Privacy Policy
General
As the operator of this website and as a company, we come into contact with your personal data. This concerns all data that reveals something about you and by which you can be identified. In this privacy policy, we would like to explain how, for what purpose and on which legal basis we process your data.
Responsible for the data processing (“data controller”) on this website and in our company is:
Zanchos – Inh. Malte Harms
c/o Block Services, Stuttgarter Str. 106
70736 Fellbach
Deutschland
E-mail: info@zanchos.com
General information
SSL or TLS encryption
When you enter your data on websites, place online orders or send e-mails via the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do our utmost to protect your data as best we can and to close security gaps as far as we can.
An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.
Encrypted payment transactions
Payment data, such as account or credit card numbers, require special protection. For this reason, payment transactions made with the most common means of payment are carried out exclusively via an encrypted SSL or TLS connection.
How long do we store your data?
In some parts in this privacy policy, we inform you about how long we or the companies that process your data on our behalf will store your data. In the absence of such information, we store your data until the purpose of the data processing no longer applies, you object to the data processing or you revoke your consent to the data processing.
In the event of an objection or revocation, we may however continue to process your data if at least one of the following conditions applies:
- We have compelling legitimate grounds for continuing to process the data that override your interests, rights and freedoms (only applies in the case of an objection to data processing; if the objection is to direct marketing, we cannot provide legitimate grounds).
- The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
- We are required by law to retain your data.
In this case, we will delete your data as soon as the requirement(s) cease to apply.
Data transfer to the USA
On our website, we use tools from companies that transfer your data to the USA and store it there and, if necessary, process it further. The European Commission has adopted an adequacy decision for the EU-US data protection framework. The decision establishes that the US ensures an adequate level of protection for EU personal data transferred to US companies. This decision is based on new safeguards and measures put in place by the US to meet data protection requirements. The adequacy decision includes, among other things, restrictions and safeguards on access to data by US intelligence agencies. Binding safeguards were introduced to limit US intelligence agencies’ access to what is necessary and proportionate to protect national security. In addition, enhanced oversight of US intelligence activities was established to ensure that restrictions on surveillance activities are respected. An independent redress mechanism has also been established to handle and resolve complaints from European citizens about access to their data. The EU-US data protection framework thus allows European companies to transfer data to certified US companies without having to introduce additional data protection safeguards. A list of all certified companies can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search.
A change in the European Commission’s decision cannot be ruled out.
Your rights
Objection to data processing
IF IT’S STATED IN THIS PRIVACY STATEMENT THAT WE HAVE LEGITIMATE INTERESTS FOR THE PROCESSING OF YOUR DATA AND THAT THIS PROCESSING IS THEREFORE BASED ON ART. 6 PARA. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO OBJECT IN ACCORDANCE WITH ART. 21 GDPR. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO REASONS ARE REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.
THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING PREREQUISITS EXISTS:
- WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.
- THE PROCESSING IS NECESSARY FOR ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
THESE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING OR TO PROFILING RELATED TO IT.
Other rights
Withdrawal of your consent to data processing
Many data processing operations are based on your consent. You can give this consent, for example, by ticking the appropriate box on online forms before you send the form, or by allowing the operation of certain cookies when you visit our website. You may revoke your consent at any time without giving reasons (Art. 7 (3) GDPR). From the time of revocation, we may then no longer process your data. The only exception: we are required by law to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.
Right to complain to the competent supervisory authority
If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. You may contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right to complain exists alongside administrative or judicial remedies.
Right to data portability
We must hand over data that we process automatically on the basis of your consent or in fulfillment of a contract to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another “data controller” if this is technically possible.
Right to information, deletion, and correction of data
According to Art. 15 GDPR, you have the right to receive information free of charge about which of your personal data we have stored, where the data came from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have a right to rectification (Art. 16 GDPR), and under the conditions of Art. 17 GDPR you may demand that we delete the data.
Right to restriction of processing
In certain situations, according to Art. 18 GDPR, you may demand that we restrict the processing of your data. The data may then – apart from storage – only be processed as follows:
- with your consent
- for the assertion, exercise or defense of legal claims
- to protect the rights of another natural or legal person
- for reasons of important public interest of the European Union or a Member State.
The right to restrict processing exists in the following situations:
- You have disputed the accuracy of your personal data stored by us and we need time to verify this. The right exists for the duration of the review.
