Privacy policy

1) Introduction and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is us: "FILATI eCommerce GmbH, Dreisesselstr. 43, 94110 Wegscheid, Germany, Tel.: +49 8592 40 80 988 or Walchshoferweg 26, 4121 Altenfelden, Austria, Tel.: +43 7282 217 77, E-mail: office@filati-store.com". The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2) Data collection when visiting our website

2.1 When you use our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to the page server (so-called „server log files“). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/referrer from which you reached the page
Browser used
Operating system used
IP address used (where applicable: in anonymised form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to us), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string „https://“ and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

For hosting our website and displaying the page content, we use a provider that provides its services, itself or through selected subcontractors, exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted again after the browser is closed (so-called „session cookies“), while others remain on your device for a longer period and enable page settings to be stored (so-called „persistent cookies“). In the latter case, you can find the storage duration in the overview of cookie settings in your web browser.

If personal data is also processed by individual cookies used by us, processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of consent having been given, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and in a customer-friendly and effective design of the website visit.

You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them, or exclude the acceptance of cookies in certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contacting us

5.1 Tawk.to

This website uses a live chat system from the following provider: tawk.to inc. 187 East Warm Springs Rd, SB298 Las Vegas, NV, 89119, USA

The processing of personal data transmitted via the chat is carried out either in accordance with Art. 6 para. 1 lit. b GDPR because it is necessary for the initiation or performance of a contract, or in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in effectively supporting our website visitors. Subject to any statutory retention periods to the contrary, the data you transmit in this way will be deleted once the matter concerned has been finally clarified.

In addition, further information may be collected and evaluated using cookies for the purpose of creating pseudonymised user profiles; however, this information does not serve to identify you personally and is not combined with other data sets. If this information has a personal reference, processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation purposes.

The setting of cookies can be prevented by appropriate browser settings. In this case, however, the functionality of our website may be restricted. You may object to the collection and storage of data for the purpose of creating a pseudonymised user profile at any time with effect for the future.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

5.2 ShopVote

For review reminders, we use the services of the following provider: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany

Exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR, we transmit your e-mail address and, where applicable, further customer data to the provider so that the provider can contact you by e-mail with a review reminder.

You can revoke your consent at any time with effect for the future vis-à-vis us or the provider.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

5.3 Trustpilot

For review reminders, we use the services of the following provider: Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark

You can revoke your consent at any time with effect for the future vis-à-vis us or the provider.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

5.4 WhatsApp Business

We offer you the option of contacting us via the messaging service WhatsApp of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called „business version“ of WhatsApp.

If you contact us via WhatsApp in connection with a specific transaction (for example an order placed), we store and use the mobile phone number you use with WhatsApp and – if provided – your first name and surname in accordance with Art. 6 para. 1 lit. b GDPR in order to process and answer your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or e-mail address) in order to be able to assign your enquiry to a specific transaction.

If you use our WhatsApp contact for general enquiries (for example about our range of services, availability or our online presence), we store and use the mobile phone number you use with WhatsApp and – if provided – your first name and surname in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in efficiently and promptly providing the requested information.

Your data is always used only to answer your request via WhatsApp. It is not passed on to third parties.

Please note that WhatsApp Business receives access to the address book of the mobile device used by us for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact data of such users is stored who have also contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact data is stored in our address book has already consented, when first using the app on their device, by accepting the WhatsApp terms of use, to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR. Transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For the purpose and scope of data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and settings options to protect your privacy, please refer to WhatsApp's privacy notices: https://www.whatsapp.com/legal/?eea=1#privacy-policy

In the context of the processing described above, data may be transferred to servers of Meta Platforms Inc. in the USA.

5.5 When contacting us (e.g. via contact form or e-mail), personal data is processed – exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter concerned has been finally clarified and provided that no statutory retention obligations prevent deletion.

6) Data processing when opening a customer account

In accordance with Art. 6 para. 1 lit. b GDPR, personal data continues to be collected and processed to the extent required if you provide it to us when opening a customer account. Which data is required for opening an account can be seen from the input form of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be effected by sending a message to the above address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded through it have been fully processed, no statutory retention periods prevent deletion and we have no legitimate interest in continued storage.

