Privacy policy
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Alexander Schödl, as Creativ, Am Dörrenhof 21, 85131 Pollenfeld, Germany, Tel.: +49 8421 9082507, E-Mail: info@as-creativ.de. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for purely informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect such data as is transmitted by your browser to the page server (so-called "server logfiles"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website visited by us
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you arrived at the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing takes place in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to check the server logfiles subsequently if there are concrete indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
3.1 Shopify
For hosting our website and displaying the page contents, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have concluded an order processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized transfer to third parties.
In the case of data transmission to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
3.2 Cloudflare
We use a Content Delivery Network of the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page contents or scripts faster via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 para. 1 lit. f GDPR. We have concluded an order processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized transfer to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your end device for a longer period and allow us to save page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.
If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of given consent or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can configure your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contact
5.1 Shopify Inbox
This website uses the live chat system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
The processing of personal data transmitted via the chat is carried out either in accordance with Art. 6 para. 1 lit b GDPR, because it is necessary for the initiation or performance of the contract, or in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the effective support of our website visitors.
Your data transmitted in this way will be deleted, subject to opposing statutory retention periods, once the relevant matter has been conclusively clarified.
In addition, further information may be collected and evaluated for the purpose of creating pseudonymized usage profiles using cookies, which, however, do not serve your personal identification and are not merged with other data sets. If this information has a personal reference, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.
The setting of cookies can be prevented by appropriate browser settings. In this case, however, the functionality of our website may be restricted.
You can object to the collection and storage of data for the purpose of creating a pseudonymized usage profile at any time with effect for the future.
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
We have concluded an order processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized transfer to third parties.
In the case of data transmission to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
5.2 WhatsApp Business
You have the option to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business Version" of WhatsApp.
If you contact us via WhatsApp on the occasion of a specific business (for example, an order placed), we store and use the mobile phone number you used at WhatsApp as well as – if provided – your first and last name in accordance with Art. 6 para. 1 lit. b. GDPR for processing and responding to your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or email address) in order to be able to assign your request to a specific process.
If you use our WhatsApp contact for general inquiries (e.g. about the range of services, availability or our online presence), we store and use the mobile phone number you used at WhatsApp as well as – if provided – your first and last name in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient and timely provision of the desired information.
Your data will always only be used to respond to your request via WhatsApp. There is no transfer to third parties.
Please note that WhatsApp Business has access to the address book of the mobile device used by us for this purpose and automatically transmits telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For operating our WhatsApp Business account, we use a mobile device whose address book exclusively contains the WhatsApp contact details of such users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact details are stored in our address book has already consented, upon first use of the app on their device by accepting the WhatsApp terms of use, to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR. Transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
Please refer to WhatsApp's privacy notices for the purpose and scope of data collection and the further processing and use of the data by WhatsApp as well as your related rights and setting options for protecting your privacy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded an order processing agreement with the provider that protects the data of our website visitors and prohibits transfer to third parties.
In the course of the processing mentioned above, data transfers to servers of Meta Platforms Inc. in the USA may take place.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
5.3 In the context of contacting us (e.g. via contact form or email), personal data is processed – exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the relevant matter has been conclusively clarified and provided there are no statutory retention obligations to the contrary.
6) Data Processing When Opening a Customer Account
In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide us with this data when opening a customer account. You can see which data is required for the account opening from the input mask of the corresponding form on our website.
Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted unless all contracts concluded on this basis have been fully processed, there are no statutory retention periods to the contrary and there is no legitimate interest on our part in further storage.
7) Use of Customer Data for Direct Marketing
7.1 Registration for Our Email Newsletter
If you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter after you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. For this purpose, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us during registration for the newsletter will be used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted immediately from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to further data use, which is legally permitted and about which we inform you in this statement.
7.2 Shopify Email
The sending of our email newsletter is done via this provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration in accordance with Art. 6 para. 1 lit. f GDPR to this provider so that it can take over the newsletter dispatch on our behalf.
Subject to your express consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider additionally carries out statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure opening rates and specific interactions with the newsletter contents. End device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded an order processing agreement with the provider that protects the data of our website visitors and prohibits transfer to third parties.
In the case of data transmission to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
7.3 Cart Reminders by Email
In case you abandon your purchase with us before completing the order, you have the option to be reminded once by email of the contents of your virtual shopping cart.
The only mandatory information for sending this reminder is your email address. The provision of further data is voluntary and may be used to address you personally. For sending the email, we use the so-called double opt-in procedure, which ensures that you only receive the notification after you have expressly confirmed your consent in this respect by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR for sending a cart reminder. For this purpose, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us during registration for our email notification service will be used strictly for the intended purpose.
