Privacy policy

Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), within the scope of contractual and similar legal relationships, associated measures, and communication with contractual partners (or pre-contractually), for example, to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed-upon services, any obligations to update, and remedy warranty and other performance disruptions. Furthermore, we process the data to protect our rights and for the purpose of administrative tasks related to these obligations and organizational tasks. We also process the data based on our legitimate interests in proper and efficient business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of data, secrets, information, and rights (e.g., involving telecommunications, transportation, and other auxiliary services and subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). In accordance with applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, within the scope of this privacy policy.

We inform contractual partners about which data is required for the aforementioned purposes, either before or during data collection, for example, in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or in person.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., in principle after 4 years, unless the data is stored in a customer account, for example, as long as it must be archived for legal reasons. The statutory retention period is ten years for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the work instructions necessary for understanding these documents, and other organizational documents and booking records, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking record was created, and the recording was made, or the other documents were created.

If we use third-party providers or platforms to provide our services, the terms and privacy notices of the respective third-party providers or platforms apply in the relationship between users and providers.

Our policies include the right to remove products and their stocks at any time as needed. If, for any reason, a ordered product is unavailable, we reserve the right to collaborate with our partners such as TEMU, AliExpress, and similar suppliers to ensure delivery to our customers. Additionally, we are registered in the Amazon Associates Partner Program. Please note that affiliate links lead to Amazon, and we receive a portion of the commission when a customer orders through these links. We prioritize honesty and transparency with our customers.

• Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., email, telephone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, time data, identification numbers, consent status).
• Affected persons: Customers; Prospects; Business and contractual partners.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Contact inquiries and communication; Office and organizational procedures. Administration and response to inquiries.
• Legal bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, procedures, and services:

• Customer account: Customers can create an account within our online offering (e.g., customer or user account, "customer account"). If the registration of a customer account is required, customers will be informed accordingly, as well as about the required information for registration. The customer accounts are not public and cannot be indexed by search engines. In the course of registration and subsequent logins and uses of the customer account, we store customers' IP addresses along with the access times in order to prove the registration and prevent misuse of the customer account. If the customer account is terminated, the data of the customer account will be deleted after the termination date, unless they must be stored for other purposes or due to legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the responsibility of the customers to secure their data upon termination of the customer account; Legal basis: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Shop and E-commerce: We process customer data to enable them to select, purchase, or order the chosen products, goods, as well as associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, especially postal, freight, and shipping companies, to carry out the delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The necessary details are marked as such within the scope of the order or comparable acquisition process and include the information required for delivery, provision, and billing as well as contact information in order to be able to make inquiries if necessary;
• Legal basis: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Use of online platforms for offer and distribution purposes

We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data protection notices of the respective platforms also apply. This applies in particular with regard to the execution of the payment transaction and the procedures used on the platforms for range measurement and interest-based marketing.

• Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., email, telephone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, time data, identification numbers, consent status). Affected persons: Customers.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Marketing.
• Legal bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Information on Processing Procedures, Processes, and Services:

• Amazon: Online marketplace for e-commerce; Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.amazon.de/. Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).
• eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.ebay.de/.
• Etsy: Online marketplace for e-commerce; Service provider: Etsy, Inc., 55 Washington Street, Suite 712, Brooklyn, NY 11201, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.etsy.com/de. Privacy policy: https://www.etsy.com/de/legal/privacy/?ref=ftr.
• Shopify: Platform for offering and conducting e-commerce services. Services and processes include online shops, websites, their offers and content, community elements, purchase and payment processes, customer communication, analysis, and marketing; Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.shopify.de. Privacy policy: https://www.shopify.de/legal/datenschutz.

Payment Methods

As part of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer affected individuals efficient and secure payment options and use additional service providers in addition to banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers include master data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. The information is necessary to carry out the transactions. However, the entered data is processed and stored only by the payment service providers. In other words, we do not receive account or credit card-related information, only information confirming or denying the payment. The data may be transmitted to credit agencies by the payment service providers. This transmission serves the purpose of identity and creditworthiness checks. For this, we refer to the terms and conditions and privacy notices of the payment service providers.

The terms and conditions and privacy notices of the respective payment service providers apply to payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the exercise of revocation, information, and other data subject rights.

