Data Protection Declaration
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Mesona Handels GmbH, Langgasse 22/B04, 6460 Imst, Österreich, Tel.: 0043 5412 6196 3222, E-Mail: office@mesona-handel.at. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.
2) Data Collection when visiting our Website
When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
3) Hosting & Content Delivery Network
For the hosting of our website and the delivery of its content, we utilize a service provider that performs these services either directly or through selected subcontractors exclusively on servers located within the European Union. All data collected on our website is processed on these servers. We have entered into a data processing agreement with the service provider to ensure the protection of our website visitors' data and to prohibit any unauthorized disclosure to third parties.
4) Cookies
In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping basket for a later visit to the website). If personal data are also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6 (1) point b GDPR either for the execution of the contract or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
We work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following sections.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/en-us/HT201265
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
5) Contacting Us
5.1 In the context of contacting us (e.g., via contact form or email), personal data is collected. The data that is collected when using a contact form can be seen from the respective contact form. This data is used exclusively for responding to your request or for establishing contact and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted after the final processing of your inquiry, provided that there are no legal storage obligations to the contrary.
The contact details (address, email, telephone number) provided by you may be used by us to contact you.
5.2 Userlike
This website uses Userlike (http://www.userlike.com), a live chat software provided by Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany. With Userlike, you can chat with our employees in real time. When starting the chat, the following personal data is collected:
- Date and time of the chat
- Browser type/version
- IP address
- Operating system used
- Amount of data sent
- And if provided by you: first name, last name, and email address.
Depending on the course of the conversation with our employees, further personal data from you may be provided in the chat. The nature of this information depends largely on your request or the problem described by you.
All our employees are trained in data protection and in handling customer data. All our employees are obliged to maintain confidentiality and have signed an additional agreement on confidentiality and data protection in their employment contracts. By accessing the website [Name of Your Website], the chat widget is loaded as a JavaScript file from AWS Cloudfront. Technically, the chat widget represents the source code executed on your computer that enables the chat.
Furthermore, [Name of Your Company] stores the history of live chats. The purpose is to spare our customers a long history of inquiries and to continuously monitor the quality of our live chat service. Processing is carried out in accordance with Art. 6(1)(f) GDPR. If you do not want your live chat history to be stored, please do not hesitate to contact us using the contact details provided below. Stored live chats and all other data from you will be deleted immediately. The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also where our legitimate interest lies, which is why processing is carried out in accordance with Art. 6(1)(f) GDPR. The legal basis for processing the data provided in the chat is also Art. 6(1)(b) and (f) GDPR.
Further information can be found in the [Userlike Terms of Data Processing](http://www.userlike.com/terms#privacy-policy).
6) Comment Function
Within the scope of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you chose will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is for security reasons and in case the content posted by the person concerned through a comment violates the rights of third parties or contains unlawful content. We require your email address to contact you in case a third party objects to your published content as unlawful.
The legal basis for storing your data is Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments that are objected to by third parties.
7) Data Processing When Opening a Customer Account and for Contract Processing
Pursuant to Art. 6 (1) point b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. It is possible to delete your customer account at any time. This can be done by sending a message to the above-mentioned address of the controller. We store and use the data provided by you for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, about which we will inform you accordingly below.
8) Use of Customer Data for Direct Advertising
8.1 Registration for Our Email Newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Additional data is voluntary and is used to address you personally. For sending the newsletter, we use the double opt-in procedure, which ensures that you will only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking on a link sent to the email address provided. By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. In this process, we store your IP address as well as the date and time of your registration with the email service provider (ISP) in order to trace any possible misuse of your email address at a later time. The data collected by us during the registration for the newsletter will be used exclusively for the purpose of sending our newsletter.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the responsible person mentioned above. After you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy policy.
