Privacy Policy
––––––––––––––––––––
Privacy Policy
––––––––––––––––––––
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can personally identify you.
1.2 The controller responsible for data processing on this website, as defined by the General Data Protection Regulation (GDPR), is:
Paul Weber, Waldstraße 76, 13403 Berlin, Germany, Tel.: +49 174 7860465, Email: paulweberplau@gmail.com.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise provide information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for displaying the website:
• The website visited by us
• Date and time of access
• Amount of data transmitted in bytes
• Source/referrer from which you arrived at the page
• Browser used
• Operating system used
• IP address used (if applicable, in anonymized form)
The processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. This data is not shared or used for any other purpose. However, we reserve the right to review server log files subsequently if specific indications point to unlawful use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.
3) Cookies
To make the visit to our website more attractive and enable the use of certain functions, we use cookies—small text files stored on your device. Some cookies are automatically deleted after closing your browser (“session cookies”), while others remain on your device longer and enable settings to be saved (“persistent cookies”). You can find the storage duration of persistent cookies in your browser’s cookie settings.
If personal data is processed by individual cookies, this processing is carried out in accordance with Art. 6 (1) lit. b GDPR for contract execution, Art. 6 (1) lit. a GDPR based on your consent, or Art. 6 (1) lit. f GDPR to protect our legitimate interests in the best functionality of the website and a user-friendly experience.
You can configure your browser to notify you about the setting of cookies, decide individually about accepting them, or exclude cookies for certain cases or in general.
Please note that the functionality of our website may be limited if cookies are not accepted.
4) Contacting Us
When contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of responding to your inquiry and to the extent necessary.
The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6 (1) lit. f GDPR. If your contact aims to conclude a contract, an additional legal basis for processing is Art. 6 (1) lit. b GDPR.
Your data will be deleted once your inquiry has been fully resolved, provided that no statutory retention obligations exist.
5) Use of Customer Data for Direct Marketing
Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for receiving the newsletter is your email address. Any additional data is voluntary and will be used to address you personally.
We use the so-called double opt-in procedure for sending newsletters. This ensures that you only receive newsletters if you have expressly confirmed your consent to receive newsletters by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit. a GDPR. When registering for the newsletter, we store your IP address as provided by your internet service provider (ISP), as well as the date and time of registration, to trace any potential misuse of your email address.
The data collected when registering for the newsletter is strictly used for its intended purpose.
You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the controller mentioned above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use your data for legally permitted purposes, which we inform you about in this policy.
6) Data Processing for Order Fulfillment
6.1
To the extent necessary for contract execution, including delivery and payment purposes, the personal data we collect is transmitted to the contracted shipping company and payment institution in accordance with Art. 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or digital products under a relevant contract, we process the contact data you provided when ordering (name, address, email address) to inform you about upcoming updates within the legally mandated period. This is done via an appropriate communication channel (e.g., by mail or email) based on our legal information obligations under Art. 6(1)(c) GDPR. Your contact data is strictly used for notifications about updates we owe and processed only as required for that purpose.
To fulfill your order, we also work with the following service providers, who assist us fully or partially in carrying out contracts. Certain personal data will be shared with these service providers as detailed below.
6.2
To fulfill our contractual obligations to our customers, we collaborate with external shipping partners. We share your name, delivery address, and, if necessary for delivery, your phone number solely for the purpose of goods delivery, based on Art. 6(1)(b) GDPR.
6.3 Use of Payment Service Providers (Payment Services)
Apple Pay
If you choose the “Apple Pay” payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the “Apple Pay” feature on your iOS, watchOS, or macOS device by charging a payment card stored in “Apple Pay.” Apple Pay uses security features built into your device’s hardware and software to protect your transactions. To authorize a payment, you must enter a pre-set code and verify using the “Face ID” or “Touch ID” function on your device.
For payment processing, the information you provided during the order process, along with details about your order, is transmitted in encrypted form to Apple. Apple further encrypts this data with a developer-specific key before transmitting it to the payment service provider of the card stored in Apple Pay. The encryption ensures that only the website where the purchase was made can access the payment data. Once the payment is completed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm payment success.
If personal data is processed during these transmissions, the processing is carried out exclusively for payment processing purposes in accordance with Art. 6(1)(b) GDPR.
Apple stores anonymized transaction data, including the approximate purchase amount, date, time, and indication of whether the transaction was successfully completed. These anonymized data are used to improve “Apple Pay” and other Apple products and services.
If you use Apple Pay on an iPhone or Apple Watch to complete a purchase made on Safari on a Mac, the Mac and the authorization device communicate via an encrypted channel on Apple servers. Apple does not process or store this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone under “Wallet & Apple Pay” by deactivating “Allow Payments on Mac.”
Further information about Apple Pay privacy can be found at: https://support.apple.com/de-de/HT203027.
