL
SE
DE
CH/DE
DK
CZ
PT
Privacy policy
1. Privacy at a Glance
General Information
This privacy policy informs you about the processing of your personal data when visiting our online store, which is provided via the Shopify platform.
We treat your personal data confidentially and in accordance with the applicable data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this happens.
Please note that data transmission over the internet (e.g. communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Note on the Responsible Party
The responsible party for data processing on this website is:
NEXTREND - GmbH
Weiherstrasse 1
65439 Floersheim a. M.
Germany
Phone: +49(0)6145–598830
Email: support@bernstein-badshop.de
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Our data protection officer can be reached at the above address or via datenschutz@bernstein-badshop.de.
Purposes and Legal Bases of Data Processing
- Order processing (Art. 6 para. 1 lit. b GDPR)
- Communication and support (Art. 6 para. 1 lit. b and f GDPR)
- Analytics and marketing (Art. 6 para. 1 lit. a GDPR, with consent)
- Ensuring technical operation (Art. 6 para. 1 lit. f GDPR)
What Are Your Rights Regarding Your Data?
You have the right to obtain information about the origin, recipients, and purpose of your stored personal data at any time free of charge. You also have the right to request correction or deletion of your data. If you have given consent to data processing, you can withdraw this consent at any time with effect for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.
If you have questions regarding data protection, you can contact us at any time.
2. Hosting and Content Delivery Networks (CDN)
External Hosting
This website is hosted by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").
Shopify processes personal data as a data processor in accordance with Art. 28 GDPR. More information can be found at: https://www.shopify.com/de/legal/datenschutz.
The use of this hosting provider is based on our legitimate interest in a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hosting provider will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding these data.
Cloudflare
We use the service "Cloudflare", provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA ("Cloudflare").
Cloudflare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may use cookies or other technologies for user recognition, which are used solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in providing our web offering as error-free and securely as possible (Art. 6 para. 1 lit. f GDPR).
Cloudflare may transfer data to the USA. Cloudflare is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.cloudflare.com/privacypolicy/.
For more information on security and data protection at Cloudflare, please visit: https://www.cloudflare.com/privacypolicy/.
Data Processing by Matrixify
We use the app Matrixify from ITissible, SIA, Riga, Latvia to migrate and manage shop data. In this context, personal data (e.g. customer, order, and product data) are processed under a data processing agreement in accordance with Art. 28 GDPR.
The legal basis for the use of Matrixify is our legitimate interest in the effective and professional management of data (Art. 6 para. 1 lit. f GDPR).
Matrixify uses service providers in the field of hosting (Amazon Web Services), which may involve processing in the USA.
An adequate level of data protection is ensured by an adequacy decision of the EU Commission. The service provider Amazon Web Services is certified under the EU-U.S. Data Privacy Framework. If service providers used are not certified under the DPF, standard contractual clauses have been concluded as appropriate safeguards.
SSL and TLS Encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator.
You can recognize an encrypted connection by the change in the address line of your browser from "http://" to "https://" and by the lock symbol in your browser’s address bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted Payment Transactions on This Website
If, after concluding a paid contract, you are required to provide us with your payment details (e.g. bank account number for direct debit), this data is necessary for payment processing.
Payment transactions via common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection.
You can recognize an encrypted connection by the change in the address line of your browser from "http://" to "https://" and by the lock symbol in your browser’s address bar.
With encrypted communication, your payment details that you transmit to us cannot be read by third parties.
Storage Duration
Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies.
If you request deletion of your data or revoke your consent to data processing, your data will be deleted unless we are legally obliged or otherwise permitted to retain it (e.g. retention periods required by tax or commercial law). In the latter case, deletion will occur after these obligations cease to apply.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent.
You may revoke a previously granted consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS ASSOCIATED WITH SUCH DIRECT MARKETING.
IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged violation.
The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
The competent supervisory authority for us as the data controller is:
The Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Michael Ronellenfitsch
Public Relations
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
Phone: +49 611 1408 0
Fax: +49 611 1408 611
Email: poststelle@datenschutz.hessen.de
Right to Data Portability
You have the right to receive the data we process automatically based on your consent or in fulfillment of a contract, either yourself or to a third party, in a commonly used, machine-readable format.
If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.
3. Data Collection on this Website
Cookies
Our websites use so-called "cookies". Cookies are small text files that do not harm your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g. cookies for payment processing services).