8.2 Brevo
The dispatch of our email newsletters is carried out by this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Based on our legitimate interest in effective and user-friendly newsletter marketing, we share the data you provided during newsletter registration in accordance with Art. 6(1)(f) GDPR with this provider so that they can handle the dispatch of the newsletter on our behalf. Subject to your explicit consent in accordance with Art. 6(1)(a) GDPR, the provider also conducts a statistical evaluation of newsletter campaigns using web beacons or pixel tags in the emails sent, which allows measurement of opening rates and specific interactions with newsletter content. In this process, device information (e.g., time of access, IP address, browser type, and operating system) may also be collected and evaluated, but not linked to other datasets.
You can revoke your consent to newsletter tracking at any time with effect for the future. We have concluded a data processing agreement with the provider to protect the data of our website visitors and prohibit its transfer to third parties.
8.3 Push0w
On this website, you have the option to subscribe to regular push notifications containing information about our offerings. For this service, we use the following provider:Creatorbox Softwares Private Limited, 80 Feet Road, Koramangala, 4th Block, Bangalore- 560034, Karnataka, India
By subscribing, you explicitly consent to receive push notifications and the associated data processing in accordance with Art. 6(1)(a) GDPR. For the proper assignment and display of notifications, the provider collects, stores, and uses your browser ID and device ID. Subject to your explicit consent pursuant to Art. 6(1)(a) GDPR, the provider may also conduct statistical analyses of push integrations and interactions. In this process, additional information (e.g., timestamp of access, IP address) may be collected and analyzed but will not be combined with other datasets.
You may withdraw your consent for data processing related to receiving push notifications and statistical performance measurement at any time with effect for the future. To do so, disable the service in your browser settings or, depending on your operating system, unsubscribe by interacting with a specific push notification.
We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prohibit any unauthorized disclosure to third parties.
8.4 Email Notification of Product Availability
For temporarily unavailable items, you can subscribe to receive email notifications of product availability. In this case, we will send you a one-time email notification about the availability of the item you selected. The only mandatory information for sending this notification is your email address. Additional data is voluntary and may be used to address you personally. By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. In this process, we store your IP address as well as the date and time of your registration with the email service provider (ISP) in order to trace any possible misuse of your email address at a later time. The data collected by us during registration for our email notification service of product availability will be used exclusively for the purpose of sending these notifications.
You can unsubscribe from availability notifications at any time by sending a message to the responsible person mentioned above. After you have unsubscribed, your email address will be immediately deleted from our distribution list for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy policy.
9) Processing of Data for the Purpose of Order Handling
9.1 Where necessary for the processing of contracts for delivery and payment purposes, the personal data collected by us will be passed on to the authorized transport company and the authorized credit institution in accordance with Art. 6(1)(b) GDPR.**
If we owe you updates for goods with digital elements or digital products based on a corresponding contract, we will process the contact details you provided during the order (name, address, email address) in order to inform you personally in accordance with our legal obligations under Art. 6(1)(c) GDPR through suitable means of communication (e.g., by post or email) within the legally prescribed period about upcoming updates. Your contact details will be strictly used for notifications about updates owed by us and processed by us only to the extent necessary for the respective information.
For order processing, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
9.2 Transfer of Personal Data to Shipping Service Providers
- Deutsche Post
As a transport service provider, we use the following provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany. We will provide your email address and/or phone number in accordance with Art. 6(1)(a) GDPR to the provider for the purpose of coordinating a delivery date or for delivery notifications before the goods are delivered, if you have given your explicit consent during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Art. 6(1)(b) GDPR. The transfer will only be made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can revoke your consent at any time with effect for the future by contacting the controller mentioned above or the provider.
- DHL
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany. We will provide your email address and/or phone number in accordance with Art. 6(1)(a) GDPR to the provider for the purpose of coordinating a delivery date or for delivery notifications before the goods are delivered, if you have given your explicit consent during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Art. 6(1)(b) GDPR. The transfer will only be made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can revoke your consent at any time with effect for the future by contacting the controller mentioned above or the provider.
- DHL Express
As a transport service provider, we use the following provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany. We will provide your email address and/or phone number in accordance with Art. 6(1)(a) GDPR to the provider for the purpose of coordinating a delivery date or for delivery notifications before the goods are delivered, if you have given your explicit consent during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Art. 6(1)(b) GDPR. The transfer will only be made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can revoke your consent at any time with effect for the future by contacting the controller mentioned above or the provider.
