CONFIDENTIALITY GUARANTEE/DATA PROTECTION

8. USE OF GOOGLE ADSENSE  
Our website uses the Google AdSense service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google AdSense selects advertisements to match the content of the website on which they will be displayed. For this purpose, a Web crawler browses the respective site using the same technique as is employed to index websites for the search engine Google. This makes it probable, for example, that a website about photography will display advertisements relating to this topic. As well as matching adds to the content of the context, AdSense supports interest-related targeting using the individual profile of a visitor to a website or advertisement. Google AdSense uses cookies to do this. These are small text files which store information on your computer to make it possible to analyse browsing behaviour. You can prevent cookies from being stored by changing your settings. You can delete stored cookies yourself at any time. Google AdSense also uses tracking pixels. These are tiny graphics that are integrated into websites. The aim is to record and analyse behaviour using log files with the aid of Google AdSense tracking pixels. Tracking pixels enable Alphabet, Inc. to recognise when a certain user has opened a website and which links they followed. The number of visitors accessing certain websites can also be evaluated using tracking pixels. Alphabet, Inc. also receives information about individuals and their data, including their IP address. This data is stored and processed by Alphabet, Inc. In some cases, Alphabet, Inc. may forward this collected data and information about individuals to third parties. Further information and more detailed explanations can be found at: https://www.google.de/intl/de/adsense/start

9. USE OF GOOGLE ANALYTICS WITH THE ANONYMISATION FEATURE  
Our website uses the Google Analytics service. This is a Web analysis tool provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics uses cookies. These are small text files which store information on your computer to make it possible to analyse use of the website. The information collected about website use by cookies is usually sent to a Google server in the USA, where it is stored. Activating the anonymisation feature means that your IP address is truncated beforehand by Google within the European Union or in other states that are party to the Convention on the European Economic Area, so your full IP address is not forwarded. Only in exceptional cases will your full IP address be sent to a Google server in the USA, transferred and truncated there. Google uses this information on behalf of the operator to evaluate the website, compile reports about website activity, and provide the website operator with other integrated services relating to website and Internet use. The IP address transferred by Google Analytics is not associated with other data held by Google. You can disable the storage of cookies via your browser settings. If you do this, please note that you may not be able to make full use of some features of this website. You can also prevent Google from storing and processing the data generated by the cookie – including your IP address – by using an opt-out browser add-on. Further information and more detailed explanations can be found at: https://tools.google.com/dlpage/gaoptout?hl=de

10. USE OF GOOGLE REMARKETING  
Our website uses the Google Remarketing service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Remarketing identifies users who have visited our website frequently in the past and shows them targeted advertisements with the aim of attracting them back to our site. With the aid of the Google advertising network, this enables ads of interest to the user to be displayed and placed in the foreground. Google uses cookies for this service. Cookies are small text files saved on your computer which allow usage of the website to be analysed and store the data for a certain period of time. This makes it possible for us to recognise users if this website is accessed within Google’s advertising network. Further information and more detailed explanations can be found at: http://www.google.com/privacy/ads/

11. USE OF GOOGLE ADWORDS  
Keywords are the most important component of Google AdWords. With the help of these keywords, an advertiser can choose in advance for an advertisement only to be displayed in the results for a search containing the selected terms or sites with related content. This should make it possible to target advertising to visitors’ interests and minimise wastage. It is also possible to define negative keywords which prevent an ad from being displayed. This service is operated by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. AdWords makes it possible to show the user advertisements which are relevant to their search. When someone is directed to our website by a Google ad, a conversion cookie is placed on the user’s browser. This enables both us and Alphabet, Inc. to track whether these AdWords advertisements resulted in the sale of certain products or whether a sales process was aborted. Conversion cookies do not contain any information about the person in question and are automatically deleted within 30 days. The information generated by conversion cookies is used by Google to produce visitor statistics. With the aid of these statistics, it is possible to work out how many users have been directed to our website by AdWords advertisements. Conversion cookies store information about the person who visited the site. This data – including the IP address – is forwarded to Alphabet, Inc. in the USA and may be shared with third parties. You can prevent cookies from being stored by changing your settings. You can delete stored cookies yourself at any time. Further information and more detailed explanations can be found at: https://www.google.de/intl/de/policies/privacy/

12. USE OF GOOGLE FONTS  
This website features Google Fonts. Google Fonts is a service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Web fonts are designed for browser-based digital texts. When a website is accessed, they are usually requested from an external Web server instead of a computer’s local font library and integrated into the browser. The use of Google Fonts is not authenticated. No cookies are sent from the website visitor to the Google Fonts API. Queries sent to the Google Fonts API are sent to the resource-specific domains fonts.googleapis.com or fonts.gstatic.com. This means that your requests for fonts are separate from any other information you send to google.com and do not contain any other information. The anonymised request information is erased after 24 hours. Further information and more detailed explanations can be found at: https://policies.google.com/privacy?hl=de

13. USE OF MICROSOFT BING ADS
On our pages, we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In doing so, Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is disclosed.