Additionally, technically necessary cookies may be set by Shopify or Shopify apps used in our store, which are essential for the basic functions of the online shop (e.g. cart management, customer login, order processing). These cookies are necessary to ensure the functionality of our website and are stored on the basis of Art. 6(1)(f) GDPR.
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart or video display). Other cookies are used to analyze user behavior or display advertisements.
Cookies required for the electronic communication process (necessary cookies), for the provision of certain functions you request (functional cookies, e.g. for the shopping cart function), or for optimizing the website (e.g. cookies for measuring web audience) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services.
If consent has been requested for the storage of cookies, the storage of the relevant cookies takes place solely on the basis of this consent (Art. 6(1)(a) GDPR); consent can be revoked at any time.
You can configure your browser to notify you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and enable the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.
If cookies from third-party companies or for analysis purposes are used, we will inform you about this separately within this privacy policy and, if necessary, request your consent.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website — for this purpose, the server log files must be collected.
Inquiry by Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (e.g. name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of these data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it has been requested.
The data you send to us via contact requests remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular legal retention periods — remain unaffected.
Orders and Customer Accounts
If you wish to place an order in our online store, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order.
You can create a customer account so that we can save your data for future purchases. When creating an account under "Account", the data you provide will be stored.
In addition to placing orders through the customer account, you also have the option to shop as a guest without creating an account.
The mandatory information required for contract processing is marked separately, other details are voluntary. The data you provide is processed for the purpose of fulfilling your order. The legal basis is Art. 6(1)(b) GDPR.
Your data will only be passed on to third parties if this is necessary for the performance of the contract (legal basis: Art. 6(1)(b) GDPR). Third parties engaged by us for contract fulfillment may also receive your data for this purpose. These include in particular:
- Shipping providers
- Payment service providers (see below)
Your data will be deleted after the expiration of tax and commercial retention periods.
Registration on This Website
You can register on this website to use additional features. We use the data entered only for the purpose of using the specific service or offer for which you registered. The required information requested during registration must be provided in full; otherwise, registration will be refused.
For important changes to the scope of the offer or for technically necessary changes, we use the email address provided during registration to inform you accordingly.
The processing of the data entered during registration is based on Art. 6(1)(b) GDPR — for the purpose of performing the usage relationship established by the registration and, if applicable, to initiate further contracts.
The data collected during registration will be stored by us as long as you are registered on this website and will be deleted thereafter. Statutory retention periods remain unaffected.
4. Analytics Tools and Advertising
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is solely used to manage and deploy the tools it integrates. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and administration of various tools on their website. Where consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR; consent can be withdrawn at any time.
Google Analytics
This website uses features of the web analytics service Google Analytics, provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of stay, operating systems used, and the user’s origin. These data may be compiled by Google into a profile associated with the respective user or their device.
We make the collected data available to our affiliated companies (corporate group within the meaning of Art. 4 No. 19 GDPR) for the necessary purposes (for conducting web analysis). The legal basis for this is Recital 48 of the GDPR, which allows for legitimate interest under Art. 6(1)(f) GDPR for controllers within a corporate group to transmit data for internal administrative purposes. We only share data collected via Google Analytics. Our affiliated companies are obligated to comply with data protection laws.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of Google Analytics is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both the website and its advertising. If consent has been requested (e.g., for cookie storage), processing is based exclusively on Art. 6(1)(a) GDPR; consent can be withdrawn at any time.
Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details: https://privacy.google.com/businesses/controllerterms/mccs/.
Google Analytics E-Commerce Tracking
This website uses the "E-Commerce Tracking" function of Google Analytics. This feature allows the website operator to analyze the purchasing behavior of visitors to improve online marketing campaigns. Information such as placed orders, average order values, shipping costs, and time from product view to purchase is collected. These data can be aggregated by Google under a transaction ID that is linked to the respective user or device.
Google Ads
We use Google Ads, an online advertising program by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms (keyword targeting). Additionally, targeted ads can be displayed based on user data stored by Google (e.g., location data and interests) (audience targeting). As website operators, we can evaluate this data, for example, by analyzing which search terms triggered the display of our ads and how many resulted in clicks.
The use of Google Ads is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective marketing of its services and products.
Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Remarketing
This website uses features of Google Analytics Remarketing, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g., clicks on specific products) to assign you to advertising target groups and display tailored advertising messages when you visit other websites (remarketing/retargeting).
Additionally, the advertising target groups created with Google Remarketing can be linked to Google’s cross-device features. This allows personalized advertising messages based on your previous usage and browsing behavior on one device (e.g., mobile phone) to be displayed on another device (e.g., tablet or PC).