- The processing of your personal data is unlawful or was unlawful in the past. The right exists alternatively to the deletion of the data.
- We no longer need your personal data, but you need it to exercise, defend or assert legal claims. The right exists alternatively to the deletion of the data.
- You have filed an objection pursuant to Art. 21 (1) GDPR and now your interests and our interests must be weighed against each other. The right exists as long as the result of the balancing of interests has not yet been determined.
Hosting and Content Delivery Networks (CDN)
External hosting
Our website is hosted on a server of the following Internet service provider (hoster):
ALL-INKL.COM – Neue Medien Münnich
Owner René Münnich
Hauptstraße 68
02742 Friedersdorf, Germany
How do we process your data?
The hoster stores all the data from our website. This includes all personal data that is collected automatically or through entering. This can be in particular: Your IP address, pages accessed, names, contact details and requests, as well as meta and communication data. When processing data, our hoster adheres to our instructions and always processes the data only insofar as this is necessary to fulfill the service obligation to us.
On what legal basis do we process your data?
Since we address potential customers via our website and maintain contacts with existing customers, the data processing by our hoster serves to initiate and fulfill contracts and is therefore based on Art. 6 (1) lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the legal basis of Art. 6 (1) lit. f) GDPR.
Data collection on this website
Use of cookies
Our website places cookies on your device. These are small text files that are used for various purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to perform certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to take advantage of a shopping cart in an online store. Still other cookies are used to analyze user behavior or to optimize advertising measures. If we use third-party services on our website, for example to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).
How do we process your data?
Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they therefore disappear by themselves. Permanent cookies, on the other hand, remain on your device unless you delete them yourself. This can, for example, lead to your user behavior being permanently analyzed. You can use the settings in your browser to influence how it handles cookies:
- Do you want to be informed when cookies are set?
- Do you want to exclude cookies in general or for certain cases?
- Do you want cookies to be deleted automatically when you close the browser?
If you disable or do not allow cookies, the functionality of the website may be limited.
If we use cookies from other companies or for analysis purposes, we will inform you about this as part of this privacy policy. We also request your consent in this regard when you access our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our online offers can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device therefore takes place on the legal basis of Art. 6 (1) lit. f) GDPR. We use all other cookies on the legal basis of Art. 6 (1) lit. a) GDPR, provided you give us your consent. You can revoke this at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when requesting consent, these cookies will also be stored exclusively on the basis of your consent.
Cookie consent with Real Cookie Banner
What is Real Cookie Banner?
Consent management platform (CMP) for obtaining and processing GDPR-compliant consent.
Who processes your data?
Real Cookie Banner is provided by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany
Where can you find more information about data protection at Real Cookie Banner?
https://devowl.io/de/datenschutzerklaerung/
How do we process your data?
We use Real Cookie Banner consent management platform to obtain your consent to store cookies on your device in a data protection compliant manner. When you visit our website and close the cookie window requesting consent, the following data is transmitted to the company:
• your IP address
• information about your browser
• the language used
• the requested web page
In addition, Real Cookie Banner stores various cookies in your browser in order to be able to assign the consent given or its revocation to your browser. All collected data is stored until the cookies are no longer needed, you delete the cookies from Real Cookie Banner or you request us to delete the data. This does not apply only if we are required by law to retain the data.
On what legal basis do we process your data?
We are legally obliged to obtain the consent of our website visitors for the use of certain cookies. In order to fulfill this obligation, we use The legal basis for data processing is therefore Art. 6 (1) lit. c) GDPR.
Server log files
Server log files log all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so that we cannot assign the data to your person. The data is automatically transmitted to our provider by your browser.
How do we process your data?
Our provider stores the server log files in order to be able to track the activities on our website and to locate errors. The files contain the following data:
- browser type and version
- operating system used
- referrer URL
- host name of the accessing computer
- Time of the server request
- IP address (anonymized if necessary)
We do not combine this data with other data but use it only for statistical analysis and to improve our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our website runs without errors. It is also our legitimate interest to obtain an anonymized overview of the accesses to our website. Therefore, the data processing is lawful according to Art. 6 (1) lit. f) GDPR.
Contact form
You can send us a message via the contact form on this website.
How do we process your data?
We store your message and the information from the form in order to process your request including follow-up questions. This also applies to the contact details provided. We do not pass on the data to other persons without your consent.