7) Use of customer data for direct advertising

7.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you receive newsletters only after you have expressly confirmed your consent to receiving the newsletter by clicking a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In this process, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your e-mail address will be deleted immediately from our newsletter mailing list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for goods or services similar to those already purchased from our range by e-mail. Pursuant to § 7 para. 3 UWG, we do not need to obtain separate consent from you for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails.

You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning. For this, you will only incur transmission costs according to the basic tariffs. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.

8) Data processing for order handling

8.1 To the extent required for contract handling for delivery and payment purposes, the personal data collected by us is passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data transmitted by you when placing the order (name, address, e-mail address) in order to inform you personally, within the scope of our statutory information obligations pursuant to Art. 6 para. 1 lit. c GDPR, by a suitable communication channel (for example by post or e-mail) about upcoming updates within the legally prescribed period. Your contact data is used strictly for the purpose of notifications about updates owed by us and processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also work together with the service provider(s) listed below, who support us wholly or partly in performing concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 Disclosure of personal data to shipping service providers

- Deutsche Post

We use the following provider as transport service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

We pass on your e-mail address and/or telephone number to the provider before delivery of the goods for the purpose of coordinating a delivery date or announcing delivery in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given your express consent to this during the order process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we pass on only the recipient's name and delivery address to the provider. The data is passed on only to the extent necessary for delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL

We use the following provider as transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

Consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DPD Austria

We use the following provider as transport service provider: DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, Leopoldsdorf 2333, Austria

Consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- Austrian Post

We use the following provider as transport service provider: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria

Consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.

8.3 Use of payment service providers

- Apple Pay

If you choose the „Apple Pay“ payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the „Apple Pay“ function of your device operated with iOS, watchOS or macOS by charging a payment card stored with „Apple Pay“. Apple Pay uses security functions integrated into the hardware and software of your device to protect your transactions. To approve a payment, you must therefore enter a code previously defined by you and verify it using the „Face ID“ or „Touch ID“ function of your device.

For the purpose of payment processing, the information you provided during the order process together with the information about your order is passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment execution. Encryption ensures that only the website through which the purchase was made can access the payment data. After payment has been made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm successful payment.

If personal data is processed in the transmissions described, processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple retains anonymised transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve „Apple Pay“ and other Apple products and services.

If you use Apple Pay on the iPhone or Apple Watch to complete a purchase that you made via Safari on the Mac, the Mac and the authorising device communicate via an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and deactivate "Allow Payments on Mac".

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Computop

One or more online payment methods of the following provider are available on this website: Computop GmbH, Schwarzenbergstr. 4, 96050 Bamberg, Germany

When selecting a payment method of the provider in which you make advance payment (for example credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to this provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent required for this purpose.
- EPS transfer

One or more online payment methods of the following provider are available on this website: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria

One or more online payment methods of the following provider are available on this website: PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany

One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

When selecting a payment method of the provider in which you make advance payment, your payment data provided during the order process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to this provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent required for this purpose.

When selecting a payment method in which we make advance performance, you will also be asked during the order process to provide certain personal data (first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, where applicable data on an alternative means of payment).

In order to safeguard our legitimate interest in determining your solvency in such cases, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. On the basis of the personal data provided by you and further data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment option selected by you can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Address data is included in the calculation of score values, among other things but not exclusively.

You may object to this processing of your data at any time by sending us a message or by contacting the provider. However, the provider may remain entitled to process your personal data if this is necessary for contractually compliant payment processing.
- Ratepay

One or more online payment methods of the following provider are available on this website: Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin, Germany

When selecting a payment method in which the provider makes advance performance (for example purchase on invoice or instalment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, where applicable data on an alternative means of payment).

In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. On the basis of the personal data provided by you and further data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment option selected by you can be granted with regard to payment and/or default risks.

