Legal
This English version is provided as a convenience translation only. The legally binding document is the German original: German original. In the event of any discrepancy between the two versions, the German version shall prevail.
Privacy Policy.
Privacy Policy
1) Introduction and contact details of the data controller
1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally.
1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is Philipp Kleinheinz, Lennox Beverages, Seidlstraße 5, 80335 Munich, Germany, Tel.: 089 97372474, Email: contact@lennoxbeverages.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When you use our website purely for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
– The page visited
– Date and time of access
– Amount of data sent in bytes
– Source/referrer from which you accessed the page
– Browser used
– Operating system used
– IP address used (where applicable: in anonymised form)
Processing takes place in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock symbol in your browser address bar.
3) Hosting & Content Delivery Network
3.1 For the hosting of our website and the display of page content, we use a provider who delivers their services either directly or through selected subcontractors exclusively on servers within the European Union.
All data collected on our website is processed on these servers.
We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
3.2 Cloudflare
We use a content delivery network provided by the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) of the GDPR. We have entered into a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
4) Cookies
To make visiting our website an attractive experience and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), whilst others remain on your device for longer and enable the saving of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.
Where personal data is also processed by individual cookies we use, such processing is carried out in accordance with Article 6(1)(b) of the GDPR either for the performance of the contract, in accordance with Article 6(1) 1(a) GDPR in the event of consent being given, or in accordance with Article 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective design of the site visit.
You can configure your browser so that you are informed when cookies are set and can decide individually whether to accept them, or you can exclude the acceptance of cookies in specific cases or generally.
Please note that if you do not accept cookies, the functionality of our website may be restricted.
5) Contacting us
When you contact us (e.g. via the contact form or by email), personal data is processed – exclusively for the purpose of handling and responding to your enquiry and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that there are no statutory retention obligations to the contrary.
6) Data processing when opening a customer account
In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can see which data is required for opening an account in the input fields of the relevant form on our website.
You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. Following the deletion of your customer account, your data will be deleted provided that all contracts concluded in connection with it have been fully settled, no statutory retention periods prevent this, and we no longer have a legitimate interest in continuing to store the data.
7) Use of customer data for direct marketing
7.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information required to receive the newsletter is your email address. The provision of further data is voluntary and is used to enable us to address you personally. For the dispatch of the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter once you have expressly confirmed your consent to receive it by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6(1)(a) of the GDPR. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, so that we can trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. Once you have unsubscribed, your email address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to the continued use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.
7.2 Brevo
Our email newsletters and other promotional email communications are sent via this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
On the basis of our legitimate interest in effective and user-friendly email marketing, we pass on the data you provided upon registration to this provider in accordance with Article 6(1)(f) of the GDPR, so that they can handle the sending of emails on our behalf.
We reserve the right, solely on the basis of your express consent in accordance with Article 6(1)(a) of the GDPR, to carry out a statistical evaluation of the success of email campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the newsletter’s content. In doing so, device information (e.g. time of access, IP address, browser type and operating system) is also collected and analysed, but not merged with other data sets.
You may withdraw your consent to email tracking at any time with future effect.
We have concluded a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.
7.3 Shopping basket reminders by email
If you abandon your purchase with us before completing the order, you have the option of receiving a one-off email reminder of the contents of your virtual shopping basket.
The only mandatory information required to send this reminder is your email address. The provision of further data is voluntary and may be used to address you personally. For sending emails, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6(1)(a) of the GDPR for the purpose of sending a shopping basket reminder. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data collected by us when you register for our email notification service is used strictly for the specified purpose.
You may unsubscribe from the shopping basket reminders at any time by sending a message to the controller named at the beginning of this notice. Once you have unsubscribed, your email address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to the further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this notice.
8) Data processing for order fulfilment
8.1 Insofar as necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the contracted transport company and the contracted credit institution in accordance with Article 6(1)(b) of the GDPR.
Where we are obliged to provide you with updates for goods containing digital elements or for digital products on the basis of a relevant contract, we process the contact details you provided when placing your order in order to inform you personally within the scope of our statutory information obligations pursuant to Article 6(1)(c) of the GDPR. Your contact details are used strictly for the specific purpose of communicating updates for which we are responsible and are processed by us for this purpose only to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s), who assist us in whole or in part with the fulfilment of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
8.2 Fulfillment Box
We use the following provider for order processing: FFB Estonia OÜ, Päevalille tn 6-15, 13517 Tallinn, Estonia
Your name, address and, where applicable, other personal data are passed on to the provider in accordance with Article 6(1)(b) of the GDPR exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order.