• Processed data types: Master data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. visited websites, interest in content, access times); Meta, communication, and procedure data (e.g. IP addresses, time information, identification numbers, consent status). Contact details (e.g. email, phone numbers).
• Affected individuals: Customers. Prospective customers.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations.
• Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further Information on Processing Procedures, Processes, and Services:

• American Express: Payment services (technical integration of online payment methods); Service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.americanexpress.com/de.
• Apple Pay: Payment services (technical integration of online payment methods); Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.apple.com/de/apple-pay/. Privacy policy: https://www.apple.com/legal/privacy/de-ww/.
• Google Pay: Payment services (technical integration of online payment methods); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://pay.google.com/intl/de_de/about/. Privacy policy: https://policies.google.com/privacy.
• Klarna: Payment services (technical integration of online payment methods); Service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.klarna.com/de. Privacy policy: https://www.klarna.com/de/datenschutz.
• Mastercard: Payment services (technical integration of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.mastercard.de/de-de.html. Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
• PayPal: Payment services (technical integration of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de.

• Amazon Payments: We use the payment service Amazon Payments provided by Amazon Payments Europe S.C.A. (38 avenue John F. Kennedy, L-1855 Luxembourg; "Amazon Payments") on our website. The data processing serves the purpose of offering you the payment option via the Amazon Payments service. To integrate this payment service, it is necessary for Amazon Payments to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when the website is accessed. Cookies may also be used for this purpose. The cookies enable the recognition of your browser. The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR, stemming from our predominant legitimate interest in offering a customer-oriented range of various payment methods. You have the right to object at any time to these processing activities concerning your personal data for reasons arising from your particular situation. By selecting and using "Amazon Payments," the data necessary for payment processing will be transmitted to Amazon Payments to fulfill the contract with you using the chosen payment method. This processing is based on Art. 6 para. 1 lit. b GDPR. For more information on data processing when using the Amazon Payments service, please refer to the associated privacy policy at: https://pay.amazon.com/de/help/201212490.

• Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://stripe.com; Privacy policy: https://stripe.com/de/privacy. Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).

• Visa: Payment services (technical integration of online payment methods); Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.visa.de.

Provision of the Online Offer and Web Hosting

We process users data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Processed data types: Usage data (e.g. visited websites, interest in content, access times). Meta, communication, and procedure data (e.g. IP addresses, time information, identification numbers, consent status).
• Affected individuals: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Processes, and Services:

• Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called "server log files." Server log files can include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, message about successful access, browser type and version, user's operating system, referrer URL (previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the load and stability of the servers. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

Contact and Inquiry Management

When contacting us (e.g. by post, contact form, email, telephone, or via social media) and as part of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to answer the contact inquiries and any requested measures.

• Processed data types: Contact details (e.g. email, phone numbers); Content data (e.g. inputs in online forms); Usage data (e.g. visited websites, interest in content, access times). Meta, communication, and procedure data (e.g. IP addresses, time information, identification numbers, consent status).
• Affected individuals: Communication partners.
• Purposes of processing: Contact inquiries and communication; Management and answering of inquiries; Feedback (e.g. collection of feedback via online form). Provision of our online offer and user-friendliness.
• Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR). Performance of a Contract and Pre-contractual Inquiries (Art. 6(1)(b) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Contact Form: When users contact us through our contact form, email, or other communication channels, we process the data provided in this context to address the communicated matter;
• Legal Bases: Performance of a Contract and Pre-contractual Inquiries (Art. 6(1)(b) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR).

Newsletters and Electronic Notifications

We only send newsletters, emails, and other electronic notifications ("Newsletters") with the consent of recipients or legal permission. If the contents of a newsletter are specifically described during the registration, they are decisive for user consent. In addition, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal address in the newsletter, or other information necessary for the purposes of the newsletter.

Shipment Tracking

Due to our close collaboration with international sellers, we would like to inform you that shipment tracking provided by the sender or seller may only become available upon entry into the respective country where the customer is located. We prioritize honest communication with our customers and emphasize that, due to the nature of the product and the customer's location, shipment tracking may not always be provided.

However, we want to assure you that for many of our products and their suppliers, shipment tracking is included. We are dedicated to consistently providing our customers with transparent information and a wide range of product experiences.

Double Opt-In Procedure: Newsletter registration generally takes place using a double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else's email address. Newsletter registrations are logged to provide proof of the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to prove a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider with the dispatch of emails, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents: Information about us, our services, promotions, and offers.

• Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, telephone numbers); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status). Usage Data (e.g., visited websites, interest in content, access times).
• Affected Persons: Communication Partners. Users (e.g., website visitors, users of online services).
• Purposes of Processing: Direct Marketing (e.g., by email or postal mail). Provision of contractual services and fulfillment of contractual obligations.
• Legal Bases: Consent (Art. 6(1)(a) GDPR).
• Objection Option (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to unsubscribe from the newsletter can be found at the end of each newsletter or you can use one of the contact options provided above, preferably email, for this purpose.

