Privacy policy

 

1) Introduction and Contact Details of the Responsible Party

1.1

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data includes all data that can personally identify you.

1.2

The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Sydros Water GmbH
Kirrlacherstr. 6, 76646 Bruchsal, Germany
Tel.: +49 159 0613 2674
E-Mail: info@sydros.de

The responsible party for processing personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1

When you use our website for purely informational purposes, meaning you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for other purposes. However, we reserve the right to review server log files retrospectively if there are specific indications of unlawful use.

2.2

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser's address bar.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying its content, we use the system of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to:
Shopify Inc.
150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider to ensure the protection of our visitors' data and to prohibit unauthorized sharing with third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make our website more attractive and enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted after closing your browser (so-called "session cookies"), while others remain on your device for a longer period to allow the saving of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in your browser’s cookie settings.

If personal data is also processed by individual cookies used by us, processing occurs in accordance with Art. 6 (1) lit. b GDPR (for contract execution), Art. 6 (1) lit. a GDPR (if consent is given), or Art. 6 (1) lit. f GDPR (to safeguard our legitimate interest in the best possible functionality of the website and a customer-friendly, effective website experience).

You can configure your browser to notify you about cookie settings and decide individually on their acceptance, or you can exclude cookies for specific cases or in general.

Please note that if you decline cookies, the functionality of our website may be limited.

5) Contact

5.1 Review Reminder

Based solely on your explicit consent in accordance with Art. 6 (1) lit. a GDPR, we use your email address for a one-time reminder to leave a review of your order. You can revoke your consent at any time by sending a message to the data controller.

5.2 WhatsApp Business

You have the option to contact us via WhatsApp, a messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the “Business Version” of WhatsApp for this purpose.

If you contact us via WhatsApp regarding a specific transaction (e.g., a placed order), we store and use your WhatsApp mobile number and—if provided—your first and last name, based on Art. 6 (1) lit. b GDPR, to process and respond to your inquiry. Based on the same legal basis, we may request additional data (such as order number, customer number, address, or email) to associate your inquiry with a specific case.

If you use our WhatsApp contact for general inquiries (e.g., about our services, availability, or website), we store and use your WhatsApp mobile number and—if provided—your first and last name based on Art. 6 (1) lit. f GDPR, as we have a legitimate interest in efficiently providing the requested information.

Your data will only be used to respond to your WhatsApp inquiry. No data will be shared with third parties.

Please note that WhatsApp Business has access to the contact book of the mobile device we use for this service and automatically transmits stored phone numbers to a server of its parent company, Meta Platforms Inc., in the USA. To operate our WhatsApp Business account, we use a mobile device in which only the WhatsApp contact details of users who have also contacted us via WhatsApp are stored.

This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts by accepting WhatsApp’s terms of use (Art. 6 (1) lit. a GDPR). Therefore, no data is transmitted for users who do not use WhatsApp and/or have not contacted us via WhatsApp.

For details on the purpose and scope of data collection and further processing by WhatsApp, as well as your rights and settings to protect your privacy, please refer to WhatsApp's privacy policy:
https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with WhatsApp to ensure the protection of our visitors’ data and prohibit unauthorized sharing with third parties.

As part of the above-mentioned processes, data transfers to Meta Platforms Inc. servers in the USA may occur. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

5.3 Contact via Contact Form or Email

When you contact us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your inquiry (Art. 6 (1) lit. f GDPR). If your inquiry is aimed at concluding a contract, an additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted once it is clear that the matter in question has been fully resolved and no legal retention obligations prevent deletion.

6) Data Processing When Creating a Customer Account

When you create a customer account on our website, your personal data will be collected and processed to the extent necessary in accordance with Article 6 (1) (b) GDPR. The required data is specified in the respective input form during registration.

You can delete your customer account at any time by sending a request to the responsible contact mentioned above. After the deletion of your customer account, your data will also be deleted unless all contracts concluded via the account have been fully processed, there are no legal retention periods, or we have no legitimate interest in retaining the data further.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to Our Email Newsletter

If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Any additional information is provided voluntarily and is used to personalize your communication.