In addition to provider-internal criteria, identity and credit information from the following credit agencies may be included in the decision as part of the application review in accordance with Art. 6 para. 1 lit. f GDPR:

see here https://www.ratepay.com/legal-payment-creditagencies/

8.4 Electronic withdrawal function for distance contracts

Consumers who conclude contracts on this website for which a statutory right of withdrawal exists have the option of declaring withdrawal via an electronic withdrawal function in accordance with the applicable withdrawal provisions.

When using the withdrawal function, in addition to information identifying the contract to be withdrawn from, further personal information such as the consumer's first name and surname as well as e-mail address must be provided or confirmed.

The collection of this information and its transmission to us is carried out in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for proper processing of the withdrawal. Also on the basis of Art. 6 para. 1 lit. b GDPR, the personal data provided is used to confirm receipt of the withdrawal declaration by e-mail. A further legal basis for processing is Art. 6 para. 1 lit. c GDPR. We are legally obliged to provide an electronic withdrawal function for paid consumer distance contracts.

9) Web analytics services

9.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables us to analyse your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are small text elements stored on your device and which collect certain information. This information also includes your IP address, which is, however, shortened by Google by the last digits in order to exclude direct personal identification.

The information is transmitted to Google servers and processed there. Transfers to Google LLC based in the USA are also possible.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us and provide other services associated with website use and internet use. The IP address transmitted by your browser and shortened as part of Google Analytics is not combined with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, takes place only if you have given us your express consent for this in accordance with Art. 6 para. 1 lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the „Cookie Consent Tool“ provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google Analytics 4 uses the special „demographic characteristics“ function and can use it to create statistics that provide statements about the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. This enables target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website in order to have cross-device reports created. If you have activated personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can deactivate the "Personalised advertising" function in the settings of your Google account. Follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

User IDs
As an extension to Google Analytics 4, the "User IDs" function may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have created an account on this website and log in to this account on different devices, your activities, including conversions, can be analysed across devices.

Collection of user-provided data
In order to improve analysis results for users whose contact data we have received in the context of business or business-like relationships, we use the function „collection of user-provided data“. Subject to your express consent in accordance with Art. 6 para. 1 lit. a GDPR, we transmit, as part of this function, one or more files with customer data aggregated about you (primarily e-mail address and telephone number) to Google electronically. Google does not receive access to plain data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. The encrypted information can then only be used by Google to assign it to existing Google accounts created by the data subjects. Processing serves to make measurement data more precise, improves cross-device user trackability and enables the integration of analysis results into advertising personalisation and conversion tracking functions of Google Ads. You can revoke your consent vis-à-vis us at any time with effect for the future. Further information on Google's data protection measures in relation to the transmission of customer data can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

9.2 Google Tag Manager

This website uses the „Google Tag Manager“, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: „Google“).

Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and for calibrating, controlling and linking them to conditions via a uniform user interface. Google Tag Manager itself does not store information on users' devices or read it out. The service also does not carry out independent data analyses. However, when a page is accessed, Google Tag Manager transmits your IP address to Google and may store it there. Transmission to servers of Google LLC. in the USA is also possible.

This processing is carried out only if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without such consent, Google Tag Manager will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the „Cookie Consent Tool“ provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Tag Manager can be found at https://policies.google.com/privacy?hl=de&gl=de.

9.3 Hotjar

This website uses the web analytics service of the following provider: Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta.

Using cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymised visitor data, including information on the device used such as IP address and browser information, in order to evaluate it for statistical analyses of user behaviour on our website and to create pseudonymised user profiles. Among other things, this enables the evaluation of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymisation generally excludes direct personal identification. No merging with plain data about you collected in any other way takes place.

All processing described above, in particular the reading or storage of information on the device used, is carried out only if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the „Cookie Consent Tool“ provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

9.4 Taggrs

This website uses the web analytics service of the following provider: TAGGRS B.V., K R Poststraat 131, 8448 EB Heerenveen, Netherlands.