How long do we store your data?
We delete your data as soon as one of the following occurs:
- Your request has been conclusively processed.
- You request us to delete the data.
- You revoke your consent to the storage.
This does not apply only if we are required by law to retain the data.
On what legal basis do we process your data?
If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the legal basis of Art. 6 (1) lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests directed to us. The legal basis for data processing is therefore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Inquiry by e-mail, telephone or fax
You can send us a message by e-mail or fax or call us.
How do we process your data?
We store your message as well as your self-made contact details or the transmitted telephone number in order to be able to process your inquiry including follow-up questions. We do not pass on the data to other persons without your consent.
How long do we store your data?
We delete your data as soon as one of the following occurs:
- Your inquiry has been conclusively processed.
- You request us to delete the data.
- You revoke your consent to the storage.
This does not apply only if we are required by law to retain the data.
On what legal basis do we process your data?
If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the legal basis of Art. 6 (1) lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests directed to us. The legal basis for data processing is therefore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Communication via WhatsApp
What is WhatsApp?
Instant messaging service
Who processes your data?
WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Where can you find more information about data protection at WhatsApp?
https://www.whatsapp.com/legal/#privacy-policy
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How do we process your data?
For communication with our customers and other persons outside our company, we use the instant messaging service WhatsApp in the variant “WhatsApp Business”.
Communication takes place via end-to-end encryption (peer-to-peer). This prevents WhatsApp or other third parties from gaining access to the communication content. We have also set our accounts in such a way that no automatic matching with the address book on the smartphones used takes place. WhatsApp does, however, gain access to the metadata of the communication process (e.g., sender, recipient and time of communication) and, according to its own statement, shares this data with Meta, its parent company based in the USA.
How long do we store your data?
We delete your data as soon as one of the following occurs:
- The purpose of the data processing has ceased to exist.
- You request us to delete the data.
- You revoke your consent to the storage.
The only time this does not apply is when we are legally obligated to retain the data.
On what legal basis do we process your data?
If our exchange via WhatsApp is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the legal basis of Art. 6 (1) lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process requests directed to us and to maintain a business contact with other persons. The legal basis for data processing is therefore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Registration function
In order to use certain functions or offers on our website, you must register. This requires you to provide your e-mail address and possibly other personal data.
How do we process your data?
We store the data you provide during registration and use it to provide you with the function or offer for which you have registered. If there are any changes in relation to the offer or function, we will use your e-mail address to inform you about them. In addition, we use your e-mail address to make you further contract offers, if necessary.
How long do we store your data?
We delete your data as soon as one of the following occurs:
- The purpose of the data processing has ceased to apply.
- You request us to delete the data.
- You revoke your consent to the storage.
The only time this does not apply is when we are legally obligated to retain the data.
On what legal basis do we process your data?
We store and use your data to fulfill the user relationship established during registration and, if necessary, to initiate further contracts. The legal basis is therefore Art. 6 (1) lit. b) GDPR.
Commenting function
You have the option of commenting on content on our website via corresponding input windows. In order to use the commenting function, you must enter your e-mail address. It is also possible to subscribe to the comments of others.
How do we process your data?
When you leave comments on our website, we store the following data:
- Your comment
- your e-mail address
- the time of the comment
- other data that you provide in the course of commenting, e.g. your user name
- your IP address
We store data with which you can be identified in order to be able to take legal action against you if your comment is insulting, inciting hatred or otherwise criminally relevant.
If you subscribe to comments, we will send you an email to verify that you are the owner of the email address provided. You can unsubscribe from receiving comments at any time via a link in this email.
How long do we store your data?
We store your comments and the associated data until the commented content has been completely deleted or the comments have to be deleted for legal reasons, e.g. because they violate criminal law.
If you have subscribed to comments and unsubscribe, all data provided as part of the subscription will be deleted. If we have also stored your data for another reason, for example because you have subscribed to our newsletter, this data is not affected by the deletion.
On what legal basis do we process your data?
By using the comment function, you consent to the storage of your data. The basis for data processing is therefore Art. 6 (1) lit. a) GDPR. You can revoke your consent at any time by writing us an email explaining your revocation. From this point on, we may no longer process your data.
Social-Media-Plugins
Use of social media plugins
Regular use
We use social media plugins on our website. You can recognize these by the logos of the social networks. Thanks to the plugins, you can easily share the content on our website on social networks. The list at the end of this section shows which plugins we use in detail. Here you will also find the networks’ information relevant to data protection.