We use the double opt-in procedure to ensure that you only receive the newsletter if you explicitly confirm your subscription by clicking a verification link sent to the provided email address.

By activating the confirmation link, you consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. We store your IP address registered by your internet service provider (ISP), as well as the date and time of your registration, to trace any possible misuse of your email address in the future.

The data collected upon newsletter registration is used strictly for this purpose. You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by notifying the responsible party mentioned above. Upon unsubscription, your email address will be promptly removed from our newsletter mailing list unless you have expressly consented to further use of your data or we are legally permitted to continue using it.

7.2 Sending the Email Newsletter to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our product range via email. According to Section 7 (3) UWG (German Act Against Unfair Competition), we do not need a separate consent from you for this.

Data processing is based on our legitimate interest in personalized direct marketing in accordance with Article 6 (1) (f) GDPR. If you initially objected to the use of your email address for this purpose, you will not receive marketing emails from us.

You have the right to object to the use of your email address for direct marketing at any time by notifying the responsible contact mentioned above. The only costs incurred for you are the transmission costs at your basic rates. After receiving your objection, we will immediately stop sending promotional emails.

7.3 Klaviyo

Our email newsletters are sent via the following provider:
Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we transfer your data provided during newsletter registration to this provider under Article 6 (1) (f) GDPR, enabling them to send our newsletter on our behalf.

If you have expressly consented under Article 6 (1) (a) GDPR, Klaviyo also conducts statistical performance analysis of our newsletter campaigns using web beacons or tracking pixels embedded in the emails. These enable us to measure email open rates and interactions with newsletter content. Device information such as time of access, IP address, browser type, and operating system may also be collected and analyzed but is not merged with other data sets.

You may revoke your consent to newsletter tracking at any time with future effect.

We have concluded a data processing agreement (DPA) with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.

For data transfers to the USA, Klaviyo is certified under the EU-US Data Privacy Framework, ensuring compliance with European data protection standards as recognized by the European Commission’s adequacy decision.

7.4 Shopping Cart Reminder Emails

If you start a purchase on our website but do not complete the order, you have the option to receive a one-time email reminder about the contents of your virtual shopping cart.

The only mandatory information required for sending this reminder is your email address. Providing additional details is optional and helps us personalize your communication.

We use the double opt-in process, ensuring that you only receive such notifications if you explicitly confirm your consent by clicking a verification link sent to your email address.

By activating the confirmation link, you consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR for the purpose of sending a shopping cart reminder. We also store your IP address registered by your ISP and the date and time of registration to track potential misuse of your email address.

You can unsubscribe from shopping cart reminders at any time by notifying the responsible contact mentioned above. After unsubscribing, your email address will be promptly removed from our reminder mailing list unless you have expressly consented to further use of your data or we are legally permitted to continue using it. We will delete your e-mail address from our mailing list unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this declaration.

Here is the English translation of section 8 of your privacy policy:

8) Data Processing for Order Fulfillment

8.1 Processing for Contract Execution

To the extent necessary for contract execution, personal data collected for delivery and payment purposes will be shared with the designated shipping company and payment institution in accordance with Article 6 (1) (b) GDPR.

If we owe you updates for goods with digital elements or digital products based on a contractual agreement, we will process the contact details you provided at the time of purchase (name, address, email) to personally notify you about upcoming updates within the legally required period, using an appropriate communication channel (e.g., email or postal mail).

This data processing is carried out in accordance with Article 6 (1) (c) GDPR within the framework of our legal obligations. Your contact details are strictly used for update notifications and are processed only to the extent necessary for this purpose.

To process your order, we also collaborate with external service providers, who support us wholly or partially in fulfilling our contractual obligations. Certain personal data will be shared with these service providers in accordance with the details provided below.

8.2 Collaboration with Shipping Partners

To fulfill our contractual obligations to our customers, we work with external shipping service providers.

For the purpose of shipping your order, we share your name and delivery address and, if required for the delivery, your telephone number with the selected shipping provider. This data transfer is conducted exclusively for the purpose of order fulfillment in accordance with Article 6 (1) (b) GDPR.