- General Overnight (GO!)
As a transport service provider, we use the following provider: GO! Express & Logistics (Deutschland) GmbH, Brühler Straße 9, 53119 Bonn, Germany. We will provide your email address and/or phone number in accordance with Art. 6(1)(a) GDPR to the provider for the purpose of coordinating a delivery date or for delivery notifications before the goods are delivered, if you have given your explicit consent during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Art. 6(1)(b) GDPR. The transfer will only be made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can revoke your consent at any time with effect for the future by contacting the controller mentioned above or the provider.
- Austrian Post
As a transport service provider, we use the following provider: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Wien, Österreich. We will provide your email address and/or phone number in accordance with Art. 6(1)(a) GDPR to the provider for the purpose of coordinating a delivery date or for delivery notifications before the goods are delivered, if you have given your explicit consent during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Art. 6(1)(b) GDPR. The transfer will only be made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can revoke your consent at any time with effect for the future by contacting the controller mentioned above or the provider.
- TNT
As a transport service provider, we use the following provider: TNT Express GmbH, Haberstraße 2, 53842 Troisdorf, Germany. We will provide your email address and/or phone number in accordance with Art. 6(1)(a) GDPR to the provider for the purpose of coordinating a delivery date or for delivery notifications before the goods are delivered, if you have given your explicit consent during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Art. 6(1)(b) GDPR. The transfer will only be made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. You can revoke your consent at any time with effect for the future by contacting the controller mentioned above or the provider.
9.3 Use of Payment Service Providers (Payment Services)
- Klarna
On this website, one or more online payment methods from the following provider are available: Sofort GmbH (HRB 218675), located at Theresienhöhe 12, 80339 Munich, Germany.
When you select a payment method from this provider where you make a payment in advance (such as credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be transmitted to the provider in accordance with Article 6(1)(b) GDPR. Your data will be shared with the provider exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider makes an upfront payment (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and, if applicable, data regarding an alternative payment method) during the order process. To protect our legitimate interest in assessing the creditworthiness of our customers, we will transmit this data to the provider for the purpose of a credit check in accordance with Article 6(1)(f) GDPR. The provider will assess, based on the personal data you provided, as well as additional data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option selected by you can be granted with respect to payment and/or default risk.
For decision-making in the context of the application review, identity and creditworthiness information from the following credit reporting agencies may also be included, in addition to provider-specific criteria in accordance with Article 6(1)(f) GDPR:
[Link to the list of credit rating agencies](https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies)
The credit report may include probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized, mathematical-statistical procedure. Address data is included in the calculation of the score values, among other factors.
You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if it is necessary for the proper processing of payments in accordance with the contract.
For more information on Klarna's data protection, please visit the following URL: [Klarna Data Protection](https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de).
- Paypal
On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When you select a payment method from the provider where you make a payment in advance, your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be transmitted to the provider in accordance with Article 6(1)(b) GDPR. Your data will be shared with the provider exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where we make an upfront payment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and, if applicable, data regarding an alternative payment method) during the order process. To protect our legitimate interest in assessing your creditworthiness in such cases, we will transmit this data to the provider for the purpose of a credit check in accordance with Article 6(1)(f) GDPR. The provider will assess, based on the personal data you provided, as well as additional data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option selected by you can be granted with respect to payment and/or default risk.
The credit report may include probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized, mathematical-statistical procedure. Address data is included in the calculation of the score values, among other factors.
You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if it is necessary for the proper processing of payments in accordance with the contract.
For more information on PayPal's data protection, please visit the following URL: [PayPal Data Protection](https://www.paypal.com/de/webapps/mpp/ua/privacy-full).
- Paypal Checkout
This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local third-party payment methods. When paying via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, we will share your payment data as part of the payment process with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The sharing is done in accordance with Article 6(1)(b) GDPR and only to the extent necessary for payment processing.
For payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be shared with credit reporting agencies based on PayPal's legitimate interest in determining your creditworthiness. The results of the credit check regarding the statistical probability of default are used by PayPal for the purpose of deciding whether to provide the respective payment method. The credit report may include probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized, mathematical-statistical procedure. Address data is included in the calculation of the score values, among other factors. You can object to the processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if it is necessary for the proper processing of payments in accordance with the contract.
When selecting the PayPal payment method "Invoice Purchase," your payment data will be initially transmitted to PayPal for the purpose of preparing the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to execute the payment. The legal basis for this is Article 6(1)(b) GDPR. In this case, RatePay performs an identity and credit check in its own name to assess your creditworthiness, following the principles mentioned above, and shares your payment data with credit reporting agencies based on its legitimate interest in determining your creditworthiness according to Article 6(1)(f) GDPR. A list of the credit reporting agencies that Ratepay can access can be found here: [Link to the list of credit rating agencies](https://www.ratepay.com/legal-payment-creditagencies/).
When using the payment method of a local third-party provider, your payment data will be initially shared with PayPal for payment preparation in accordance with Article 6(1)(b) GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the respective provider for payment processing, also in accordance with Article 6(1)(b) GDPR.
- SOFORT
On this website, one or more online payment methods from the following provider are available: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.
When you select a payment method from the provider where you make a payment in advance (such as credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be transmitted to the provider in accordance with Article 6(1)(b) GDPR. Your data will be shared with the provider exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- Stripe
On this website, one or more online payment methods from the following provider are available: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
When you select a payment method from the provider where you make a payment in advance (such as credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be transmitted to the provider in accordance with Article 6(1)(b) GDPR. Your data will be shared with the provider exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider makes an upfront payment (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and, if applicable, data regarding an alternative payment method) during the order process. To protect our legitimate interest in assessing the creditworthiness of our customers, we will transmit this data to the provider for the purpose of a credit check in accordance with Article 6(1)(f) GDPR. The provider will assess, based on the personal data you provided, as well as additional data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option selected by you can be granted with respect to payment and/or default risk.
The credit report may include probability values (so-called score values). To the extent that score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Address data is included in the calculation of the score values, among other factors.
You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if it is necessary for the proper processing of payments in accordance with the contract.
10) Online Marketing
10.1 Brevo Tracker
This website uses the software-based marketing service of the following provider for the provision and synchronization of various customer management services: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
The service enables the automated processing of feed activities, control of advertising in marketing channels used, analysis of the success of marketing measures, central email marketing, and contact management. To fulfill various functions, cookies are used, which are small text files stored locally in the cache of your web browser on your device, enabling an analysis of your use of the website by us. In this process, cookies capture specific information, such as the IP address, location, and time of page access.
All of the described processing, especially setting cookies to read information on the used end device, will only be carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service using the "Cookie Consent Tool" provided on the website. Other legal bases for data processing that may apply in the context of specific service functions (such as the necessity of express consent under Article 6(1)(a) GDPR for sending newsletters) remain unaffected.
We have concluded a data processing agreement with the provider to ensure the protection of data of our website visitors and to prohibit unauthorized sharing with third parties.
10.2 Google AdSense
This website uses Google AdSense, a web advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google AdSense uses cookies, which are text files that are stored on your computer and enable an analysis of your use of the website. In addition, Google AdSense uses "web beacons" (small invisible graphics) for collecting information, which can be used to record, collect, and evaluate simple actions, such as visitor traffic to the website. The information generated by the cookie and/or web beacon (including your IP address) about your use of this website will generally be transmitted to and stored by Google on a server in the United States.
Google uses the information obtained to conduct an analysis of your usage behavior regarding AdSense advertisements. The IP address transmitted by your browser as part of Google AdSense will not be merged with other Google data. The information collected by Google may be transmitted to third parties if required by law and/or if third parties process this data on behalf of Google.