Further Information on Processing Procedures, Methods, and Services:

• Requirement for Using Free Services: The consent to receive mailings can be made a requirement for using free services (e.g., access to certain content or participation in certain actions). If users want to take advantage of the free service without subscribing to the newsletter, we ask them to get in touch.
• Sending via SMS: Electronic notifications can also be sent as SMS text messages (or exclusively via SMS if the permission, e.g., consent, only covers SMS transmission); Legal Bases: Consent (Art. 6(1)(a) GDPR).

Advertising Communication via Email, Mail, Fax, or Phone

We process personal data for the purpose of advertising communication, which can be carried out through various channels, such as email, telephone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke granted consents at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to provide evidence of the previous authorization for contact or sending until three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. Based on the legitimate interest of permanently considering the revocation or objection of users, we also store the data required to prevent further contact (e.g., depending on the communication channel, the email address, telephone number, name).

• Processed Data Types: Master Data (e.g., names, addresses). Contact Data (e.g., email, telephone numbers).
• Affected Persons: Communication Partners.
• Purposes of Processing: Direct Marketing (e.g., by email or postal mail).
• Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also known as "reach measurement") serves to evaluate the flow of visitors to our online offering and can include behavioral, interest, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, when our online offering or its functions or content are used most frequently or invite reuse. We can also identify areas that need optimization.

In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored in a browser or end device and read out from it. The information collected includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have given their consent to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

IP addresses of users are also stored. However, we use IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. Generally, clear user data (such as email addresses or names) are not stored as part of web analysis, A/B testing, and optimization, but pseudonyms. This means that we and the providers of the used software do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

• Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times). Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Reach Measurement (e.g., access statistics, recognition of recurring visitors); Profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
• Security Measures: IP masking (pseudonymization of the IP address).
• Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or more usage processes, which search terms they have used, accessed again, or interacted with our online offering. The time of use and its duration are also stored, as are the sources of users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous user profiles with information from the use of different devices can be created, with cookies being used for this purpose. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, not accessible, and are not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is sent to Analytics servers for processing; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR)
• Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate other services into our online offering (for further details, please refer to this privacy policy). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only learns the IP address of the user, which is necessary to execute the Google Tag Manager; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR)

Online Marketing

We process personal data for the purpose of online marketing, including the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on potential user interests and measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (a "cookie"), or similar procedures are used to store information relevant to the user for displaying the aforementioned content. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical information such as the browser used, the computer system used, and information on usage times and used functions. If users have given their consent to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

IP addresses of users are also stored. However, we use IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, clear user data (such as email addresses or names) are not stored as part of online marketing processes, but pseudonyms. This means that we and the providers of the online marketing processes used do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

The information in the profiles is generally stored in cookies or similar procedures. These cookies can later also be read out on other websites that use the same online marketing process, analyzed for purposes of displaying content, and supplemented with additional data and stored on the server of the online marketing process provider.

Clear user data can be assigned to the profiles in exceptional cases. This is the case, for example, if users are members of a social network whose online marketing processes we use and the network links the users' profiles with the aforementioned information. Please note that users can make additional agreements with the providers, e.g., by giving consent during registration.

In general, we only receive access to summarized information about the success of our advertisements. However, we can check which of our online marketing processes has led to a so-called conversion, i.e., to a conclusion of a contract with us, as part of so-called conversion measurements. Conversion measurement is used solely for the analysis of the success of our marketing measures.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

• Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times). Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Reach Measurement (e.g., access statistics, recognition of recurring visitors); Tracking (e.g., interest/behavioral profiling, use of cookies); Marketing; Profiles with user-related information (creation of user profiles). Conversion Measurement (measurement of the effectiveness of marketing measures).
• Security Measures: IP masking (pseudonymization of the IP address).
• Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate Interests (Art. 6(1)(f) GDPR).
• Objection Option (Opt-Out): We refer you to the data protection notices of the respective providers and the opt-out options provided for the respective providers (so-called "opt-out"). If no explicit opt-out option is provided, you have the option to disable cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore recommend the following opt-out options, which are offered in summary for specific areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territorial: https://optout.aboutads.info.