You can unsubscribe from cart reminders at any time by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted immediately from the distribution list set up for this purpose unless you have expressly consented to further use of your data or we reserve the right to further data use, which is legally permitted and about which we inform you in this statement.
8) Data Processing for Order Fulfillment
8.1 Transmission of Image Files for Order Fulfillment by Email
On our website, we offer customers the option to commission the personalization of products by transmitting image files by email. The submitted image motif is used as a template for personalizing the selected product.
Via the email address provided on the website, the customer can transmit one or more image files from the storage of the end device used to us. We collect, store and use the files transmitted in this way exclusively for the production of the personalized product within the meaning of the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and fulfillment of the order, you will be explicitly informed about this in the following paragraphs. No further transfer takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned take place exclusively for the purpose of fulfilling your online order in accordance with Art. 6 para. 1 lit. b GDPR.
After final fulfillment of the order, the transmitted image files are automatically and completely deleted.
8.2 Transmission of Image Files for Order Fulfillment via Messaging Function
If the customer has the option to commission the personalization of products by transmitting image files via the messaging function, the submitted image motif is used as a template for personalizing the selected product.
Via the available messaging function, the customer can transmit one or more image files from the storage of the end device used to us. We collect, store and use the files transmitted in this way exclusively for the production of the personalized product within the meaning of the respective description of our services.
If the transmitted image files are passed on to special service providers for the production and fulfillment of the order, you will be explicitly informed about this in the following paragraphs. No further transfer takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned take place exclusively for the purpose of fulfilling your online order in accordance with Art. 6 para. 1 lit. b GDPR.
After final fulfillment of the order, the transmitted image files are automatically and completely deleted.
8.3 Transmission of Image Files for Order Fulfillment via Upload Function
On our website, we offer customers the option to commission the personalization of products by transmitting image files via an upload function. The submitted image motif is used as a template for personalizing the selected product.
Via the upload form on the website, the customer can transmit one or more image files from the storage of the end device used directly to us via automated, encrypted data transmission. We collect, store and use the transmitted files exclusively for the production of the personalized product within the meaning of the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and fulfillment of the order, you will be explicitly informed about this in the following paragraphs. No further transfer takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned take place exclusively for the purpose of fulfilling your online order in accordance with Art. 6 para. 1 lit. b GDPR.
After final fulfillment of the order, the transmitted image files are automatically and completely deleted.
8.4 To the extent necessary for the performance of the contract for shipping and payment purposes, the personal data collected by us is forwarded in accordance with Art. 6 para. 1 lit. b GDPR to the commissioned transport company and the commissioned credit institution.
If we owe you updates for goods with digital elements or digital products on the basis of a corresponding contract, we process the contact data transmitted by you during the order in order to inform you personally within the framework of our statutory information obligations in accordance with Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
For the fulfillment of your order, we also cooperate with the following service provider(s), who support us wholly or partly in the performance of concluded contracts. Certain personal data is transmitted to these service providers to the extent specified in the following information.
8.5 Order Printer Pro
For order fulfillment, we use the following provider: FORSBERG+TWO, Tranegårdsvej 74, 2900, Hellerup, Denmark
Name, address and, if applicable, further personal data are forwarded to the provider in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of fulfilling the online order. The transfer of your data only takes place to the extent actually necessary for fulfilling the order. The provider is also used for accounting. Thus, the provider processes incoming and outgoing invoices as well as, if applicable, our company's bank transactions in order to automatically capture invoices, match them to transactions and create the financial accounting in a semi-automated process.
If personal data is also processed in this context, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business processes.
8.6 Post & DHL Shipping (official)
For preparing shipments, we use the services of the following provider: Deutsche Post DHL Research And Innovation GmbH, Kurt-Schumacher-Str. 1, 53113 Bonn
In accordance with Art. 6 para. 1 lit. b GDPR, we transmit digital shipping labels with your delivery information exclusively for the purpose of fulfilling your online order from our order fulfillment system to the provider, who then sends them to our local printers to enable printing. The transfer of data only takes place to the extent actually necessary for fulfillment.
