Privacy Policy

Privacy notice

As the operators of the Websites under www.threeforonetrading.com and www.shop.threeforonetrading.com (also referred to as „Website“ or „Online-Shop“), we are responsible, within the meaning of the applicable data protection laws, with specific reference to the General Data Protection Regulation (“GDPR”), for the personal data of the user (" You") of the Website.

Below, we inform You in a clear manner, as part of our obligations to provide information (Art. 13 et seqq. GDPR) as to what data is being processed when You visit our Website and on what legal basis the foregoing is carried out. You will also receive information on what your rights are as to us and the relevant regulatory authority.

1. Information about the data controller

Three for One Trading GmbH, Neulerchenfelder Strasse 76 1160 Vienna, Austria

E-mail address: office@threeforonetrading.com

Phone: +43 (0) 1 890 51 54

2. Informational use of our Website

When You visit our Website, so-called log files are processed to allow You visiting it. Such log files are automatically recorded in our system.

The following log files are automatically processed:

  • IP address of the accessing computer 
  • type of internet browser used
  • operating system and its version
  • visited pages 
  • date and time of the visit 
  • referrer
  • type of device used 

The log files contain your IP address, but it will be anonymised in the log-files. So, it is not possible to link it to You and your data will also not be stored together with other personal data. To be able to provide access to our Website it is necessary to process the above-mentioned data.

Legal basis for the processing of data for anonymisation purposes is Art. 6 (1) (f) GDPR.

3. Hosting

 a. Website (threeforonetrading.com)

Our Website is hosted by Ionos SE, Elgendorfer Str. 57, 56410 Montabaur, Germany ("Ionos") on European servers. The personal data collected on this Website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a Website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR). We have concluded a Data Processing Agreement with Ionos.

b. Online-Shop (www.shop.threeforonetrading.com)

Our Online-Shop uses the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the Online-Shop and on the basis of a Data Processing Agreement with Shopify (see https://www.shopify.com/legal/dpa ). All data collected in our Online-Shop is processed on Shopify's servers in Ireland. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the adequacy decision of the European Commission.

Further information on Shopify's data protection can be found on the following website: https://www.shopify.com/legal/privacy.

The shop system is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR). We have concluded a Data Processing Agreement with Shopify.

4. Orders

When You place an order on our Website, we need the following data to fulfil the contract with You:

First name, last name and (billing and shipping) address to send You your order and the invoice.

  • E-mail address in order to send You the order confirmation and to provide You with contract documents immediately after the order.
  • Contents of the shopping basket.
  • Telephone number to contact You if necessary, with questions regarding your order.

In order to send You your order, we pass on your address to our shipping or logistics service provider for the purpose of delivery. We also process the data required in each case in order to unwind our contract following a cancellation or return for any other reason or to check claims.

The legal basis for processing the data is Art. 6 (1) (b) GDPR. The data will be stored for as long as this is necessary for the processing of the contract. Beyond that, we only store your data in order to fulfil our contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) (c) GDPR). In this case, we block your data to the extent that it is only processed for the necessary purposes.

In addition to this data, we store the moment (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) (f) GDPR) in order to ensure the security of our systems and to counteract misuse. This additional data is deleted as soon as it is no longer required, at the latest when the contract with You has been completed.

Payment methods

If You select a payment provider on our Website for payment, this provider will also receive your personal data, for example your name, address and bank account details. In addition, our house bank receives your bank details when an electronic payment is received. The legal basis for processing your personal data for payment purposes is Art. 6 para. 1 (b) and (f) GDPR.

Google Pay: If You pay on our Website with Google Pay (Google Ireland Limited (" Google"), Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), Google will receive your payment data for payment processing and it may be that Google carries out a credit check.

The Google Pay terms of use can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on Google Pay's data protection can be found at the following internet address:

 https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

ApplePay: If You pay on our Website using Apple Pay (Apple Distribution International (" Apple "), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), Apple will receive your payment details for payment processing and Apple may carry out a credit check. Information about this can be found at:https://support.apple.com/de-de/HT203027 .

PayPal: If You pay on our Website with PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg ("PayPal"), PayPal will receive your payment data for the purpose of processing the payment and may carry out a credit check. You can find information on this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#rAnnex .