How do we process your data?
Due to the embedded plugins, a connection to the servers of the social networks is established when you visit our website. This happens even if you do not share any content. In this way, the offering companies learn that the website was visited via your IP address. If you are logged into your account on a social network when you visit our website, the transmitted data can also be assigned to your personal profile. If you do not want this, you must log out of your account before you continue surfing the Internet.
Except for Xing, all networks store the IP address. Further personal data may be added. In this case, your data is usually transferred to servers in the USA. If this is the case, you can find out the basis on which this happens in each case from the information on the networks given below.
On what legal basis do we process your data?
It is important for the success of our company to be present on social networks. It is therefore our legitimate interest to use the social media plugins to ensure that the content of our website or our offers can be easily shared. The legal basis for data processing is Art. 6 (1) lit. f) GDPR.
If you have consented to data processing, we process your data exclusively on the basis of Art. 6 (1) lit. a) GDPR. You may revoke your consent at any time. From the time of revocation, we may no longer process your data.
Which social media do we use?
What is Facebook?
Social network
Who processes your data?
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.
Where can you find more information about data protection at Facebook?
https://de-de.facebook.com/privacy/explanation
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
What is Instagram?
Social network
Who processes your data?
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Where can you find more information about data protection at Instagram?
https://instagram.com/about/legal/privacy/
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
Analysis tools and advertising
We use the following tools to analyze the behavior of our website visitors and show you advertisements.
Google Tag Manager
What is Google Tag Manager?
Tag management system for the integration of tracking codes and conversion pixels of Google Ireland. Ltd.
Who processes your data?
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Where can you find more information about data protection at Google Tag Manager?
https://policies.google.com/privacy
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How do we process your data?
We use the Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage them and play them out. Google Tag Manager does not create user profiles itself, does not place cookies on your device, and does not analyze your behavior as a user. It does, however, record your IP address and transmit it to Google servers in the USA.
On what legal basis do we process your data?
We have a legitimate interest in a quick and uncomplicated integration and management of various tools on our website. The use of Google Tag Manager is therefore lawful according to Art. 6 (1) lit. f) GDPR. If you have consented to the transfer of your IP address, we process your data exclusively on the basis of Art. 6 (1) lit. a) GDPR. You can revoke your consent at any time with effect for the future.
Google Analytics
What is Google Analytics?
Tool for analyzing user behavior of Google Ireland Ltd.
Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Where can you find more information about Google Analytics data protection?
https://support.google.com/analytics/answer/6004245?hl=en
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How can you prevent data collection?
Among other things, with a browser plugin: https://tools.google.com/dlpage/gaoptout?hl=en
How do we process your data?
We are always interested in optimizing our web offer for visitors to our website and placing advertisements in the best possible way. We are helped in this by Google Analytics, a tool that analyzes the behavior of users and thus provides us with the necessary database for adjustments. Through the tool, we receive information about the origin of our visitors, their page views and the time they spend on the pages, as well as the operating system they use.
Standard processing
To collect the data, Google Analytics uses cookies, device fingerprinting or other user recognition technologies. The data is transmitted to Google servers in the USA and, with the help of the IP address that is also collected, summarized in a profile that can be assigned to you or your device.
You can prevent Google from processing your data by installing a browser plugin that Google itself provides: https://tools.google.com/dlpage/gaoptout?hl=de.
Demographic characteristics
We use the “demographic characteristics” function of Google Analytics to display suitable advertisements to visitors to our website within the Google advertising network. As a result, reports may be generated that include statements about the age, gender, and interests of our site visitors. This data comes from interest-based advertising from Google as well as visitor data from third parties. It is not possible to assign the collected data to specific individuals.
You can deactivate the function in the settings of your Google account.
E-commerce tracking
We use the “e-commerce tracking” function of Google Analytics. This allows us to analyze the purchasing behavior of our website visitors and improve our online marketing campaigns. E-commerce tracking records, for example, your orders, average order values, shipping costs, and the time from viewing to purchasing a product. Google can summarize the data under a transaction ID and assign it to you or your device.
How long do we store your data?
According to its own information, Google deletes or anonymizes data stored at user and event level that is linked to cookies, user identifiers (e.g. user IDs) or advertising IDs after 14 months (cf. https://support.google.com/analytics/answer/7667196?hl=de).
