Data Protection
The controller responsible for data processing is
workID Gesellschaft für Communication & Marketing mbH
Schäfersteig 37
78048 Villingen-Schwenningen
Deutschland
Email: info@oryoki.de
We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information on how we handle your data.
1. Access Data and Hosting
You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a server log file, which includes, for example, the name of the requested file, your IP address, date and time of access, amount of data transmitted, and the requesting provider (access data), and documents the access. This access data is evaluated solely for the purpose of ensuring the smooth operation of the website and improving our offering. This serves to safeguard our legitimate interests in presenting our offering correctly in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. All access data is deleted no later than seven days after the end of your visit to the site.
1.1 Hosting
The hosting services and display of the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this Privacy Policy, all access data as well as all data collected in designated forms on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this Privacy Policy.
1.2 Content Delivery Network
For the purpose of shorter loading times, we use a so-called Content Delivery Network ("CDN") for some offers. With this service, content, such as large media files, is delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers act on our behalf as part of order processing.
Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission.
Our cooperation with them is based on standard data protection clauses of the European Commission. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this Privacy Policy.
2. Data Processing for Contract Execution and Contact
2.1 Data Processing for Contract Execution
For the purpose of contract execution (including inquiries about and handling of any existing warranty and performance claims as well as any legal obligation to update) in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us during your order. Mandatory fields are marked as such because in these cases we need the data to fulfill the contract and cannot send the order without it. The data collected can be seen from the respective input forms.
For more information on the processing of your data, especially regarding the disclosure to our service providers for the purpose of order, payment, and shipping processing, please refer to the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after the expiry of the tax and commercial retention periods in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to use data beyond that, which is legally permitted and about which we inform you in this statement.
Enterprise Resource Planning System
For order and contract processing, we use enterprise resource planning systems from external service providers. Our service providers act on our behalf as part of order processing. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this Privacy Policy.
2.2 Customer Account
If you have given your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and storing your data for further future orders on our website. Deleting your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to use data beyond that, which is legally permitted and about which we inform you in this statement.
2.3 Contact
As part of customer communication, we collect personal data in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR to process your inquiries if you voluntarily provide them to us when contacting us (e.g., via contact form or email). Mandatory fields are marked as such because in these cases we need the data to process your contact. The data collected can be seen from the respective input forms. After complete processing of your inquiry, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to use data beyond that, which is legally permitted and about which we inform you in this statement.
3. Data Processing for Shipping
In order to fulfill the contract according to Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the contracted shipping service provider, insofar as this is necessary for the delivery of ordered goods.
The same applies to the transfer of data to our manufacturers or wholesalers if they handle the shipping for us (drop shipping). According to this privacy policy, they are considered shipping service providers.
Data Transfer to Shipping Service Providers for Shipping Notification
If you have expressly given us your consent during or after your order, we will pass on your email address and telephone number to the selected shipping service provider for the purpose of delivery notification or coordination prior to delivery, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
You can revoke your consent at any time by sending a message to the contact option specified in this privacy policy or directly to the shipping service provider at the contact address provided below. After revocation, we will delete the data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany
DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
Germany
4. Data Processing for Payment Processing
When processing payments in our online shop, we work with the following partners: technical service providers, banks, payment service providers.
4.1 Data Processing for Transaction Processing
Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers who work for us as processors within the scope of order processing, or to the contracted banks or selected payment service providers, as far as this is necessary for the processing of the payment. This serves the fulfillment of the contract according to Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
For questions regarding our partners for payment processing and the basis of our cooperation with them, please contact the contact option specified in this privacy policy.
4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes
If necessary, we provide our service providers with additional data that they use together with the data necessary for processing the payment as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g. invoicing, processing of contested payments, support of accounting). This serves, according to Art. 6 para. 1 sentence 1 lit. f GDPR, the protection of our legitimate interests in the context of a balance of interests, in ensuring our protection against fraud or in an efficient payment management.