All of the described processing, especially the reading of information on the used end device via cookies and/or web beacons, will only be carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR. Without this consent, the use of Google AdSense will not take place during your website visit.
You can revoke your consent at any time with effect for the future by deactivating this service using the "Cookie Consent Tool" provided on the website. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.
Google's privacy policy can be viewed here: [https://www.google.com/policies/privacy/](https://www.google.de/policies/privacy/)
11) Web Analytics Services
11.1 Google Analytics 4
This app uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), for the purpose of analyzing app usage.
When using Google Analytics 4, so-called "cookies" are typically employed. Cookies are text files stored on your device that allow for an analysis of your app usage. The information collected through cookies about your app usage (including the IP address of your device, truncated to the last few digits, as explained below) is usually transmitted to and stored and processed on a Google server. This may also involve the transfer of information to servers of Google LLC, located in the United States, for further processing.
When using Google Analytics 4, the IP address sent from your device during your app usage is automatically and systematically collected and processed in an anonymized manner, so that direct identification of the collected information is excluded. This automatic anonymization is achieved by truncating the IP address sent from your device within European Union (EU) member states or other countries that are parties to the Agreement on the European Economic Area (EEA). On our behalf, Google uses this and other information to evaluate your app usage, compile reports on your app activities or usage behavior, and provide us with other services related to your app usage and internet usage. The truncated IP address sent from your device during the use of Google Analytics 4 is not merged with other data by Google. Data collected during the use of Google Analytics 4 is retained for 2 months and then deleted.
Google Analytics 4 also allows for the creation of statistics concerning app users' age, gender, and interests through a special feature known as "demographics." This is achieved by analyzing interest-based advertising and incorporating third-party information. This feature enables the identification and differentiation of user groups within the app for the purpose of targeted marketing efforts. Data collected through "demographics" cannot be attributed to specific individuals, including yourself, as it is anonymized. Data collected through "demographics" is retained for two months and then deleted. All of the aforementioned processing activities, particularly the use of Google Analytics cookies for storing and retrieving information on the device you use for app usage, only occur if you have given us your explicit consent pursuant to Article 6(1)(a) of the GDPR. The use of Google Analytics 4 during your app usage is contingent on your consent. You may revoke your consent at any time, affecting future use. To exercise your revocation, please disable this service using the "Cookie Consent Tool" provided in the app.
In connection with this app, Google Analytics 4 also utilizes the "UserIDs" feature. By assigning individual UserIDs, we can have cross-device reports generated by Google (known as "Cross Device Tracking"). This means that, with your consent to the use of Google Analytics 4 pursuant to Article 6(1)(a) of the GDPR, your usage behavior can be analyzed across devices if you have created a personal account on this app and are logged into your personal account on various devices using your respective login details. The data collected in this manner shows, among other things, on which device you initially clicked on an advertisement and on which device the related conversion took place.
In connection with this app, Google Analytics 4 also employs the Google Signals service. With Google Signals, we can have cross-device reports generated by Google (known as "Cross Device Tracking"). If you have enabled "personalized ads" in your Google account settings and linked your internet-enabled devices to your Google account, Google can analyze your usage behavior across devices with your consent to the use of Google Analytics 4 pursuant to Article 6(1)(a) of the GDPR and create database models based on this data. This includes considering the logins and device types of all app users who were logged into a Google account and performed a conversion. The data reveals, among other things, on which device you initially clicked on an advertisement and on which device the related conversion took place. We do not receive any personal data from Google in this process, but rather statistics created based on Google Signals. You have the option to deactivate the "personalized ads" feature in your Google account settings to disable cross-device analysis in connection with Google Signals. For instructions, please refer to this page: [https://support.google.com/ads/answer/2662922?hl=en](https://support.google.com/ads/answer/2662922?hl=en)
Further information about Google Signals can be found at the following link: [https://support.google.com/analytics/answer/7532985?hl=en](https://support.google.com/analytics/answer/7532985?hl=en)
We have concluded a data processing agreement with Google for our use of Google Analytics 4, obligating Google to protect the data of our app users and prohibit unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision by the European Commission.