If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the necessary setting of a cookie - for example, by using browser settings that generally disable the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by following the link below: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE to declare your objection. For more information on data protection and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.

14. USE OF PAYPAL AS A METHOD OF PAYMENT 
If you decide to pay using the online payment service provider PayPal, your contact details are sent to the payment service provider PayPal via the orders you place. PayPal acts as an intermediary and provides customer protection services. The personal data transmitted to PayPal comprises information such as your first name, surname, address, telephone number, IP address, email address and other data which helps to process your order. Please note that PayPal may share personal data with subcontractors, service providers or other associated companies if this is necessary for contractual performance in connection with your order. Further information and more detailed explanations can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

15. USE OF SOVENDUS  
In order to select a voucher offer that is currently of interest to you, we transmit the hash value of your e-mail address and your IP address to Sovendus GmbH, Hermann-VeitStr. 6, 76135 Karlsruhe (Sovendus) in a pseudonymized and encrypted form (Art. 6 para.1 f DSGVO). The pseudonymized hash value of the e-mail address is used by Sovendus to take into account any objection to advertising (Art. 21 para.3, Art. 6 para.1 c DSGVO). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymized after seven days (Art. 6 para.1 f DSGVO).

In addition, we transmit for billing purposes pseudonymized order number,

order value with currency, session ID, coupon code and timestamp to Sovendus (Art. 6 para.1 f DSGVO). If you are interested in a voucher offer from Sovendus, there is no advertising objection to your email address and you click on the voucher banner that is only displayed in this case, we will transmit your title, name, zip code, country and email address in encrypted form to Sovendus for the preparation of the voucher (Art. 6 para.1 b, f DSGVO).

For more information on the processing of your data by Sovendus, please refer to the online privacy policy at www.sovendus.de/datenschutz.

16. USE OF EMARSYS As set out in Section 7(3) of the German Act Against Unfair Competition (UWG), we are permitted to use the email address provided when a purchase is made in our shop for direct marketing of similar products or services. If you no longer wish to receive our product recommendations, you can opt out of receiving these at any time. You will not incur any charges for this apart from the basic cost of transmission. To opt out, click on the ‘Unsubscribe’ link which can be found in the footer of any of our product recommendations or email [email protected]. 

Our website uses third-party cookies which enable us to improve the quality of the content that we offer you when you visit. These cookies may record your IP address and non-personal data about your visit. This data is completely anonymous and does not include your name, address, email address or any other personal information. The only data collected from visitors who have logged in is a single encrypted identifier which cannot be used to identify you. Cookies are also used to record anonymous, statistical information about your navigation behaviour on our website. These cookies expire after one year. 

Our website also uses JavaScript commands to record browsing and purchase data relating to logged-in visitors. This data is used to enrich your customer profile and offer you a personalised experience across all our touchpoints. 

If you have subscribed to the newsletter, the personal data you submitted when you registered will be used to send you personalised newsletters. No data is shared with third-party companies. Our data protection policies comply with the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

17. . INTEGRATION OF TRUSTED SHOPS TRUSTBADG 
The Trusted Shops Trustbadge is included on this website to show our Trusted Shops seal of quality and any earned ratings as well as to offer Trusted Shops products to buyers after an order. This serves the protection of our legitimate interests in an optimal marketing of our product and prevails in the context of a balancing of interests. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln/Cologne, Germany. When the Trustbadge is accessed, the web server automatically records a server log file which contains, e.g., your IP address, date and time of the access, transferred data volume and the requesting provider (access data) and documents the access. This access data is not analyzed and is automatically overwritten after a maximum of seven days after the end of your page visit. Further personal data is only transferred to Trusted Shops if you decide to use its products after completing an order or if you have already registered for use. In this case, the contractual agreements between you and Trusted Shops apply 