If you have a Google Account, you can disable personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective marketing of its products. Where consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR; consent can be withdrawn at any time.
Further information and Google's privacy policy can be found at: https://policies.google.com/technologies/ads.
Google Conversion Tracking
This website uses Google Conversion Tracking, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Conversion Tracking allows Google and us to determine whether a user has performed specific actions. For example, we can evaluate which buttons on our website were clicked and which products were viewed or purchased. This information helps create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that personally identifies users. Google uses cookies or similar recognition technologies for identification.
The use of Google Conversion Tracking is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both the website and advertising. If consent has been requested (e.g., for cookie storage), processing is based exclusively on Art. 6(1)(a) GDPR; consent can be withdrawn at any time.
More information: https://policies.google.com/privacy.
Google Enhanced Conversions
To improve the accuracy of conversion tracking and advertising performance, we use Google Enhanced Conversions. This involves applying a one-way SHA256 hash algorithm to data collected during website usage (e.g., email address or mailing address). The hashed data is then sent to Google and used to match users with Google accounts and record online conversions generated by ad interactions.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of Google Enhanced Conversions is based on your consent (Art. 6(1)(a) GDPR).
An adequate level of data protection is ensured by Google's participation in the EU-U.S. Data Privacy Framework. More info: https://www.dataprivacyframework.gov/s/.
Google Consent Mode
We use Google Consent Mode on our website.
Google Consent Mode informs Google about the user's consent status. Based on this information, Google controls the behavior of the Google tools implemented on our website. If consent is denied, no cookies are set, but pings are sent to Google, which include the full page URL with ad click information in URL parameters (e.g., GCLID or DCLID) and the IP address.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of Google Consent Mode is based on our legitimate interest in effectively measuring the success of our advertising campaigns (Art. 6(1)(f) GDPR).
An adequate level of data protection is ensured by Google's participation in the EU-U.S. Data Privacy Framework. More info: https://www.dataprivacyframework.gov/s/.
IP Anonymization and Tracking Tools
IP Anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en
Demographics in Google Analytics
This website uses the "demographics" feature of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be created containing information about the age, gender, and interests of site visitors. These data are derived from interest-based advertising by Google and from third-party visitor data. They cannot be assigned to a specific individual. You can deactivate this feature at any time in the ad settings of your Google account or generally prohibit the collection of your data by Google Analytics as described in the "Objection to data collection" section.
Facebook Pixel
This website uses the Facebook visitor action pixel for conversion tracking. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they click on a Facebook ad and are redirected to the provider's website. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and to optimize future advertising campaigns.
The data collected is anonymous to us as the operator of this website—we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook, allowing it to be linked to the respective user profile and enabling Facebook to use the data for its own advertising purposes in accordance with its Data Usage Policy. This allows Facebook to display ads both on Facebook and outside of Facebook. This data usage cannot be influenced by us as the website operator.
The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising, including through social media. If consent has been requested (e.g., consent to the storage of cookies), processing is based exclusively on Art. 6(1)(a) GDPR; consent can be withdrawn at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details: EU Addendum, Help.
Joint responsibility with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, applies to the collection and transfer of data. Further processing by Facebook is not included. Responsibilities are outlined in a joint processing agreement: Controller Addendum.
More on privacy: Facebook Privacy.
Deactivate “Custom Audiences”: Ad Preferences (login required).
Without a Facebook account: European Interactive Digital Advertising Alliance.
SalesViewer® Technology
This website uses SalesViewer® technology from SalesViewer® GmbH to collect and store data for marketing, market research, and optimization purposes on the basis of the legitimate interests of the website operator (Art. 6(1)(f) GDPR).
A JavaScript-based code is used to collect company-related data. This data is encrypted using a non-reversible one-way function (hashing), immediately pseudonymized, and not personally identifiable.
Data will be deleted when no longer required and no legal obligations apply.
You can opt out anytime by clicking: https://www.salesviewer.com/opt-out. An opt-out cookie will be stored. If cookies are deleted, the link must be clicked again.
DataX
We use the DataX solution from DataX GmbH, Auguste-Schmidt-Str. 13, 04103 Leipzig, Germany.
This software allows us to analyze purchasing behavior statistically without collecting or requiring additional personal data (no inventory data processing by third parties). Data transmission is encrypted, processing is anonymized, and not traceable to individuals. The legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR.