4.3 Identity and Creditworthiness Check when Selecting Klarna Payment Services
Klarna Direct Debit, Purchase on Account via Klarna, Klarna Installment Purchase
If you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna), we ask for your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR to transmit the data necessary for processing the payment and for an identity and creditworthiness check to Klarna. In Germany, the credit agencies mentioned in Klarna's privacy policy may be used for the identity and creditworthiness check. Klarna uses the information received about the statistical probability of payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option specified in this privacy policy. However, this may result in us no longer being able to offer you certain payment options. You can also revoke your consent to the use of personal data at any time directly to Klarna.
4.4 Identity and Creditworthiness Check when Selecting Billpay Payment Services (operated by Klarna Bank AB)
If you choose the payment services of Klarna Bank AB AB (publ.), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter BillPay), we ask for your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR to transmit the data necessary for processing the payment and for an identity and creditworthiness check to Billpay. In Germany, the credit agencies mentioned in Billpay's privacy policy may be used for the identity and creditworthiness check. Billpay uses the information received about the statistical probability of payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option specified in this privacy policy. However, this may result in us no longer being able to offer you certain payment options. You can also revoke your consent to the use of personal data at any time directly to BillPay.
4.5 Identity and Creditworthiness Check when Selecting Purchase on Account via PayOne
If you choose the payment method Purchase on Account (offered by PayOne GmbH, Lyoner Str. 9, 60528 Frankfurt a. M., Germany (hereinafter PayOne)), we ask for your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR to transmit the data necessary for processing the payment and for an identity and creditworthiness check to PayOne. In Germany, the credit agencies mentioned in PayOne's privacy policy may be used for the identity and creditworthiness check. PayOne uses the information received about the statistical probability of payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option specified in this privacy policy. However, this may result in us no longer being able to offer you certain payment options.
4.6 Identity and Creditworthiness Check when Selecting Purchase on Account via PayPal and Ratepay
If you choose the payment method Purchase on Account (offered by Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (hereinafter Ratepay) and PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter PayPal)), we ask for your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR to transmit the data necessary for processing the payment and for an identity and creditworthiness check to Ratepay. In Germany, the credit agencies mentioned in Ratepay's privacy policy may be used for the identity and creditworthiness check. Ratepay uses the information received about the statistical probability of payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option specified in this privacy policy. However, this may result in us no longer being able to offer you certain payment options. Additional information on data protection at PayPal can be found here.
4.7 Installment Payment Option
When selecting the installment payment option and granting the necessary data protection consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, personal data (first name, last name, address, email, telephone number, date of birth, IP address, gender) together with data required for transaction processing (product, invoice amount, due dates, total amount, invoice number, taxes, currency, order date, and order time) are transmitted to our partner Klarna Bank AB (publ), Chausseestrasse 117, 10115 Berlin, Sweden for the purpose of processing this payment method.
To verify the identity or creditworthiness of the customer, our partner conducts queries and obtains information from publicly accessible databases as well as credit reporting agencies. The providers from which information and, if applicable, credit information is obtained based on mathematical-statistical procedures, as well as further details on the processing of your data after transmission to our partner Klarna Bank AB (publ), can be found in its privacy policy, which you can find here: https://www.klarna.com/international/privacy-policy/.
Our partner Klarna Bank AB (publ) uses the information received about the statistical probability of payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. You have the opportunity to present your point of view and challenge the decision by contacting our partner Klarna Bank AB (publ). The consent given during the order process by consent to data transfer can be revoked at any time, even without stating reasons, with effect for the future.
5. Email Marketing
5.1 Email Newsletter with Registration and Newsletter Tracking
When you subscribe to our newsletter, we use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we delete your email address from the recipient list, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 s. 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called tracking pixels or tracking links, which represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned in Subsection 3.1 and the tracking pixels with your email address and an individual ID. Links contained in the newsletter also contain this ID. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on, and infer your personal interests from this. We link this data to actions you take on our website.