18. USE OF AWIN
On our website, we use the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany, as a partner programme. As part of its tracking services, to document transactions (e.g. leads and sales), AWIN stores cookies on the devices of users who visit or use its clients’ websites or other online offerings (e.g. to register for a newsletter or place an order in an online shop). These cookies serve the sole purpose of correctly attributing the success of an advertising material and billing it accordingly in connection with its advertising network. AWIN does not collect, process or use personal data to do this. The only information placed in a cookie is when a certain advertising material was clicked on from a device. AWIN tracking cookies contain a unique string of digits which documents an advertiser’s partner programme, the publisher (on whose site the ad was displayed) and the time when the user clicked on or viewed the advertisement. It is not possible to allocate this code to an individual user. AWIN also collects information about the device which was used to complete a transaction, e.g. the IP address, the operating system and the requesting browser. The lawful basis for storing this data is Art. 6(1)(f) GDPR. If you would like more information about data processing by AWIN, please visit: https://www.awin.com/de/rechtliches

19. USE OF ADROLL  
This site uses the retargeting technology AdRoll (NextRoll Limited, Level 6, Burlington Plaza 1, Burlington Road, Dublin 4, Ireland). This makes it possible to target visitors to our website with advertising that corresponds to their interests via a cookie-based analysis of their previous user behaviour. We know from studies that displaying personalised advertising reflecting the user’s interests is more engaging for them than advertising with no such personalisation. With retargeting, advertisements are displayed founded on a cookie-based analysis of previous user behaviour. No personal data is stored to do this and retargeting technology is used in accordance with the applicable data protection legislation. You can find out more about the privacy policy in general and Adroll’s data protection policies and opt out of the anonymous analysis of your browsing behaviour at http://www.adroll.com/about/privacy. Further information is available at: http://www.youronlinechoices.com/de. We run advertising based on our legitimate interest in data processing as per Art. 6(1)(f) GDPR. 

20. USE OF trbo
On our website, data is collected and stored by trbo GmbH, Leopoldstr. 41, 80802 Munich, Germany (http://www.trbo.com/). This allows usage profiles to be developed with the aid of pseudonyms to show you personalised customer benefits. Cookies may be used for this purpose which enable a Web browser to be recognised. These usage profiles serve to analyse visitor behaviour and are evaluated in order to improve our site and design it in line with users’ needs. The pseudonymised usage profiles are not associated with personal data about the bearer of the pseudonym without separate, explicit consent being granted by the data subject. You can opt out of this at any time by clicking on the following links: activate trbo and disable trbo.

21. USE OF PAQATO
With the shipment of your goods, the order header data is used to track the shipment and identify problem cases according to Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other requests) DSGVO processed.  The user's details are stored and processed in the PAQATO shipping analysis system of the company PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster, Federal Republic of Germany, in order to be able to deliver the goods more quickly and without errors and to ensure smooth communication (legitimate interest pursuant to Art. 6 para. 1 lit. f. DSGVO ). We delete the data if it is no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply. The privacy policy of the data processor can be found under the following link https://www.paqato.com/datenschutzerklaerung/ or the cookie policy of the data processor and the following link https://www.paqato.com/cookie-richtlinie-eu/.

22. TRANSMITTING YOUR DATA FOR THE PURPOSE OF A CREDIT CHECK  We transmit your data (name, address and, if applicable, date of birth) to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany, for the purpose of checking creditworthiness, obtaining information for assessing the risk of non-payment on the basis of mathematical-statistical methods using address data. The legal basis for these transfers is Article 6(1)(b) and Article 6(1)(f) of the DSGVO. Transfers based on these provisions may only be made insofar as this is necessary to safeguard the legitimate interests of our company or third parties and does not override the interests of the fundamental rights and freedoms of the data subjects that require the protection of personal data. Detailed information on ICD within the meaning of Art. 14 of the European Data Protection Regulation ("EU GDPR"), i.e. information on the business purpose, purposes of data storage, data recipients, right of self-disclosure, right to erasure or rectification, etc. can be found in the attachment or under the following link.

V. Data subject rights

If we process your personal data, you are classed a data subject as per GDPR and you have the following rights with regard to the controller:

1.) The right to be informed

You can request confirmation from the controller as to whether we process personal data belonging to you. If we do, you can request the following information from the controller:

1. the purposes for processing personal data;
2. the categories of personal data which are processed;
3. the recipients and/or categories of recipients to whom your personal data has been or will be disclosed;
4. the planned retention period for your personal data or – if it is not possible to provide concrete details on this – criteria for setting the retention period;
5. your right to rectification or erasure of your personal data and your right to restrict processing by the controller or object to this processing;
6. your right to make a complaint to a supervisory authority;
7. all available information about the origins of the information if the personal data was not collected from the data subject;
8. the existence of automated decision-making including profiling as per Art. 22(1) and (4) GDPR and – at least in such cases – meaningful information about the logic involved along with the significance and the envisaged consequences of this processing for the data subject.