Use of Tracking Tools by trbo GmbH
We use technologies provided by trbo GmbH, Leopoldstr. 41, 80802 Munich, Germany, https://www.trbo.com/ (hereinafter “trbo”) on our website to optimize our online offerings, measure the effectiveness of our online advertising, and deliver personalized offers.
If you have given us your consent pursuant to Art. 6(1)(a) GDPR, we use tracking tools (in particular so-called “cookies” and “web beacons”). The data collected and used in this context is always stored under a pseudonym (e.g., a random identification number) and is not merged with other personal data about you (e.g., name, address, etc.). The data will be deleted once it is no longer needed for its intended purpose. Data at the user and event level will be deleted no later than 14 months after collection. You can revoke your consent for the processing of personal data via trbo for the above-mentioned purposes at any time with effect for the future or change your selected preferences. To do so, please open the cookie settings again via the following link [Embed hyperlink to cookie settings].
We have entered into a data processing agreement with trbo in which we obligate the provider to protect our customers’ data and not to disclose it to third parties.
For more information on data protection at trbo, please visit: https://www.trbo.com/datenschutz/
Retamo
On our website, you have the opportunity to participate in customer surveys. To provide and analyze the surveys, we use the tool "Retamo," provided by Retamo Software GmbH, In der Spöck 10, 77656 Offenburg, Germany (hereinafter “Retamo”).
Retamo is a business-to-business software-as-a-service platform that enables the collection and evaluation of customer feedback through various channels. This helps us tailor and improve our services to better meet customer needs.
When using the survey tool, Retamo collects the public IP address, device and browser data, and your survey responses. For more information about Retamo and the data collected, please refer to Retamo’s privacy policy at the following link: https://retamo.de/rechtliches
The data you provide when using the survey tool will remain with us until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies. Mandatory legal provisions—especially retention periods—remain unaffected.
The legal basis for the data processing is our legitimate interest in conducting customer surveys to improve our offerings pursuant to Art. 6(1)(f) GDPR.
Marketing Phone Number
Our website uses a service from matelso GmbH, Stuttgart. If you call a phone number provided by matelso, information about the phone call will be transferred to a web analytics service we use (e.g., Google Analytics). matelso also reads cookies or other parameters set by our analytics service from the website you visited, such as referrer, document path, and remote user agent. This information is processed by matelso according to our instructions and stored on servers within the EU. For more information, please visit: https://matelso.com/de/privacy-statement.
You can prevent the storage of cookies by adjusting your browser settings; however, please note that if you do this, you may not be able to use all the features of this website.
5. Newsletter
Newsletter Data
If you would like to receive the newsletter offered on the website, we require an email address from you and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No additional data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not disclose it to third parties.
We use the so-called double opt-in procedure for newsletter registration. This means we will only send you the newsletter if you confirm your registration via a confirmation email sent to you for this purpose. This ensures that only you, as the owner of the email address, can register for the newsletter. Your confirmation must be given shortly after receiving the confirmation email; otherwise, your newsletter registration will be automatically deleted from our database.
The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
Collaboration with Klaviyo for Newsletter Dispatch
When sending our newsletters, we work with the service provider Klaviyo (125 Summer St, Floor 6, Boston, MA 02111, USA), who processes our data on our behalf and ensures the proper delivery of emails. Klaviyo uses certain technical service providers (so-called sub-processors).
An up-to-date list of these sub-processors can be found here:
https://www.klaviyo.com/legal/subprocessors.
No further disclosure of your data to third parties occurs in connection with newsletter delivery.
In this context, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. To ensure the protection of your data during transfer to so-called third countries, we have concluded the EU Commission’s Standard Contractual Clauses (SCCs) with Klaviyo.
These oblige Klaviyo to ensure a level of data protection that complies with EU standards.
Additionally, we implement further necessary technical and organizational measures.
Please note that under applicable US law, there may be a theoretical risk that US authorities could gain access to your personal data without you as the data subject having effective legal remedies.
Further information on data protection can be found on the service provider’s website:
https://www.klaviyo.com/privacy
b. Legal Basis
The data processing described above for the purpose of contacting you is carried out pursuant to Art. 6(1)(a) GDPR based on your voluntarily given consent.
c. Storage Period
Your email address and, optionally, your salutation and name will be stored as long as you are subscribed to the newsletter. After unsubscribing from the newsletter, your email address and other data will be deleted. You can unsubscribe from the newsletter by using the unsubscribe link provided in every newsletter. Further storage may take place in individual cases if legally required.
Mailjet
This website uses Mailjet to send newsletters. The provider is Mailjet SAS (Global HQ), Office and postal address: 13-13 bis, rue de l’Aubrac, 75012 Paris, France.