Here is the English translation of section 8.3 and 8.4 of your privacy policy:

8.3 Amazon Fulfillment (FBA)

For order processing, we use the following provider:
Amazon EU S.a. r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg.

Your name, address, and, if necessary, additional personal data are shared with this provider exclusively for the purpose of processing your online order in accordance with Article 6 (1) (b) GDPR. The transfer of your data only occurs to the extent necessary for order fulfillment.

8.4 Transfer of Personal Data to Shipping Service Providers

  • Deutsche Post
    We use the following provider as a shipping service provider:
    Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

If you have provided explicit consent in the ordering process in accordance with Article 6 (1) (a) GDPR, we will share your email address and/or phone number with the provider to arrange a delivery date or notify you about the shipment.

Otherwise, in accordance with Article 6 (1) (b) GDPR, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery. In this case, no prior coordination of the delivery date or shipment notification is possible.

You can revoke your consent at any time with effect for the future by notifying either the data controller specified above or the provider directly.

  • DHL
    We use the following provider as a shipping service provider:
    DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

If you have provided explicit consent in the ordering process in accordance with Article 6 (1) (a) GDPR, we will share your email address and/or phone number with the provider to arrange a delivery date or notify you about the shipment.

Otherwise, in accordance with Article 6 (1) (b) GDPR, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery. In this case, no prior coordination of the delivery date or shipment notification is possible.

You can revoke your consent at any time with effect for the future by notifying either the data controller specified above or the provider directly.

  • DPD
    We use the following provider as a shipping service provider:
    DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

If you have provided explicit consent in the ordering process in accordance with Article 6 (1) (a) GDPR, we will share your email address and/or phone number with the provider to arrange a delivery date or notify you about the shipment.

Otherwise, in accordance with Article 6 (1) (b) GDPR, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery. In this case, no prior coordination of the delivery date or shipment notification is possible.

You can revoke your consent at any time with effect for the future by notifying either the data controller specified above or the provider directly.

  • FedEx
    We use the following provider as a shipping service provider:
    FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach, Germany

If you have provided explicit consent in the ordering process in accordance with Article 6 (1) (a) GDPR, we will share your email address and/or phone number with the provider to arrange a delivery date or notify you about the shipment.

Otherwise, in accordance with Article 6 (1) (b) GDPR, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery. In this case, no prior coordination of the delivery date or shipment notification is possible.

You can revoke your consent at any time with effect for the future by notifying either the data controller specified above or the provider directly.

  • GLS
    We use the following provider as a shipping service provider:
    General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein, Germany

If you have provided explicit consent in the ordering process in accordance with Article 6 (1) (a) GDPR, we will share your email address and/or phone number with the provider to arrange a delivery date or notify you about the shipment.

Otherwise, in accordance with Article 6 (1) (b) GDPR, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery. In this case, no prior coordination of the delivery date or shipment notification is possible.

You can revoke your consent at any time with effect for the future by notifying either the data controller specified above or the provider directly.

  • Hermes
    We use the following provider as a shipping service provider:
    Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg, Germany

If you have provided explicit consent in the ordering process in accordance with Article 6 (1) (a) GDPR, we will share your email address and/or phone number with the provider to arrange a delivery date or notify you about the shipment.

Otherwise, in accordance with Article 6 (1) (b) GDPR, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery. In this case, no prior coordination of the delivery date or shipment notification is possible.

You can revoke your consent at any time with effect for the future by notifying either the data controller specified above or the provider directly.

  • UPS
    We use the following provider as a shipping service provider:
    United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany

If you have provided explicit consent in the ordering process in accordance with Article 6 (1) (a) GDPR, we will share your email address and/or phone number with the provider to arrange a delivery date or notify you about the shipment.

Otherwise, in accordance with Article 6 (1) (b) GDPR, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery. In this case, no prior coordination of the delivery date or shipment notification is possible.

You can revoke your consent at any time with effect for the future by notifying either the data controller specified above or the provider directly.