8.7 Transfer of Personal Data to Shipping Service Providers
- Deutsche Post
As a transport service provider, we use the following provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany
We forward your email address and/or telephone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or delivery announcement, provided you have given your express consent for this in the order process. Otherwise, we forward only the recipient's name and delivery address to the provider in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of delivery. The transfer only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
We forward your email address and/or telephone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or delivery announcement, provided you have given your express consent for this in the order process. Otherwise, we forward only the recipient's name and delivery address to the provider in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of delivery. The transfer only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL Express
As a transport service provider, we use the following provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany
We forward your email address and/or telephone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or delivery announcement, provided you have given your express consent for this in the order process. Otherwise, we forward only the recipient's name and delivery address to the provider in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of delivery. The transfer only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DPD
As a transport service provider, we use the following provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany
We forward your email address and/or telephone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or delivery announcement, provided you have given your express consent for this in the order process. Otherwise, we forward only the recipient's name and delivery address to the provider in accordance with Art. 6 para.
8.8 Use of Payment Service Providers (Payment Services)
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your end device operated with iOS, watchOS or macOS by charging a payment card stored at "Apple Pay". Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, it is therefore necessary to enter a code previously set by you and to verify using the "Face ID" or "Touch ID" function of your end device.
For the purpose of payment processing, the information you provided during the order process together with the information about your order is forwarded to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored at Apple Pay for payment processing. The encryption ensures that only the website on which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number as well as a transaction-specific dynamic security code to the originating website to confirm the payment success.
If personal data is processed during the transmissions described, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and approximate time as well as an indication of whether the transaction was successfully completed. Anonymization completely excludes personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on the iPhone or Apple Watch to complete a purchase you made via Safari on the Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac".
Further information on data protection for Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application of your mobile end device operated with at least Android 4.4 ("KitKat") and equipped with an NFC function by charging a payment card stored at Google Pay or a payment system verified there (e.g. PayPal). For authorizing a payment via Google Pay of more than 25,- €, it is necessary to previously unlock your mobile end device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provided during the order process together with the information about your order is forwarded to Google. Google then transmits your payment information stored at Google Pay in the form of a one-time assigned transaction number to the originating website, with which a payment made is verified. This transaction number does not contain any information about the actual payment data of your payment instrument stored at Google Pay, but is created and transmitted as a one-time valid numeric token. In all transactions via Google Pay, Google merely acts as an intermediary for processing the payment process. The execution of the transaction takes place exclusively between the user and the originating website by charging the payment instrument stored at Google Pay.
If personal data is processed during the transmissions described, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Google reserves the right to collect, store and evaluate certain transaction-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing takes place exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google's legitimate interest in proper invoicing, verification of transaction data and optimization and maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with further information collected and stored by Google when using other Google services.
The terms of use for Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection for Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Paypal
One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
When selecting a payment method of the provider where you pay in advance, your payment data (including name, address, bank and card information, currency and transaction number) provided during the order process as well as information about the content of your order are forwarded to it in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data takes place in this case exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
When selecting a payment method where we pay in advance, you will also be prompted during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable data on an alternative payment method).
To safeguard our legitimate interest in determining your ability to pay in such cases, this data is forwarded by us to the provider in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you provided and further data (such as shopping cart, invoice amount, order history, payment experience), whether the selected payment option can be granted in view of payment and/or default risks.
The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things but not exclusively, are included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Paypal Checkout
This website uses PayPal Checkout, an online payment system from PayPal that consists of PayPal's own payment methods and local payment methods from third-party providers.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal, we forward your payment data in the course of payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for payment processing.
PayPal reserves the right, for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal – to carry out a credit check. For this purpose, your payment data may be forwarded to information agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things but not exclusively, are included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
If the PayPal payment method "Invoice Purchase" is available and selected, your payment data is first transmitted to PayPal for preparation of the payment, after which PayPal forwards it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for payment processing. The legal basis is each Art. 6 para. 1 lit. b GDPR. In this case, Ratepay carries out an identity and credit check in its own name to determine solvency according to the principle already mentioned above and forwards your payment data to information agencies on the basis of the legitimate interest in determining solvency in accordance with Art. 6 para. 1 lit. f GDPR. A list of the information agencies that Ratepay can use can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using a payment method of a local third-party provider, your payment data is first forwarded to PayPal in accordance with Art. 6 para. 1 lit. b GDPR for preparation of the payment. Depending on your selection of an available local payment method, PayPal then forwards your payment data to the respective provider for payment processing in accordance with Art. 6 para. 1 lit. b GDPR:
- Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
Please refer to PayPal's privacy policy for further data protection information: https://www.paypal.com/de/legalhub/paypal/privacy-full
- Shopify Payments
One or more online payment methods of the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
When selecting a payment method of the provider where you pay in advance (e.g. credit card payment), your payment data (including name, address, bank and card information, currency and transaction number) provided during the order process as well as information about the content of your order are forwarded to it in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data takes place in this case exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
9) Web Analysis Services
Google Analytics 4
This website uses Google Analytics 4, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your use of our website.
