Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data will have no consequences. This applies only insofar as no other information is provided for the following processing operations.

“Personal data” means any information relating to an identified or identifiable natural person.

Server log files

You can visit our websites without providing any information about yourself.

Each time you access our website, usage data is transmitted to us or to our web host / IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the volume of data transferred, and the requesting provider.

Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and in improving our offering.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is carried out on the basis of contractual obligations that are comparable to the EU Commission’s Standard Contractual Clauses.

Contact

Controller / Data Protection Officer

You may contact us upon request. The controller responsible for data processing is:

Stretta Music GmbH
Ochsenfurter Str. 6
97246 Eibelstadt
Germany

Tel.: +49 (0)9306 985171-0
[email protected]

You can reach our Data Protection Officer directly at:
Friedemann Hecht
Schulenburgring 127
12101 Berlin
Germany
Tel.: +49 (0)177 6663193
[email protected]
https://www.mehralsdatenschutz.de

Data processing within the whistleblower protection system

If you submit information to the internal reporting office within the established whistleblower protection system, we collect your personal data (name, electronic contact details, address, message text, information on violations within the meaning of Section 3(3) HinSchG, information on the identity of persons protected under the HinSchG) only to the extent provided by you. Data processing serves the purpose of fulfilling the tasks, duties and rights of the internal reporting office assigned to it by the HinSchG.

Data processing is carried out to comply with a legal obligation on the basis of Art. 6(1)(c) GDPR in conjunction with Section 10 HinSchG.

Your data will then be deleted in compliance with statutory retention periods (3 years after completion of the procedure within the meaning of Section 18 HinSchG).

Customer’s unsolicited contact by email

If you contact us by email on your own initiative in a business context, we collect your personal data (name, email address, message text) only to the extent provided by you. Data processing serves the purpose of handling and responding to your enquiry.

If the contact serves the implementation of pre-contractual measures (e.g. advice in case of purchase interest, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6(1)(b) GDPR.

If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in processing and responding to your enquiry. In this case, you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you that is based on Art. 6(1)(f) GDPR.

We use your email address only to process your enquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form

When you use the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. Data processing serves the purpose of contacting you.

We use your email address only to process your enquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing of applications by email

If visitors are interested in vacancies advertised on our website, they can apply by email. In doing so, we collect your personal data only to the extent provided by you. This includes your contact details (e.g. name, email address, telephone number), information about your professional qualifications and education, information about professional training, and performance-related evidence.

Data processing serves the purpose of contacting you and deciding on the establishment of an employment relationship with you. Provision of the data is required in order to conduct the application process. Processing of your personal data is carried out on the basis of Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG for the implementation of pre-contractual measures (conducting the application process as initiation of an employment contract).

If you have given us consent to process personal data for inclusion in our applicant pool, e.g. by ticking a checkbox, processing is carried out on the basis of Art. 6(1)(a) GDPR. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

If, as part of the application process, special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants, such as information on the degree of severe disability, this is carried out on the basis of Art. 9(2)(b) GDPR so that we can exercise rights arising from labour law and the law of social security and social protection and fulfil our related obligations.

We store your personal data for as long as necessary to decide on your application. Your data will then be deleted at the latest after six months, unless you have consented to further processing and use. If an employment relationship arises following the application process, the data provided will be further processed on the basis of Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG for the purposes of carrying out the employment relationship and will then be transferred to the personnel file.

Customer account, orders

Customer account

When you open a customer account, we collect your personal data to the extent specified there. Data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Your customer account will then be deleted.

Collection, processing and disclosure of personal data when placing orders

When you place an order, we collect and process your personal data only insofar as this is necessary to fulfil and process your order and to handle your enquiries. Provision of the data is required for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is carried out on the basis of Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.

Your data may be disclosed, for example, to shipping companies, dropshipping or fulfilment providers, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly comply with statutory requirements. The scope of data transfer is limited to the minimum necessary.