8.5 Use of Payment Service Providers (Payment Services)

Apple Pay

If you choose the Apple Pay payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment transaction will be processed via the Apple Pay function on your iOS, watchOS, or macOS device by charging a payment card stored in Apple Pay.

Apple Pay uses security features built into your device’s hardware and software to protect your transactions. To authorize a payment, you must enter a predefined code or verify it using your device's Face ID or Touch ID function.

For the purpose of payment processing, the information provided during your order, along with details about your purchase, is transmitted to Apple in an encrypted format. Apple then encrypts this data again with a developer-specific key before forwarding it to the payment service provider of the payment card stored in Apple Pay. This encryption ensures that only the website where the purchase was made can access the payment data.

Once the payment is completed, Apple sends a transaction-specific, dynamic security code along with your device account number to the website as payment confirmation.

If personal data is processed during these transmissions, the processing is carried out exclusively for payment processing purposes in accordance with Article 6 (1) (b) GDPR.

Apple retains anonymized transaction data, including:

  • The approximate purchase amount
  • The approximate date and time
  • An indication of whether the transaction was successfully completed

Since this data is anonymized, it cannot be linked to an individual person. Apple uses this anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase via Safari on your Mac, your Mac and the authorization device communicate via an encrypted channel on Apple’s servers. Apple does not process or store this information in a format that allows identification of your personal data.

You can disable the use of Apple Pay on your Mac in your iPhone settings by navigating to "Wallet & Apple Pay" and disabling "Allow Payments on Mac".

For more information on Apple Pay privacy, please visit:
🔗 https://support.apple.com/en-us/HT203027

Google Pay

If you choose the Google Pay payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment transaction will be processed via the Google Pay application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality. The payment is made by charging a payment card stored in Google Pay or another verified payment system (e.g., PayPal).

To authorize a payment over €25, you must unlock your mobile device using the configured verification method (such as face recognition, password, fingerprint, or pattern).

For the purpose of payment processing, the information provided during your order, along with details about your purchase, is transmitted to Google. Google then forwards your stored payment details in the form of a one-time transaction number to the website where the payment was initiated. This transaction number does not contain any real payment data but is instead generated as a one-time valid numeric token and transmitted.

For all transactions processed through Google Pay, Google acts only as an intermediary for the payment process. The actual transaction takes place exclusively between the user and the respective merchant by charging the payment method stored in Google Pay.

If personal data is processed during these transactions, this processing is carried out exclusively for payment processing purposes in accordance with Article 6 (1) (b) GDPR.

Data Collection and Processing by Google

Google reserves the right to collect, store, and evaluate certain transaction-specific information for every payment made via Google Pay. This includes:

  • Date, time, and amount of the transaction
  • Merchant location and description
  • Description of the purchased goods or services (as provided by the merchant)
  • Photos attached to the transaction (if applicable)
  • Name and email address of the seller and buyer or sender and recipient
  • Payment method used
  • Your description of the transaction reason
  • Any offer associated with the transaction

According to Google, this data processing is carried out solely based on Article 6 (1) (f) GDPR, as it serves Google's legitimate interest in proper accounting, verifying transaction data, and optimizing and maintaining the functionality of Google Pay.

Additionally, Google reserves the right to link the processed transaction data with other data collected and stored when using other Google services.

Further Information on Google Pay

PayPal

This website offers one or more online payment methods provided by the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you choose a payment method from this provider that requires advance payment, your payment data (including name, address, bank and card information, currency, and transaction number), as well as information about your order, will be shared with the provider in accordance with Art. 6(1)(b) GDPR. This data transfer is solely for the purpose of processing the payment and will only occur as far as necessary for this purpose.

If you choose a payment method where we provide the service in advance, you may be required to provide certain personal data during the checkout process, such as:

  • First and last name
  • Street address, house number, postal code, and city
  • Date of birth
  • Email address
  • Telephone number
  • If applicable, details of an alternative payment method

To protect our legitimate interest in assessing your payment ability, we will share this data with the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. The provider will evaluate, based on the personal data you provide and additional data (such as shopping cart details, invoice amount, order history, and payment experience), whether the selected payment method can be granted given potential payment and/or default risks.