By default, Google Analytics 4 sets cookies when visiting the website, which are stored as small text blocks on your end device and collect certain information. This information also includes your IP address, which, however, is shortened by Google by the last digits to exclude direct personal reference.
The information is transmitted to Google servers and processed there. Transmissions to Google LLC in the USA are also possible.
Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activities for us and to provide further services related to website and internet use. The IP address transmitted by your browser and shortened in the context of Google Analytics is not merged with other Google data. The data collected in the context of using Google Analytics 4 is stored for a duration of two months and then deleted.
All the processing operations described above, in particular the setting of cookies on the end device used, only take place if you have given us your express consent for this in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, the use of Google Analytics 4 is omitted during your page visit. You can revoke your given consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "Cookie Consent Tool" provided on the website.
We have concluded an order processing agreement with Google that ensures the protection of the data of our website visitors and prohibits unauthorized transfer to third parties.
Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites
Demographic Characteristics
Google Analytics 4 uses the special function "demographic characteristics" and can thereby create statistics that provide statements on the age, gender and interests of page visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and is deleted after storage for a duration of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have personalized ads activated and your devices are linked to your Google account, Google can, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, but only statistics. If you want to stop cross-device analysis, you can deactivate the "Personalized Advertising" function in the settings of your Google account. Follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de
Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de
UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have set up an account on this website and log in with this account on various devices, your activities, including conversions, can be analyzed across devices.
Collection of Data Provided by Users
To improve analysis results for users whose contact details we have received in the context of business or business-like relationships, we use the function "Collection of Data Provided by Users".
Subject to your express consent in accordance with Art. 6 para. 1 lit. a GDPR, we transmit one or more files with customer data aggregated to your person (mainly email address and telephone number) to Google electronically in the context of this function. Google does not gain access to plain data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. Google can then only use the encrypted information to assign it to existing Google accounts set up by the data subjects.
The processing serves to refine measurement data, improves cross-device user tracking and enables integration of analysis results into Google's advertising personalization and conversion tracking functions.
You can revoke your consent to us at any time with effect for the future. Further information on Google's data protection measures regarding the transmission of customer data can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
10) Retargeting/ Remarketing and Conversion Tracking
10.1 Google Ads Conversion Tracking
This website uses the online advertising program "Google Ads" and within the framework of Google Ads the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We use Google Ads to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine the success of the individual advertising measures in relation to the data of the advertising campaigns. We pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.
The cookie for conversion tracking is set when a user clicks on an ad switched by Google. Cookies are small text files stored on your end device. These cookies usually lose their validity after 30 days and do not serve personal identification. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Thus, cookies cannot be tracked across the websites of Google Ads customers. The information obtained with the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
In the context of using Google Ads, it may also lead to a transmission of personal data to the servers of Google LLC in the USA.
Details on the processing triggered by Google Ads Conversion Tracking and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
All the processing operations described above, in particular the setting of cookies for reading information on the end device used, are only carried out if you have given us your express consent for this in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
You can permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in from Google available at the following link:
https://support.google.com/My-Ad-Center-Help/answer/12155656?hl=de
To address users whose data we have received in the context of business or business-like relationships even more interest-based with advertising, we use a customer matching function within the framework of Google Ads. For this purpose, we transmit one or more files with aggregated customer data (mainly email addresses and telephone numbers) to Google electronically. Google does not gain access to plain data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. Google can then only use the encrypted information to assign it to existing Google accounts set up by the data subjects. This enables the delivery of personalized advertising across all Google services linked to the respective Google account.
The transmission of customer data to Google only takes place if you have given us express consent for this in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent to us at any time with effect for the future. Further information on Google's data protection measures regarding the customer matching function can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182
Google's privacy provisions can be viewed here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
10.2 Google Marketing Platform
This website uses the online marketing tool Google Marketing Platform of the operator Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").
GMP uses cookies to serve relevant ads to users, improve reports on campaign performance or to avoid showing the same ads multiple times to a user. Via a cookie ID, Google captures which ads are served in which browser and can thus prevent them from being displayed multiple times. In addition, GMP can use cookie IDs to capture so-called conversions that relate to ad requests. This is the case, for example, when a user sees a GMP ad and later, when using the same browser, calls up the advertiser's website and makes a purchase there. According to Google, GMP cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server.
We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you as follows according to our state of knowledge: Through the integration of GMP, Google receives the information that you have called up the corresponding part of our online presence or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or not logged in, there is the possibility that the provider learns and stores your IP address. In the context of using GMP, it may also lead to a transmission of personal data to the servers of Google LLC in the USA.
