Privacy policy
Privacy policy
1. Data protection at a glance
General information
DThe following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our listed privacy policy.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the section "Note on the responsible party" in this privacy policy.
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This may, for example, be data that you enter in a contact form. Other data is collected automatically or after your consent when you visit the website of our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected:
to ensure error-free provision of the website
to answer contact requests and communication
to process orders and fulfill contracts
Other data may be used to analyze users behavior with the purpose of improving the shopping experience.
Types of data processed
- Inventory data (e.g., names, addresses).
- Contact data (e.g., e-mail, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses) Browser type and version.
- Operating system used
The provider of the pages automatically collect and store information in so-called server log files, which your browser automatically transmits to us. This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.
Categories of data subjects
Visitors and users of the online offer (hereinafter, we also refer to the data subjects collectively as "users").
Analysis tools and third-party tools
When visiting this website, your surfing behavior may be statistically analyzed for the purpose of improving the shopping experience. This is done primarily with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
2. Hosting
Shopify
We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter: "Shopify").
Shopify a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address as well as information about the terminal device you are using and your browser. Shopify also analyzes the number of visitors, visitor sources, and customer behavior, and compiles user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, amount of sales, etc.). For analytics, Shopify stores cookies in your browser.
For details, see Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.
The use of Shopify is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.
Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
3. General notes and obligatory information
Data protection
We take the protection of your personal data very seriously. We treat your personal data confidential and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what kind of data we collect and what we use it for. It also explains how and for what purpose this is done.
Note on the responsible entity
The responsible party for data processing on this website is:
ooshi GmbH
Wichertstr. 6
10439 Berlin
E-mail: info@ooia.de
The responsible body is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).
Storage period
Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
Data protection officer
We have appointed a data protection officer for our company.
Maximilian Hartung
SECUWING GmbH & Co. KG | Data Protection Agency
Frauentorstrasse 9
86152 Augsburg
E-mail: epost@datenschutz-agentur.de
Status: November 2021
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 DSGVO.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct marketing (Art. 21 DSGVO).
If the data processing is based on Art. 6 (1) lit. E or F DSGVO, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation: This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection Pursuant to Art. 21(1) DSGVO).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct advertising. If you object, your Personal Data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) DSGVO).
Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, data subjects have a right of appeal to a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after the conclusion of a contract with costs, there is an obligation to transmit your payment data to us (e.g. account number in the case of direct debit authorization), this data is required for payment processing.
Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
Information, deletion and correction
Within the framework of the applicable legal provisions, you at any time have the right to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
- If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.
Objection to advertising emails
We hereby object to the use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material that has not been expressly requested. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.
4. Data collection on this website
Cookies
Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions desired by you (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent.
Consent with ConsentManager
Our website uses ConsentManager technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter "ConsentManager").
When you enter our website, a connection is made to ConsentManager's servers to obtain your consents and other statements regarding cookie use. Subsequently, ConsentManager stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the ConsentManager provider cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.
Order processing
We have concluded an order processing agreement (AVV) with the provider named above. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Contact Form
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.
The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
Inquiry by email or telephone
If you contact us by email or telephone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.
Order processing in the online store and customer account
We process the data of our customers as part of the ordering process in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services within the framework of the operation of an online store, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
The processing is based on Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. The data will only be processed in third countries if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).
Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. The user accounts are not public and cannot be indexed by search engines. If users have canceled their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons in accordance with Art. 6 para. 1 lit. c DSGVO. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.
The storage is based on our legitimate interests, as well as those of the users in protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation).
If you create a shipping label yourself online for a return or exchange, or if our customer service does this for you (which can happen in rare cases), your address data and, if applicable, telephone number will be transmitted to the shipping service provider.
Product recommendations
If you have concluded a contract with us, we will list you as an existing customer. In order to send you information about similar and new products and services, we process your postal contact data and your email address.
As a customer of our ooia online store, you will regularly receive product recommendations from us by email, regardless of whether you have subscribed to a newsletter. These are information and recommendations about products that might interest you based on your last orders with us. Pursuant to Section 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the email address you provide when making a purchase from our store for direct marketing activities for our own similar products or services.
If you no longer wish to receive our product recommendations, you can unsubscribe at any time. You can unsubscribe simply by clicking on the "Unsubscribe" link in the footer of one of our product recommendations or, of course, by sending an e-mail to info@ooia.de without incurring any costs other than the transmission costs according to the basic rates.
Evaluation request by email
ooshi GmbH may contact you by email to invite you to rate the service and products you have received from us in order to solicit your feedback and improve our service and products. Because we work with an outside company, Trustpilot A/S ("Trustpilot"), to collect customer feedback, we will share your name, email address, and reference number with Trustpilot for this purpose. If you would like to learn more about how Trustpilot processes your data, you can view their privacy policy here (https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms).
5. Analysis tools and advertising
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google signals
We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google signals. If you have a Google account, Google Signal's visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymized statistics on the user behavior of our users.
Google Analytics E-commerce measurement
This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or his device.
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used for the administration and playout of the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transferred to Google's parent company in the United States.
