Privacy Policy

––––––––––––––––––––
Privacy Policy
––––––––––––––––––––


1) Introduction and contact details of the responsible party
1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data here means all data by which you can be personally identified.
1.2 The entity responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is SP7 GmbH, Dreischeibenhaus 1, 40211 Düsseldorf, Germany, email: info@sp7.com. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

2) Data collection when visiting our website
When using our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect such data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/referral from which you accessed the site
- Used browser
- Used operating system
- Used IP address (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.

3) Hosting & Content Delivery Network
- Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services by Shopify, data may also be transmitted in the context of further processing on behalf to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. In the event of data transmission to Shopify Inc. in Canada, the adequate level of data protection is ensured by the adequacy decision of the European Commission. Further information on Shopify's data protection can be found at the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope communicated below.

4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device longer and allow the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.
If personal data is also processed by individual cookies used by us, processing is carried out according to Art. 6 para. 1 lit. b GDPR either for the performance of the contract, according to Art. 6 para. 1 lit. a GDPR in the case of given consent, or according to Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contact
5.1 Own review reminder (no dispatch by a customer review system)
We use your email address to send a one-time reminder to submit a review of your order for the rating system we use, provided you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR during or after your order.
You can revoke your consent at any time by sending a message to the data processing responsible party.
5.2 Zendesk
We use the email ticket system Zendesk, a customer service platform of Zendesk International Ltd., 55 Charlemont Place, Saint Kevin's, Dublin D02 F985, Ireland ("Zendesk"), to process customer inquiries. When users of our website submit contact requests by email, these are stored and organized in the ticket system to enable chronological processing and improve the service experience. Users can always view the current status of the processing of their request via the individually assigned ticket number.
Exclusively for the organization of inquiries and their processing, personal data is collected to the extent provided in the inquiry, but at least name, first name, and email address, transmitted to Zendesk, stored there, and read out.
The legal basis for processing this data is our legitimate interest in the efficient design of our customer service, in the fastest possible response to your request, and in optimizing our service offering according to Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with Zendesk, which obliges Zendesk to protect the data of our customers and not to pass it on to third parties.
Personal data may possibly be transmitted to servers of Zendesk Inc. in the USA. For such data transmissions, Zendesk follows binding internal data protection regulations (Binding Corporate Rules – BCR), which have been recognized by the Irish Data Protection Authority as suitable guarantees for compliance with European data protection standards.
Your data will be deleted after the final processing of your request. This is the case when the circumstances indicate that the matter concerned has been conclusively clarified and provided that no statutory retention obligations oppose this.
Further information on Zendesk's data protection can be found at https://www.zendesk.de/company/customers-partners/privacy-policy/.
5.3 As part of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your request according to Art. 6 para. 1 lit. f GDPR. If your contact aims at a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when the circumstances indicate that the matter concerned has been conclusively clarified and provided that no statutory retention obligations oppose this.

6) Comment function
As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you chose are stored and published on this website. Furthermore, your IP address is stored for security reasons to enable assignment to the author in the event of unlawful comments. Your email address is stored for contacting you if a third party should object to your published content as unlawful.

7) Use of customer data for direct advertising
7.1 Registration for our email newsletter
When you sign up for our email newsletter, we regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters after you have explicitly confirmed your consent to receive the newsletter by clicking a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In doing so, we store the IP address registered by your Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any possible misuse of your email address at a later time. The data we collect when registering for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the responsible party named above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement.
7.2 - Newsletter dispatch via Klaviyo
The sending of our email newsletters is carried out via the technical service provider »Klaviyo«, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on the data you provide when registering for the newsletter. This transfer is made in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send newsletters on our behalf. Klaviyo does not use the data of our newsletter recipients to contact them itself or to pass it on to third parties.
To protect your data in the USA, we have a data processing agreement ("Data-Processing-Agreement") with Klaviyo, in which Klaviyo commits to protecting the data of our users, processing it on our behalf according to its privacy policy, and in particular not passing it on to third parties.
You can view Klaviyo's privacy policy here: https://www.klaviyo.com/legal/privacy