On what legal basis do we process your data?
As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR. In the event that you have consented, for example, to the storage of cookies or have otherwise consented to data processing by Google Analytics, only Art. 6 (1) lit. a) GDPR is the legal basis. You can revoke your consent at any time with effect for the future.
Google Ads
What is Google Ads?
Online advertising program of Google Ireland Ltd.
Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Where can you find more information about data protection at Google Ads?
https://policies.google.com/privacy?hl=en&gl=en
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How do we process your data?
We use Google Ads. Google’s advertising program enables us to play advertisements in the Google search engine or on third-party websites when visitors to our website enter certain search terms on Google (keyword targeting). Furthermore, we can place targeted advertisements based on the user data available at Google (e.g. location data and interests) (target group targeting). We evaluate the collected data quantitatively by analyzing, for example, which search terms led to the playout of our ads and how many ads resulted in corresponding clicks.
On what legal basis do we process your data?
As a website operator, we have a legitimate interest in the placement and evaluation of advertisements. The data processing is therefore lawful according to Art. 6 para. 1 lit. f) DSGVO. In the event that you have consented, for example, to the storage of cookies or have otherwise consented to data processing by Google, only Art. 6 (1) a) DSGVO is the legal basis. You can revoke your consent at any time with effect for the future.
Google Conversion Tracking
What is Google Conversion Tracking?
Tool for analyzing user behavior provided by Google Ireland Ltd.
Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Where can you find more information about data protection at Google Conversion Tracking?
https://www.google.de/intl/de/policies/privacy/
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How do we process your data?
We are always interested in optimizing our web offering for users and placing advertising in the best possible way. For this purpose, we also use Google’s conversion tracking. With its help, we can record whether and how often visitors clicked on certain buttons on our website and which products were viewed and purchased particularly frequently (conversion statistics) . In the course of data collection and storage, we do not receive any information with which we can personally identify individual visitors. Google itself uses cookies or comparable recognition technologies for identification.
On what legal basis do we process your data?
As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. The data processing is therefore lawful according to Art. 6 para. 1 lit. f) GDPR. In the event that you have consented, for example, to the storage of cookies or have otherwise consented to data processing by Google Conversion Tracking, only Art. 6 (1) lit. a) GDPR is the legal basis. You can revoke your consent at any time with effect for the future.
META Pixel
What is META Pixel?
Tool for analyzing user behavior that measures the effectiveness of advertising on Facebook.
Who processes your data?
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.
Where can you find more information about data protection at META Pixel?
https://de-de.facebook.com/about/privacy/
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How can you prevent data processing?
If you have a Facebook account: Deactivate the “Custom Audiences” remarketing function in the Ad Settings section (https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen).
If you do not have a Facebook account: Disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
How do we process your data?
We use the META Pixel on our website. The analytics tool helps us learn more about the behavior of visitors to our website after they click on one of our ads on Facebook. This allows us to measure how effective our Facebook ads are and align future advertising efforts with the insights we gain. The data that Facebook collects via the pixel is anonymous to us as the operator of this website. So we cannot identify you as a visitor. However, the data is stored and processed by Facebook. Thus, Facebook establishes a connection to your Facebook account via the pixel and, in addition, uses the data to place advertisements itself within and outside the network (cf. Facebook Data Use Policy). In the course of storage and processing, Facebook also transmits the data to the USA and other third countries.
If you have a Facebook account, you can deactivate the “Custom Audiences” remarketing function in this account in the Advertising Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
If you do not have a Facebook account, it is possible to deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
On what legal basis do we process your data?
As a website operator, we have a legitimate interest in effective advertising measures on social networks. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR. In the event that you have consented, for example, to the storage of cookies or have otherwise consented to data processing by Facebook, only Art. 6 (1) lit. a) GDPR is the legal basis. You can revoke your consent at any time with effect for the future.
TikTok Pixel
What is TikTok Pixel?
User behavior analysis tool that measures the effectiveness of advertising on TikTok.
Who processes your data?
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Where can you find more information about data protection at TikTok Pixel?
https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
On what legal basis do we transfer your data to other third countries?
TikTok adheres to the standard contractual clauses of the European Commission (see https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE).
How can you prevent data processing?
Information on this can be found on the following pages:
https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de
How do we process your data?