The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on its website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Hotjar
This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool used to analyze your user behavior on this website. Hotjar allows us to record your mouse movements, scrolling movements and clicks, among other things. Hotjar can also determine how long you have remained with the mouse pointer on a certain place. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.
Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your input in a contact form (so-called conversion funnels).
In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.
Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or use of device fingerprinting).
Insofar as consent has been obtained, the use of the aforementioned service is based exclusively on Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f DSGVO; the website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising.
Deactivating Hotjar
If you wish to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/
Please note that disabling Hotjar must be done separately for each browser or device.
For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy
Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
Bing Ads and Conversion Tracking
The website operator uses Bing Ald. Bing Ads is an online advertising program of Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, United States ("Microsoft")...
Bing Ald allows us to show advertisements in search engines or on third-party websites when the user enters certain search terms on Bing (keyword targeting). Furthermore, targeted advertisements can be placed on the basis of user data available at Bing (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have resulted in corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user* account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.
If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please object to this consent in the cookie settings.
The use of Facebook plugins is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php
Instagram plugin
On this website, functions of the service Instagram are integrated. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland integrated.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.
Pinterest plugin
On this website, we use social plugins from the social network Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the visited websites that also contain Pinterest functions, type and settings of the browser, date and time of the request, your usage of Pinterest as well as cookies.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 (1) a DSGVO; the consent can be revoked at any time.
Further information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.
7. newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter we use newsletter service providers, which are described below.
Klaviyo
The newsletter is sent via "Klaviyo", 225 Franklin St, Boston, MA 02110, USA.
You can view the privacy policy of the dispatch service provider here: [https://www.klaviyo.com/privacy].
Legal basis
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://www.klaviyo.com/legal/dpa.
Storage period
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
Newsletter - performance measurement
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or if we use a shipping service provider, from their server. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected.
This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled.
8. plugins and tools
We have listed all plugins and tools in our content management. Here you can also give or revoke your consent for individual services. [https://ooia.de/?cmpscreencustom]
In addition, we still use the following third-party services on our website.
Vimeo
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.
For more information on how Vimeo handles user*in data, please see Vimeo's privacy policy at: https://vimeo.com/privacy.
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This enables Google to know that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator* has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent was requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) a DSGVO; the consent can be revoked at any time.
If your browser does not support web fonts, a standard font from your computer will be used.
For more information on Google Web Fonts, please visit https://developers.google.com/fonts/faq and see Google's privacy policy: https://policies.google.com/privacy?hl=de.
Adobe Fonts
This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you access this website, your browser loads the required fonts directly from Adobe so that they can be displayed correctly on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator* has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent was requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.
For more information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html
You can use WhatsApp to contact us and start a conversation. We are the controller within the meaning of Art. 4 No. 7 DSGVO for subsequent data processing in connection with WhatsApp. For offering and using WhatsApp, we use the software solution of Charles GmbH, Gartensstr. 86-87, 10115 Berlin, under a contract processing agreement. Charles stores all personal data in the EU. As an official WhatsApp partner, Charles uses the WhatsApp Business API with the consequence that no other third parties or WhatsApp gain access to your communication content in the area of our responsibility.
Your use of WhatsApp is solely subject to the agreements you have with WhatsApp. According to the terms of use of WhatsApp, we have your phone number and username through your contact. We use this and other information provided by you for customer service, marketing and order communication. The legal basis here is your consent to contact you in accordance with Art. 6 (1) (a) DSGVO. In addition, we will send you newsletters via WhatsApp if you have given us your consent to do so. Furthermore, you have the option to use WhatsApp to compile your shopping cart. In this case, the data processing is based on Art. 6 (1) (b) DSGVO.
You can revoke an already granted consent at any time with effect for the future. According to the DSGVO, you also have the right to information, correction, portability and deletion of your personal data, as well as the right to restrict or object to certain processing. You also have the right to complain to the supervisory authority responsible for you.
For further information, please refer to the following data protection provisions:
Charles GmbH:www.hello-charles.com/privacy-policy
WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland:https://www.whatsapp.com/legal/privacy-policy-eea
9. Online marketing and affiliate programs
Affiliate programs on this website
The Shoutout tool is used for influencer marketing. It tracks sales generated by influencers using discount codes. In order to be able to allocate and pay out generated commissions, Shoutout processes the first and last name as well as order numbers of customers. The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the correct calculation of the affiliate remuneration. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
We participate in the following affiliate program:
Custom Software Australia Pty Ltd - shoutout.global
Level 33, MLC Centre, 19 Martin Place
Sydney, NSW 2000, AU
Privacy Policy: https://www.shoutout.global/privacy-policy.html
Linkster:
Use of cookies
We use the tracking technology of Linkster GmbH, Colonnaden 5, 20354 Hamburg, Germany, on this site to measure and visualize insights into partnerships and advertising channels. This is a function to measure the efficiency of the corresponding advertising measures. Furthermore, the information enables us to assign advertising successes for billing purposes with corresponding advertising partners. When you click on an advertising integration, cookies are set in your browser, which are read in the event of a transaction. At each touch point, your browser sends an HTTP request to Linkster's server, with which certain information is transmitted. This information includes the URL of the website on which advertising material is placed (referrer URL), the browser identifier (user agent) of your terminal device (including information about the device type and operating system), the IP address of the terminal device (this IP address is anonymized and hashed by us before storage), HTTP header (data package automatically transmitted by your browser with various technical information), the time of the request and, if already stored on the terminal device before, the cookie with its content.