Reviews, advertising

Data collection when submitting a comment or a review

When commenting on / reviewing an item or a post, we collect your personal data (name, email address, comment text) only to the extent provided by you. Processing serves the purpose of enabling comments/reviews and displaying them.

By submitting the comment/review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Your personal data will then be deleted.

Review reminder

After your order, we would like to ask you to review your purchase with us.

For this purpose, we use your personal data (name, email address, order information) independently of contract processing to send you a review reminder by email after a purchase, provided you have expressly consented.

Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time using the corresponding link in the email or by notifying us, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Use of your personal data for sending postal advertising

We use your personal data (name, address) received by us in connection with the sale of goods or services to send you postal advertising, provided you have not objected to this use. Provision of this data is required for the conclusion of the contract. Failure to provide it means that no contract can be concluded.

Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your address data at any time by notifying us. You can find the contact details for exercising your objection in the Legal Notice (Imprint).

Use of email address for sending newsletters

We use your email address to send you information and offers by newsletter, provided you have expressly consented. Data processing serves exclusively the purpose of advertising communication. For this purpose, we process your email address and, if applicable, further data you voluntarily provided when registering for our newsletter.

Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list. Despite removal from the distribution list, we may continue to store your email address in a so-called blacklist in order to prevent you from receiving newsletter emails from us in the future. This storage is carried out on the basis of Art. 6(1)(f) GDPR due to our and your legitimate interest in preventing the renewed use of your email address for sending our newsletter. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

Use of email address for direct advertising

We use your email address, which we received in connection with the sale of goods or services, for the electronic transmission of advertising for our own goods or services similar to those you have already purchased from us, provided you have not objected to this use. Provision of the email address is required for the conclusion of the contract. Failure to provide it means that no contract can be concluded.

Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. You can find the contact details for exercising your objection in the Legal Notice (Imprint). You can also use the link provided for this purpose in the advertising email. No costs will be incurred other than transmission costs at the basic rates.

Use of Brevo (formerly Sendinblue)

We use the service of Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin, Germany; “Brevo”) for newsletter delivery within the scope of processing on our behalf.

We pass on the information you provide when signing up for the newsletter (email address, and where applicable first and last name) to Brevo. Data processing serves the purpose of sending newsletters and evaluating them statistically.

To evaluate newsletter campaigns, the newsletters sent contain a 1×1 pixel graphic (tracking pixel) and/or a tracking link. This enables us to determine whether you opened the newsletter and whether you clicked on any integrated links. In this context, personal data such as your IP address, browser type and device as well as the time of opening may also be collected. From this data, usage profiles can be created under a pseudonym. The collected data is not used to identify you personally. The collected data is used solely for statistical evaluation to improve newsletter campaigns.

Your personal data is processed on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in a targeted, effective and user-friendly newsletter system. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

Further information and Brevo’s privacy policy can be found at:
https://www.brevo.com/legal/privacypolicy/

Use of Klaviyo

We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; “Klaviyo”) for newsletter delivery within the scope of processing on our behalf.

We pass on the information you provide when signing up for the newsletter (email address, and where applicable first and last name) to Klaviyo. Data processing serves the purpose of sending newsletters and evaluating them statistically.

To evaluate newsletter campaigns, the newsletters sent contain a 1×1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you opened the newsletter and whether you clicked on any integrated links. In this context, we collect personal data such as your IP address, browser type and device, and the time. From this data, usage profiles can be created under a pseudonym. The collected data is not used to identify you personally. The collected data is used solely for statistical evaluation to improve newsletter campaigns.

Your data is generally transmitted to servers of Klaviyo in the USA and stored there. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information on data protection at Klaviyo can be found at https://www.klaviyo.com/legal/privacy-notice and https://www.klaviyo.com/legal/data-processing-agreement.

Use of email address for availability notifications

We offer an availability notification service on our website. If an item is temporarily unavailable, you have the option to enter your email address on the relevant item and be notified by email when it becomes available, provided you have consented. You will receive a one-time email notification about the availability of the relevant item. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

You can unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the distribution list.

