Informativa sulla privacy

1. Access Data and Hosting

Hosting

2. Data Processing for Contract Fulfilment and Contact

2.1 Data Processing for Contract Fulfilment

2.2 Customer Account

Contact

3. Data Processing for Shipping Purposes

Data Transfer to Shipping Providers for Shipping Notifications

4. Data Processing for Payment Processing

4.1 Data Processing for Transaction Processing

4.2 Data Processing for the Purpose of Fraud Prevention and Optimization of Our Payment Processes

4.3 Identity and Credit Check When Selecting Klarna Payment Services

4.4 Identity and Credit Check When Selecting Purchase on Account via PayPal and Ratepay

5. Advertising via Email

5.1 Email newsletters with subscription, newsletter tracking with separate consent

5.2 Newsletter distribution

5.3 Sending review requests via email

6. Cookies and other technologies

6.1 General information

6.2 Consent Manager Platform (CMP)

6.3 Information on transfers to third countries (data transfers to third countries)

7. Use of Cookies and Other Technologies

7.1 Use of Google Services

7.2 Use of Microsoft Services

7.3 Use of Meta Services

7.4 Other Providers of Web Analytics and Online Marketing Services

8. Integration of the Trusted Shops Trustbadge/Other Widgets

Data Processing When Integrating the Trustbadge/Other Widgets

Data processing after order completion

9. Social Media

Social buttons from Facebook (by Meta), Instagram (by Meta), WhatsApp

Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, Pinterest, LinkedIn

10. Contact Information and Your Rights

10.1 Your Rights

10.2 Contact Information

The data controller is:

Bülent Emekci

Gerauer Strasse 34

64546 Mörfelden-Walldorf

Email: b.emekci@emag-germany.de

We appreciate your interest in our website. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access data and hosting

You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the request, the amount of data transferred, and the requesting provider (access data), and documents the request. This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our offering. This serves to safeguard our legitimate interests, which prevail in a balancing of interests, in the correct presentation of our offering pursuant to Art. 6(1)(f) GDPR. All access data is deleted no later than one week after the end of your visit to the site. All access data is processed only for as long as is necessary to achieve the aforementioned processing purposes.

Hosting

The services relating to the hosting and display of the website are partly provided by our service providers acting as data processors on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected via the forms provided on this website are processed on their servers. If you have any questions regarding our service providers and the basis of our cooperation with them, please use the contact details provided in this privacy policy.

Our service providers are based in and/or use servers in the following countries, for which the European Commission and the Swiss Federal Council have determined, by decision, that an adequate level of data protection exists: Canada

The adequacy decision for the USA serves as the basis for transfers to third countries, provided that the relevant service provider is certified. Pending certification by our service providers, data transfers will continue to be based on the following: the European Commission’s Standard Data Protection Clauses.

Our service providers are based in and/or use servers in the following countries: Australia, India, Singapore.

No adequacy decision has been issued by the European Commission and the Swiss Federal Council for these countries. Our cooperation with them is based on the following safeguards: Standard Data Protection Clauses of the European Commission

2. Data processing for contract fulfilment and for establishing contact

2.1 Data processing for contract fulfilment

For the purpose of contract fulfilment (including enquiries regarding and the handling of any existing claims arising from warranty, breach of contract and withdrawal rights, as well as any statutory obligations to provide updates) in accordance with Article 6(1)(b) of the GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as we require this data for contract processing and cannot dispatch the order without it. The data collected is indicated in the respective input forms.

Further information on the processing of your data, in particular regarding its transfer to our service providers for the purposes of order, payment and dispatch processing, can be found in the following sections of this privacy policy. Once the contract has been fully processed, your data will be restricted for further processing and deleted after the expiry of the retention periods under tax and commercial law in accordance with Article 6(1)(c) of the GDPR, unless you have expressly consented to the further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this policy.

