Privacy policy

Data protection

1) Information about the collection of personal data and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is BYENA Beauty GmbH, Prannerstraße 1, 80333 Munich, Germany, Tel.: 089 75900 711, Email: info@byenabeauty.com. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 This website uses SSL or SSL encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible). TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.

2) Data collection when you visit our website

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website

Date and time at the time of access

Amount of data sent in bytes

Source/reference from which you came to the page

Browser used

Operating system used

IP address used (if necessary: in anonymized form)

Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

Hosted by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting and displaying the online shop on a basis Processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify's aforementioned services, data may also be processed further on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz

Further processing on servers other than those mentioned above by Shopify only takes place within the scope stated below.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close the browser (so-called “session cookies”), while some of these cookies remain on your device for a longer period of time and enable you to save page settings (so-called “persistent cookies”). In the latter case, you can find out the storage period in the overview of the cookie settings in your web browser.

If personal data is also processed through individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact us

When you contact us (e.g. via contact form or email), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary

6) Data processing when opening a customer account

In accordance with Article 6 Paragraph 1 Letter b of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account in the input mask of the corresponding form on our website. Your customer account can be deleted at any time and can be done by sending a message to the above address of the person responsible. After your customer account has been deleted, your data will be deleted provided that all contracts concluded regarding it have been completely processed, there are no statutory retention periods to the contrary and we have no legitimate interest in further storage.

7) Use of customer data for direct advertising

7.1 Registration for our email newsletter

If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. To send the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter once you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when registering for the newsletter is used strictly for a specific purpose. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 - Newsletter dispatch via Klaviyo

Our email newsletters are sent via the technical service provider “Klaviyo”, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on the data you provided when registering for the newsletter . This transfer is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.

Klaviyo uses this information to send newsletters on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them ourselves or to pass them on to third parties.

To protect your data in the USA, we have a data processing agreement with Klaviyo (“Data Processing Agreement”), in which Klaviyo undertakes to protect our users’ data, to process it on our behalf in accordance with its data protection regulations and in particular not to third parties to pass on.

You can view Klaviyo's privacy policy here: https://www.klaviyo.com/privacy

8) Data processing for order processing

8.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Article 6 Paragraph 1 Letter b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when ordering (name, address, email address) in order to provide you with our legal information obligations in accordance with Art. 6 Para 1 lit. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 Transfer of personal data to shipping service providers

- DHL

If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will provide your email address in accordance with Art. 6 Para. 1 lit. a GDPR before delivery of the goods for the purpose of coordination of a delivery date or delivery announcement to DHL, provided you have given your express consent to this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. The data will only be passed on to the extent that this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or delivery notification is not possible.

The consent can be revoked at any time with future effect from the person responsible above or from the transport service provider DHL.

8.3 Use of payment service providers (payment services)

-Amazon Pay

If you select the payment method “Amazon Pay”, the payment is processed via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: “Amazon Payments”), to whom we pass on the information you provided during the ordering process, as well as the information about your order in accordance with Article 6 (1) (b) GDPR. Your data will be passed on exclusively for the purpose of processing payments with the payment service provider Amazon Payments and only to the extent that it is necessary for this purpose. If cookies, i.e. small text files that are stored on the end device, are set when using Amazon Pay, this is done exclusively on the basis of your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time using the “cookie consent tool” implemented on the website. You can find further information about Amazon Payments' data protection regulations at the following internet address: https://pay.amazon.de/help/82974

-Apple Pay

If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the “Apple Pay” function of your device running iOS, watchOS or macOS by debiting a payment card stored with “Apple Pay”. Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to approve a payment, you must enter a code previously specified by you and verify it using the “Face ID” or “Touch ID” function of your device.

For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website through which the purchase was made can access the payment details. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.

If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.