Shipping service providers, inventory management

Disclosure of email address to shipping companies to inform you of shipping status

As part of contract performance, we pass on your email address to the transport company, provided you expressly consented to this during the order process. Disclosure serves the purpose of informing you about the shipping status by email. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us or the transport company, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Use of an external inventory management system

We use an inventory management system for contract processing within the scope of processing on our behalf. For this purpose, the personal data collected during the order process is transmitted to exitB GmbH, Sickingenstr. 70, 10553 Berlin, Germany.

Processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6(1)(b) GDPR.

Payment service providers, credit checks

Use of PayPal

We use the PayPal payment service of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg). Data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

All PayPal transactions are subject to PayPal’s privacy statement, available at https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE.

Use of PayPal Express

We use the PayPal Express payment service of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; “PayPal”). Data processing serves the purpose of offering you payment via PayPal Express. To integrate this payment service, PayPal must collect, store and analyse data when the website is accessed (e.g. IP address, device type, operating system, browser type, location of your device). Cookies may also be used for this purpose. Cookies enable recognition of your browser.

Your personal data is processed on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in providing a customer-oriented offering of various payment methods. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

By selecting and using PayPal Express, the data required for payment processing is transmitted to PayPal in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR. Further information on data processing when using PayPal Express can be found in the relevant privacy statement at https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE.

Use of PayPal Check-Out

We use the PayPal Check-Out payment service of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; “PayPal”). Data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

Cookies may be stored that enable recognition of your browser. The resulting data processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in providing a customer-oriented offering of various payment methods. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

Credit card via PayPal, direct debit via PayPal & “Pay Later” via PayPal

For individual payment methods such as credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, PayPal reserves the right to obtain a credit assessment, if applicable, based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognised mathematical-statistical procedures and whose calculation may include address data, among other things. Your legitimate interests are taken into account in accordance with statutory provisions. Data processing serves the purpose of credit assessment for the initiation of a contract. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protection against payment default if PayPal makes advance payments.

You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you that is based on Art. 6(1)(f) GDPR by notifying PayPal. Provision of the data is required for the conclusion of the contract with the payment method you requested. Failure to provide it means that the contract cannot be concluded with the payment method you selected.

Third-party providers

When paying via a third-party provider payment method, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6(1)(b) GDPR. In order to execute this payment method, the data may then be passed on by PayPal to the respective provider. This processing is carried out on the basis of Art. 6(1)(b) GDPR. Local third-party providers may include, for example:

Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)

Purchase on invoice via PayPal

When paying via the payment method “purchase on invoice”, the data required for payment processing is first transmitted to PayPal. To execute this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28–29, 10587 Berlin, Germany; “Ratepay”) in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR. Ratepay may carry out a credit assessment based on mathematical-statistical procedures (probability or score values) using credit agencies, following the procedure described above. Data processing serves the purpose of credit assessment for the initiation of a contract. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protection against payment default if Ratepay makes advance payments.

Further information on data protection and which credit agencies Ratepay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.

Further information on data processing when using PayPal can be found in PayPal’s privacy statement at https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE.

Use of Amazon Payments

We use the Amazon Payments payment service of Amazon Payments Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg).

Data processing serves the purpose of offering you payment via the Amazon Payments payment service.

To integrate this payment service, Amazon Payments must collect, store and analyse data when the website is accessed (e.g. IP address, device type, operating system, browser type, location of your device). Cookies may also be used for this purpose. Cookies enable recognition of your browser.

By selecting and using Amazon Payments, the data required for payment processing is transmitted to Amazon Payments in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

Further information on data processing when using Amazon Payments can be found in the associated privacy information at https://pay.amazon.com/help/201212490.