Additional legal notices for Google Analytics 4 can be found here: [https://policies.google.com/privacy?hl=en&gl=en](https://policies.google.com/privacy?hl=en&gl=en)
Details about the processing triggered by Google Analytics 4 and Google's handling of app data can be found here: [https://policies.google.com/technologies/partner-sites](https://policies.google.com/technologies/partner-sites)
11.2 Google Tag Manager
This website utilizes the "Google Tag Manager," a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
The Google Tag Manager serves as a technical foundation for bundling various web applications, including tracking and analytics services, and allows for calibration, control, and condition-based execution through a unified user interface. The Google Tag Manager itself does not store information on user devices or retrieve such information. Additionally, the service does not perform independent data analyses. However, when a page is accessed, the Google Tag Manager transmits your IP address to Google and may store it there. Transmission to servers of Google LLC in the USA is also possible.
This processing only occurs if you have given us your explicit consent pursuant to Article 6(1)(a) of the GDPR. Without this consent, the use of Google Tag Manager during your visit to the website is discontinued. You may revoke your consent at any time, affecting future use. To exercise your revocation, please disable this service using the "Cookie Consent Tool" provided on the website.
We have concluded a data processing agreement with the provider to ensure the protection of data of our website visitors and to prohibit unauthorized sharing with third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision by the European Commission.
11.3 Mouseflow
This website uses the web analytics service provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark
Using cookies and/or comparable technologies (e.g., tracking pixels, web beacons, algorithms for reading device and browser information), this service collects and stores pseudonymized visitor data, including information from the device used, such as the IP address and browser details. These data are analyzed for statistical evaluations of user behavior on our website and to create pseudonymized user profiles. This includes the evaluation of movement patterns (so-called heatmaps) that show the duration of page visits and interactions with page content (e.g., text input, scrolling, clicks, and mouse-overs). Pseudonymization generally prevents direct identification of individuals, and no merging with other personal data collected by different means occurs.
All the aforementioned processing activities, especially accessing or storing information on the device used, occur only if you have expressly consented to this in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect by deactivating this service via the "cookie consent tool" provided on the website.
We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prohibit any unauthorized disclosure to third parties.
11.4 PayPal Marketing Solutions
This website uses the web analytics service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Using cookies and/or comparable technologies (e.g., tracking pixels, web beacons, algorithms for reading device and browser information), this service collects and stores pseudonymized visitor data, including information from the device used, such as the IP address and browser details. These data are analyzed for statistical evaluations of user behavior on our website and to create pseudonymized user profiles. This includes the evaluation of movement patterns (so-called heatmaps) that show the duration of page visits and interactions with page content (e.g., text input, scrolling, clicks, and mouse-overs). Pseudonymization generally prevents direct identification of individuals, and no merging with other personal data collected by different means occurs.
All the aforementioned processing activities, especially accessing or storing information on the device used, occur only if you have expressly consented to this in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect by deactivating this service via the "cookie consent tool" provided on the website.
We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prohibit any unauthorized disclosure to third parties.
12) Retargeting/Remarketing and Conversion Tracking
12.1 Facebook Pixel for Creating Custom Audiences
Within our online offering, we use the "Facebook Pixel" service provided by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").
When a user clicks on an advertisement we have placed on Facebook, the "Facebook Pixel" service appends a parameter to the URL of our linked page. This URL parameter is then stored in the user's browser via a cookie set by our linked page.
As a result, Facebook is able to determine visitors to our online offering as a target audience for displaying ads (so-called "Facebook Ads"). Accordingly, we use the service to display Facebook Ads only to Facebook users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products determined based on the visited webpages), which we transmit to Facebook (so-called "Custom Audiences"). Furthermore, with "Facebook Pixel," it is possible to track whether users were redirected to our website after clicking on a Facebook ad and which actions they take on our site (so-called "Conversion Tracking"). The data collected is anonymous to us, meaning it does not provide any insights into the identity of the users. However, Facebook stores and processes the data, allowing for a connection to the respective user profile and enabling Facebook to use the data for its own advertising purposes.