Apple retains anonymized transaction information, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to identify you. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027

- Google Pay

If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed via the “Google Pay” application on your device with at least Android 4.4 (“KitKat”) operated mobile device with an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). In order to approve a payment via Google Pay in the amount of more than €25, you must first unlock your mobile device using the verification measure that has been set up (e.g. facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the originating website, which is used to verify a payment made. This transaction number does not contain any information about the real payment details of your payment methods stored with Google Pay, but is created and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively between the user and the source website by debiting the payment method stored with Google Pay.

If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.

Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photographs that you included with the transaction, the name and email address of the seller and buyer, respectively. the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, the verification of process data and the optimization and functionality of the Google Pay service.

Google also reserves the right to combine the processed process data with other information that is collected and stored by Google when you use other Google services.

The Google Pay terms of use can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection with Google Pay can be found at the following internet address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- Klarna

If you select a Klarna payment service, payment is processed via Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable payment to be processed, your personal data (first and last name, street, house number, zip code, city, gender, email address, telephone number and IP address) as well as data relating to the order are used (e.g. invoice amount, item, delivery type) will be passed on to Klarna for the purpose of identity and creditworthiness checks, provided that you have expressly consented to this in accordance with Article 6 Paragraph 1 Letter a of the GDPR as part of the ordering process. You can see which credit agencies your data can be forwarded to here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report can contain probability values (so-called score values).

To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, implementation or termination of the contractual relationship.

You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.

Your personal information will be used in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for those affected based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or for those affected based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy

treated.

-Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. as part of the payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

- Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment is processed via the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we communicate the information you provided during the ordering process, together with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information about Shopify Payments’ data protection can be found at the following internet address: https://www.shopify.com/legal/privacy.

Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

- IMMEDIATELY

If you select the payment method “SOFORT”, payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we will send the information you provided during the ordering process, along with the information about your order in accordance with Art. 6 Paragraph 1 Letter b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be passed on exclusively for the purpose of processing payments with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can find further information about SOFORT's data protection regulations at the following internet address: https://www.klarna.com/sofort/datenschutz.

-Stripes

If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send your information and the information you provided during the ordering process about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Further information about Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation.

Stripe reserves the right to carry out a credit check based on mathematical and statistical procedures in order to protect the legitimate interest in determining the user's solvency. Stripe may transmit the personal data required for a credit check and received as part of payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Stripe uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding on the right to use the selected payment method.

You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.

However, Stripe may continue to be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

9) Online marketing

- Google Ads conversion tracking

This website uses the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offers on external websites using advertising materials (so-called Google Adwords). We can use the data from the advertising campaigns to determine how successful the individual advertising measures are. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users. When using Google Ads, personal data may also be transmitted to the servers of Google LLC. come to the USA.

Details about the processing initiated by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

All processing described above, in particular the setting of cookies to read information on the device used, will only be carried out if you have given us your express consent to this in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in available at the following link:

https://www.google.com/settings/ads/plugin?hl=de

Please note that certain functions of this website may not be possible or may only be used to a limited extent if you have deactivated the use of cookies.

Google's data protection regulations can be viewed here: https://www.google.de/policies/privacy/

- Google Ads conversion tracking

When using Google Ads, personal data may also be transmitted to the servers of Google LLC. come to the USA.

Details about the processing initiated by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in available at the following link:

https://www.google.com/settings/ads/plugin?hl=de

In order to address users whose data we have received as part of business or business-like relationships in an even more appropriate way, we use a customer matching function as part of Google Ads. For this purpose, we transmit one or more files with aggregated customer data (especially email addresses and telephone numbers) to Google electronically. Google does not receive access to clear data, but instead automatically encrypts the information in the customer files using a special algorithm during the transmission process. The encrypted information can then only be used by Google to assign it to existing Google accounts that those affected have set up. This enables personalized advertising to be displayed across all Google services linked to the respective Google account.

Customer data will only be transmitted to Google if you have given us your express consent to do so in accordance with Article 6 (1) (a) GDPR. You can revoke this consent from us at any time with effect for the future. Further information about Google's data protection measures in relation to the customer match function can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

Google's data protection regulations can be viewed here: https://www.google.de/policies/privacy/

10) Web analytics services

Google Analytics 4

This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be used to analyze the use of websites.