Merchandise management system

We use merchandise management systems provided by external service providers for order and contract processing. Our service providers act on our behalf within the framework of data processing on our behalf. If you have any questions regarding our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

2.2 Customer Account

Provided you have given your consent in accordance with Article 6(1)(a) of the GDPR by choosing to open a customer account, we will use your data for the purpose of opening the customer account and for storing your data for future orders on our website. You may delete your customer account at any time, either by sending a message via the contact details provided in this privacy policy or by using the function provided for this purpose within your customer account. Following the deletion of your customer account, your data will be deleted unless you have expressly consented to the further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this policy.

Contacting Us

In the context of customer communication, we collect personal data to process your enquiries in accordance with Article 6(1)(b) of the GDPR if you voluntarily provide this to us when contacting us (e.g. via the contact form, live chat tool or email). Mandatory fields are marked as such, as we require this data to process your enquiry. The data collected is indicated in the respective input forms. Once your enquiry has been fully processed, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

3. Data Processing for the Purpose of Order Fulfillment

To fulfill the contract in accordance with Article 6(1)(b) of the GDPR, we share your data with the shipping provider responsible for delivery, to the extent necessary to deliver the ordered goods. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact information provided in this Privacy Policy.

Data transfer to shipping service providers for the purpose of shipment notification

If you have given us your express consent to this during or after your order, we will, on this basis pursuant to Art. 6(1)(a) GDPR, transfer your email address and phone number to the selected shipping service provider so that they can contact you prior to delivery for the purpose of delivery notification or coordination.

You may revoke your consent at any time by sending a message to the contact information provided in this Privacy Policy. Upon revocation, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this scope, which is permitted by law and about which we inform you in this policy.

If you have any questions about our service providers or the basis of our collaboration with them, please contact us using the contact information provided in this Privacy Policy.

4. Data Processing for Payment Processing

When processing payments in our online store, we work with the following partners: technical service providers, financial institutions, and payment service providers.

4.1 Data Processing for Transaction Processing

Depending on the selected payment method, we transfer the data necessary for processing the payment transaction to our technical service providers, the designated credit institutions, or the selected payment service provider, to the extent necessary for processing the payment. This serves the purpose of fulfilling the contract pursuant to Art. 6(1)(b) GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g., on their own website or via a technical integration into the ordering process. In this regard, the privacy policy of the respective payment service provider applies.

Depending on the selected payment method, data may be transferred to third countries outside the EU/EEA for which the European Commission has determined, by decision, that an adequate level of data protection exists. To the extent that data is transferred to third countries outside the EU/EEA for which the European Commission has not issued a decision on an adequate level of data protection, the cooperation is based on the European Commission’s Standard Data Protection Clauses.

If you have any questions about our payment processing partners or the basis of our collaboration with them, please contact us using the contact information provided in this Privacy Policy.

4.2 Data Processing for the Purpose of Fraud Prevention and Optimization of Our Payment Processes
Where necessary, we provide the aforementioned service providers with additional data, which they use—along with the data required to process the payment—for the purpose of fraud prevention and the optimization of our payment processes (e.g., invoicing, handling disputed payments, and supporting accounting). This serves, pursuant to Art. 6(1)(f) GDPR, to safeguard our legitimate interests—which prevail following a balancing of interests—in protecting ourselves against fraud and in ensuring efficient payment management.

4.3 Identity and credit checks when selecting Klarna payment services

Purchase on account via Klarna
If you choose to use the payment services provided by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter ‘Klarna’), we ask for your consent in accordance with Article 6(1)(a) of the GDPR to allow us to transfer the data necessary for processing the payment and for identity and credit checks to Klarna. In Germany, the credit reference agencies listed in Klarna’s privacy policy may be used for identity and credit checks. Klarna uses the information received regarding the statistical probability of payment default to make a balanced decision on the establishment, performance or termination of the contractual relationship. You may withdraw your consent at any time by contacting us via the contact details provided in this privacy policy. This may result in us no longer being able to offer you certain payment options. You may also withdraw your consent to this use of personal data at any time by contacting Klarna directly.