All of the aforementioned processing activities, especially the use of cookies to retrieve information on the device used, only occur if you have given us your explicit consent pursuant to Article 6(1)(a) of the GDPR. You can revoke your consent at any time, affecting future use, by disabling this service using the "Cookie Consent Tool" provided on the website.
We have concluded a data processing agreement with the provider to ensure the protection of data of our website visitors and to prohibit unauthorized sharing with third parties. The data generated by Facebook is typically transmitted to and stored on a Facebook server; in this context, transmission to servers of Meta Platforms Inc. in the USA is also possible. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision by the European Commission.
12.2 Google Ads Remarketing
This website uses retargeting technology provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
For this purpose, Google places a cookie in your device's browser that automatically enables interest-based advertising based on a pseudonymous cookie ID and the pages you have visited. Further data processing only takes place if you have consented to Google linking your internet and app browser history with your Google account and using information from your Google account to personalize ads that you see on the web. If you are logged into your Google account while visiting our website in this case, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked with Google Analytics data to create target audiences. The use of Google Ads Remarketing may also involve the transmission of personal data to servers of Google LLC in the USA.
All of the aforementioned processing activities, especially the use of cookies to retrieve information on the device used, only occur if you have given us your explicit consent pursuant to Article 6(1)(a) of the GDPR. The use of retargeting technology during your visit to the website is contingent on your consent. You may revoke your consent at any time, affecting future use, by disabling this service using the "Cookie Consent Tool" provided on the website.
You can permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in available at the following link: [https://www.google.com/settings/ads/plugin?hl=en](https://www.google.com/settings/ads/plugin?hl=en)
Please note that certain functions of this website may be limited or unavailable if you have disabled the use of cookies. Google's privacy policy can be viewed here: [https://www.google.de/policies/privacy/](https://www.google.de/policies/privacy/)
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision by the European Commission.
12.3 Google Ads Conversion Tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, the Conversion Tracking service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers on external websites through the use of advertising materials (so-called Google Adwords). We can determine how successful individual advertising measures are in relation to the data of the advertising campaigns. Our aim is to display advertising that is of interest to you, to make our website more interesting for you, and to achieve a fair calculation of advertising costs incurred.
The Conversion Tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Thus, cookies cannot be tracked through the websites of Google Ads customers. The information collected using the Conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for Conversion Tracking. Customers are informed about the total number of users who clicked on their ad and were redirected to a page tagged with a Conversion Tracking tag. However, they do not receive any information that personally identifies users. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC in the USA.
Details about the processing triggered by Google Ads Conversion Tracking and Google's handling of website data can be found here: [https://policies.google.com/technologies/partner-sites](https://policies.google.com/technologies/partner-sites)
All of the aforementioned processing activities, especially the use of cookies to retrieve information on the device used, only occur if you have given us your explicit consent pursuant to Article 6(1)(a) of the GDPR. You can revoke your consent at any time, affecting future use, by disabling this service using the "Cookie Consent Tool" provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in available at the following link: [https://www.google.com/settings/ads/plugin?hl=en](https://www.google.com/settings/ads/plugin?hl=en)
Please note that certain functions of this website may not be available or may be restricted if you have disabled the use of cookies. Google's privacy policy can be viewed here: [https://www.google.de/policies/privacy/](https://www.google.de/policies/privacy/)
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European data protection level.
13) Use of Social Media: Social Plugins
13.1 Facebook with Shariff Solution
Our website uses so-called social plugins ("plugins") of the social network Facebook operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").
In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plug-ins and only fully operational when using an HTML link. This type of integration ensures that no connection to servers of Facebook is established when a page of our website containing such buttons is called up. When you click on the button, a new browser window opens and calls up the Facebook page, where you can interact (if necessary after entering your login data) with the plugins contained there.