Use of Klarna payment options

We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”). By selecting and using payment via Klarna, the data required for payment processing is transmitted to Klarna in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

For individual payment methods such as Pay Later (invoice), Pay Now (payment by direct debit, credit card, instant bank transfer), Financing (instalment purchase), Klarna reserves the right to obtain a credit assessment, if applicable, based on mathematical-statistical procedures using credit agencies.

For this purpose, Klarna transmits the personal data required for an identity and credit check—such as first and last name, address, gender, email address, IP address, and data related to the order—to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognised mathematical-statistical procedures and whose calculation may include address data, among other things. Your legitimate interests are taken into account in accordance with statutory provisions. Data processing serves the purpose of credit assessment for the initiation of a contract. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protection against payment default if Klarna makes advance payments.

You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you that is based on Art. 6(1)(f) GDPR by notifying Klarna. Provision of the data is required for the conclusion of the contract with the payment method you requested. Failure to provide it means that the contract cannot be concluded with the payment method you selected.

Further information, in particular to which credit agencies Klarna discloses your personal data, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en/credit_rating_agencies.

General information about Klarna can be found at https://www.klarna.com/uk/.

Your personal data will be processed by Klarna in accordance with applicable data protection provisions and as set out in Klarna’s privacy notice at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/privacy.

Use of Shopify Payments

We use the Shopify Payments payment service provided by Shopify International Limited (2nd Floor Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland). In this case, payment processing is carried out by the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). Data processing serves the purpose of offering you payment via Shopify Payments. By selecting and using a Shopify Payments payment method, the data required for payment processing is transmitted to Stripe in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

Stripe reserves the right to obtain a credit assessment, if applicable, based on mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognised mathematical-statistical procedures and whose calculation may include address data, among other things. Your legitimate interests are taken into account in accordance with statutory provisions. Data processing serves the purpose of credit assessment for the initiation of a contract. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protection against payment default if Stripe makes advance payments.

You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you that is based on Art. 6(1)(f) GDPR by notifying Stripe. Provision of the data is required for the conclusion of the contract with the payment method you requested. Failure to provide it means that the contract cannot be concluded with the payment method you selected.

Further information on data processing when using Shopify Payments can be found in Shopify’s privacy policy at https://www.shopify.com/legal/privacy.

Further information on data processing for payment processing via Stripe can be found in Stripe’s privacy policy at https://stripe.com/privacy.

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic character string that enables unique identification of the browser when the website is accessed again.

Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, and you can prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that you may then not be able to use all functions of this website to their full extent.

Under the following links you can find information on how to manage cookies (including disabling them) in the most common browsers:

Technically necessary cookies

Unless otherwise stated below in this privacy policy, we use only technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Cookies also enable our systems to recognise your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognised again even after a page change.

The use of cookies or comparable technologies is based on Section 25(2) TDDDG. Processing of your personal data is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring optimal website functionality and a user-friendly and effective design of our offering.

You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

Use of the Shopify consent tool (Shopify Privacy & Compliance)

We use the consent tool Shopify Privacy & Compliance of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland) on our website. Shopify is affiliated with Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).

The tool enables you to give consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent already given. Data processing serves the purpose of obtaining and documenting required consents and thus complying with legal obligations. Cookies may be used for this purpose. User information, including your IP address, is collected and transmitted to Shopify.

Data processing is carried out to comply with a legal obligation on the basis of Art. 6(1)(c) GDPR.

Further information on data protection at Shopify can be found at https://www.shopify.com/legal/privacy.

Analytics, advertising tracking

Use of Google Analytics 4

We use the web analytics service Google Analytics of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Data processing serves the purpose of analysing this website and its visitors, as well as for marketing and advertising purposes. For this purpose, Google will, on behalf of the operator of this website, use the information obtained to evaluate your use of the website, compile reports on website activities, and provide further services related to website use and internet use to the website operator. The following information may be collected, among others: IP address, date and time of page view, click path, information about the browser and device used by you, visited pages, referrer URL (website from which you accessed our website), location data, purchase activities. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices, and all other data Google has about you.

The IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area prior to transmission.

Google uses technologies such as cookies, browser web storage and tracking pixels that enable analysis of your use of the website. The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR.

Processing of your personal data is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

We use the enhanced implementation of Consent Mode (Advanced Consent Mode). In this case, even if consent is not granted, user data is transmitted to Google in the form of “pings”. These pings may include, among other things: IP address for deriving the IP country (the IP address is not logged), date and time of page view, URL of visited pages, user agent, referrer URL (website from which our website was accessed) or information about the triggering of website events such as a conversion. Google uses this information to model user data in order to enable comprehensive usage analysis despite refusal of consent.

The information generated in this way about your use of this website is usually transmitted to a Google server in the USA and stored there. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and has therefore undertaken to comply with European data protection principles. Both Google and US government authorities have access to your data.

Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and
https://policies.google.com/privacy?hl=en&gl=de.

Use of Shopify statistics

We use the statistics and analytics functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland) on our website within the scope of processing on our behalf. Shopify is affiliated with Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).

Data processing serves the purpose of analysing this website and its visitors. For this purpose, data is stored and made available in reports, analyses and statistics for marketing and optimisation purposes. The following device information is collected and processed, among others: information about the web browser, the IP address, the time zone, and some of the cookies installed on your device. When you navigate the website, information about pages or products accessed, the referrer URL (website from which you accessed our website), and information about how you interact with the website is also collected. Technologies such as cookies, web beacons, tags and pixels (electronic files for collecting information about how you navigate the website) are used for this purpose.

The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR. Processing of your personal data is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Further information on data protection at Shopify can be found at https://www.shopify.com/legal/privacy.
Information about the data processing addendum can be found at https://www.shopify.com/legal/dpa.
Information about cookies used can be found at https://www.shopify.com/legal/cookies.

Use of the Meta Pixel

We use the Meta Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website.

Meta and we are joint controllers for the collection of your data and its transmission to Meta that takes place when the service is integrated. The basis for this is an agreement between us and Meta on the joint processing of personal data, which sets out the respective responsibilities. The agreement is available at https://www.facebook.com/legal/terms/businesstools_jointprocessing.

Accordingly, we are responsible in particular for fulfilling the information obligations under Arts. 13 and 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to correct technical implementation and configuration of the service, and for compliance with the obligations under Arts. 33 and 34 GDPR insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling data subject rights under Arts. 15–20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for complying with the obligations under Arts. 33 and 34 GDPR insofar as a personal data breach affects Meta’s obligations under the joint processing agreement.

The application serves the purpose of addressing visitors to the website with interest-based advertising in the social networks Facebook and Instagram. For this purpose, the Meta remarketing tag has been implemented on the website. This tag establishes a direct connection to the Meta servers when you visit the website. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalised, interest-based ads.

The application also serves the purpose of creating conversion statistics. We learn the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag, and what actions were taken after being redirected to this website. However, we do not receive any information that personally identifies users.

Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

You can deactivate the remarketing function “Custom Audiences” here. Further information on the collection and use of data by Meta, your rights in this regard and options for protecting your privacy can be found in Meta’s privacy information at https://www.facebook.com/about/privacy/.

Use of Google Ads conversion tracking

We use the online advertising programme Google Ads and, in this context, conversion tracking (visit action evaluation). Google conversion tracking is an analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).

When you click on an ad placed by Google, a conversion tracking cookie is stored on your computer. These cookies have limited validity, contain no personal data and therefore do not serve personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. This means there is no possibility for cookies to be tracked across the websites of Ads customers.

The information obtained with the help of the conversion cookie serves the purpose of creating conversion statistics. We learn the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag. However, we do not receive any information that personally identifies users.

Your data may be transmitted to servers of Google LLC in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information and Google’s privacy policy can be found at https://www.google.de/policies/privacy/.

Use of the remarketing or “similar audiences” function of Google

We use the remarketing or “similar audiences” function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website.