The credit report may contain probability values (so-called score values). These score values are calculated based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or directly to the provider. However, the provider may still be entitled to process your personal data if it is necessary for contractual payment processing.

PayPal Checkout

This website uses PayPal Checkout, an online payment system provided by PayPal, which includes PayPal's own payment methods as well as local payment methods from third-party providers.

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or, if available, "Pay Later" via PayPal, we share your payment data with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. This data transfer is carried out in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for processing the payment.

PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or, if offered, "Pay Later" via PayPal. For this purpose, your payment data may be shared with credit agencies in accordance with Art. 6(1)(f) GDPR, based on PayPal’s legitimate interest in verifying your financial solvency. The result of this credit check, regarding the statistical probability of payment default, is used by PayPal to decide whether to provide the selected payment method.

The credit assessment may include probability values ("score values"), which are determined based on a scientifically recognized mathematical-statistical method. Address data, among other factors, is included in the calculation of these score values.

You may object to this data processing at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if necessary for contractual payment processing.

If the PayPal payment method "Purchase on Account" is available and selected, your payment data will first be transferred to PayPal for payment preparation. PayPal will then forward this data to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for payment execution. The legal basis for this data transfer is Art. 6(1)(b) GDPR. In this case, RatePay independently conducts an identity and credit check to assess financial solvency, following the principles outlined above. Based on legitimate interest under Art. 6(1)(f) GDPR, RatePay may further transmit your payment data to credit agencies for verification.

A list of the credit agencies Ratepay uses can be found here:
🔗 Ratepay Credit Agencies

If you choose to use a local third-party payment method, your payment data will first be transmitted to PayPal in preparation for the payment, in accordance with Art. 6(1)(b) GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the corresponding provider for payment processing, also in accordance with Art. 6(1)(b) GDPR:

  • Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
  • Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
  • iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
  • bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
  • blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
  • eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
  • Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further data protection information, please refer to PayPal's privacy policy: PayPal Privacy Policy

Stripe

This website offers one or more online payment options provided by: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

If you select a payment method from this provider that requires advance payment (e.g., credit card payment), your payment data—including your name, address, bank and card information, currency, and transaction number—as well as details about your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. This data transfer occurs solely for the purpose of processing the payment and only to the extent necessary.

If you choose a payment method where the provider makes an advance payment (e.g., invoice or installment purchase, direct debit), you will be required to provide certain personal information during the order process, including:

  • First and last name
  • Street, house number, postal code, city
  • Date of birth
  • Email address
  • Phone number
  • (If applicable) Data for an alternative payment method

This data is processed in accordance with Art. 6(1)(b) GDPR to determine eligibility for the selected payment method.

To protect our legitimate interest in assessing the creditworthiness of our customers, we transmit this data to the provider for a credit check in accordance with Art. 6(1)(f) GDPR. The provider evaluates, based on the personal data you have provided, as well as additional information (such as shopping cart details, invoice amount, order history, and payment experience), whether the payment method you have selected can be granted in terms of potential payment and/or default risks.

The credit check may include probability values (so-called score values). If score values are used in the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of these score values includes, among other things, but is not limited to, address data.

You may object to this data processing at any time by notifying us or the provider. However, the provider may still be entitled to process your personal data if it is necessary for contractual payment processing.

8.6 Electronic Termination Option for Continuing Obligations with Consumers

Consumers who have entered into paid continuing obligation contracts (such as subscription agreements) on this website have the option to terminate these agreements via an electronic button, in accordance with the applicable cancellation deadlines.

Clicking the button redirects the consumer to a confirmation page, where they can provide further details regarding the termination, clearly identify themselves, and electronically submit their termination request.

The collection and transmission of personal data to us are carried out in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for the proper processing of the termination request. Additionally, based on Art. 6(1)(b) GDPR, the provided personal data is used to confirm receipt of the termination request and the termination date in electronic text form.

Another legal basis for this processing is Art. 6(1)(c) GDPR, as we are legally required to provide an electronic termination option for consumer contracts involving paid continuing obligations that were concluded through electronic commerce.