4.4 Identity and credit checks when selecting purchase on account via PayPal and Ratepay

If you choose to pay by invoice (provided by Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (hereinafter ‘Ratepay’) and PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter ‘PayPal’)), we ask for your consent in accordance with Article 6(1)(a) of the GDPR to allow us to transfer the data necessary for processing the payment and for identity and credit checks to Ratepay. In Germany, the credit reference agencies listed in Ratepay’s privacy policy may be used for identity and credit checks. Ratepay uses the information received regarding the statistical probability of payment default to make a balanced decision on the establishment, performance or termination of the contractual relationship. You may withdraw your consent at any time by sending a message to the contact details provided in this privacy policy. This may result in us no longer being able to offer you certain payment options. Further information on data protection at PayPal can be found here.

5. Advertising by email

5.1 Email newsletter subscription, newsletter tracking with separate consent
When you subscribe to our newsletter, we use the data required for this purpose or provided separately by you to send you our email newsletter on a regular basis, based on your consent in accordance with Article 6(1)(a) of the GDPR. You may unsubscribe from the newsletter at any time, either by sending a message to the contact details provided below or via a link provided for this purpose in the newsletter. Once you have unsubscribed, we will delete your email address from the recipient list, unless you have expressly consented to the further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

If you have also given us your consent in accordance with Article 6(1)(a) of the GDPR to analyse our newsletters, we will also analyse your interaction with our newsletter by measuring, storing and evaluating open rates and click-through rates for the purpose of designing future newsletter campaigns (“newsletter tracking”).

For this analysis, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the analyses, we link in particular the following “newsletter data”:

the page from which the page was requested (so-called referrer URL),
the date and time of the request,
the description of the type of web browser used,
the IP address of the requesting computer,
the email address,
the date and time of registration and confirmation

and the single-pixel technologies using your email address or your IP address and, where applicable, a unique ID. Links contained in the newsletter may also include this ID.

You can opt out of newsletter tracking at any time, either by sending a message via the contact details provided or by clicking on the link provided for this purpose in the newsletter.

The information will be stored for as long as you remain subscribed to the newsletter.

5.2 Newsletter distribution

The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing carried out on our behalf. If you have any questions regarding our service providers or the basis of our cooperation with them, please use the contact details provided in this privacy policy.

Our service providers are based in and/or use servers in the following countries, for which the European Commission and the Swiss Federal Council have determined, by means of a decision, that an adequate level of data protection exists: USA, United Kingdom.

The adequacy decision for the USA serves as the basis for transfers to third countries, provided that the relevant service provider is certified. Certification is in place.

Our service providers are based in and/or use servers in the following countries: Australia, Singapore. No adequacy decision has been issued by the European Commission or the Swiss Federal Council for these countries. Our cooperation with them is based on the following safeguards: the European Commission’s Standard Data Protection Clauses.

5.3 Sending requests for reviews by email
Provided that you have given us your explicit consent to this during or after your order in accordance with Article 6(1)(a) of the GDPR, we will use your email address to ask you to submit a review of your order via the review system we use. This consent may be withdrawn at any time by sending a message to the contact details provided in this privacy policy or via a link provided for this purpose in the review request. Once you have withdrawn your consent, we will delete your email address from the recipient list, unless you have expressly consented to the further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this policy.

Where applicable, review requests are also sent by our service provider, Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”).

In connection with the sending of review requests, we receive information from Trusted Shops regarding the respective status (e.g. whether the review request has been sent and whether it has been received). This is carried out in accordance with Article 6(1)(f) of the GDPR to fulfil our legitimate interest in receiving information about the review invitations, so that we can make any necessary optimisations based on this, as well as to fulfil Trusted Shops’ legitimate interest in being able to offer this service.

We are jointly responsible with Trusted Shops for sending review requests and for collecting and displaying review and status information.

As part of the joint responsibility arrangement between us and Trusted Shops, please contact Trusted Shops in the first instance regarding data protection matters and to exercise your rights; you can find their contact details here. Further information on data protection can be found via the following link here. Regardless of this, you can always contact us using the contact details provided in this privacy policy. Your enquiry will then, if necessary, be forwarded to the other data controller for a response.
6. Cookies and other technologies
6.1 General information
To make your visit to our website more engaging and to enable the use of certain features, we use various technologies on different pages, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. when you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit (persistent cookies). You can find the storage duration in the overview in your web browser’s cookie settings.