A cookie is a small data packet that is exchanged between your browser and the server. Information relevant to the web application can be stored and transmitted in this data packet, e.g. the contents of a virtual shopping cart.
The tracking technology stores cookies on your terminal device to document actions. A 24-digit, anonymous ID is stored in the cookie. Linked to this ID, the data is stored in encrypted form in our database on the server.
This contains information about the last touch points (i.e. when a particular advertising medium was displayed or clicked on by an end device). If necessary, the stored touch points can be combined to form a sequence chain (user journey).
In the case of a promotion request, the order number and the shopping cart value of your order are usually also transmitted and stored by us. In addition, the following values may be transmitted and stored: Your customer number, new customer characteristic, your age and gender as well as the information provided by you in a customer survey.
The cookies stored by Linkster GmbH are deleted after 30 days at the latest. The information transmitted to us and the cookies serve the sole purpose of a correct allocation of the success of an advertising medium and the corresponding billing and is justified with our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO.
10. ECommerce and payment provider
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transfer upon conclusion of the contract for online stores, dealers and shipment of goods
If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider entrusted with the payment processing. Only such data will be disclosed that the respective service provider needs to fulfill its task. The legal basis for this is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 (1) (a) DSGVO, we will pass your email address to the transport company entrusted with the delivery so that they can inform you by email about the shipping status of your order; you can revoke your consent at any time.
Users can create a user account. As part of the registration process, the required mandatory information is provided to the user and processed on the basis of Art. 6 (1) (b) DSGVO for the purpose of providing the user account. The processed data includes in particular the login information (name, password and an email address). The data entered during registration is used for the purposes of using the user account and its purpose.
Users may be informed by email about information relevant to their user account, such as technical changes. If users have terminated their user account, their data relating to the user account will be deleted, subject to any legal obligation to retain it. It is the responsibility of the users to save their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO. The IP addresses are anonymized or deleted after 7 days at the latest.
Payment services
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by payment service providers for the purpose of payment processing. For these transactions, the respective contract and data protection provisions of the respective providers apply. The use of payment service providers is based on Art. 6 para. 1 lit. b DSGVO (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f DSGVO). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consents can be revoked at any time for the future.
We use the following payment services / payment service providers within the scope of this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
For details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Klarna
Provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. For details on the use of Klarna cookies, please refer to the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
For details, please refer to Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/.
American Express
The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter "American Express").
American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.
For more information, please see the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.
Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
Maestro
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").
Maestro may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
VISA
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA").
The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection equivalent to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
For more information, see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
Bancontact
Provider of this payment service is Bancontact Payconiq Company NV/SA , Rue d'Arlon 82, 1040-Brussels, Belgium.
Details can be found here: https://www.bancontactpayconiq.com/en/press
For more information, please see Bancontact's privacy policy: https://www.bancontact.com/files/privacy.pdf.
eps Bank Transfer
Provider of this payment service is PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna.
Details can be found here: https://eservice.psa.at/de/impressum.html
For further information, please refer to the privacy policy of eps Überweisung: https://eservice.psa.at/de/datenschutzerklaerung.html.
iDEAL
The provider of this payment service is i-Deal Corp Limited, 7 St. John's Road, Harrow, Middlesex, HA1 2EY, United Kingdom.
The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.
Details can be found here: https://www.i-dealcorp.com/.
For more information, see iDeal's privacy policy: https://www.i-dealcorp.com/.
Apple Pay
Provider of this payment service is Apple Payments Inc, belonging to Apple Inc, One Apple Park Way, Cupertino, CA 95014, USA.
Details can be found here: https://www.apple.com/legal/applepayments/direct-payments/.
For more information, see the Apple pay privacy policy: https://www.apple.com/legal/privacy/.
11. Handling of applicants' data
We offer you the opportunity to apply to us (e.g. by email or post). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.
Scope and purpose of data collection
When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship), Article 6 (1) (b) DSGVO (general contract initiation) and - if you have given your consent - Article 6 (1) (a) DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 of the German Federal Data Protection Act (BDSG) and Article 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.
Retention period of the data
If we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to retain the data you have provided for us on the basis of our legitimate interests (Art. 6 (1) (f) DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data will be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.
12. Own services
We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce the rights of users. With regard to US providers certified under the Privacy Shield, we point out that they thereby undertake to comply with the data protection standards of the EU.
Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the user. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the user. For these purposes, cookies are usually stored on the user's computer, in which the usage behavior and interests of the user are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of users' personal data is based on our legitimate interests in providing users with effective information and communication with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers for consent to data processing (i.e. declare their consent, e.g. by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.
For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below.
In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) - Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.
Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) - Privacy Policy/ Opt-Out: https://about.pinterest.com/de/privacy-policy.