The application serves the purpose of analysing visitor behaviour and visitor interests. To carry out the analysis of website use, which is the basis for creating interest-based ads, Google uses cookies. The cookies record visits to the website and anonymised data about the use of the website. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, ads will be shown to you that, with a high probability, take into account previously accessed product and information areas.

Further information on Google remarketing and the associated privacy policy can be found at https://www.google.com/privacy/ads/.

Use of Microsoft Advertising

We use Microsoft Advertising of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) on our website.

Data processing serves marketing and advertising purposes and the purpose of measuring the success of advertising measures (conversion tracking). We learn the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag. However, personal identification of these users is not possible.

Microsoft Advertising uses technologies such as cookies and tracking pixels that enable analysis of your use of the website. When you click on an ad placed by Microsoft Advertising, a conversion tracking cookie is stored on your computer. This cookie has limited validity and does not serve personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognise that you clicked on the ad and were redirected to that page. The following information may be collected, among others: IP address, identifiers assigned by Microsoft, information about the browser and device used by you, referrer URL (website from which you accessed our website), URL of our website.

Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information on data protection and cookies used by Microsoft can be found at https://privacy.microsoft.com/en-us/privacystatement.

Plug-ins and other

Use of Google Tag Manager

We use Google Tag Manager of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website.

This application manages JavaScript tags and HTML tags that are used in particular to implement tracking and analytics tools. Data processing serves the purpose of designing and optimising our website in line with requirements.

Google Tag Manager itself neither stores cookies nor processes personal data. However, it enables the triggering of other tags that may collect and process personal data.

Further information on terms of use and data protection can be found at https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Use of social plug-ins

We use plug-ins of social networks on our website. Integration of social plug-ins and the data processing that takes place serves the purpose of optimising advertising for our products.

When social plug-ins are integrated, a connection is established between your computer and the servers of the provider of the social network, and the plug-in is displayed on the page by informing your browser, provided you have expressly consented. In this process, both your IP address and information about which of our pages you have visited are transmitted to the provider’s servers. This applies regardless of whether you are registered with or logged in to the social network. Transmission also takes place for users who are not registered or not logged in. If you are simultaneously connected to one or more of your social network accounts, the collected information may also be assigned to your corresponding profiles. When you use the plug-in functions (e.g. by pressing the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.

The following social networks are integrated via social plug-ins on our website. Further information on the scope and purpose of collection and use of data, as well as your rights and options for protecting your privacy, can be found in the linked privacy information of the providers.

Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are joint controllers for the collection of your data and its transmission to Facebook that takes place when the service is integrated. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, which sets out the respective responsibilities. The agreement is available at https://www.facebook.com/legal/controller_addendum. Accordingly, we are responsible in particular for fulfilling the information obligations under Arts. 13 and 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to correct technical implementation and configuration of the service, and for compliance with the obligations under Arts. 33 and 34 GDPR insofar as a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling data subject rights under Arts. 15–20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for complying with the obligations under Arts. 33 and 34 GDPR insofar as a personal data breach affects Meta Platforms Ireland’s obligations under the joint processing agreement.

Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook’s privacy information at https://www.facebook.com/about/privacy/.

Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore undertaken to comply with European data protection principles. Further information on Instagram and the associated privacy policy can be found at https://help.instagram.com/155833707900388.

Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA)
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF. Further information on Pinterest and the associated privacy policy can be found at https://policy.pinterest.com/en/privacy-policy.

Use of Google reCAPTCHA

We use the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website. The query serves the purpose of distinguishing whether an input is made by a human or by automated, machine processing. For this purpose, your input is transmitted to Google and used there. In addition, the IP address and, if applicable, other data required by Google for the reCAPTCHA service are transmitted to Google. This data is processed by Google within the European Union and may also be transmitted to servers of Google LLC in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information on Google reCAPTCHA and the associated privacy policy can be found at https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

Use of Google invisible reCAPTCHA

We use the invisible reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website.