Privacy protection on end devices

When you use our online services, we employ technologies that are strictly necessary to provide the digital service you have expressly requested. The storage of information on your end device or access to information already stored on your end device does not require your consent in this respect.

For functions that are not strictly necessary, the storage of information on your device or access to information already stored on your device requires your consent. Please note that if you do not give your consent, parts of the website may not be fully accessible. Any consent you have given remains valid until you adjust or reset the relevant settings on your device.

Any subsequent data processing via cookies and other technologies

We use technologies that are strictly necessary for the use of certain functions on our website. These technologies collect and process your IP address, the time of your visit, device and browser information, and information regarding your use of our website. This serves our overriding legitimate interests in optimising the presentation of our website, in accordance with Article 6(1)(f) of the GDPR, following a balancing of interests.

We also use technologies to fulfil the legal obligations to which we are subject (e.g. to be able to provide evidence of consent to the processing of your personal data), as well as for web analytics and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

Cookie settings

You can find the cookie settings for your browser via the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of these technologies in accordance with Article 6(1)(a) of the GDPR, you may withdraw your consent at any time by contacting us via the contact details provided in the privacy policy. Alternatively, you can click on the privacy button. If you do not accept cookies, the functionality of our website may be limited.

6.2 Consent Manager Platform (CMP)

On our website, we use a consent management service (“Consent Manager Platform (CMP)” to inform you about the cookies and other technologies we use on our website, and to obtain, manage and document your consent – where required – to the processing of your personal data by these technologies. This is necessary in accordance with Article 6(1)(c) of the GDPR to fulfil our legal obligation under Article 7(1) of the GDPR to be able to demonstrate your consent to the processing of your personal data, to which we are subject. The Consent Manager Platform (CMP) used is a service provided by Pandectes, Pudisoo küla, Männimäe 1, 74626, Kuusalu vald, Estonia, which processes your data on our behalf.

Once you have submitted your cookie declaration on our website, the web server stores the following data: IP address, device information, browser information, language setting, the website visited or its URL, the date and time of your declaration of consent, and information regarding your consent behaviour.

In addition, the following technologies are used, which contain information about your consent behaviour: cookies

The data is stored exclusively on your device; no personal data is transferred to the provider of the Consent Manager Platform (CMP). Your data will be deleted after one year, unless you have expressly consented to the further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

6.3 Information on transfers to third countries (data transfers to third countries)

We use technologies from service providers on our website whose registered offices and/or server locations may be situated in third countries outside the EU or the EEA. If no adequacy decision has been issued by the European Commission for that country, an adequate level of data protection must be ensured by means of other suitable safeguards.

Suitable safeguards in the form of contractually agreed Standard Contractual Clauses of the European Commission or Binding Corporate Rules are generally possible, but require prior verification by the contracting parties as to whether an adequate level of protection can be guaranteed. According to the case law of the European Court of Justice, it may be necessary to take additional protective measures for this purpose.
 
We have, as a matter of principle, agreed to the Standard Data Protection Clauses issued by the European Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree on additional safeguards designed to ensure that adequate data protection is guaranteed in third countries without an adequacy decision. 

Notwithstanding this, it may be the case that, despite all contractual and technical measures, the level of data protection in the third country does not match that of the EU. In such cases, we will ask for your consent, where necessary, as part of the cookie consent process, pursuant to Article 49(1)(a) of the GDPR, to transfer your personal data to a third country.
In particular, there is a risk that local authorities in the third country may, from a European data protection perspective, be granted access rights to your personal data that are not sufficiently restricted; that we, as the data exporter, or you, as the data subject, may not be aware of this; and/or that you may not have sufficient legal remedies available to prevent this and/or to take action against such access. 

In particular, the following countries are currently among the third countries without an adequacy decision from the European Commission (examples): 

China 
Russia 
Taiwan 
You can find out to which third countries we transfer data in the privacy notices for the relevant tool and/or the consent management service we use (Consent Manager Platform, CMP). 