When using Google Analytics 4, so-called “cookies” are used by default. Cookies are text files that are stored on your device and enable your use of a website to be analyzed. The information collected by cookies about your use of the website (including the IP address transmitted by your device, shortened by the last digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in information being transmitted to the servers of Google LLC based in the USA and further processing of the information there.

When using Google Analytics 4, the IP address transmitted by your device when you use the website is always collected and processed automatically and in an anonymous manner by default, so that the information collected cannot be directly related to a person. This automatic anonymization occurs by shortening the IP address transmitted by your device by Google within member states of the European Union (EU) or other contracting states to the Agreement on the European Economic Area (EEA) by the last digits.

On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports on your website activities and your usage behavior and to provide us with other services related to your website use and internet usage. The shortened IP address transmitted by your device as part of Google Analytics 4 is not merged with other Google data. The data collected when using Google Analytics 4 is stored for 2 months and then deleted.

Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users based on an evaluation of interest-based advertising and with the use of third-party information via a special function, the so-called “demographic characteristics”. This makes it possible to determine and differentiate user groups of the website for the purpose of targeting marketing measures in a target group-optimized manner. However, data collected via “demographic characteristics” cannot be assigned to a specific person and therefore not to you personally. This data collected via the “demographic characteristics” function is retained for two months and then deleted.

All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the device you use to use the website, will only take place if you inform us of this in accordance with Art. 6 Para. 1 lit. a GDPR you have given your express consent. Without your consent, Google Analytics 4 will not be used while you use the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service using the “cookie consent tool” provided on the website.

In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals we can have Google create cross-device reports (so-called “cross device tracking”). If you have activated “personalized ads” in your settings in your Google account and linked your internet-enabled devices to your Google account, Google can monitor usage behavior when you give your consent to the use of Google Analytics 4 in accordance with Art. 6 Para. 1 lit. a DSGVO analyze across devices and create database models based on this.

The logins and device types of all website users who were logged into a Google account and carried out a conversion are taken into account. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the corresponding conversion took place. We do not receive any personal data from Google, but only statistics created on the basis of Google Signals. You have the option to deactivate the “personalized ads” function in the settings of your Google account and thus turn off cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de

Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, through which Google is obliged to protect the data of our website users and not to pass it on to third parties.

To ensure compliance with the European level of data protection, including any transfer of data from the EU or EEA to the USA and possible further processing there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.

Further legal information about Google Analytics 4, including a copy of the standard contractual clauses mentioned, can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner -sites

11) Retargeting/remarketing/recommendation advertising

Google Ads Remarketing

Our website uses the functions of Google Ads Remarketing, with which we advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. Any further data processing will only take place if you have agreed to Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account will be used to personalize ads that you display on the web regard. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google temporarily links your personal data with Google Analytics data to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. come to the USA.

Details about the processing initiated by Google Ads Remarketing and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the Google browser plug-in available at the following link:

https://www.google.com/settings/ads/onweb/

You can find further information and the data protection regulations regarding advertising and Google here:

https://www.google.com/policies/technologies/ads/

12) Page functionalities

12.1 - Best Currency Converter

This website uses the “Best Currency Converter” service provided by Grizzly Apps SRL, Str. Muresului No. 7 Bloc E23, Scara B, Apartament 15, Brasov, Romania (“Best Currency Converter”). Based on our legitimate interest in displaying prices in the local currency of your location, Best Currency Converter collects your IP address in accordance with Art. 6 Para. 1 lit. f GDPR and evaluates it in order to adapt price displays on the website to your location. The IP address is not stored permanently. Furthermore, after the initial currency adjustment, Best Currency Converter sets a functional cookie in the browser of the device used to save the currency setting for the duration of a session. At the end of this session, the cookie is automatically deleted.