You can object to this tracking at any time by unsubscribing from the newsletter.
The information is stored as long as you have subscribed to the newsletter.
5.2 Newsletter Dispatch
The newsletter may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
5.3 Sending Review Requests via Email
If you have given us your express consent during or after your order, we will use your email address to request a review of your order via the rating system we use in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the review request.
The review requests may also be sent by our service provider Trusted Shops AG Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops").
In this context, we receive information about the respective status from Trusted Shops (e.g., whether the review request has been sent and whether it has arrived). This is done in accordance with Art. 6 para. 1 s. 1 lit. f GDPR to fulfill our legitimate interest in obtaining information about the review invitations in order to make any necessary optimizations based on this information, as well as to fulfill Trusted Shops' legitimate interest in being able to offer this service. We are jointly responsible with Trusted Shops for sending review requests and for collecting and displaying review or status information.
With regard to the joint responsibility existing between us and Trusted Shops, please preferably contact Trusted Shops for data protection questions and to assert your rights, whose contact details you can find here. Further information on data protection can be found at the following link here. Regardless, you can always contact us using the contact option described in this privacy policy. Your request will then be forwarded to the other responsible party if necessary for answering.
6. Cookies and Other Technologies
General Information
In order to make your visit to our website attractive and to enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).
Protection of Privacy on End Devices
When using our online services, we use technologies that are absolutely necessary to provide the expressly desired telemedia service. The storage of information on your end device or access to information already stored on your end device does not require consent in this regard.
For non-essential functions, the storage of information on your end device or access to information already stored on your end device requires your consent. Please note that if you do not give consent, parts of the website may not be fully usable. Your consent, if given, will remain in effect until you adjust or reset the respective settings on your end device.
Subsequent Data Processing by Cookies and Other Technologies
We use such technologies that are essential for the use of certain functions of our website (e.g., shopping cart function). These technologies collect and process IP address, time of visit, device and browser information, as well as information about your use of our website (e.g., information about the contents of the shopping cart). This serves the predominant legitimate interests in optimizing the presentation of our offers in accordance with Art. 6 para. 1 s. 1 lit. f GDPR.
In addition, we use technologies to fulfill the legal obligations to which we are subject (e.g., to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.
You can find the cookie settings for your browser at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
If you have consented to the use of technologies pursuant to Art. 6 para. 1 s. 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.
7. Use of Cookies and Other Technologies
We use the following cookies and other technologies from third-party providers on our website. Unless otherwise stated for each individual technology, this is done based on your consent according to Art. 6 para. 1 s. 1 lit. a GDPR. After the purpose has been fulfilled and the respective technology is no longer in use by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on how to revoke your consent can be found in the "Cookies and Other Technologies" section. Additional information, including the basis of our cooperation with each provider, can be found with each individual technology. If you have any questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
7.1 Use of Adobe Services
We use the following technologies from Adobe Systems, Software Ireland Limited, Ireland, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland ("Adobe"). The information automatically collected about your use of our website through Adobe technologies is usually transmitted to a server of Adobe, Inc., 345 Park Avenue San Jose, CA 95110-2704, USA and stored there. If your IP address is collected via Adobe technologies, it will be shortened or replaced with a generic IP address before being stored on Adobe's servers, through the activation of appropriate settings.
Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection through a decision: USA.
The adequacy decision for the USA serves as the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no adequacy decision of the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.
Adobe Fonts
To ensure a consistent presentation of content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Adobe Fonts" from Adobe, Inc., 345 Park Avenue San Jose, CA 95110-2704, USA ("Adobe"), transmitted to Adobe, and then processed by Adobe. We have no influence on this subsequent data processing. The data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR.
7.2 Use of Google Services
We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected about your use of our website through Google technologies is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Unless otherwise stated for each individual technology, data processing is based on an agreement concluded for each respective technology between joint controllers pursuant to Art. 26 GDPR. For more information about data processing by Google, please refer to Google's privacy policy.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has established an adequate level of data protection through a decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no adequacy decision of the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.