7. Use of cookies and other technologies
We use the following cookies and other third-party technologies on our website. Unless otherwise stated for the individual technologies, this is based on your consent in accordance with Article 6(1)(a) of the GDPR. Once the purpose has ceased to apply and we have stopped using the relevant technology, the data collected in this context will be deleted. You may withdraw your consent at any time with effect for the future. Further information on your options for withdrawal can be found in the section “Cookies and other technologies”. Further information, including the basis for our cooperation with the individual providers, can be found under the individual technologies. If you have any questions regarding the providers and the basis for our cooperation with them, please contact us using the contact details provided in this privacy policy.

7.1 Use of Google Services
We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) described below. The information automatically collected by Google’s technologies regarding your use of our website is generally transmitted to a server operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement concluded between joint controllers in accordance with Article 26 of the GDPR for the respective technology. Further information on data processing by Google can be found in Google’s privacy policy.

Our service providers are based in and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined, by means of a decision, that an adequate level of data protection exists.

Our service providers are based in and/or use servers in countries outside Switzerland, the EU and the EEA. No adequacy decision has been issued by the European Commission and the Swiss Federal Council for these countries. Our cooperation with them is based on the European Commission’s Standard Data Protection Clauses.

Google Analytics
For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from within the EU, your IP address is stored on a server located in the EU for the purpose of deriving location data and is then immediately deleted before the traffic is forwarded to other Google servers for processing. Data processing is carried out on the basis of a data processing agreement with Google.

For the purpose of optimising the marketing of our website, we have activated the data sharing settings for “Google products and services”. This allows Google to access the data collected and processed by Google Analytics and subsequently use it to improve Google’s services. The sharing of data with Google under these data sharing settings is based on an additional agreement between the data controllers. We have no influence over the subsequent data processing carried out by Google.

We use the so-called User ID function to optimise the marketing of our website. This function enables us to assign a unique, permanent ID to your interaction data from one or more sessions on our online platforms, thereby allowing us to analyse your user behaviour across devices and sessions.

For web analytics, the Google Signals extension of Google Analytics enables so-called ‘cross-device tracking’. Provided your internet-enabled devices are linked to your Google Account and you have enabled the ‘personalised advertising’ setting in your Google Account, Google can generate reports on your usage behaviour (in particular, cross-device user figures), even if you switch devices. We do not process any personal data in this regard; we merely receive statistics generated on the basis of Google Signals.

For web analytics and advertising purposes, the Google Analytics extension function enables the so-called DoubleClick cookie to recognise your browser when you visit other websites. Google will use this information to compile reports on website activity and to provide other services relating to website usage.

Google AdSense
Our website uses Google AdSense to sell advertising space to third-party advertisers. These adverts are displayed in various places on this website. The so-called DoubleClick cookie enables the display of interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information, and information regarding your use of our website), as well as the automatic assignment of a pseudonymous user ID, which is used to determine your interests based on visits to this and other websites.

Google Ads
For advertising purposes in Google search results and on third-party websites, a so-called Google remarketing cookie is set when you visit our website. This cookie enables interest-based advertising by automatically collecting and processing data (IP address, time of visit, device and browser information, and details of your use of our website), using a pseudonymous cookie ID and based on the pages you have visited. Any further data processing only takes place if you have enabled the ‘personalised advertising’ setting in your Google account. In this case, if you are logged into Google whilst visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing.

For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent usage behaviour if you have arrived at our website via a Google Ads advertisement. To this end, cookies may be used and data (IP address, time of visit, device and browser information, as well as information regarding your use of our website based on events specified by us, such as visiting a webpage or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms.

Google Tag Manager

Google Tag Manager enables us to manage various codes and services on our website. When implementing individual tags, Google may also process personal data (e.g. IP address, online identifiers (including cookies)). Data processing is carried out on the basis of a data processing agreement with Google.

The use of Google Tag Manager enables the integration of various services and technologies.
If you do not wish to use individual tracking services and have therefore deactivated them, this deactivation will apply to all relevant tracking tags integrated via Google Tag Manager.

YouTube Video Plugin

When embedding third-party content via the YouTube video plugin in the enhanced privacy mode we use, data (IP address, time of visit, device and browser information) is collected, transmitted to Google and subsequently processed by Google only if you play a video.