This serves the purpose of distinguishing whether an input is made by a human or by automated, machine processing. In the background, Google collects and analyses usage data used by invisible reCAPTCHA to distinguish regular users from bots. For this purpose, your input is transmitted to Google and used there. In addition, the IP address and, if applicable, other data required by Google for the invisible reCAPTCHA service are transmitted to Google.

This data is processed by Google within the European Union and may also be transmitted to servers of Google LLC in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information on Google reCAPTCHA and the associated privacy policy can be found at https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

Use of Cloudflare

We use the Content Delivery Network Cloudflare CDN of Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA) on our website. This is a supra-regional network of servers in various data centres with which our web server connects and via which certain content of our website is delivered.

Data processing serves the purpose of optimising the loading times of our website and thus making our offering more user-friendly.

The following information may be collected, among others: IP address, system configuration information, information about traffic to and from customer websites (so-called server log files).

Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Processing of your personal data is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in the needs-based and targeted design of the website. You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you that is based on Art. 6(1)(f) GDPR.

Further information on data protection when using Cloudflare can be found at https://www.cloudflare.com/privacypolicy/.

Use of Google Maps

We use the function for embedding Google Maps provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website.

The function enables the visual display of geographical information and interactive maps. When you access pages into which Google Maps is embedded, Google also collects, processes and uses data of visitors to those pages.

Your data may also be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information on the collection and use of data by Google can be found in Google’s privacy notices at
https://www.google.com/privacypolicy.html. There, you can also change your settings in the Privacy Center to manage and protect your data processed by Google.

Use of YouTube

We use the function for embedding YouTube videos of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website. YouTube is affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

The function displays videos stored on YouTube in an iFrame on the website. The “Enhanced Privacy Mode” option is activated. This means YouTube does not store information about visitors to the website. Only when you watch a video is information transmitted to YouTube and stored there. Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information on the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy can be found in YouTube’s privacy notices at https://www.youtube.com/t/privacy.

Use of Vimeo

We use plug-ins of Vimeo Inc. (555 West 18th Street, New York, New York 10011, USA) to embed videos from the Vimeo portal on our website.

When you access pages of our website equipped with such a plug-in, a connection is established to Vimeo’s servers and the plug-in is displayed on the page by informing your browser. This transmits to Vimeo’s servers both your IP address and information about which of our pages you have visited.

If you are logged in to Vimeo, Vimeo assigns this information to your personal user account. When you use the plug-in functions (e.g. by starting a video by pressing the corresponding button), this information is also assigned to your Vimeo account.

Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo is certified under the TADPF and has therefore undertaken to comply with European data protection principles.

Further information on the purpose and scope of collection and the further use and processing of data by Vimeo, as well as your rights and options for protecting your privacy, can be found in Vimeo’s privacy policy at https://vimeo.com/privacy.

Data subject rights and storage period

Duration of storage

After complete contract processing, the data is first stored for the duration of the warranty period and then, taking into account statutory retention periods, in particular under tax and commercial law, and deleted after expiry of these periods, provided you have not consented to further processing and use.

Rights of the data subject

If the statutory requirements are met, you have the following rights under Arts. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.

You also have the right to object under Art. 21(1) GDPR to processing based on Art. 6(1)(f) GDPR, as well as to processing for the purpose of direct marketing.

Right to lodge a complaint with the supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful.

You can lodge a complaint, among others, with the supervisory authority responsible for us, which you can contact using the following details:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Tel.: +49 (0)981 1800930
Fax: +49 (0)981 180093800
[email protected]

Right to object

If the personal data processing listed here is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object to this processing at any time with effect for the future.

After an objection, processing of the data concerned will be stopped unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

If personal data is processed for the purposes of direct advertising, you can object to this processing at any time by notifying us. After an objection, we will stop processing the data concerned for the purposes of direct advertising.

Last updated: 13 February 2026