9) Web Analytics Services

9.1 Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables the analysis of your use of our website.

By default, Google (Universal) Analytics sets cookies when you visit the website. These cookies are small text files stored on your device that collect specific information. This includes your IP address, which is shortened by Google to exclude any direct personal reference.

The collected information is transmitted to Google's servers and processed there. This may also involve transfers to Google LLC servers in the USA.

Google processes the collected data on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide additional services related to website and internet usage. The IP address transmitted by your browser within the framework of Google Analytics and shortened by Google will not be merged with other Google data. The data collected through the use of Google (Universal) Analytics is stored for two months and then deleted.

All of the aforementioned processing activities, particularly the setting of cookies on your device, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.

Without your consent, Google (Universal) Analytics will not be used during your visit to our website. You may withdraw your given consent at any time with future effect. To exercise your right of withdrawal, please disable this service in the "Cookie-Consent-Tool" provided on the website.

We have entered into a data processing agreement with Google to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties.

Further legal information regarding Google (Universal) Analytics can be found at:

Demographic Features

Google (Universal) Analytics uses the special feature "demographic characteristics" to create statistics on the age, gender, and interests of website visitors. This is done by analyzing advertising data and third-party information. This allows the identification of target audiences for marketing purposes. However, the collected data cannot be attributed to any specific individual and is deleted after a storage period of two months.

Google Signals

As an extension of Google (Universal) Analytics, this website may use Google Signals to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may—subject to your consent to the use of Google Analytics under Art. 6 para. 1 lit. a GDPR—analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only aggregated statistics.

If you wish to stop cross-device analysis, you can deactivate the "Personalized Ads" feature in your Google account settings. Follow the instructions provided here:
Disabling Personalized Ads

Further information about Google Signals can be found here:
Google Signals Help

User IDs

As an extension of Google (Universal) Analytics, the "User IDs" function may be used on this website. If you have consented to the use of Google (Universal) Analytics under Art. 6 para. 1 lit. a GDPR and have set up an account on this website, and log in across multiple devices, your activities—including conversions—can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with European data protection standards.

9.2 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your usage of our website.

By default, Google Analytics 4 sets cookies when you visit the website. These cookies are small text files stored on your device that collect specific information. This includes your IP address, which, however, is truncated by Google by the last digits to prevent direct personal identification.

The information is transmitted to Google's servers and further processed there. This may include transfers to Google LLC servers located in the USA.

Google processes the collected information on our behalf to evaluate your use of the website, compile reports on website activity, and provide additional services related to website and internet usage. The IP address transmitted by your browser and shortened as part of Google Analytics is not merged with other Google data. The data collected through Google Analytics 4 is stored for two months and then deleted.

All processing described above, including the setting of cookies on the device used, occurs only if you have given your explicit consent under Art. 6 (1) (a) GDPR.

Without your consent, Google Analytics 4 will not be used during your visit to the website. You can revoke your consent at any time with future effect. To exercise your right of withdrawal, please disable this service via the "Cookie-Consent-Tool" provided on the website.

We have entered into a data processing agreement with Google to ensure the protection of our visitors' data and to prohibit unauthorized sharing with third parties.

Further legal information regarding Google Analytics 4 can be found at:

Demographic Features

Google Analytics 4 uses the "demographic features" function, which allows the creation of statistics on visitor demographics such as age, gender, and interests. This is based on analyzing advertisements and third-party data. It helps define target groups for marketing activities. However, the collected data cannot be assigned to any specific individual and is deleted after two months.

Google Signals

As an extension of Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may analyze your cross-device usage behavior and create database models for cross-device conversions, subject to your consent to the use of Google Analytics under Art. 6 (1) (a) GDPR. We do not receive any personally identifiable data from Google, only aggregated statistics.

If you wish to disable cross-device analysis, you can deactivate "Personalized Advertising" in your Google account settings. Follow the instructions here: Google Ad Settings.

For more information on Google Signals, visit: Google Signals Help.