8.3 EasyReturns
We use an application from the following provider for the registration and organisation of returns: 247APPS UG (limited liability), In der Goldgrube 28, 56073 Koblenz
Via an input form, customers can access their order by entering their email address and order number, register eligible items for a return and, by providing their name and address, have a return label generated and downloaded immediately.
Processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in the efficient organisation of our business processes and in customer-friendly contract management.
We have concluded a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.
8.4 SendcloudFor shipping, we use the services of the following provider: Sendcloud GmbH, Fürstenrieder Str. 70, 80686 MunichIn accordance with Article 6(1)(b) of the GDPR, we pass on your data exclusively for the purpose of processing your online order to the provider, who, on our behalf, handles the printing of shipping labels and the transmission of shipment data to the contracted transport company. Data is only passed on to the extent that this is actually necessary for processing the order.
The provider also sends dispatch notifications and delivery status updates on our behalf. For this purpose, in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in effective and informative customer communication, as well as in transparent and reliable dispatch processing—which is also in the customer’s interest—we pass on certain customer data (email address, first and last name, and postal address) together with the tracking number to the provider after the parcel has been handed over.
The data will not be passed on to third parties by the provider and will be processed exclusively for the purpose stated above. Once dispatch is complete, the data will be deleted by the provider.
We have concluded a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.
8.5 Disclosure of personal data to shipping service providers
– DHL
We use the following provider as our transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
We will pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to delivery of the goods for the purpose of arranging a delivery date or to notify you of the delivery, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only pass on the recipient’s name and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to receive a delivery notification.
Consent may be withdrawn at any time with future effect by contacting the controller named above or the provider.
– DHL Express
We use the following provider as our transport service provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany
We will pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to the delivery of the goods for the purpose of agreeing a delivery date or providing a delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1) 1(b) GDPR, we will only pass on the recipient’s name and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to receive a delivery notification.
Consent may be withdrawn at any time with future effect by contacting the controller named above or the supplier.
– DPD
We use the following transport service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, GermanyWe will pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to the delivery of the goods for the purpose of agreeing a delivery date or providing a delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only pass on the recipient’s name and the delivery address to the provider. This information is only passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to provide a delivery notification.Consent may be withdrawn at any time with future effect by contacting the controller named above or the supplier.- GLSWe use the following transport service provider: General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1–7, 36286 Neuenstein, GermanyWe will pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to the delivery of the goods for the purpose of arranging a delivery date or providing a delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only pass on the recipient’s name and the delivery address to the provider. This information is only passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to notify you of the delivery.Consent may be withdrawn at any time with future effect by contacting the controller named above or the provider.- HermesWe use the following transport service provider: Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg, GermanyWe will pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to the delivery of the goods for the purpose of agreeing a delivery date or providing a delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(a) b GDPR, we will only pass on the recipient’s name and the delivery address to the provider. This information is only passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to receive a delivery notification.Consent may be withdrawn at any time with future effect by contacting the controller named above or the provider.- Austrian PostWe use the following transport service provider: the following provider: Austrian Post AG, Rochusplatz 1, 1030 Vienna, Austria
We pass on your email address and/or telephone number in accordance with Art. 6(1)(a) GDPR to the provider prior to delivery of the goods for the purpose of arranging a delivery date or providing a delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only pass on the recipient’s name and the delivery address to the provider. This information will only be passed on to the extent necessary for the delivery of the goods.
In this case, it is not possible to arrange a delivery date with the provider in advance or to notify you of the delivery.
Consent may be withdrawn at any time with future effect by contacting the controller named above or the provider.
– Post CH
We use the following provider as our transport service provider: Post CH (Swiss Post Ltd, Switzerland, Wankdorfallee 4, 3030 Bern)
We will pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of arranging a delivery date or providing a delivery notification, provided you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery, we will only pass on the recipient’s name and the delivery address to the provider. This information is only passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the supplier in advance or to receive a delivery notification.
Consent may be withdrawn at any time with future effect by contacting the controller named above or the supplier.
Where data is transferred to the supplier’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
– UPS
We use the following provider as our transport service provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany
We will pass on your email address and/or telephone number to the provider in accordance with Article 6(1)(a) of the GDPR prior to the delivery of the goods for the purpose of arranging a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only pass on the recipient’s name and the delivery address to the provider. This information is only passed on to the extent necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date with the provider in advance or to receive a delivery notification.