7.2 Use of Microsoft services
We use the technologies of Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (‘Microsoft’) described below. Data processing is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR. The information automatically collected by Microsoft technologies regarding your use of our website is generally transmitted to a server operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and stored there. Further information regarding data processing by Microsoft can be found in Microsoft’s privacy policy.

Microsoft Advertising
For advertising purposes in Bing, Yahoo and MSN search results, as well as on third-party websites, the so-called Microsoft Advertising Remarketing Cookie is set when you visit our website. This cookie enables interest-based advertising by automatically collecting and processing data (IP address, time of visit, device and browser information, and information about your use of our website) and using a pseudonymous cookie ID based on the pages you have visited.

For website analysis and event tracking, we use Microsoft Advertising Universal Event Tracking (UET) to measure your subsequent usage behaviour if you have arrived at our website via a Microsoft Advertising advertisement. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information, as well as information regarding your use of our website based on events specified by us, such as visiting a webpage or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms. Provided your internet-enabled devices are linked to your Microsoft account and you have not disabled the ‘Interest-based advertising’ setting in your Microsoft account, Microsoft may generate reports on usage behaviour (in particular cross-device user figures), even if you switch devices, known as ‘cross-device tracking’. We do not process personal data in this regard; we merely receive statistics generated on the basis of Microsoft UET.

7.3 Use of meta-services

Use of the Meta Pixel
We use the Meta Pixel as part of the technologies provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”). The Meta Pixel automatically collects and stores data (IP address, time of visit, device and browser information, as well as information regarding your use of our website based on events specified by us, such as visiting a webpage or subscribing to a newsletter), from which usage profiles are created using pseudonyms. As part of so-called ‘extended data matching’, information that can be used to identify individuals (e.g. names, email addresses and telephone numbers) is also collected and stored in hashed form for matching purposes. To this end, when you visit our website, the Meta Pixel automatically sets a cookie which, by means of a pseudonymous cookie ID, enables your browser to be recognised when you visit other websites. Meta Platforms Ireland will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website usage, in particular personalised and group-based advertising.
The information automatically collected by Meta Platforms Ireland’s technologies regarding your use of our website is generally transmitted to and stored on a server belonging to Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Further information regarding data processing by Meta Platforms Ireland can be found in Meta Platforms Ireland’s privacy policy.
Our service providers are based in and/or use servers in the following countries, for which the European Commission and the Swiss Federal Council have determined, by decision, that an adequate level of data protection exists: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for transfers to third countries, provided that the relevant service provider is certified. Certification is in place.

Our service providers are based in and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan and Mexico. No adequacy decision has been issued by the European Commission or the Swiss Federal Council for these countries. Our cooperation with them is based on the following safeguards: the European Commission’s Standard Data Protection Clauses. Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined, by decision, that an adequate level of data protection exists: Brazil.
There is no adequacy decision from the Swiss Federal Council for these countries. Our cooperation with them is based on the following safeguards: the European Commission’s Standard Data Protection Clauses.

Meta Ads Manager

We use Meta Ads Manager to advertise this website on Facebook (by Meta) and other platforms. We determine the parameters of each advertising campaign. Meta Platforms Ireland is responsible for the actual implementation, in particular for deciding where to place the adverts for individual users. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR. Joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.

Based on the statistics generated via Meta Pixel regarding visitor activity on our website, we run group-based advertising on Facebook (by Meta) via Custom Audiences by determining the characteristics of the respective target group. As part of the extended data matching process carried out to determine the respective target group (see above), Meta Platforms Ireland acts as our data processor.

Based on the pseudonymous cookie ID set by the Meta Pixel and the data collected about your usage behaviour on our website, we use Custom Audiences to deliver personalised advertising.

We use Conversions (via the Meta Pixel or Conversations API) to measure your subsequent usage behaviour for web analytics and event tracking if you have arrived at our website via an advertisement from Meta Ads Manager. Data processing is carried out on the basis of a data processing agreement with Meta Platforms Ireland.