Google Analytics
For the purpose of website analysis, data (IP address, time of visit, device and browser information, as well as information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address will be stored on a server located in the EU for location data derivation and will then be immediately deleted before the traffic is forwarded for further processing to other Google servers. The data processing is based on an agreement on data processing by Google.
For the purpose of optimized marketing of our website, we have enabled the data sharing settings for "Google products and services". This allows Google to access and use the data collected and processed by Google Analytics to improve Google services. The data sharing with Google under these data sharing settings is based on an additional agreement between controllers. We have no control over the subsequent data processing by Google.
For the purpose of optimized marketing of our website, we use the so-called User-ID function. With this function, we can assign a unique, permanent ID to your interaction data from one or more sessions on our online presences and thus analyze your user behavior across devices and sessions.
Through the extension function of Google Analytics, Google Signals enables "Cross-Device Tracking" for website analysis. If your internet-enabled devices are linked to your Google account and you have not deactivated the setting "personalized advertising" in your Google account, Google can create reports about your usage behavior (especially cross-device user numbers) even if you change your device. As far as we are concerned, no personal data is processed, we only receive statistics created based on Google Signals.
Google reCAPTCHA
For the purpose of protecting our web forms from misuse and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, as well as information about your use of our website) and analyzes your use of our website using a JavaScript and cookies. In addition, other cookies stored by Google services in your browser are evaluated. There is no reading or storing of personal data from the input fields of the respective form.
Google Fonts
To ensure a consistent presentation of content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Google Fonts", transmitted to Google, and then processed by Google. We have no influence on this subsequent data processing.
Google Tag Manager
Through Google Tag Manager, we can manage various codes and services on our website. When implementing the individual tags, Google may also process personal data (e.g., IP address, online identifiers (including cookies)). The data processing is based on an agreement on data processing by Google.
By using Google Tag Manager, integration of various services/technologies can be achieved. If you do not wish to use individual tracking services and have therefore deactivated them, the deactivation remains for all affected tracking tags that are integrated through Google Tag Manager.
YouTube Video Plugin
For the integration of third-party content, data (IP address, time of visit, device, and browser information) is collected through the YouTube Video Plugin in the enhanced privacy mode we use. This data is transmitted to Google and then processed by Google only if you play a video.
7.3 Use of Microsoft Services
We use the following technologies from Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). The data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. The information automatically collected about your use of our website through Microsoft technologies is usually transmitted to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and stored there. For further information on data processing by Microsoft, please refer to the Microsoft Privacy Statement.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has established an adequate level of data protection through a decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no adequacy decision of the European Commission for these countries. Our cooperation with them is based on standard data protection clauses of the European Commission.
For website analysis and event tracking, we measure your subsequent usage behavior via Microsoft Advertising's Universal Event Tracking (UET) when you arrive on our website via an advertisement from Microsoft Advertising. For this purpose, cookies may be used, and data (IP address, time of visit, device, and browser information, as well as information about your usage of our website based on predefined events such as visiting a website or signing up for a newsletter) may be collected, from which usage profiles are created using pseudonyms. If your internet-enabled devices are linked to your Microsoft account and you have not deactivated the setting "Interest-based advertising" in your Microsoft account, Microsoft can create reports on usage behavior (especially cross-device user numbers) even if you change your device, known as "Cross-Device Tracking". We do not process any personal data in this regard, we only receive statistics created based on Microsoft UET.