You have the right to request information about whether your personal data is transmitted to a third country or an international organisation. In this connection, you can request information about suitable guarantees as per Art. 46 GDPR pertaining to the transmission.

2.) Right to rectification

You have the right to request that the controller rectifies and/or completes the personal data they process if it is inaccurate or incomplete. The controller must rectify the data immediately.

3.) Right to restrict processing

You can request that the processing of your personal data is restricted in the following circumstances:

1. if you contest the accuracy of your personal data and request a restriction for a period of time to allow the controller to check the accuracy of the data;
2. the processing is unlawful and you request that use of the personal data is restricted instead of it being deleted;
3. the controller no longer needs the personal data for the processing purposes but you need it in order to establish, exercise or defend a legal claim, or
4. you have objected to processing under Art. 21(1) GDPR, and it is not yet clear whether the controller’s legitimate grounds override your reasons.

If the processing of your personal data has been restricted, this data may only be processed with your consent, to establish, exercise or defend a legal claim, to protect the rights of an individual or legal entity, or for reasons of important public interest for the Union or a Member State. If processing has been restricted in the above-mentioned circumstances, you will be informed by the controller before the restriction is lifted.

4.) Right to erasure/erasure obligation

You can request that the controller erases your personal data immediately and the controller is obliged to erase this data immediately if one of the following applies:

1. Your personal data is no longer needed for the purposes for which it was collected or otherwise processed.
2. You withdraw your consent which served as the basis for processing as per Art. 6(1)(a) or Art. 9(2)(a) GDPR and there are no other legal grounds for processing.
3. You object to processing as per Art. 21(1) GDPR and there are no legitimate reasons for processing which take precedence, or you object to processing as per Art. 21(2) GDPR.
4. Your personal data was processed unlawfully.
5. Your personal data must be erased to fulfil a legal obligation under Union law or the law of the Member State which applies to the controller.
6. Your personal data was collected in relation to the offer of information society services as defined in Art. 8(1) GDPR.

Informing third parties

If the controller has made your personal data public and is obliged to erase it as per Art. 17(1) GDPR, they must take reasonable steps (technical or otherwise, taking account of the technology available) to inform those responsible for processing the personal data that you, the data subject, have requested that they delete all links to this personal data or copies or replications of this personal data.

Exceptions

The right to erasure does not apply if processing is necessary

1. to exercise the right of freedom of expression and information;
2. to comply with a legal obligation which requires the data to be processed under the Union or Member State law which applies to the controller; or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for public health purposes in the public interest as per Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research, or statistical purposes as per Art. 89(1) GDPR where the right cited in (a) is likely to render impossible or seriously impair the achievement of these processing objectives, or
5. for the establishment, exercise or defence of legal claims.

5.) Right to information

If you have contacted the controller to exercise your right to rectification, erasure or restriction, the controller is obliged to inform all recipients to whom your personal data has been disclosed of the rectification, erasure or restriction, unless this proves impossible or involves disproportionate effort.

You have the right to request that the controller informs you about these recipients.

6.) Right to data portability

You have the right to receive the personal data which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without being hindered by the controller to whom the personal data was provided, if

1. the processing is based on consent as defined in Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract as per Art. 6(1)(b) GDPR and

2. the processing is carried out by automated means.

In exercising this right, you also have the right to request that a controller transmits your personal data directly to another controller, if this is technically feasible. This may not adversely affect the rights and freedoms of any third parties.

The right to data portability does not apply to the processing of personal data which is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.) Right to object

In certain circumstances, you have the right to object at any time to your personal data being processed on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object to your personal data being processed for the purpose of such advertising at any time; this includes any profiling of data that is related to direct marketing.

If you object to processing for the purpose of direct marketing, your personal data will no longer be processed for this purpose. In the context of the use of information society services, and irrespective of Directive 2002/58/EC, you are free to exercise your right to object by automated means using technical specifications.

8.) Right to withdraw consent under data protection law

You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of the processing performed based on this consent prior to the withdrawal.

 9.) Right to complain to a supervisory authority

Irrespective of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, especially in the Member State in which you live or work or the location of the suspected infringement if you believe that the processing of your personal data is in breach of GDPR.

The supervisory authority with whom the complaint was lodged will inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy as per Art. 78 GDPR.

Information for customers and suppliers as per Art. 13/Art. 14 GDPR