Further information about Best Currency Converter's privacy policy can be found at https://currency.grizzlyapps.com/privacy-policy

12.2 Google Customer Reviews (formerly Google Certified Dealer Program)

We work with Google as part of the Google Customer Reviews program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program gives us the opportunity to collect customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to take part in an email survey from Google. If you give your consent in accordance with Article 6 Paragraph 1 Letter a GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your purchasing experience on our website. The review you leave will then be aggregated with our other reviews and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your rating will also be used for Google Seller Ratings. As part of the use of Google customer reviews, personal data may also be transmitted to the servers of Google LLC. come to the USA.

You can revoke your consent at any time by sending a message to the person responsible for data processing or to Google.

Further information about Google's data protection in connection with the Google Customer Reviews program can be found at the following link: https://support.google.com/merchants/answer/7188525?hl=de

You can read more information about Google Seller Ratings data protection at this link: https://support.google.com/google-ads/answer/2375474

12.3 Shopsync for Shopify

This website uses the Shopify app “Shopsync” from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.

With the help of ShopSync, the newsletter service “Mailchimp” is synchronized with our Shopify account in such a way that, on the one hand, updates to Mailchimp email lists (e.g. an opt-out of a newsletter recipient) are also automatically stored on Shopify and, on the other hand New contact data generated through contract conclusions on Shopify are automatically transferred to Mailchimp's email lists.

In the former case, data processing takes place in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the effective and cross-system maintenance of the profiles of advertising recipients and the efficient consideration of legally significant status changes.

In the second case, exclusively on the basis of the user's express consent in accordance with Article 6 Para. 1 lit (purchase amount, time and date of purchase) transferred to Mailchimp by ShopSync.

Data transferred in this way will not be saved or retained by ShopSync after synchronization. All information synced between Shopify and Mailchimp is transferred using Secure Socket Layer (SSL) technology, and all transferred information remains encrypted during the sync process.

The synchronization process requires the transfer of information over a secure connection to servers hosted by Amazon Web Services in the United States.

Further data protection information about ShopSync can be found here: https://shopsync.io/privacy-policy

13) Tools and miscellaneous

Cookie consent tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users when they access the page in the form of an interactive user interface on which consent can be given for certain cookies and/or cookie-based applications by checking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by checking the box. This ensures that such cookies are only set on the user's device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed here.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in doing so legally compliant, user-specific and user-friendly consent management for cookies and therefore a legally compliant design of our website.

Another legal basis for processing is Article 6 Paragraph 1 Letter c GDPR. As those responsible, we are subject to the legal obligation to make the use of cookies that are not technically necessary dependent on the respective user consent.

Further information about the operator and the setting options for the cookie consent tool can be found directly in the corresponding user interface on our website.

14) Rights of the person concerned

14.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) towards the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis listed for the respective exercise requirements:

Right to information in accordance with Art. 15 GDPR;

Right to rectification in accordance with Art. 16 GDPR;

Right to deletion in accordance with Art. 17 GDPR;

Right to restriction of processing in accordance with Art. 18 GDPR;

Right to information in accordance with Art. 19 GDPR;

Right to data portability in accordance with Art. 20 GDPR;

Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;

Right to complain in accordance with Art. 77 GDPR.

14.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCE OF INTERESTS BASED ON OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN PROVE COMPLEX REASONS FOR THE PROCESSING THAT ARE DESIGNED TO BE PROTECTED, WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE YOUR OPT-OUT AS DESCRIBED ABOVE.

IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.

15) Duration of storage of personal data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective legal retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of express consent in accordance with Article 6 (1) (a) GDPR, this data will be stored until the person concerned revokes their consent.

If there are statutory retention periods for data that are processed within the framework of legal or transaction-like obligations on the basis of Article 6 Para. 1 lit and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6 Para. 1 lit. f GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Art. 21 Para provide evidence for the processing that outweighs the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the person concerned exercises their right to object in accordance with Article 21 Paragraph 2 of the GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.