8) Data processing for order fulfillment
8.1 - Submission of image files for order processing via upload function
On our website, we offer customers the possibility to commission the personalization of products by submitting image files via an upload function. The submitted image motif is used as a template for the personalization of the selected product.
Via the upload form on the website, the customer can send one or more image files from the storage of the device used directly to us via automated, encrypted data transmission. We then collect, store, and use the transmitted files exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed about this in the following paragraphs. No further transfer takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 para. 1 lit. b GDPR. After the final processing of the order, the transmitted image files are automatically and completely deleted.
- Transmission of image files for order processing via email
On our website, we offer customers the possibility to commission the personalization of products by sending image files via email. The submitted image motif is used as a template for the personalization of the selected product.
Via the email address provided on the website, the customer can send one or more image files from the storage of the device used to us. We then collect, store, and use the files transmitted exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed about this in the following paragraphs. No further transfer takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 para. 1 lit. b GDPR. After the final processing of the order, the transmitted image files are automatically and completely deleted.
8.2 As far as necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.
If, based on a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided during the order (name, address, email address) to inform you personally about upcoming updates within the legally prescribed period via a suitable communication channel (such as by post or email) in accordance with our legal information obligations under Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
For the processing of your order, we also cooperate with the following service provider(s) who support us wholly or partly in the execution of concluded contracts. Certain personal data are transmitted to these service providers in accordance with the following information.
8.3 To fulfill our contractual obligations to our customers, we work with external shipping partners. We forward your name, delivery address, and, if necessary for the delivery, your telephone number exclusively for the purpose of goods delivery in accordance with Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.
8.4 Transfer of personal data to shipping service providers
- Deutsche Post
If the delivery of the goods is carried out by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will forward your email address to Deutsche Post in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we will only forward the recipient's name and delivery address to Deutsche Post. The transfer is only made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Deutsche Post or delivery notification is not possible.
Consent can be revoked at any time with effect for the future towards the responsible party named above or towards Deutsche Post.
- DHL
If the delivery of the goods is carried out by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will forward your email address to DHL in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we will only forward the recipient's name and delivery address to DHL. The transfer is only made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or delivery notification is not possible.
The consent can be revoked at any time with effect for the future towards the responsible party named above or towards the transport service provider DHL.
- DHL Express
If the delivery of the goods is carried out by the transport service provider DHL Express (DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn), we will provide your email address in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification to DHL Express, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we only provide the recipient's name and the delivery address to DHL Express. The transfer only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL Express or the delivery notification is not possible. The consent can be revoked at any time with effect for the future towards the responsible party named above or towards the transport service provider DHL Express.
- DPD
If the delivery of the goods is carried out by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will provide your email address and your telephone number to DPD before the delivery of the goods in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we only provide the recipient's name and the delivery address to DPD. The transfer only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DPD or the delivery notification is not possible.
The consent can be revoked at any time with effect for the future against the above-mentioned responsible party or against the transport service provider DPD.
- Hermes
If the delivery of the goods is carried out by the transport service provider Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg), we will provide your email address to Hermes before the delivery of the goods in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we only provide the recipient's name and the delivery address to Hermes. The transfer only takes place to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Hermes or the transmission of status information about the shipment delivery is not possible.
Consent can be revoked at any time with effect for the future towards the responsible party named above or towards the transport service provider Hermes.
8.5 Use of payment service providers (payment services)
- Amazon Pay
If you select the payment method "Amazon Pay," the payment processing is carried out by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we transmit the information you provide during the ordering process along with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. The transmission of your data is exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this purpose. If cookies, i.e., small text files stored on the device, are set when using Amazon Pay, this is done solely based on your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time via the "Cookie Consent Tool" implemented on the website. Further information about the privacy policy of Amazon Payments is available at the following internet address: https://pay.amazon.de/help/82974
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your device running iOS, watchOS, or macOS by charging a payment card stored in "Apple Pay." Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify it using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, the information you provide during the ordering process, along with the information about your order, is transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function by charging a payment card stored in Google Pay or a verified payment system there (e.g., PayPal). To authorize a payment over Google Pay exceeding €25, you must first unlock your mobile device using the configured verification method (such as facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, the information you provide during the ordering process along with the details of your order are passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which verifies the completed payment. This transaction number contains no information about the actual payment data of your payment methods stored in Google Pay but is created and transmitted as a uniquely valid numeric token. In all transactions via Google Pay, Google acts solely as an intermediary to process the payment. The transaction is conducted exclusively between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Google reserves the right to collect, store, and analyze certain transaction-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when using other Google services.
The terms of use of Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
When selecting a Klarna payment service, the payment processing is carried out by Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable the processing of the payment, your personal data (first and last name, street, house number, postal code, city, gender, email address, phone number, and IP address, if applicable additionally date of birth and your bank details) as well as data related to the order (e.g., invoice amount, items, delivery method) will be forwarded to Klarna for the purpose of identity and creditworthiness verification, provided you have expressly consented to this in accordance with Art. 6 para. 1 lit. a GDPR during the order process. You can view which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data. Klarna uses the obtained information about the statistical probability of a payment default for a balanced decision regarding the establishment, execution, or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the data processing responsible party or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
Your personal data will be processed in accordance with applicable data protection regulations and according to the information in Klarna's privacy policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
processed.
- Masterpayment
When selecting the payment methods "Direct Debit (Lastschrift)" and/or "Invoice Delivery" and/or "Installment Purchase" via Masterpayment, you will be prompted during the order process to provide your personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and for direct debit the specified bank account details). To protect our legitimate interest in determining the creditworthiness of our customers, this data will be forwarded by us in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check to Masterpayment LTD, 483 Green Lanes, London, N13 4BS, United Kingdom ("Masterpayment"). Masterpayment checks, based on the personal data you provide as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option you selected can be granted with regard to payment and/or default risks. For the decision within the application review, in addition to Masterpayment-internal criteria according to Art. 6 para. 1 lit. f GDPR, identity and credit information from the following credit agencies may also be included:
- CCreditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Tel.: +49 (0)2131-109-501, Fax: -557
- CRIF GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Tel.: +49 (0)40-89803-0, Fax: -419
- SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Tel.: +49 (0)611-9278-0, Fax: -109
The credit report may contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data.
You can object to this processing of your data at any time by sending a message to the person responsible for data processing or to Masterpayment. However, Masterpayment may still be entitled to process your personal data if this is necessary for proper payment processing under the contract.
- Mollie
If you choose a payment method of the payment service provider Mollie, the payment processing is carried out by the payment service provider Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands, to whom we pass on the information you provided during the ordering process along with the information about your order (name, address, IBAN, BIC, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider Mollie and only to the extent necessary for this purpose.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or - if offered - "purchase on account" or "installment payment" via PayPal, we pass your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer is carried out in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR based on PayPal's legitimate interest in determining your creditworthiness. The result of the credit check regarding the statistical probability of payment default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data. For further data protection information, including the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provide during the ordering process along with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information about the data protection of Shopify Payments can be found at the following internet address: https://www.shopify.com/legal/privacy.
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
- SOFORT
When selecting the payment method "SOFORT", the payment processing is carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we pass on the information you provide during the ordering process along with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose. Further information about SOFORT's data protection provisions can be found at the following internet address: https://www.klarna.com/sofort/datenschutz.
- Stripe
If you choose a payment method from the payment service provider Stripe, the payment processing is carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provide during the ordering process along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. More information about Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation.
Stripe reserves the right to conduct a credit check based on mathematical-statistical methods to protect the legitimate interest in determining the user's creditworthiness. The personal data necessary for a credit check and obtained during payment processing may be transmitted by Stripe to selected credit agencies, which Stripe discloses to users upon request. The credit report may contain probability values (so-called score values). As far as score values are included in the credit report result, they are based on a scientifically recognized mathematical-statistical method. The calculation of score values includes, among other things but not exclusively, address data. Stripe uses the result of the credit check regarding the statistical probability of default to decide on the authorization to use the chosen payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the appointed credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing.