Google Pay
If you choose the “Google Pay” payment method offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment is processed via the “Google Pay” application on your mobile device (running Android 4.4 “KitKat” or higher) with NFC functionality, by charging a payment card or payment system stored in Google Pay (e.g., PayPal). For payments above €25, prior unlocking of your mobile device using the set verification method (e.g., facial recognition, password, fingerprint, or pattern) is required.
For payment processing, the information you provided during the order process, along with order details, is transmitted to Google. Google then transmits your stored payment information in the form of a one-time transaction number to the originating website to verify payment completion. This transaction number contains no information about the actual payment details of your stored payment method but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google acts solely as an intermediary for payment processing. The transaction is exclusively between the user and the originating website by charging the stored payment method.
If personal data is processed during these transmissions, the processing is carried out exclusively for payment processing purposes in accordance with Art. 6(1)(b) GDPR.
Google reserves the right to collect, store, and analyze specific transaction-related information for every Google Pay transaction. This includes the date, time, and amount of the transaction, the merchant location and description, a description of the purchased goods or services provided by the merchant, photos attached to the transaction, the name and email address of the seller and buyer, the payment method used, your description of the transaction purpose, and any associated offers.
According to Google, this processing is carried out exclusively in accordance with Art. 6(1)(f) GDPR, based on the legitimate interest in proper billing, transaction data verification, and optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information collected and stored when using other Google services.
Google Pay terms and conditions can be found here:
Further information about Google Pay privacy can be found at:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de.
Klarna
This website offers one or more online payment methods from the following provider:
Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
When choosing a payment method from Klarna that requires you to pay upfront (e.g., credit card payment), the payment data you provided during the order process (including name, address, bank/card information, currency, and transaction number), as well as information about your order, are transmitted to Klarna in accordance with Art. 6(1)(b) GDPR. The transfer of your data is solely for the purpose of payment processing.
8) Retargeting/Remarketing and Conversion Tracking
Facebook Pixel for Creating Custom Audiences
Within our online offering, we use the “Facebook Pixel” service provided by: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).
When a user clicks on an ad we run on Facebook, “Facebook Pixel” adds a parameter to the URL of our linked page. This URL parameter is then stored in the user’s browser via a cookie set by our linked page after redirection.
This allows Facebook to identify visitors to our online offering as a target audience for displaying ads (so-called “Facebook Ads”). We use this service to show our Facebook Ads only to Facebook users who have shown interest in our online offering or who display certain characteristics (e.g., interests in specific topics or products based on visited websites) that we share with Facebook (“Custom Audiences”).
Additionally, “Facebook Pixel” can track whether users who clicked on a Facebook ad were redirected to our website and what actions they performed there (so-called “Conversion Tracking”).
The data collected is anonymous to us and does not allow us to identify users. However, Facebook stores and processes this data, enabling it to link the data to the respective user profiles and use it for its advertising purposes.
All of the processing described above, particularly setting cookies to read information on the end device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.
We have entered into a data processing agreement with the provider to ensure the protection of our site visitors’ data and prevent unauthorized disclosure to third parties.
The information generated by Facebook is typically transmitted to a Facebook server and stored there; in this context, data may also be transmitted to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.
9) Data Subject Rights
9.1 The applicable data protection law grants you the following rights (access and intervention rights) regarding the processing of your personal data by the data controller, subject to the respective legal basis and conditions:
• Right of access under Art. 15 GDPR;
• Right to rectification under Art. 16 GDPR;
• Right to erasure under Art. 17 GDPR;
• Right to restriction of processing under Art. 18 GDPR;
• Right to notification under Art. 19 GDPR;
• Right to data portability under Art. 20 GDPR;
• Right to withdraw consent under Art. 7 (3) GDPR;
• Right to lodge a complaint under Art. 77 GDPR.
9.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH FUTURE EFFECT.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
10) Duration of Storage of Personal Data
The duration of the storage of personal data depends on the respective legal basis, the purpose of processing, and—if applicable—any statutory retention period (e.g., commercial and tax retention periods).
When processing personal data based on explicit consent under Art. 6 (1) lit. a GDPR, the data will be stored until you withdraw your consent.
If statutory retention periods apply to data processed under Art. 6 (1) lit. b GDPR in the context of contractual or quasi-contractual obligations, the data will be routinely deleted after the retention periods expire, provided the data is no longer required for contract fulfillment or initiation and/or we have no legitimate interest in continuing storage.
When processing personal data under Art. 6 (1) lit. f GDPR, the data will be stored until you exercise your right to object under Art. 21 (1) GDPR unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
When processing personal data for direct marketing purposes under Art. 6 (1) lit. f GDPR, the data will be stored until you exercise your right to object under Art. 21 (2) GDPR.
Unless otherwise stated in this declaration about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.