We use the TikTok Pixel on our website. The analysis tool helps us to learn more about the behavior of visitors on our account and our website. This tool allows us to measure how effective our advertising measures are and to align future advertising measures with the insights we have gained. On the one hand, we can designate you as a visitor to our online offer as a target group for the display of advertisements (so-called “TikTok Ads”). Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offer or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to TikTok (so-called “Custom Audiences”). With the help of the TikTok pixel, we therefore want to ensure that our TikTok ads correspond exclusively to the interests of the users. On the other hand, with the help of the TikTok pixel, we can also track whether users were really redirected to our website after clicking on a TikTok ad (so-called “conversion”).
On what legal basis do we process your data?
As a website operator, we have a legitimate interest in effective advertising measures on social networks. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR. In the event that you have consented, for example, to the storage of cookies or have otherwise consented to data processing by TikTok, only Art. 6 (1) lit. a) GDPR is the legal basis. You can revoke your consent at any time with effect for the future.
Newsletter and postal advertising
Mailchimp
What is Mailchimp?
Service for sending newsletters and analyzing recipient behavior.
Who processes your data?
Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Where can you find more information about data protection at Mailchimp?
https://mailchimp.com/legal/privacy und https://mailchimp.com/de/gdpr/
On what legal basis do we transfer your data to the USA?
Mailchimp has so-called standard contractual clauses that permit data transfer to the USA: https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms
How do we process your data?
We use Mailchimp for our newsletter mailing. The service manages the data of newsletter subscribers for us, sends our newsletter and analyzes our newsletter campaigns.
If you would like to receive our newsletter, we need your email address. We will also use a confirmation email (double opt-in procedure) to check whether you are really the owner of this email address. We do not collect any further data or only on a voluntary basis. We use your data exclusively for sending the newsletter. They are stored on a Mailchimp server in the USA.
If we send a newsletter via Mailchimp and you open it, a file contained in the newsletter automatically connects to Mailchimp’s servers. In this way, the service learns that the newsletter has been opened and registers all clicks on the links it contains. In addition, Mailchimp collects technical information, such as the time of the retrieval, the IP address, browser type and operating system.
You can unsubscribe from the newsletter at any time.
How long do we store your data?
After you have unsubscribed, the data is deleted from the newsletter distribution list. In some circumstances, we blacklist your e-mail address at the same time; this is necessary, for example, if we have received an objection to advertising from you. In this case, the legal basis for the storage is Art. 6 (1) lit. f) GDPR.
Otherwise, we reserve the right to delete the data at any time after the purpose for which it was collected has ceased to exist or at our own discretion.
On what legal basis do we process your data?
By entering your data in the subscriber list, you consent to data processing by Mailchimp. This is therefore carried out lawfully on the basis of Art. 6 (1) lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal message. For us, this means that we may no longer send you newsletters from this point on.
Plugins and tools
Google Fonts (local hosting)
We use fonts from the US company Google on our website. We have installed the fonts locally, so there is no connection to Google’s servers when you visit our website.
For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
What is Google reCAPTCHA?
Test tool to distinguish between people and computers from Google Ireland Ltd.
Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Where can you find more information about data protection at Google?
https://policies.google.com/privacy?hl=de
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
How do we process your data?
With Google reCAPTCHA, we check whether data entered into forms on our website comes from a human or from a computer. For you, this means that the testing tool analyzes your behavior as a visitor to our website based on various characteristics. The analysis does not start when you use the test tool, but already when you visit our website. Various data are collected, e.g. the IP address, the time spent on our website and mouse movements. The data is forwarded to Google.
On what legal basis do we process your data?
As a company, we have a legitimate interest in protecting our web offerings from spam and abusive spying. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR.
If you have consented to the data processing, we process your data exclusively on the basis of Art. 6 (1) lit. a) GDPR. You may revoke your consent at any time. From the time of revocation, we may no longer process your data.
jQuery
What is jQuery?
Service that provides access to a JavaScript library for use on this website
Who processes your data?
The OpenJS Foundation, 548 Market St, PMB 57274, San Francisco, California, USA
Where can you find more information about data protection at jQuery?
On what basis do we transfer your data to the USA?
jQuery adheres to the standard contractual clauses of the European Commission (see https://openjsf.org/privacy)
How do we process your data?