9) Online Marketing
Facebook Pixel for creating Custom Audiences with enhanced data matching (with cookie consent tool)
Within our online offering, the so-called "Facebook Pixel" of the social network Facebook is used in the mode of enhanced data matching, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").
Based on the user's explicit consent, when a user clicks on an advertisement displayed on Facebook that we have placed, Facebook Pixel appends an addition to the URL of our linked page. This URL parameter is then written into the user's browser as a cookie after redirection, which our linked page itself sets. Additionally, specific customer data from this cookie, such as the email address collected on our website linked to the Facebook ad during processes like purchases, account registrations, or sign-ups, is recorded (enhanced data matching). The cookie is then read by Facebook Pixel and enables the forwarding of data, including specific customer data, to Facebook.
With the help of the Facebook Pixel with advanced matching, Facebook is able, on the one hand, to precisely determine the visitors of our online offer as a target group for displaying ads (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel with advanced matching to show the Facebook Ads we place only to those Facebook users who have shown an interest in our online offer or who exhibit certain characteristics (e.g., interests in specific topics or products determined based on the visited websites) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel with advanced matching, we also want to ensure that our Facebook Ads correspond to the potential interests of the users and do not appear intrusive. This allows us to further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "Conversion"). Compared to the standard version of Facebook Pixel, the advanced matching function helps us better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.
All transmitted data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to place advertisements on and off Facebook.
These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
The information generated by Facebook is usually transmitted to a Facebook server and stored there; this may also involve transmission to the servers of Meta Platforms Inc. in the USA. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