Further Information on Processing Procedures, Methods, and Services:

Google Ads and Conversion Tracking: Online marketing procedure for placing content and ads within the service provider's advertising network (e.g., in search results, videos, websites, etc.) to display them to users who may have an interest in the ads. Additionally, we measure the conversion of the ads, i.e., whether users have interacted with the ads and used the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF)

Google Adsense with personalized ads: We use the Google Adsense service with personalized ads to display ads within our online offerings and receive compensation for their display or other use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF)

Google Adsense with non-personalized ads: We use the Google Adsense service with non-personalized ads to display ads within our online offerings and receive compensation for their display or other use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF)

Affiliate Programs and Affiliate Links

We include so-called affiliate links or other references (including search masks, widgets, or discount codes) to the offers and services of third-party providers (collectively referred to as "affiliate links") in our online offerings. If users follow the affiliate links or subsequently use the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

In order to track whether users have taken advantage of the offers of an affiliate link used by us, it is necessary for the respective third-party providers to know that users have followed an affiliate link within our online offering. The assignment of the affiliate links to the respective business transactions or other actions (e.g., purchases) serves solely the purpose of commission settlement and will be revoked as soon as it is no longer necessary for this purpose.

For the purpose of the aforementioned assignment of affiliate links, the affiliate links can be supplemented with certain values that are part of the link or can be stored elsewhere, e.g., in a cookie. The values may include, in particular, the referring website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

• Processed data types: Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time data, identification numbers, consent status).
• Persons concerned: Users (e.g., website visitors, users of online services).
• Purposes of processing: Affiliate tracking.
• Legal bases: Consent (Art. 6(1)(a) GDPR); Legitimate Interests (Art. 6(1)(f) GDPR).

Further information about processing procedures, methods, and services:

Amazon Partner Program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://www.amazon.de

Booking.com Partner Program: Affiliate marketing partner program; Service provider: Booking.com B.V., Herengracht 597, 1017 CE Amsterdam, Netherlands; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://www.booking.com

 

Awin Partner Program: Affiliate marketing partner program; Service provider: Awin AG, Eichhornstraße 3, 10785 Berlin, Germany; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://www.awin.com; Privacy Policy: https://www.awin.com/de/datenschutz.

Trip.com Partner Program: Affiliate marketing partner program; Service provider: Trip.com Group Limited, 17th floor, Cityplaza One, 1111 King's Road, Taikoo Shing, Hong Kong; Legal basis: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://www.trip.com; Privacy Policy: https://www.trip.com/content/privacy.html.

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. When users rate us or provide feedback through the involved review platforms or procedures, the general terms and conditions as well as the privacy policies of the providers also apply. Typically, reviewing also requires registration with the respective providers.

To ensure that the reviewing individuals have actually used our services, we transmit, with the consent of the customers, the necessary data regarding the customer and the service used to the respective review platform (including name, email address, and order number or item number). These data are solely used to verify the authenticity of the user.

The reviews published on Blauhimmels.de are from real customers and global distributors who process orders through our website. In an era where some online shop operators use fake reviews to increase their profit, we emphasize our authenticity. You will also find negative reviews with us because we do not remove them to maintain our honesty and transparency. All reviews appearing on our website and external seller platforms have been translated into English using Google Translate, as we sell worldwide. We transparently inform our customers about their experiences on an international level.

• Processed data types: Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected individuals: Customers; Users (e.g., website visitors, users of online services).
• Purposes of processing: Feedback (e.g., collecting feedback via online form); Marketing.
• Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Consent (Art. 6 para. 1 s. 1 lit. a) GDPR).

Additional information on processing procedures, methods, and services:

Review Widgets: We integrate so-called "review widgets" into our online offering. A widget is a functional and content element embedded in our online offering that displays variable information. It can be represented, for example, in the form of a seal or similar element, sometimes also called a "badge." The corresponding content of the widget is displayed within our online offering, but it is retrieved from the servers of the respective widget provider at that moment. This allows the current content to be displayed, especially the current rating. For this purpose, a data connection must be established from the web page accessed within our online offering to the server of the widget provider, and the widget provider receives certain technical data (access data, including IP address) necessary to deliver the content of the widget to the user's browser. Furthermore, the widget provider receives information that users have visited our online offering. This information can be stored in a cookie and used by the widget provider to recognize which online offerings participating in the review process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes; Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

kundentests.com: Review platform; Service provider: kundentests.com, Sokelantstraße 5, 30165 Hannover, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://kundentests.com; Privacy Policy: https://kundentests.com/datenschutz/.