We use the services of jQuery on our website. jQuery is a JavaScript library. It simplifies Javascript programming by providing an easy-to-use interface for many common tasks. With jQuery, users can make their websites faster and more interactive. When you visit our website, a direct connection is established between your browser and the jQuery servers. This is how jQuery learns that our website was accessed via your IP address.
On what legal basis do we process your data?
jQuery’s fonts ensure a consistent typeface on our websites. As a company, we have a legitimate interest in this. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR.
If you have consented to the data processing, we process your data exclusively on the basis of Art. 6 (1) lit. a) GDPR. You may revoke your consent at any time. From the time of revocation, we may no longer process your data.
Wordfence
What is Wordfence?
Firewall and security scanner for WordPress websites.
Who processes your data?
Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA
Where can you find more information about data protection at Wordfence?
https://www.wordfence.com/privacy-policy/
On what legal basis do we transfer your data to the USA?
On the basis of standard contractual clauses of the European Commission (see https://www.wordfence.com/help/general-data-protection-regulation/).
How do we process your data?
To protect our website from malicious traffic, we use the Wordfence plugin. It identifies and blocks data that has malicious code or content, and checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections. In order for these measures to be carried out, our website is permanently connected to Defiant Inc. servers in the USA. On these, accesses to our website are compared with the data that Wordfence has stored in its database and, if necessary, blocked.
On what legal basis do we process your data?
As a website operator, we have a legitimate interest in protecting ourselves from malicious traffic. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR.
If you have consented to the data processing, we process your data exclusively on the basis of Art. 6 (1) lit. a) GDPR. You may revoke your consent at any time. From the time of revocation, we may no longer process your data.
Elementor
What is Elementor?
Plugin for creating websites
Who processes your data?
Elementor 8 THE GRN STE A DOVER, DE 19901 USA
Where can you find more information about Elementor`s privacy policy?
https://elementor.com/about/privacy/
On what legal basis do we transfer your data to the USA?
On the basis of standard contractual clauses of the European Commission (see https://elementor.com/about/privacy/).
How do we process your data?
We use the “Elementor Website Builder for WordPress” plugin on our website. This plugin does not process any personal data. However, cookies are used to store the number of page views and active sessions of the user.
On what legal basis do we process your data?
By integrating the Elementor plugin, we want to make our website and our services and offers more appealing. This is our legitimate interest as a company and is therefore lawful according to Art. 6 (1) (f) GDPR.
eCommerce and payment providers
Customer and contract data
How do we process your data?
When we conclude a contract with you, we require certain personal data from you. We collect, process and use this data only insofar as it is necessary to establish our legal relationship, to shape its content or to change it. If you can only use our services via our website or if the services are billed via the website, we also collect usage data insofar as this is necessary to enable you to use our offer or to bill the service used.
How long do we store your data?
We store your data until our legal relationship ends, unless we are required by law to keep the data longer.
On what legal basis do we process your data?
We store your data in order to fulfill the contract with you or to carry out pre-contractual measures. The basis of the data processing is therefore Art. 6 (1) lit. b) GDPR.
Data transfer for the shipment of goods
How do we process your data?
When you order goods from us, we transmit your data to companies that we commission with the delivery and/or through which we process the payment. In doing so, only data that is necessary for the commissioned company to carry out the specific order will be transmitted. If we want to pass on data beyond this, we will obtain your consent. We do not pass on your data for advertising purposes.
On what legal basis do we process your data?
We pass on your data in order to fulfill the contract we have concluded with you. The basis of the data processing is therefore Art. 6 (1) lit. b) GDPR.
Data transfer for dropshipping
Dropshipping means that ordered goods are delivered directly from the manufacturer or wholesaler to you. In our case this is:
Spreadshirt Print On Demand GmbH
Gießerstraße 27
04229 Leipzig
How do we process your data?
So that the delivery can be made by Spreadshirt Print On Demand GmbH, we give your name, delivery address and – if necessary – your phone number to them.
On what legal basis do we process your data?
We pass on your data in order to fulfill the contract we have concluded with you. The basis of the data processing is therefore Art. 6 (1) lit. b) GDPR. In addition, we have a legitimate interest in processing purchases as quickly and effectively as possible. In this respect, the legal basis is also Art. 6 (1) lit. f) GDPR.
Payment services
To enable you to conveniently pay for your purchases on our website, we use the services of payment services, i.e. external companies that process the payments for us. You can see which ones these are specifically from the list at the end of this section.
How do we process your data?