10) Retargeting/ Remarketing/ Recommendation Advertising
Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing; with this, we advertise this website in Google search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. Further data processing only takes place if you have consented to Google linking your internet and app browsing history with your Google account and using information from your Google account to personalize ads you view on the web. In this case, if you are logged into Google during your visit to our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form audiences. When using Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.
Details about the processing initiated by Google Ads Remarketing and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plug-in from Google available at the following link:
https://support.google.com/ads/answer/7395996?
Further information and the privacy policy regarding advertising and Google can be viewed here:
https://www.google.com/policies/technologies/ads/
All processing described above, especially setting cookies to read information on the device used, is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the "Cookie-Consent-Tool" provided on the website.
TikTok Pixel
This website uses the "TikTok Pixel," a tracking technology of the social network "TikTok" by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").
Using cookies (small text files stored on the device used), information about browsing behavior on our website is collected in pseudonymized form, transmitted to TikTok, stored there, and evaluated to enable the display of interest-based and personalized product recommendations on TikTok. The information collected and processed in pseudonymized form generally includes the device ID, device type, timestamp, operating system used, and IP address. The information can be associated with the user's person using additional information that TikTok has stored about the user, for example, due to owning an account on the social network "TikTok." TikTok can also combine the information collected via the pixel with other information TikTok has collected from other websites and/or in connection with the use of the social network "TikTok" to create pseudonymized usage profiles. Under no circumstances can the collected information be used to personally identify visitors to this website.
The TikTok Pixel also enables us to track the effectiveness of advertising on TikTok. If the user is redirected from an ad on TikTok to pages of this website and the cookies have not yet expired, the pixel records certain predefined user actions by us and can track them (e.g., completed transactions, leads, search queries on the website, views of product pages). When such an action is performed, your browser sends an HTTP request via the TikTok Pixel from the cookie to the TikTok server, transmitting certain information about the action. Through this transmission, TikTok can create statistics about user behavior on our website after redirection from a TikTok ad, which serve us to optimize our offer.
All the processing described above, especially the setting of cookies to read information on the device used, is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. We have concluded a data processing agreement with TikTok for the use of the TikTok Pixel, which obliges TikTok to protect the data of our site visitors and not to pass it on to third parties. TikTok generally transmits collected information outside the European Economic Area and relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level.