UserIDs

As an extension of Google Analytics 4, the "UserIDs" function may be used on this website. If you have consented to the use of Google Analytics 4 under Art. 6 (1) (a) GDPR, have created an account on this website, and log in to different devices using this account, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection levels based on an adequacy decision by the European Commission.

10) Retargeting / Remarketing and Conversion Tracking

Meta Pixel with Advanced Data Matching

As part of our online offering, we use the "Meta Pixel" service with advanced data matching from:

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

When a user clicks on an ad placed by us on Facebook or Instagram, the "Meta Pixel" adds a parameter to the URL of our linked page. This URL parameter is then stored in a cookie that our linked page itself sets in the user’s browser. Additionally, this cookie collects specific customer data (e.g., email addresses) that we collect on our website in connection with transactions such as purchases, account logins, or registrations (advanced data matching). The cookie is then read and enables the transfer of data, including customer information, to Meta.

We use "Meta Pixel" with advanced data matching to optimize our advertisements ("Ads") on Facebook and/or Instagram, ensuring that they match users’ interests or have specific characteristics (e.g., interest in certain topics or products determined based on visited web pages). This information is then transferred to Meta as "Custom Audiences."

Furthermore, we analyze the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an ad (conversion tracking). Compared to the standard "Meta Pixel," the advanced data matching function helps us measure the effectiveness of our advertising campaigns more accurately by capturing more attributable conversions.

All transmitted data is stored and processed by Meta, allowing an assignment to the respective user profile. Meta may use this data for its own advertising purposes in accordance with Meta's Data Usage Policy (Meta Privacy Policy). This data may allow Meta and its partners to place ads both on and outside of Facebook.

All the processing described above, including setting cookies to retrieve information on the device used, will only take place if you have given us your explicit consent under Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the "Cookie-Consent-Tool" provided on the website.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.

The information generated by Meta is usually transferred to a Meta server and stored there; this may also involve transmission to Meta Platforms Inc. servers in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

11) Website Functionalities

11.1 Facebook Plugins

Our website uses plugins from the social network provider:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

These plugins enable direct interaction with content on the social network.

To enhance the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the site using a "2-click" or "Shariff" solution.

This integration ensures that when you visit a page on our website that contains such plugins, no connection is made to the provider’s servers.

Only when you activate the plugins and thereby give your consent to data transmission in accordance with Art. 6 (1) (a) GDPR, does your browser establish a direct connection to the provider’s servers. This process transmits specific information about your device (including your IP address), your browser, and your browsing history to the provider, which may then process this data.

If you are logged into an existing user profile on the provider’s social network, information about interactions made via the plugins will also be published there and displayed to your contacts.

You can withdraw your consent at any time by clicking the activated plugin again to deactivate it. However, the withdrawal does not affect the data already transmitted to the provider.

Data may also be transmitted to:
Meta Platforms Inc., USA

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

11.2 Instagram Plugins

Our website uses plugins from the social network provider:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

These plugins enable direct interaction with content on the social network.

To enhance the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the site using a "2-click" or "Shariff" solution.

This integration ensures that when you visit a page on our website that contains such plugins, no connection is made to the provider’s servers.

Only when you activate the plugins and thereby give your consent to data transmission in accordance with Art. 6 (1) (a) GDPR, does your browser establish a direct connection to the provider’s servers. This process transmits specific information about your device (including your IP address), your browser, and your browsing history to the provider, which may then process this data.

If you are logged into an existing user profile on the provider’s social network, information about interactions made via the plugins will also be published there and displayed to your contacts.

You can withdraw your consent at any time by clicking the activated plugin again to deactivate it. However, the withdrawal does not affect the data already transmitted to the provider.

Data may also be transmitted to:
Meta Platforms Inc., USA

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

11.3 ShopVote Graphics

Our website integrates graphic elements from the following provider to display external customer reviews and/or an externally awarded quality seal:

Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany

When you access a page on our website that contains such graphic elements, your browser establishes a direct connection to the provider’s servers to properly load the elements. During this process, certain browser information, including your IP address, is transmitted to the provider.

If personal data is processed in this context, it is done so in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in optimally marketing our offering and designing our website in an appealing manner.