7.4 Use of Facebook Services
Use of Facebook Pixel
We use the Facebook Pixel as part of the technologies provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland"). The Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, as well as information about your use of our website based on predefined events such as visiting a webpage or subscribing to a newsletter), from which usage profiles are created using pseudonyms. In the context of the so-called extended data matching, additional hashed information is collected and stored for matching purposes, which can identify individuals (e.g., names, email addresses, and phone numbers). When you visit our website, the Facebook Pixel automatically sets a cookie that enables your browser to be recognized when you visit other websites. Facebook (by Meta) will merge this information with further data from your Facebook account and use it to compile reports on website activities and to provide other services related to website usage, particularly personalized and group-based advertising. The information automatically collected about your use of our website through Facebook (by Meta) technologies is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. For further information on data processing by Facebook, please refer to the Facebook (by Meta) Privacy Policy.
Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection through a decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no adequacy decision of the European Commission for these countries. Our cooperation with them is based on these guarantees: Standard Data Protection Clauses of the European Commission.
Facebook Analytics
Within the scope of Facebook Business Tools, statistics on visitor activities on our website are created from the data collected with the Facebook Pixel. Data processing is based on an agreement on data processing with Facebook (by Meta). Your analysis serves the optimal presentation and marketing of our website.
Facebook Ads (Ad Manager)
We advertise this website on Facebook (by Meta) and other platforms through Facebook Ads. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the precise implementation, especially the decision on the placement of advertisements for individual users. Unless otherwise stated for individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.
Based on the statistics created via Facebook Pixel regarding visitor activities on our website, we conduct group-based advertising on Facebook (by Meta) through Custom Audience by determining the characteristics of the respective target group. In the context of the extended data matching (as mentioned above), Facebook (by Meta) acts as our data processor for determining the respective target group.
Based on the pseudonymous cookie ID set by the Facebook Pixel and the data collected on your usage behavior on our website, we conduct personalized advertising via Remarketing through Facebook Pixel.
Through Facebook Pixel Conversions, we measure your subsequent usage behavior for web analysis and event tracking when you arrive at our website via an advertisement from Facebook Ads. Data processing is based on an agreement on data processing with Facebook (by Meta).
7.5 Other Providers of Web Analytics and Online Marketing Services
Use of Pinterest Tag for Web Analysis and Advertising Purposes
For web analysis and advertising purposes on Pinterest and third-party websites, when you visit our website, technologies of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest") automatically collect and process data (IP address, time of visit, device and browser information, as well as information about your usage of our website based on predefined events such as visiting a webpage or subscribing to a newsletter) and enable interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. Usage profiles are created from the collected data using pseudonyms. Pinterest will merge this information with further data from your Pinterest account and use it to compile reports on website activities and to provide other services related to website usage. We have no influence on the data processing by Pinterest and only receive statistics created based on the Pinterest Tag. Thus, we measure your subsequent usage behavior for web analysis and event tracking when you arrive at our website via an advertisement from Pinterest. The information automatically collected by Pinterest is usually transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there. Data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has established an adequate level of data protection through a decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no adequacy decision of the European Commission for these countries. Our cooperation with them is based on Standard Data Protection Clauses of the European Commission.
8. Integration of Trusted Shops Trustbadges/other Widgets
If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g., trustmarks, collected reviews) and to offer Trusted Shops products for buyers after an order.
The Trustbadge and the services advertised with it are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with which we are jointly responsible under Art. 26 GDPR. We inform you about the essential contract contents according to Art. 26 para. 2 GDPR within the framework of this data protection notice.
In the context of the joint responsibility between us and Trusted Shops AG, please address data protection questions and assert your rights preferably to Trusted Shops using the contact options provided in the privacy information. However, you can always contact the responsible party of your choice. Your request will then be forwarded to the other responsible party for answering if necessary.
8.1 Data Processing when integrating the Trustbadge/other Widgets
The Trustbadge is provided by a US-based Content Delivery Network (CDN) provider. An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available for the USA here. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If service providers are not certified under the DPF, standard contractual clauses have been concluded as appropriate guarantees.
When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, transferred data volume, and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and error analysis.
