1. Subject of this data protection information
- Personal data is all data that can be related to you personally, such as name, address, e-mail address or your usage behavior on our website.
2. Person responsible for data processing
- Responsible in the sense of Article 4 No. 7 of the General Data Protection Regulation (DSGVO) is:
Managing directors: Johanna Leisch, Megan Douglas
3. Data collection and data processing
- The scope of data processing differs depending on whether you use our website only to retrieve information ("informational use") or whether you additionally purchase goods.
- In the case of informational use of our website, we collect data that your Internet browser automatically transmits to us, such as date and time, browser type, browser setting, operating system, last website visited, amount of data transmitted and access status, as well as your IP address. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of website provision, this is the case when the respective session has ended. The log files are kept for a maximum of up to 24 hours directly and exclusively accessible to administrators. The IP address is only stored for the duration of your visit. In addition, we store the data for logging purposes exclusively in anonymized form by shortening the IP address so that an assignment is no longer possible. The data processing is necessary to protect our legitimate interests in an optimal presentation of our website and is therefore carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. f) DSGVO.
- If you purchase goods in the online store, the provision of personal data is required, such as name, address, e-mail address, telephone number and payment data. Necessary mandatory information is specially marked, all other information is voluntary. You also have the option of creating a customer account, in which your data will be stored for future purchases. You can delete this data and the customer account at any time. The legal basis for data processing is Art. 6 para.1 lit. b) DSGVO. The processing of your data is necessary for the performance of a contract or for the implementation of pre-contractual measures.
- If you subscribe to our newsletter, we will regularly send you current information and offers on our products or services by e-mail. For your registration to our e-mail newsletter, in addition to your consent, we only need your e-mail address to which the newsletter should be sent.
- For security reasons, we use the so-called double opt-in procedure to register for our e-mail newsletter: Here you will receive an activation e-mail to your specified e-mail address after your registration to our newsletter. Only when you have confirmed your registration by clicking on a link contained therein will you subsequently receive the desired e-mail newsletter. If you do not confirm your registration within the notified period after receiving the activation e-mail, your newsletter registration will be automatically deleted for security reasons.
- If you no longer wish to receive e-mail newsletters from us, you can unsubscribe from our newsletter at any time by either clicking on the unsubscribe link contained at the end of each newsletter e-mail or by sending us an informal e-mail.
- Data processing when you order our newsletter is based on the legal basis of Art. 6 (1) sentence 1 lit. a) DSGVO in connection with your consent to receive the newsletter. We store your consent for proof and documentation purposes for up to three years at the end of the year following the last newsletter dispatch to you or your declaration of revocation.
5. Disclosure of data to third parties
- We work with payment service providers through which payments for your purchases are processed. During payment, the payment service provider collects and processes personal data that is required for the payment method you have chosen. In this respect, the data protection provisions of the payment service provider selected by you apply in addition. When receiving a payment, we process those data that the payment service provider transmits to us. The processing of payments via service providers occurs on the basis of Art. 6 (1) lit. b) DSGVO. In addition, we have a legitimate interest within the meaning of Art. 6 (1) (f) DSGVO to offer our customers the use of suitable and secure payment options. We store payment data until all mutual claims arising from the respective contractual relationship with you have been fulfilled and the retention periods applicable to us under commercial and tax law have expired.
- Furthermore, for the purpose of billing and accounting, we share data with third parties who are either subject to a professional duty of confidentiality (e.g. tax advisors) or with whom we have concluded a contract for data processing.
6. Transmission to third countries
- We use the store system of the company Shopify, based in Ireland. The legal basis is an order processing agreement between us and Shopify, through which Shopify may only process data according to our instructions.
- When using Shopify, data may also be transferred from Shopify Ireland to Shopify in Canada. In the event that data is transferred to Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission.
7. Tracking & analysis
- We use tracking tools from Facebook and Instagram as well as other social media platforms. These tools enable us to display customized and interest-based advertising on social media platforms to certain groups of pseudonymized visitors to our website.
- We use Google Analytics to evaluate the user behavior of visitors to our website and thereby improve the user experience on our website. In the process, data is sent to Google, evaluated and made available to us in the form of reports.
- For tracking and analysis, the setting of so-called cookies is necessary. Cookies are small text files that are sent from our web server to your browser and stored by it on your terminal device for later retrieval. When you visit our website, you can determine for yourself whether or which cookies are set by us by making settings in the so-called consent banner. The legal basis is therefore your consent pursuant to Art. 6 para. 1 lit a) DSGVO.
8. Embedding videos
- On our website, we embed external videos from YouTube.
YouTube is a video portal that belongs to Google. YouTube or Google collects data from users in order to personalize advertising, among other things.
- The embedding of the videos takes place via the "extended data protection mode" option provided by YouTube. When you call up one of our pages with an embedded YouTube video, a connection is established to the YouTube servers in the USA. A transmission of data, in particular which of our pages you have previously visited as well as device-specific information including the IP address, will only be transmitted to YouTube when you start the video.
- If you are logged into your Google account at the same time as using our website, the data collected will be assigned to your Google account. You can prevent this by logging out of your Google account before visiting our website. Alternatively, you can make settings in your Google account to increase data protection.
- The processing of personal data by Google is based on the standard data protection clauses of the European Commission in accordance with Article 46 (2c) DSGVO. Google has also implemented extensive technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access by third parties. These Google measures are certified to the ISO/IEC 27001:2013 standard. For more information about privacy in connection with
- The embedding of YouTube videos on our website is based on Art. 6 (1) lit. f DSGVO, as we have a legitimate interest in implementing our business model through our own or third-party videos and offering our users valuable topic-related information.
9. your rights as a data subject
- You have the right to request information at any time about whether and what data we process from you and for what purpose, and to whom and on what basis it is disclosed (Art. 15 DSGVO). This also includes your right to receive copies. In the case of a large data stock, users may be asked to specify the information to certain types of data. The information must be provided without delay and may in no case take longer than one month.
- You also have the right to have incorrectly collected personal data corrected or incompletely collected data completed (Art. 16 DSGVO).
- Furthermore, you have the right to demand that we restrict the processing of your data, provided that the legal requirements for this are met (Art. 18 DSGVO).
- In addition, you have the so-called "right to be forgotten", i.e. you can demand that we delete your personal data, provided that the legal requirements for this exist (Art. 17 DSGVO). Irrespective of this, your personal data will be automatically deleted by us if the purpose of the data collection has ceased to exist or the data processing has been carried out unlawfully.
- You have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request that it be transferred to another controller (Art. 20 DSGVO).
In accordance with Art. 7 (3) DSGVO, you have the right to revoke your consent, once given, at any time vis-à-vis us. This has the consequence that we may no longer continue the data processing based on this consent for the future.
- You also have the right to object to the processing of your personal data at any time, provided that a right of objection is provided for by law. In the event of an effective objection, your personal data will also be automatically deleted by us (Art. 21 DSGVO).
- If you wish to exercise your right of revocation or objection, a notification by e-mail is sufficient.
- Without prejudice to any other administrative or judicial remedy pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes GDPR. The competent supervisory authority for us is, among others, the State Commissioner for Data Protection.
Please note: The English version is a courtesy translation only. Only the German version is binding.