Consent may be withdrawn at any time with future effect by contacting the controller named above or the provider.
8.6 Use of payment service providers
– Apple Pay
If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing takes place via the “Apple Pay” function on your iOS, watchOS or macOS device by debiting a payment card stored with “Apple Pay”. Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. To authorise a payment, you must therefore enter a code you have previously set and verify your identity using the “Face ID” or “Touch ID” function on your device.
For the purpose of payment processing, the information you provide during the ordering process, together with details of your order, is transmitted to Apple in encrypted form.
Apple then re-encrypts this data using a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. Once the payment has been made,
Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the successful payment.
Where personal data is processed in the transmissions described, such processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.
Apple stores anonymised transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve “Apple Pay” and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you have made via Safari on your Mac, your Mac and the authorisation device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that could be used to identify you personally. You can disable the option to use Apple Pay on your Mac in your iPhone’s settings. Go to ‘Wallet & Apple Pay’ and turn off ‘Allow Payments on Mac’.
Further information on data protection for Apple Pay can be found at the following web address: https://support.apple.com/de-de/HT203027
– Google Pay
If you choose the “Google Pay” payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing takes place via the “Google Pay” application on your mobile device (running Android 4.4 (“KitKat”) or later and equipped with NFC functionality) by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal) . To authorise a payment via Google Pay exceeding €25, you must first unlock your mobile device using the relevant verification method (such as facial recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provide during the ordering process, together with details of your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the originating website in the form of a one-off transaction number, which is used to verify that a payment has been made. This transaction number does not contain any information regarding the actual payment details of your payment method stored in Google Pay, but is generated and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google acts solely as an intermediary for the processing of the payment transaction.
The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.
Where personal data is processed in connection with the transmissions described, such processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.Google reserves the right to collect, store and analyse certain transaction-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, the merchant’s location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and, where applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) of the GDPR on the basis of a legitimate interest in proper accounting, the verification of transaction data, and the optimisation and maintenance of the Google Pay service.
Google also reserves the right to combine the transaction data processed with further information collected and stored by Google when using other Google services.
The Google Pay Terms of Service can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following web address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
– Klarna
One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you select a payment method from this provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the contents of your order will be passed on to them in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider makes an advance payment (such as purchase on account, hire purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first name and surname, street, house number, postcode, town, date of birth, email address, telephone number, and, where applicable, details of an alternative payment method).
In order to safeguard our legitimate interest in determining the creditworthiness of our customers, we will forward this data to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you have provided as well as other data (such as shopping basket, invoice amount, order history, payment history), whether the payment option you have selected can be granted in view of payment and/or credit default risks.
In addition to the provider’s internal criteria in accordance with Article 6(1)(f) of the GDPR, identity and creditworthiness information from the following credit reference agencies may also be taken into account when making a decision during the application review:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical method. The calculation of the score values includes, amongst other things but not exclusively, address data.
You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data where this is necessary for the contractual processing of payments.
– PayPal
One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you select a payment method from the provider that requires you to pay in advance, your payment details provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information regarding the contents of your order in accordance with Article 6(1)(b) of the GDPR. In this case, your data will be disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal details (first name and surname, street, house number, postcode, town, date of birth, email address, telephone number, and, where applicable, details of an alternative payment method).
In such cases, to safeguard our legitimate interest in verifying your creditworthiness, we will pass this data on to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you have provided as well as other data (such as shopping basket, invoice amount, order history, payment history), whether the payment option you have selected can be granted in view of the risks of non-payment and/or bad debt.
The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical method. The calculation of the score values includes, amongst other things but not exclusively, address data.
You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data where this is necessary for the contractual processing of payments.
– PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal comprising PayPal’s own payment methods and local payment methods from third-party providers.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – where offered – “Pay Later” via PayPal, we pass on your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) for the purposes of payment processing. This transfer is carried out in accordance with Article 6(1)(b) of the GDPR and only to the extent necessary for payment processing.
PayPal reserves the right, for the payment methods credit card via PayPal, direct debit via PayPal or – where offered – “Pay Later” via PayPal – PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit reference agencies in accordance with Article 6(1)(f) of the GDPR, based on PayPal’s legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check, in relation to the statistical probability of payment default, for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, amongst other things but not exclusively, address data. You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data where this is necessary for the contractual processing of the payment.