8.2 Data Processing after Order Completion
If you have given your consent, the Trustbadge accesses order information (order amount, order number, possibly purchased product) stored in your device after order completion, and your email address is hashed using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops along with the order information pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
This serves to verify whether you are already registered for Trusted Shops services. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent for automatic recognition via the Trustbadge, you will subsequently have the opportunity to register manually for the use of the services or to conclude coverage within the framework of your possibly existing usage contract.
For this purpose, after completing your order, the Trustbadge accesses the following information stored on your device: order amount, order number, and email address. This is necessary for us to offer you buyer protection. Data will only be transmitted to Trusted Shops after you have actively opted to conclude buyer protection by clicking on the appropriately labeled button in the so-called trust card. If you choose to use the services, further processing will be based on the contractual agreement with Trusted Shops pursuant to Art. 6 para. 1 lit. b GDPR in order to complete your registration for buyer protection, secure the order, and, if necessary, send you review invitations by email afterwards.
Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available for the USA here and for Israel here. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If service providers are not certified under the DPF, standard contractual clauses have been concluded as appropriate guarantees.
9. Social Media
Our Online Presence on Facebook (by Meta), X (formerly: Twitter), Instagram (by Meta), YouTube, Pinterest
If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the social media platforms mentioned above, from which usage profiles are created using pseudonyms. These profiles can be used, for example, to display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your rights and options for protecting your privacy, please refer to the privacy notices linked below. If you still need assistance in this regard, you can contact us.
Facebook (by Meta) is offered by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing in the context of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (Insights data information) can be found here.
Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for the transfer to third countries, provided that the respective service provider is certified. A certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
For these countries, the European Commission has not issued an adequacy decision. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
X is offered by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”). The information automatically collected by X about your use of our online presence on X is usually transferred to a server of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has established an adequate level of data protection by decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. The European Commission has not issued an adequacy decision for these countries. Our cooperation with them is based on standard contractual clauses of the European Commission.
Instagram (by Meta) is offered by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (Insights data information) can be found here.
Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for the transfer to third countries, provided that the respective service provider is certified. A certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
For these countries, the European Commission has not issued an adequacy decision. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
YouTube is offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google about your use of our online presence on YouTube is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has established an adequate level of data protection by decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. The European Commission has not issued an adequacy decision for these countries. Our cooperation with them is based on standard contractual clauses of the European Commission.
Pinterest is offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transferred to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has established an adequate level of data protection by decision.
Our service providers are located and/or use servers in countries outside the EU and the EEA. The European Commission has not issued an adequacy decision for these countries. Our cooperation with them is based on standard contractual clauses of the European Commission.
10. Contact Options and Your Rights
10.1 Your Rights
As a data subject, you have the following rights:
- According to Art. 15 GDPR, the right to request information about the personal data processed by us to the extent specified therein;
- According to Art. 16 GDPR, the right to immediately request the correction of incorrect or completion of your personal data stored by us;
- According to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is required
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation;
- for reasons of public interest or
- to assert, exercise or defend legal claims;
- According to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as
- the accuracy of the data is disputed by you;
- the processing is unlawful, but you refuse to delete it;
- we no longer need the data, but you need it to assert, exercise or defend legal claims or
- you have objected to the processing in accordance with Art. 21 GDPR;
- According to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transmission to another responsible party;
- According to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
Right to Object To the extent that we process personal data as explained above to safeguard our legitimate interests, which outweigh other interests, you can object to this processing with effect for the future. If the processing is carried out for purposes of direct marketing, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you have the right to object only if there are reasons that arise from your particular situation. After exercising your right to object, we will not continue to process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. This does not apply if the processing is for direct marketing purposes. In that case, we will not continue to process your personal data for this purpose. |
10.2 Contact Options
If you have any questions regarding the collection, processing or use of your personal data, requests for information, correction, restriction or deletion of data, as well as the revocation of granted consent or objection to a specific use of data, please contact us directly using the contact details provided in our legal notice.
Privacy Policy created with the Trusted Shops Legal Text Generator