Mailjet is a service used to organize and analyze newsletter delivery, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on Mailjet’s servers.
Data Analysis by Mailjet
Mailjet allows us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. This helps us identify which links were clicked most often.
We can also determine whether specific actions were taken after opening/clicking the newsletter (conversion rate), such as completing a purchase after clicking on the newsletter.
Mailjet also enables us to categorize newsletter recipients ("clustering") based on criteria such as age, gender, or location, allowing us to tailor newsletters more effectively to target groups. If you do not want analysis by Mailjet, you must unsubscribe from the newsletter. A link to unsubscribe is provided in every newsletter.
Detailed information about Mailjet’s features is available at: https://www.mailjet.de/funktion/
Mailjet’s privacy policy can be found at: https://www.mailjet.de/sicherheit-datenschutz/
Legal Basis
Data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.
Storage Period
The data you provide to receive the newsletter will be stored by us or the newsletter service provider until you unsubscribe and will be deleted from the newsletter distribution list after you unsubscribe. Data stored for other purposes remains unaffected.
After you unsubscribe, your email address may be stored in a blacklist to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest under Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
6. Plugins and Tools
YouTube with Enhanced Privacy
This website integrates videos from YouTube. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this means that YouTube does not store information about visitors to this website unless they play the video. However, enhanced privacy mode does not necessarily prevent data transmission to YouTube partners. For example, YouTube may connect to the Google DoubleClick network regardless of whether you watch a video.
When you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed about which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store cookies or use similar recognition technologies (e.g., device fingerprinting) on your device after a video starts. This allows YouTube to collect information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud.
Additional data processing operations may be triggered after starting a YouTube video, over which we have no control.
YouTube is used in the interest of presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.
Further information on data protection at YouTube can be found in their privacy policy at: YouTube Privacy Policy
Google Maps
This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps features, your IP address must be stored. This information is typically transmitted to a Google server in the USA and stored there. The provider of this site has no control over this data transmission.
Google Maps is used in the interest of presenting our online offerings attractively and making it easy to find the locations specified on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found at: Google Controller Terms and SCCs
For more information on handling user data, please see Google’s privacy policy: Google Privacy Policy
Instafeed (Instagram Integration)
To display current Instagram posts on our website, we use the Instafeed app, which loads content directly from Instagram (Meta Platforms Ireland Ltd.).
When a page with embedded Instafeed is accessed, a connection to Meta’s servers (USA) may be established. This may involve the transmission of personal data such as IP address, browser information, and usage behavior.
Integration is carried out only with your explicit consent via our cookie consent tool (Art. 6(1)(a) GDPR). Without your consent, Instafeed will not be loaded.
An adequate level of data protection is ensured by an adequacy decision by the EU Commission. Meta is certified under the EU-U.S. Data Privacy Framework.
Information on data protection at Meta can be found at: Meta Privacy
Trusted Shops – Reviews and Seal
If you have given your consent in accordance with Art. 6(1)(a) GDPR, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g., quality seal, collected reviews) after an order has been placed.
The Trustbadge and the services it advertises are offered by Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne, Germany ("Trusted Shops"), with whom we are jointly responsible under Art. 26 GDPR. As part of this privacy notice, we inform you about the essential content of the joint responsibility agreement according to Art. 26(2) GDPR.
Within the framework of joint responsibility between us and Trusted Shops, please contact Trusted Shops for data protection inquiries and to exercise your rights, using the contact options provided in their privacy policy. Nevertheless, you may also contact the controller of your choice. If necessary, your inquiry will be forwarded to the appropriate controller for response.
1. Data Processing When Integrating the Trustbadge / Other Widgets
The Trustbadge is provided by a U.S.-based CDN provider (Content Delivery Network). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which is available for the USA. U.S.-based service providers are generally certified under the EU-U.S. Data Privacy Framework (DPF). For service providers not certified under the DPF, standard contractual clauses are used as appropriate safeguards.
When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which includes your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access. The IP address is anonymized immediately after collection, so the stored data cannot be traced back to you. The anonymized data is used for statistical purposes and error analysis.
2. Data Processing After Order Completion
If you have given your consent, the Trustbadge accesses order information stored on your device (order amount, order number, purchased product if applicable) as well as your email address after completing an order. Your email address is hashed using a cryptological one-way function. The resulting hash value, along with the order information, is transmitted to Trusted Shops in accordance with Art. 6(1)(a) GDPR. This is used to check whether you are already registered with Trusted Shops. If so, further processing is based on the contractual agreement between you and Trusted Shops. If you are not yet registered or have not given consent for automatic recognition, you will be given the opportunity to register manually for the services.