When the PayPal payment method “Buy Now, Pay Later”, your payment details are first transmitted to PayPal to prepare the payment, whereupon PayPal forwards them to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to execute the payment. The legal basis in each case is Article 6(1)(b) of the GDPR. In this case, RatePay carries out an identity and credit check in its own name to determine your ability to pay in accordance with the principle mentioned above and passes on your payment details to credit reference agencies on the basis of a legitimate interest in determining your ability to pay in accordance with Article 6(1)(f) of the GDPR. A list of the credit reference agencies that RatePay may use can be found here: https:// www.ratepay.com/legal-payment-creditagencies/
When using a local third-party payment method, your payment details are first passed on to PayPal in accordance with Article 6(1)(b) of the GDPR to prepare the payment. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the relevant provider in accordance with Article 6(1)(b) of the GDPR to process the payment:
– Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
– Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
– iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
– Bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
– Blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
– eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Vienna, Austria)
– MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
– Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
For further information regarding data protection, please refer to PayPal’s privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full
– Sofortüberweisung
One or more online payment methods from the following provider are available on this website: Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden
If you select a payment method from this provider that requires you to pay in advance (such as a credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card details, currency and transaction number) as well as information regarding the contents of your order in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
– Stripe
One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
If you select a payment method from the provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card details, currency and transaction number) as well as information regarding the contents of your order in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider pays in advance (such as purchase on account, hire purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first name and surname, street, house number, postcode, town, date of birth, email address, telephone number, and, where applicable, details of an alternative payment method).
In order to safeguard our legitimate interest in determining the creditworthiness of our customers, we will forward this data to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you have provided as well as other data (such as shopping basket, invoice amount, order history, payment history), whether the payment option you have selected can be granted in view of payment and/or credit default risks.
The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical method. The calculation of the score values includes, among other things but not exclusively, address data.
You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data where this is necessary for the contractual processing of payments.
8.7 Electronic cancellation option for continuing contracts with consumers
Consumers who have entered into contracts for continuing contracts subject to a fee (such as subscription contracts) on this website have the option to cancel these via an electronic button in accordance with the applicable notice periods.
Clicking the button leads to a confirmation page where the consumer can provide further details regarding the cancellation, clearly identify themselves and subsequently submit their cancellation electronically.
The collection of personal data and its transmission to us is carried out in accordance with Article 6(1)(b) of the GDPR and only to the extent necessary for the proper processing of the cancellation. The personal data provided is also used, on the basis of Article 6(1)(b) of the GDPR, to confirm receipt of the notice of termination and the date of termination electronically in text form. A further legal basis for the processing is Article 6(1)(c) of the GDPR. We are legally obliged to provide an electronic option for termination in the case of consumer contracts concluded via electronic commerce concerning continuing obligations subject to a fee.
9) Web analytics services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.
By default, when you visit the website, Google Analytics 4 sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, although Google truncates the last few digits to prevent direct personal identification.
The information is transmitted to Google’s servers and processed there. This may also involve transfers to Google LLC, based in the USA.
Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics and truncated in this process is not merged with other data held by Google. The data collected through the use of Google Analytics 4 is stored for a period of two months and subsequently deleted.
All processing described above, in particular the setting of cookies on the device used, takes place only if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You may withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the “Cookie Consent Tool” provided on the website.
We have entered into a data processing agreement with Google which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
Further legal information regarding Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites
Demographic characteristics
Google Analytics 4 uses the special ‘demographic characteristics’ feature and can use this to generate statistics that provide insights into the age, gender and interests of website visitors. This is achieved by analysing advertising and information from third-party providers. This enables target groups to be identified for marketing activities. However, the data collected cannot be attributed to any specific individual and is deleted after being stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Article 6(1)(a) of the GDPR, analyse your usage behaviour across devices and create database models, including those relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the ‘Personalised ads’ feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de
Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de
UserIDs
As an extension to Google Analytics 4, the “UserIDs” feature may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Article 6(1)(a) of the GDPR, have set up an account on this website and log in to this account on various devices, your activities, including conversions, may be analysed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
10) Retargeting/Remarketing and Conversion Tracking
WooCommerce Order Attribution Tracking
This website uses the conversion tracking technology of the following provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA
If you have arrived at our website via an advertisement on the provider’s domain, the success of the advertisement can be tracked using cookies and/or comparable technologies (tracking pixels, web beacons, pings or HTTP requests), the success of the advertisement can be tracked.