7.4 Other providers of web analytics and online marketing services
Use of the Vimeo video plugin to embed third-party content

When embedding third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin provided by Vimeo Inc., 330 West 34th Street, 5th Floor, New York 10011, USA (“Vimeo”), transmitted to Vimeo and subsequently processed by Vimeo. Data processing is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR. Google Analytics is automatically integrated into the Vimeo video plugin. For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information regarding your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google regarding your use of our website is generally transmitted to a server operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. If you visit our website from within the EU, your IP address is stored on a server located in the EU for the purpose of deriving location data and is then immediately deleted before the traffic is forwarded to other Google servers for processing. We have no influence over or access to the data processing carried out by Vimeo, including the settings and results of Google Analytics.

8. Integration of the Trusted Shops Trustbadge/other widgets

Provided you have given your consent in accordance with Article 6(1)(a) of the GDPR, Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g. quality seals, collected reviews) and to offer Trusted Shops products to buyers following an order.

The Trustbadge and the services advertised through it are provided by Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”), with whom we are joint controllers under Article 26 of the GDPR. In the context of this privacy notice, we provide you with the following information regarding the key terms of the agreement in accordance with Article 26(2) of the GDPR.

In the context of the joint responsibility between us and Trusted Shops SE, please contact Trusted Shops in the first instance regarding data protection queries and to exercise your rights, using the contact details provided in the privacy policy. Regardless of this, you may always contact the controller of your choice. Your enquiry will then, if necessary, be forwarded to the other controller for a response.

Data processing when integrating the Trustbadge or other widgets
The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider. An adequate level of data protection is ensured in each case by an adequacy decision of the European Commission, which can be accessed here for the USA. Service providers from the USA are generally certified under the EU-US Data Privacy Framework (DPF). Further information is available here. Where service providers are not certified under the DPF, standard contractual clauses have been agreed as a suitable safeguard.

When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data), and documents the access. The IP address is anonymised immediately after collection, so that the stored data cannot be linked to you personally. The anonymised data is used in particular for statistical purposes and for error analysis.

Data processing after the order has been completed
Provided you have given your consent, the Trustbadge accesses order information stored on your device (order total, order number, product purchased if applicable) and your email address after the order has been completed, and your email address is hashed using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops together with the order information in accordance with Article 6(1)(a) of the GDPR.
This serves to verify whether you are already registered for Trusted Shops’ services. If this is the case, further processing takes place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will subsequently be given the option to register manually for the use of the services or to finalise the security measures within the framework of any existing user agreement you may have.

For this purpose, once your order has been completed, the Trustbadge accesses the following information stored on the device you are using: order total, order number and email address. This is necessary so that we can offer you buyer protection. The data will only be transmitted to Trusted Shops once you have actively chosen to take out buyer protection by clicking on the button labelled accordingly in the so-called Trustcard. If you decide to use the services, further processing is governed by the contractual agreement with Trusted Shops in accordance with Article 6(1)(b) of the GDPR, in order to complete your registration for buyer protection and secure the order, as well as to be able to send you review invitations by email where applicable.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis for this is Article 6(1)(f) of the GDPR, for the purpose of ensuring trouble-free operation. Processing may take place in third countries (the USA, the UK and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the European Commission, which is available here for the USA, here for the UK and here for Israel. Service providers from the USA are generally certified under the EU-US Data Privacy Framework (DPF). Further information is available here. Where service providers used are not certified under the DPF, standard contractual clauses have been agreed as a suitable safeguard.

9. Social Media
Social media buttons from Facebook (by Meta), Instagram (by Meta), WhatsApp

Our website uses social media buttons from various social networks. These are simply embedded in the page as HTML links, meaning that no connection is established with the respective provider’s servers when you visit our website. If you click on one of the buttons, the website of the respective social network will open in a new browser window, where you can, for example, click the ‘Like’ or ‘Share’ button.

Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, Pinterest, LinkedIn
Provided you have given your consent to the respective social media operator in accordance with Article 6(1)(a) of the GDPR, when you visit our online presence on the social media platforms mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which usage profiles are created using pseudonyms. These may be used, for example, to display advertisements within and outside the platforms that are presumed to correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as contact details, your rights in this regard and settings to protect your privacy, please refer to the providers’ privacy policies linked below. If you still need help with this, please do not hesitate to contact us.