Trusted Shops uses service providers for hosting, monitoring, and logging. The legal basis is Art. 6(1)(f) GDPR for the purpose of ensuring smooth operation. Data processing may take place in third countries (USA and Israel).
An adequate level of data protection is ensured by adequacy decisions of the EU Commission, available for the USA and Israel. U.S. service providers are generally certified under the EU-U.S. Data Privacy Framework. For providers not certified under the DPF, standard contractual clauses are used as safeguards.
Zendesk – Customer Service
We use Zendesk, operated by Zendesk, Inc., USA, to handle support requests. Personal data such as name, email address, message content, and possibly IP address are processed.
The legal basis for using Zendesk is Art. 6(1)(f) GDPR. Our legitimate interest lies in processing your inquiries quickly and efficiently.
To ensure data protection-compliant processing, we have concluded a data processing agreement with Zendesk.
An adequate level of data protection is ensured by an adequacy decision of the EU Commission. Zendesk is certified under the EU-U.S. Data Privacy Framework.
For more information, visit: Zendesk Privacy Policy
Integration with the ERP System PlentyONE
To manage orders, inventory, and shipping processes, we use the ERP system PlentyONE, offered by Plentysystems AG, Bürgermeister-Brunner-Straße 15, 34117 Kassel, Germany.
As part of this processing, personal data such as name, address, order details, and payment information are transmitted and processed via a secure interface between our online shop and the ERP system.
Processing is based on Art. 6(1)(b) GDPR (contract performance) and a data processing agreement pursuant to Art. 28 GDPR. PlentyONE processes the data solely on our behalf and in accordance with our instructions. Data is not transferred to third parties without your express consent or a legal obligation.
Shopify Payments
We use the "Shopify Payments" service provided by Shopify International Limited, with offices at 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
If you choose a payment method offered via Shopify Payments, payment is processed by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We share your data provided during the order process along with order-related data (name, address, account number, bank code, credit card number if applicable, invoice amount, currency, and transaction number) with Stripe in accordance with Art. 6(1)(b) GDPR. Data is shared solely for the purpose of payment processing and only to the extent necessary.
For more information on Shopify Payments privacy practices: Shopify Privacy Policy
Privacy information for Stripe Payments Europe Ltd. can be found here: Stripe Privacy Policy
7. Own Services
Handling Applicant Data
We offer you the opportunity to apply to us via email. Below we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data is in accordance with applicable data protection laws and all other legal provisions, and that your data will be treated confidentially.
Scope and Purpose of Data Collection
When you submit an application, we process your associated personal data (e.g., contact and communication data, application documents, interview notes, etc.) as far as necessary to decide on the establishment of an employment relationship. The legal basis is § 26 BDSG-new under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and – if you have given consent – Art. 6(1)(a) GDPR. Consent can be revoked at any time. Your personal data will only be shared within our company with persons involved in the application process.
If the application is successful, the data submitted will be stored in our data processing systems based on § 26 BDSG-new and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship.
Data Retention Period
If we cannot offer you a position, you reject a position, or withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months after the end of the application process. The data will then be deleted, and physical application documents destroyed. The retention serves, in particular, as evidence in case of legal disputes. If it is foreseeable that the data will be required after the 6-month period (e.g., due to a pending legal dispute), deletion will occur only once the purpose for extended retention no longer applies.
Longer retention may also occur if you have given your consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.
Processing of Personal Data by OpenAI (AI Service Provider)
To optimize our customer service and for automated analysis and classification of support inquiries, we use the "OpenAI" service (OpenAI L.L.C., USA). In this context, personal data that you provide to us in connection with inquiries or orders may be analyzed and evaluated automatically.
Processing is based on a data processing agreement pursuant to Art. 28 GDPR, including EU Standard Contractual Clauses (SCC) to ensure an adequate level of data protection. The data is not used for other purposes, especially not for training AI models.
Categories of Data Processed:
- Content data from inquiries and support requests (e.g., free-text, customer numbers)
- Contact information (e.g., email, name if provided)
- Technical metadata (e.g., ticket numbers)
Purpose of Processing:
- Automated analysis and categorization of support inquiries
- Improving service quality and processing speed
Further information on data processing by OpenAI is available at: OpenAI Privacy Policy
Last updated: July 2025