To this end, the tracking technology reads certain device and browser information, including, where applicable, your IP address, in order to record and evaluate user actions predefined by us (e.g. completed transactions, leads, search queries on the website, visits to product pages). This enables us to compile statistics on usage behaviour on our website following a redirect from an advertisement, which helps us to optimise our offering.
All processing operations described above, in particular the setting of cookies to read information on the device used, are only carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.
We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
11) Website features
– Friendly Captcha
On this website, we use the CAPTCHA service provided by the following provider: Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee
The service checks whether an input is made by a natural person or, abusively, through mechanical and automated processing, and blocks spam, DDoS attacks and similar automated malicious access attempts.
When you visit a page on our website that contains the provider’s CAPTCHA elements, your browser establishes a direct connection to the provider’s servers in order to load the elements correctly. In doing so, certain browser information, including your IP address, is transmitted to the provider.
The legal basis is our legitimate interest in establishing individual responsibility on the internet and preventing misuse and spam in accordance with Article 6(1)(f) of the GDPR.
Following transmission, the collected browser information is automatically and immediately anonymised, so that no personal data is processed for the purpose of verifying the human origin of a page interaction.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
12) Tools and Miscellaneous
12.1 – sevDesk
For the purpose of bookkeeping, we use the cloud-based accounting software service provided by the following provider: sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany
The provider processes incoming and outgoing invoices, as well as our company’s bank transactions where applicable, in order to automatically record invoices, match them to transactions and use this data to generate financial accounts via a semi-automated process.
Where personal data is also processed in this context, such processing is carried out on the basis of our legitimate interest in the efficient organisation and documentation of our business processes in accordance with Article 6(1)(f) of the GDPR.
12.2 Cookie Consent Tool
This website uses a so-called “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users when they visit the page in the form of an interactive user interface, on which consent for specific cookies and/or cookie-based applications can be granted by ticking the relevant boxes. Through the use of this tool, all cookies and/or services are only loaded if the respective user grants the relevant consent by ticking the boxes. This ensures that such cookies are only set on the user’s respective device if consent has been granted.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.
Should the processing of personal data (such as the IP address), this is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.
A further legal basis for the processing is Article 6(1)(c) of the GDPR. As the data controller, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the user’s consent.
Where necessary, we have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
Further information on the operator and the settings options of the cookie consent tool can be found directly in the relevant user interface on our website.
12.3 Cloudflare
For security purposes, this website uses the service of the following provider: Cloudflare, Inc., 101 Townsend St. San Francisco, CA 94107, USA
The provider protects the website and the associated IT infrastructure against unauthorised third-party access, cyber attacks, as well as viruses and malware. The provider collects users’ IP addresses and, where applicable, further data regarding your behaviour on our website (in particular, URLs accessed and header information) in order to detect and ward off illegitimate website access and threats. In doing so, the recorded IP address is compared with a list of known attackers. If the recorded IP address is identified as a security risk, the provider may automatically block it from accessing the site. The information collected in this way is transmitted to a server belonging to the provider and stored there.
The data processing described above is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in safeguarding the structural and data integrity and security.
We have concluded a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
13) Rights of the data subject
13.1 Under applicable data protection law, you have the following rights as a data subject (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data; please refer to the legal basis cited for the respective conditions for exercising these rights:
– Right of access pursuant to Article 15 of the GDPR;
– Right to rectification pursuant to Article 16 of the GDPR;
– Right to erasure pursuant to Article 17 of the GDPR;
– Right to restriction of processing pursuant to Article 18 of the GDPR;
– Right to be informed pursuant to Article 19 of the GDPR;
– Right to data portability pursuant to Article 20 of the GDPR;
– Right to withdraw consent pursuant to Article 7(3) of the GDPR;
– Right to lodge a complaint pursuant to Article 77 of the GDPR.
13.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO object to such processing with effect for the future on grounds relating to your particular situation.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, exercise or defence of legal claims.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR DIRECT MARKETING PURPOSES.
14) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).
Where personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR, the data concerned will be stored until you withdraw your consent.
Where statutory retention periods apply to data processed within the scope of contractual or quasi-contractual obligations on the basis of Article 6(1) 1(b) GDPR, this data is routinely deleted upon expiry of the retention periods, provided it is no longer required for the performance of a contract or for entering into a contract and/or we no longer have a legitimate interest in continuing to store it.
When processing personal data on the basis of Art. 6(1)(f) f GDPR, this data will be stored until you exercise your right to object under Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
Where personal data is processed for the purposes of direct marketing on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.
Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.