All the processing operations described above, in particular the setting of cookies for reading information on the end device used, are only carried out if you have given us your express consent for this in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
The privacy provisions of GMP by Google can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
11) Page Functionalities
11.1 Rocket Google Reviews
On our website, graphic elements of the following provider are integrated to display external customer reviews: Entangle Commerce, 789 Yonge St., Suite 807, Toronto, ON M2N 0G3, Canada
When you call up a page of our online presence that contains such graphic elements, your browser establishes a direct connection to the provider's servers in order to load the elements properly. In doing so, certain browser information, including your IP address, is transmitted to the provider.
If personal data is also processed in this process, it is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the optimal marketing of our offer and the appealing design of our online presence.
In the case of data transmission to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
11.2 hCaptcha
On this website, we use the CAPTCHA service of the following provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA
The service checks whether an input is made by a natural person or abusively by machine and automated processing and blocks spam, DDoS attacks and similar automated malicious accesses. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the end device used, recognition data of the browser and operating system type used, date and duration of the visit and transmits this to the provider's servers for evaluation.
The legal basis is our legitimate interest in determining individual responsibility on the internet and avoiding abuse and spam in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded an order processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized transfer to third parties.
For the transmission of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
11.3 Google Customer Reviews (formerly Google Certified Merchant Program)
We cooperate with Google within the framework of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program gives us the opportunity to collect customer reviews from users of our website. After a purchase on our website, you will be asked whether you would like to participate in an email survey from Google.
If you give your consent in accordance with Art. 6 para. 1 lit. a GDPR, we transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchase experience on our website. Your submitted review will then be summarized with our other reviews and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. In addition, your review will be used for Google Seller Ratings. In the context of using Google Customer Reviews, it may also lead to a transmission of personal data to the servers of Google LLC in the USA.
You can revoke your consent at any time by sending a message to the controller responsible for data processing or to Google.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
Further information on Google's privacy provisions can be found here: https://business.safety.google/intl/de/privacy/
12) Tools and Miscellaneous
12.1 - Lexware Office
For accounting purposes, we use the service of the cloud-based accounting software of the following provider: Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany
The provider processes incoming and outgoing invoices as well as, if applicable, our company's bank transactions in order to automatically capture invoices, match them to transactions and create the financial accounting in a semi-automated process.
If personal data is also processed in this context, the processing is carried out on the basis of our legitimate interest in the efficient organization and documentation of our business processes in accordance with Art. 6 para. 1 lit. f GDPR.
12.2 Cookie Consent Tool
This website uses a so-called "Cookie Consent Tool" to obtain effective user consents for consent-required cookies and cookie-based applications. The "Cookie Consent Tool" is displayed to users upon page call in the form of an interactive user interface on which consents for certain cookies and/or cookie-based applications can be given by checking the box. Through the use of the tool, all consent-required cookies/services are only loaded if the respective user gives corresponding consents by checking the box. This ensures that such cookies are only set on the respective user's end device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this process.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our online presence.
Another legal basis for the processing is also Art. 6 para. 1 lit. c GDPR. As controllers, we are legally obliged to make the use of technically non-necessary cookies dependent on the respective user consent.
If necessary, we have concluded an order processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized transfer to third parties.
Further information on the operator and the setting options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
13) Rights of the Data Subject
13.1 The applicable data protection law grants you the following rights of the data subject (information and intervention rights) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective exercise requirements:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw given consents pursuant to Art. 7 para. 3 GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
13.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREVAILING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL END THE PROCESSING OF THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING PROTECTWORTHY GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL END THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
14) Duration of Storage of Personal Data
The duration of storage of personal data is determined by the respective legal basis, the processing purpose and – if relevant – additionally by the respective statutory retention periods (e.g. commercial and tax retention periods).
In the processing of personal data on the basis of express consent pursuant to Art. 6 para. 1 lit. a GDPR, the affected data is stored until you revoke your consent.
If there are statutory retention periods for data processed on the basis of contractual or contract-like obligations pursuant to Art. 6 para. 1 lit. b GDPR, this data is routinely deleted after expiry of the retention periods, provided it is no longer necessary for contract fulfillment or contract initiation and/or no legitimate interest in further storage exists on our part.
In the processing of personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right of objection pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling protectworthy grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
In the processing of personal data for direct marketing purposes on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right of objection pursuant to Art. 21 para. 2 GDPR.
If nothing else results from the other information in this statement on specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