11.4 Google Maps
This website uses an online mapping service provided by: Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service that provides interactive (land) maps to visually display geographical information. By using this service, our location will be displayed to you, making it easier to plan your journey.

When accessing subpages that include Google Maps, information about your use of our website (e.g., your IP address) is transmitted to and stored on Google's servers. This may also involve transmission to Google LLC servers in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want this data to be linked to your Google profile, you must log out before activating the button. Google stores user data (even for users not logged in) as usage profiles and evaluates them.

The collection, storage, and evaluation of data are carried out in accordance with Art. 6(1)(f) GDPR based on Google’s legitimate interest in displaying personalized advertising, conducting market research, and designing Google websites according to user needs. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google as part of the use of Google Maps, you also have the option of disabling the Google Maps web service entirely by turning off JavaScript in your browser. Google Maps, and consequently the map display on this website, will then not be usable.

Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the aforementioned options for submitting an objection.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

Further information about Google’s privacy policy can be found here: https://business.safety.google/intl/en/privacy/

11.5 Google Web Fonts
This website uses web fonts for the uniform display of fonts provided by: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When you visit a page, your browser loads the required web fonts into its cache to correctly display text and fonts and establishes a direct connection to the provider’s servers. Certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA.

The processing of personal data in connection with establishing a connection to the font provider is only carried out if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect by disabling this service via the “Cookie-Consent Tool” provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/en/privacy/

11.6 Make
We use the services of the following provider for the integration and synchronization of databases and web applications:
Celonis, Inc., One World Trade Center, 87th Floor, New York, NY, 10007, USA

This enables us to automate our processing operations and establish different workflows to efficiently manage and execute internal processes within our processing system. If personal data is processed in the course of this, it is done in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in optimizing our internal organization.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

11.7 Zapier
We use the services of the following provider for the integration and synchronization of databases and web applications:
Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA

This enables us to automate our processing operations and establish different workflows to efficiently manage and execute internal processes within our processing system. If personal data is processed in the course of this, it is done in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in optimizing our internal organization.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

12) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called "Cookie Consent Tool" to obtain valid user consent for cookies requiring consent and cookie-based applications. The "Cookie Consent Tool" is displayed to users as an interactive interface when they visit the website, allowing them to grant consent for specific cookies and/or cookie-based applications by selecting checkboxes. Through the use of this tool, all cookies and services requiring consent are only loaded if the respective user grants explicit consent via the checkbox selection. This ensures that such cookies are only set on the user's device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. In general, no personal user data is processed.

If, in exceptional cases, personal data (such as IP addresses) is processed for the purpose of storing, assigning, or logging cookie settings, this processing is carried out based on Article 6(1)(f) GDPR, reflecting our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, consequently, in ensuring the lawful design of our online presence.

Another legal basis for processing is Article 6(1)(c) GDPR. As the responsible party, we are legally required to make the use of non-essential cookies dependent on user consent.

Where necessary, we have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties.

Further information about the provider and the settings options for the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

13) Data Subject Rights

13.1 Data Subject Rights

Under the applicable data protection law, you have the following rights with regard to the processing of your personal data by the controller (rights of access and intervention). The specific conditions for exercising these rights are based on the respective legal provisions:

  • Right of access pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure ("right to be forgotten") pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to notification pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR;
  • Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.

14) Duration of Storage of Personal Data

The duration for which personal data is stored depends on the respective legal basis, the processing purpose, and—if applicable—any statutory retention period (e.g., commercial and tax law retention periods).

If personal data is processed based on explicit consent pursuant to Art. 6 (1) lit. a GDPR, the data will be stored until you revoke your consent.

If statutory retention periods apply to data that is processed in the context of legal or quasi-legal obligations based on Art. 6 (1) lit. b GDPR, such data will be routinely deleted after the retention period expires, provided that the data is no longer required for contract fulfillment or initiation and/or there is no legitimate interest in continued storage.

If personal data is processed based on Art. 6 (1) lit. f GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21 (1) GDPR unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes based on Art. 6 (1) lit. f GDPR, such data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise stated in this privacy policy regarding specific processing situations, stored personal data will be deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.