Using cookies, the service collects and stores pseudonymised visitor data, including information on the device used such as IP address and browser information, in order to evaluate it for statistical analyses of your usage behaviour on our website and to create pseudonymised user profiles. Among other things, this enables the evaluation of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymisation generally excludes direct personal identification. No merging with plain data about you collected in any other way takes place.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

10) Retargeting/remarketing and conversion tracking

10.1 Meta Pixel

Within our online offering, we use the "Meta Pixel" service of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta").

If you click on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter with the help of "Meta Pixel". After forwarding, this URL parameter is then entered into the user's browser by a cookie that our linked page sets itself.

This enables Meta, on the one hand, to determine the visitors to our online offering as a target group for the display of advertisements (so-called "Ads"). Accordingly, we use the service to display the Facebook and/or Instagram ads placed by us only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called „Custom Audiences“).

On the other hand, the „Meta Pixel“ can be used to track whether users were redirected to our website after clicking on an advertisement and which execution actions they take there (so-called „conversion tracking“).

The collected data is anonymous for us and therefore does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.

All processing described above, in particular the setting of cookies for reading information on the device used, is carried out only if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the „Cookie Consent Tool“ provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

The information generated by Meta is usually transmitted to a Meta server and stored there; in this context, transmission to servers of Meta Platforms Inc. in the USA may also occur.

10.2 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in your browser, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. Further data processing takes place only if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalise ads that you view on the web. If, in this case, you are logged in to Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.

All processing described above, in particular the setting of cookies for reading information on the device used, is carried out only if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without such consent, retargeting technology will not be used during your visit to the site.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the „Cookie Consent Tool“ provided on the website.

Details on the processing initiated by Google and on Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

10.3 trbo

This website uses the retargeting technology of the following provider: TRBO GMBH, Leopoldstr. 41, 80802 Munich, Germany.

The service enables statistical evaluation of the use of functions and content on the website by displaying test variants to certain user groups.

Based on this, you can be addressed specifically with interest-based advertising and content tailored to your interests.

For variant evaluation and interest-based display of content, cookies are used, i.e. small text files that are stored on your computer or mobile device.

Without such consent, retargeting technology will not be used during your visit to the site.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the „Cookie Consent Tool“ provided on the website.

10.4 Google Ads Conversion Tracking

This website uses the online advertising programme "Google Ads" and, within the scope of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“).

We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising materials (so-called Google Adwords). In relation to the data from advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we pursue the aim of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.

The conversion tracking cookie is set when you click on an Ads advertisement placed by Google. Cookies are small text files that are stored on your device. These cookies generally lose their validity after 30 days and are not used for personal identification. If you visit certain pages of this website and the cookie has not yet expired, Google and we can recognise that you clicked on the advertisement and were redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their advertisement and were redirected to a page equipped with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. in the USA.

Details on the processing initiated by Google Ads Conversion Tracking and on Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in available at the following link: https://support.google.com/My-Ad-Center-Help/answer/12155656?hl=de

In order to address users whose data we have received in the context of business or business-like relationships with advertising even more tailored to their interests, we use a customer match function within Google Ads. For this purpose, we transmit one or more files with aggregated customer data (primarily e-mail addresses and telephone numbers) to Google electronically. Google does not receive access to plain data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. The encrypted information can then only be used by Google to assign it to existing Google accounts created by the data subjects. This enables personalised advertising to be displayed across all Google services linked to the respective Google account.

Customer data is transmitted to Google exclusively if you have given us your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent vis-à-vis us at any time with effect for the future. Further information on Google's data protection measures in relation to the customer match function can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182 Google's privacy policy can be viewed here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

10.5 Pinterest Tag Conversion Tracking

This website uses conversion tracking technology from the following provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If you have reached our website from an advertisement on the provider's domain, the success of the advertisement can be tracked with the help of cookies and/or comparable technologies (tracking pixels, web beacons, pings or HTTP requests).

For this purpose, certain device and browser information, including where applicable your IP address, is read using the tracking technology in order to record and evaluate user actions predefined by us (e.g. completed transactions, leads, search queries on the website, views of product pages). This enables statistics to be created about usage behaviour on our website after forwarding from an advertisement, which help us optimise our offering.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

11) Page functionalities

11.1 Youtube

This website uses plugins for displaying and playing videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC., USA

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers in order to load the plugin. Certain information, including your IP address, is transmitted to the provider.

If playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behaviour, compile playback statistics and prevent abusive behaviour.

If you are logged into a user account with the provider during your visit to the site, your data is directly assigned to your account when you click on a video. If you do not want assignment to your account, you must log out before pressing the play button.

All aforementioned processing, in particular the setting of cookies for reading information on the device used, takes place only if you have given us your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke the consent given at any time with effect for the future by deactivating this service via the „Cookie Consent Tool“ provided on the website.

11.2 ShopVote graphics

Graphic elements of the following provider are integrated on our website for displaying external customer reviews and/or an externally awarded quality seal: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany.

When you access a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider's servers in order to load the elements properly. Certain browser information, including your IP address, is transmitted to the provider.

If personal data is also processed in this process, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in optimal marketing of our offering and an appealing design of our online presence.

11.3 Trusted Shops Trustbadge

Graphic elements of the following provider are integrated on our website for displaying external customer reviews and/or an externally awarded quality seal: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany.

In the case of an online order with us, further processing may take place.

Depending on your express consent in accordance with Art. 6 para. 1 lit. a GDPR, your order information (order total, order number, where applicable purchased product) as well as your e-mail address will be transmitted in encrypted form to the provider via the Trustbadge after completion of an order in order to check an existing registration for the provider's services (in particular "buyer protection") and, where applicable, to enable new registration.

If an existing registration is found or in the case of a new registration with the provider for its services (in particular buyer protection), your order information (order total, order number, purchased product) as well as your e-mail address will be transmitted to the provider and further processed by it on the basis of the contractual agreement with the provider in accordance with Art. 6 para. 1 lit. b GDPR in order to grant the services (in particular buyer protection).

We are jointly responsible with the provider for the processing described above in accordance with Art. 26 GDPR. The agreement on joint controllership can be viewed here: https://help.etrusted.com/hc/de/articles/23970817960082

11.4 - hCaptcha

On this website we use the CAPTCHA service of the following provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA.

The service checks whether an input is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks and similar automated harmful access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the device used, recognition data of the browser and operating system type used as well as the date and duration of the visit, and transmits this data to the provider's servers for evaluation.

The legal basis is our legitimate interest in determining individual responsibility on the internet and avoiding misuse and spam in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

12) Tools and miscellaneous

Cookie Consent Tool

This website uses a so-called „Cookie Consent Tool“ to obtain effective user consent for cookies and cookie-based applications requiring consent. The „Cookie Consent Tool“ is displayed to you when you access the page in the form of an interactive user interface, on which you can give consent for certain cookies and/or cookie-based applications by ticking boxes. Through the use of the tool, all cookies/services requiring consent are loaded only if you give corresponding consent by ticking the boxes. This ensures that such cookies are set on your respective device only if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in an individual case, personal data (such as the IP address) is nevertheless processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in the legally compliant design of our online presence.

A further legal basis for processing is Art. 6 para. 1 lit. c GDPR. As controller, we are subject to the legal obligation to make the use of technically non-necessary cookies dependent on the respective user's consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

Further information on the operator and the setting options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

13) Rights of the data subject

13.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis us as controller with regard to the processing of your personal data, whereby reference is made to the legal basis listed for the respective conditions of exercise:

Right of access in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to erasure in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to notification in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to revoke consent granted in accordance with Art. 7 para. 3 GDPR;
Right to lodge a complaint in accordance with Art. 77 GDPR.

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. FURTHER PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

14) Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, the data concerned is stored until you revoke your consent.

If statutory retention periods exist for data that is processed within the framework of legal transaction or transaction-like obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data is routinely deleted after expiry of the retention periods, provided that it is no longer required for contract fulfilment or contract initiation and/or we no longer have a legitimate interest in further storage.

When personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.

When personal data is processed for direct advertising purposes on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object under Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

PRIVACY POLICY

Privacy policy