Trusted Shops (Trustedbadge): Review platform - Regarding the joint responsibility between us and Trusted Shops, please contact Trusted Shops for data protection questions and to exercise your rights, preferably using the contact information provided in the privacy information. Regardless, you can always contact the responsible party of your choice. Your request will then be forwarded to the other responsible party for response, if necessary. The Trustbadge is provided by a US-based Content Delivery Network (CDN) provider. Adequate data protection is ensured through standard data protection clauses and further contractual measures. When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, amount of data transferred, and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used, in particular, for statistical purposes and error analysis. If you have given your consent, after completing an order, the Trustbadge accesses order information stored in your end device (order amount, order number, optionally purchased product) as well as your email address and hashes your email address using cryptographic one-way function. The hash value is then transmitted to Trusted Shops along with the order information in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. This is done to verify whether you are already registered for Trusted Shops services. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not consent to automatic recognition via the Trustbadge, you will have the opportunity to register manually for the services or conclude the protection within the scope of your existing usage contract. For this purpose, after completing your order, the Trustbadge accesses the following information stored in the end device you used: order amount, order number, and email address. This is necessary so that we can offer you buyer protection. Transmission of data to Trusted Shops only occurs once you actively decide to conclude buyer protection by clicking on the appropriately labeled button in the so-called Trustcard. If you choose to use the services, further processing will be based on the contractual agreement with Trusted Shops pursuant to Art. 6 para. 1 lit. b GDPR, in order to complete your registration for buyer protection, secure the order, and, if necessary, send you review invitations via email. Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA through standard data protection clauses and further contractual measures, and in the case of Israel through an adequacy decision. Service provider: Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany; Legal basis: Consent (Art. 6 para. 1 s. 1 lit. a) GDPR), Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR)

Trustpilot: Review platform; Service provider: Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark; Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://de.trustpilot.com; Privacy Policy: https://de.legal.trustpilot.com/end-user-privacy-terms/.

Social Media Presences:

We maintain online presences within social networks and process data of users in this context to communicate with active users or to provide information about us.

We would like to point out that data of users may be processed outside the European Union. This may entail risks for users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These user profiles can then be used to display advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user behavior and interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective processing methods and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Even in the case of information requests and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

• Processed data types: Contact details (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online form). Marketing.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, processes, and services:

Pinterest: Social network; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.pinterest.com; Privacy Policy: https://policy.pinterest.com/de/privacy-policy. Additional Information: Pinterest Attachment for Data Exchange (Attachment A): https://business.pinterest.com/de/pinterest-advertising-services-agreement/.

X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).

YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF). Opt-Out possibility: https://adssettings.google.com/authenticated.

Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, visit time, as well as other information about the use of our online offering, and may also be linked to such information from other sources.

• Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Location data (information about the geographic location of a device or person); Event data (Facebook) ("Event data" refers to data that may be transmitted to Facebook by us via Facebook pixel (via apps or other means) and relates to individuals or their actions; The data may include information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (custom audiences). Event data does not include actual content (such as posted comments), login information, and contact information (such as names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups formed from them are deleted with the deletion of our Facebook account).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offering and user-friendliness; Marketing. Profiles with user-related information (creation of user profiles).
• Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing procedures, processes, and services:

Google Fonts: We obtain fonts (and symbols) from the Google server for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is notified of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. These data may be processed on a server of the font provider in the USA. When users visit our online offering, their browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families that the user wants to load fonts for. This data is logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must adapt the font generated for the respective browser type. The user agent is primarily logged for debugging purposes and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on top integrations based on the number of font requests can be generated. Google states that it does not use any of the information collected by Google Fonts to create user profiles or display targeted ads; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF)

Google Maps: We integrate the maps of the "Google Maps" service provided by Google. The processed data may include IP addresses and location data of the users; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF).

X-Plugins and Content: Plugins and buttons of the platform "X" - This may include content such as images, videos, or texts and buttons with which users can share content of this online offering within X; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://twitter.com/en; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization); Data Processing Agreement: https://privacy.twitter.com/en/for-our-partners/global-dpa. Basis for Third-Country Transfer: Standard Contractual Clauses (https://privacy.twitter.com/en/for-our-partners/global-dpa).

YouTube Videos: Video content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF).

YouTube videos: Video content; YouTube videos are embedded using a special domain (recognizable by the component "Youtube-Nocookie") in the so-called "Enhanced Privacy Mode," which prevents cookies from being collected on user activities to personalize video playback. However, information about user interaction with the video (e.g., remembering the last playback position) may still be stored; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy. Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).