Facebook Inc., based in the United States, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights and setting options for the protection of your privacy, can be found in the Facebook data protection declaration at: https://www.facebook.com/policy.php
13.2 Google Plugin as Shariff Solution
Our website uses so-called social plugins ("plugins") of the social network Google+ operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland ("Google").
In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plug-ins and only fully operational when using an HTML link. This type of integration ensures that no connection to the Google+ servers is established when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the Google+ page, where you can interact with the plug-ins there (if necessary after entering your login data).
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights and setting options for the protection of your privacy, can be found in Google's data protection declaration at: www.google.com/policies/privacy/
14) Page Functionalities
14.1 YouTube
This website uses plugins for displaying and playing videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data may also be transmitted to: Google LLC., USA.
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. During this process, certain information, including your IP address, is transmitted to the provider. If playback of embedded videos through the plugin is initiated, the provider also uses cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior. If you are logged into a user account with the provider during your visit to our site and you click on a video, your data will be directly associated with your account. If you do not wish for this association with your account, you must log out before clicking the playback button.
All of the aforementioned processing activities, especially the setting of cookies to read information on the end device used, only occur if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service using the "Cookie Consent Tool" provided on the website.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission. For further information on data protection regarding "YouTube," please refer to the provider's privacy policy: [https://www.google.com/intl/de/policies/privacy/](https://www.google.com/intl/de/policies/privacy/)
14.2 Trustami Trust Seal
On our website, graphic elements from the following provider are integrated to display external customer reviews and/or an externally awarded quality seal: Trustami GmbH, Schröderstraße 5, 10115 Berlin, Germany.
When you visit a page on our website that contains such graphic elements, your browser establishes a direct connection to the provider's servers to properly load these elements. In this process, certain browser information, including your IP address, is transmitted to the provider. If personal data is also processed in this context, it is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in optimal marketing of our offerings and the appealing design of our website.
14.3 hCaptcha
This website uses the CAPTCHA service provided by Intuition Machines, Inc.. 350 Alabama St, San Francisco, CA 94110m USA.
The service verifies whether an input is made by a natural person or abusively through automated or machine-based processing. It helps block spam, DDoS attacks, and similar automated harmful activities. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type, as well as the date and duration of the visit. These data are transmitted to the provider's servers for evaluation.
The legal basis for this processing is our legitimate interest in ensuring individual responsibility online and preventing misuse and spam in accordance with Art. 6(1)(f) GDPR. We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prohibit any unauthorized disclosure to third parties.
For the transfer of data to the USA, the provider relies on the European Commission's standard contractual clauses, which aim to ensure compliance with the European data protection standards.
14.4 Google Customer Reviews (formerly Google Certified Shops program)
We collaborate with Google as part of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program allows us to collect customer reviews from users of our website. After making a purchase on our website, you may be asked if you want to participate in a Google email survey.
If you provide your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. The rating you provide will then be aggregated with our other reviews and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your review will also be used for Google Seller Ratings. In the context of using Google Customer Reviews, personal data may also be transferred to the servers of Google LLC. in the USA.
You can revoke your consent at any time by sending a message to the data controller or to Google. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.
Further information on YouTube's privacy policy can be found in the provider's data protection declaration at: www.google.com/policies/privacy/
15) Rights of the Data Subject
15.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:
- Right of access by the data subject pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erase (“right to be forgotten”) pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to be informed pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to withdraw a given consent pursuant to Art. 7 (3) GDPR
- Right to lodge a complaint pursuant to Art. 77 GDPR
15.2 RIGHT TO OBJECT
IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
16) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the processing purpose, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax retention periods). If personal data is processed on the basis of an express consent pursuant to Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject revokes their consent. If there are legal retention periods for data that is processed within the scope of legal or similar obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer necessary for the fulfillment of the contract or the initiation of the contract, and/or if we no longer have a legitimate interest in continuing to store it.
If personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, it is stored until the data subject exercises their right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims. If personal data is processed for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, it is stored until the data subject exercises their right to object pursuant to Art. 21 para. 2 GDPR.
Unless otherwise specified in the other information in this statement on specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.