Facebook (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland regarding your use of our online presence on Facebook (by Meta) is generally transferred to and stored on a server belonging to Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in connection with a visit to a Facebook (by Meta) fan page is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR. Further information (information on Insights data) can be found here.

The Adequacy Decision for the USA serves as the basis for transfers to third countries, provided that the relevant service provider is certified. Certification has been obtained.

Our service providers are based in and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan and Mexico. There is no adequacy decision from the European Commission or the Swiss Federal Council for these countries. Our cooperation with them is based on the following safeguards: the European Commission’s Standard Data Protection Clauses.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined, by decision, that an adequate level of data protection exists: Brazil.
No adequacy decision has been issued by the Swiss Federal Council for these countries. Our cooperation with them is based on the following safeguards: the European Commission’s Standard Data Protection Clauses.

Instagram (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland regarding your use of our online presence on Instagram is generally transmitted to a server operated by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Menlo Park, California 94025, USA, and stored there. Data processing in connection with a visit to an Instagram (by Meta) fan page is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR. Further information (information on Insights data) can be found here.

The adequacy decision for the USA serves as the basis for transfers to third countries, provided that the relevant service provider is certified. Certification is in place.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined, by means of a decision, that an adequate level of data protection exists: Brazil.
No adequacy decision has been issued by the Swiss Federal Council for these countries. Our cooperation with them is based on the following safeguards: the European Commission’s Standard Data Protection Clauses.

YouTube is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The information automatically collected by Google regarding your use of our online presence on YouTube is generally transmitted to a server operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there.

Our service providers are based in and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined, by decision, that an adequate level of data protection exists.

Our service providers are based in and/or use servers in countries outside Switzerland, the EU and the EEA. No adequacy decision has been issued by the European Commission or the Swiss Federal Council for these countries. Our cooperation with them is based on the European Commission’s Standard Data Protection Clauses.

Pinterest is a service provided by Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland (“Pinterest”). The information automatically collected by Pinterest regarding your use of our online presence on Pinterest is generally transferred to and stored on a server belonging to Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA.

Our service providers are based in and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined, by decision, that an adequate level of data protection exists.

LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The information automatically collected by LinkedIn regarding your use of our online presence on LinkedIn is generally transmitted to and stored on a server belonging to LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

The adequacy decision for the USA serves as the basis for transfers to third countries, provided that the relevant service provider is certified. Certification is in place.

10. Contact details and your rights

10.1 Your rights

As a data subject, you have the following rights:

pursuant to Article 15 of the GDPR, the right to request information about your personal data processed by us to the extent specified therein;

pursuant to Article 16 of the GDPR, the right to request the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;

pursuant to Article 17 of the GDPR, the right to request the erasure of your personal data stored by us, unless further processing is

necessary for the exercise of the right to freedom of expression and information;

necessary for compliance with a legal obligation;

for reasons of public interest; or

for the establishment, exercise or defence of legal claims;

pursuant to Article 18 of the GDPR, the right to request the restriction of the processing of your personal data, provided that

you contest the accuracy of the data;
the processing is unlawful, but you object to its erasure;
we no longer need the data, but you require it for the establishment, exercise or defence of legal claims; or
you have objected to the processing in accordance with Article 21 of the GDPR;
in accordance with Article 20 of the GDPR, the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request that it be transmitted to another controller;
in accordance with Article 77 of the GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority for your usual place of residence or workplace, or for our company’s registered office.

Right to object

Where we process personal data as described above in order to safeguard our legitimate interests, which have been determined to override your interests following a balancing of interests, you may object to such processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. Where the processing is carried out for other purposes, you have a right to object only if there are grounds relating to your particular situation.

Once you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to establish, exercise or defend legal claims.

This does not apply if the processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

10.2 Contact details
If you have any questions regarding the collection, processing or use of your personal data, or if you wish to request information, have your data corrected, restricted or deleted, withdraw your consent or object to a specific use of your data, please contact us directly using the contact details provided in our legal notice.

23.04.2026