11) Site functionalities
11.1 Use of YouTube videos
This website uses the Youtube embedding function to display and play videos from the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
The extended privacy mode is used here, which according to the provider's information only activates the storage of user information when the video(s) is/are played. When the playback of embedded YouTube videos is started, the provider "YouTube" sets cookies to collect information about user behavior. According to "YouTube", these are used, among other things, to collect video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged into Google, your data will be directly assigned to your account when you click on a video. If you do not want the assignment to your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles, which you must address to YouTube to exercise. In the course of using YouTube, personal data may also be transmitted to the servers of Google LLC in the USA.
Regardless of the playback of the embedded videos, a connection to the Google network is established with each visit to this website, which can trigger further data processing operations beyond our control.
All the above-described processing, especially reading information on the device used via the tracking pixel, is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the use of YouTube videos during your visit to the site will not take place.
You can revoke your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website via alternative options communicated to you on the website.
Further information on data protection at "YouTube" can be found in the YouTube Terms of Service at https://www.youtube.com/static?template=terms and in Google's privacy policy at https://www.google.de/intl/de/policies/privacy
11.2 Use of Vimeo Videos
Our website includes plugins from the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to Vimeo's servers. The content of the plugin is transmitted directly from Vimeo to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged into Vimeo. This information (including your IP address) is transmitted directly from your browser to a Vimeo server in the USA and stored there.
If you are logged into Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. If you interact with the plugins (e.g., pressing the start button of a video), this information is also directly transmitted to a Vimeo server and stored there.
If you do not want Vimeo to directly assign the data collected via our website to your Vimeo account, you must log out of Vimeo before visiting our website.
Please refer to Vimeo's privacy policy for the purpose and scope of data collection and the further processing and use of the data by Vimeo, as well as your related rights and settings options to protect your privacy: https://vimeo.com/privacy
For videos from Vimeo embedded on our site, the tracking tool Google Analytics from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated. This is Vimeo's own tracking, to which we have no access and which cannot be influenced by our site. Google Analytics uses so-called "cookies" for tracking; these are text files stored on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there; this may also involve transmission to the servers of Google LLC in the USA.
All processing described above, especially reading information on the device used via the tracking pixel, is only carried out if you have given us your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR. Without this consent, the use of Vimeo videos during your visit to the site will not take place.
You can revoke your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website via alternative options communicated to you on the website.
11.3 Applications for job postings by e-mail
On our website, we currently advertise vacant positions in a separate section, to which interested parties can apply via email to the provided contact address.
Inclusion in the application process requires that applicants provide us with all personal data necessary for a well-founded and informed assessment and selection together with the application by e-mail.
The required information includes general personal information (name, address, a telephone or electronic contact option) as well as performance-specific evidence of the qualifications necessary for a position. If applicable, health-related information is also required, which must be given special labor and social law consideration in the interest of social protection in the person of the applicant.
Which components an application must contain in individual cases to be considered and in what form these components must be submitted by email can be found in the respective job advertisement.
After receipt of the application sent using the specified email contact address, the applicant data is stored by us and evaluated exclusively for the purpose of processing the application. For any queries arising during processing, we use either the email address provided by the applicant with their application or a specified telephone number at our discretion.
The legal basis for these processing activities, including contact for queries, is generally Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with § 26 para. 1 BDSG), according to which the application process is considered as the initiation of an employment contract.
If special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information about severe disability status) are requested from applicants during the application process, the processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our related obligations.
Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 para. 1 lit. h GDPR if it is carried out for purposes of health care or occupational medicine, for assessing the applicant's ability to work, for medical diagnosis, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector.
If, in the course of the evaluation described above, no applicant is selected or an applicant withdraws their application prematurely, the data transmitted by e-mail as well as all electronic correspondence including the original application e-mail will be deleted after appropriate notification, at the latest after 6 months. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, fulfilling our proof obligations under the regulations on equal treatment of applicants.
In the case of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with § 26 para. 1 BDSG) for the purposes of carrying out the employment relationship.

12) Rights of the data subject
12.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data, whereby the respective legal basis for exercising these rights is referenced:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to deletion pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw given consents pursuant to Art. 7 para. 3 GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
12.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS WITHIN THE SCOPE OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the processing purpose, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).
When processing personal data based on an explicit consent according to Art. 6 para. 1 lit. a GDPR, these data are stored as long as the data subject withdraws their consent.
If there are statutory retention periods for data processed in the context of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the expiration of the retention periods, provided they are no longer required for contract fulfillment or initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data based on Art. 6 para. 1 lit. f GDPR, these data are stored as long as the data subject exercises their right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves the assertion, exercise, or defense of legal claims.
When processing personal data for the purpose of direct advertising based on Art. 6 para. 1 lit. f GDPR, these data are stored as long as the data subject exercises their right to object under Art. 21 para. 2 GDPR.
Unless otherwise specified by the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.