For the payment process, you must provide certain personal data, e.g. your name, your account details or credit card number. We pass this data on to the respective payment service. For the transaction itself, the respective contract and data protection provisions of the respective services apply.
On what legal basis do we process your data?
We pass on your data in order to fulfill the contract we have concluded with you. The basis of the data processing is therefore Art. 6 (1) lit. b) GDPR. In addition, we have a legitimate interest in processing purchases as quickly, conveniently and securely as possible. In this respect, the legal basis is also Art. 6 (1) lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 (1) lit. a) GDPR. You can revoke your consent at any time with effect for the future.
Which payment services do we use?
PayPal
What is PayPal?
Online payment service
Who processes your data?
PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
Where can you find more information about data protection at PayPal?
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
On what legal basis do we transfer your data to the USA?
PayPal adheres to the standard contractual clauses of the European Commission (see https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full).
Stripe
What is Stripe?
Online payment service
Who processes your data?
Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Where can you find more information about data protection at Stripe?
On what legal basis do we transfer your data to the USA?
On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.
Data processing on social media
What is Social Media?
By social media, we mean the social networks on which we have created publicly accessible profiles. You can read below which social networks these are specifically.
Who processes your data?
The respective operating companies of the social networks. You can find the individual operators below under the respective networks.
How is your data processed?
The operators of social networks are generally able to collect and evaluate comprehensive data about the behavior of visitors and users of the network. It is not possible for us to track all processing operations on the social networks we use, which is why further processing operations not listed here may be carried out by the operators of the social networks. You can find more information on this in the terms of use and privacy statements of the respective social networks.
The processing of your data can be triggered by you visiting the website of the social network or our profile page there. Even if you visit a website that uses certain content of the network, e.g. like or share buttons, data may already be transmitted to the operators of the social network. If you yourself are a user of the social network and logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you yourself have not registered a user account or are not logged in, the operator of the network may still collect your personal data, e.g. by recording your IP address or setting cookies. With this data, the operators can create user profiles adapted to your behavior and interests and show you interest-based advertising inside and outside the network. If you are a registered user of the network, the interest-based advertising may also be displayed on all devices on which you are or were logged in.
On what legal basis is your data processed?
Our profiles in the social networks are intended to ensure the broadest possible presence of our company on the Internet. As a company, we have a legitimate interest in this. The data processing is therefore lawful according to Art. 6 (1) lit. f) GDPR.
The data processing operations and analyses carried out by the operators of the social networks themselves may be based on other legal grounds. These must be stated by the operators of the social networks.
Who is responsible for the processing of your data and how can you assert your rights?
If you visit one of our profiles on the social networks, we are jointly responsible with the operator of the respective network for the data processing operations triggered during this visit. In principle, you can assert your rights both against us and against the operator of the respective network.
Despite the joint responsibility with the operators of the social networks, however, our influence on the data processing operations of the respective operator is limited and is primarily based on the operator’s specifications.
How long is your data stored?
If we collect data via our profiles in the social networks, these are deleted from our systems as soon as the purpose for storing them no longer applies, you request us to delete them or you revoke your consent to storage. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on how long the operators of the social networks store your data, which the operators collect for their own purposes. You can obtain information on this directly from the operator of the respective social network, e.g. in the respective privacy policy.
Which social media do we use?
What is Facebook?
A social network
Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Is your data transferred to third countries?
Yes, to the U.S. and also to other third countries.
Where can you find more information about data protection at Facebook?
https://www.facebook.com/about/privacy/
As a Facebook user, where can you adjust your advertising preferences?
As a registered Facebook user, you can adjust your advertising settings in your user account. To do so, click on the following link and log in:
What is Instagram?
A social network specializing in photos and videos.
Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
Is your data transferred to third countries?
Yes
Where can you find more information about data protection at Instagram?
https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Richtlinien%20und%20Meldungen
As a user, where can you adjust your privacy settings?
As a registered Instagram user, you can adjust your privacy settings in your user account. To do so, click the following link and log in:
https://www.instagram.com/accounts/privacy_and_security/
TikTok
What is TikTok?
A social network specializing in photos and videos
Who processes your data?
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Is your data transferred to third countries?
Yes
Where can you find more information about data protection at TikTok?
https://www.tiktok.com/legal/privacy-policy-eea?lang=de
As a user, where can you adjust your privacy settings?
https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de