EPS bank transfer: If You pay on our Website using EPS bank transfer (PSA Payment Services Austria GmbH ("PSA"), Handelskai 92, Gate 2, 1200 Vienna), PSA receives your payment data for payment processing and it may be that PSA carries out a credit check. For more information on the payment method "eps-Überweisung", please click here:

https://www.eps-ueberweisung.at/

PSA's privacy policy is available at:

https://eservice.psa.at/de/datenschutzerklaerung.html

Credit Card/Maestro: When You pay on our Website with your credit card or Maestro, your card provider receives the information that You have placed an order with us. It may be that your card provider carries out a credit check. You can find more information about this on the relevant website of your card provider.

Bank transfer: If You pay by bank transfer on our Website our house bank receives your bank details for payment processing.

5. Contact form

You can contact us electronically via our contact form, e.g. to give us feedback or to ask us questions. If You use this option, You will transmit the following data to us:

  • First name and surname (to address You and for misuse prevention purposes)
  • E-mail address (to contact You) 
  • Personal message (voluntary)

If You contact us via the contact form card purchase (https://www.threeforonetrading.com/kartenankauf), You must also provide us with the following data:

  • Description of the object of purchase (to decide whether and how to make an offer)
  • By which means an offer is desired (obligatory)
  • Country of residence (obligatory)
  • Telephone number (obligatory)

In addition to the data You voluntarily provide to us, we store the moment (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) (f) GDPR) in order to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, is deleted as soon as it is no longer required, at the latest when the matter of your contact has been comprehensively clarified.

The legal basis for processing your data for the purpose of handling your contact is Art. 6 (1) (f) GDPR. It is our legitimate interest to process your data transmitted to us in order to contact You. The data is stored until it is no longer required to achieve the purpose of the conversation with You and the matter of your contact has been fully clarified.

If your contact aims to conclude a contract with us, the additional legal basis for processing your personal data is Art. 6 (1) (b) GDPR. This data is stored for as long as it is required for the execution of the contract. Beyond that, we only store your data in order to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) (c) GDPR)

6. Contacting us by e-mail of telephone

You have the option of contacting us by e-mail or telephone. Your personal data transmitted in this way will be stored by us. The data will only be processed in order to handle your contact. The legal basis for processing your personal data is Art. 6 (1) (f) GDPR. The data is stored until it is no longer required to achieve the purpose of the conversation with You and the matter of your contact has been fully clarified.

If your contact aims to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. This data is stored for as long as it is required for the execution of the contract or the pre-contractual measures. Beyond that, we only store your data in order to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) (c) GDPR).

In addition to the data You voluntarily provide to us, we store the moment (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) (f) GDPR) in order to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, is deleted as soon as it is no longer required, at the latest when the matter of your contact has been comprehensively clarified.

You can inform us at any time (see point 1 above) that You would like us to delete the data provided during the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.

 7. Newsletter

 Newsletter

On our Website, we offer You the opportunity to subscribe to our newsletter free of charge. In addition to your declaration of consent, we need your e-mail address. Further information, e.g. your name, is voluntary and serves to address You personally.

We will only send You the newsletter if You first confirm your registration via a confirmation e-mail sent to You for this purpose by clicking on the link provided. This is to ensure that only You can subscribe to the newsletter. Your confirmation in this regard must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

The legal basis for sending the newsletter as well as voluntary additional information is Art. 6 (1) (a) GDPR. By sending the newsletter registration, You agree to the processing of your data by us. In addition, we store the moment (date and time) of the transmission of your data to us as well as your IP address within the scope of your newsletter registration. The processing of this data corresponds to our legitimate interest pursuant to Art. 6 (1) (f) GDPR in order to ensure the security of our systems and to counteract misuse.

Your data will be processed exclusively in connection with the sending of newsletters. The purpose of processing your e-mail address is to enable us to send You the newsletter. Further data within the scope of the registration process serve either to address You personally or also to ensure the security of our services and to prevent misuse of the e-mail address used.

Your data will only be stored for as long as is necessary to achieve the purpose. Your e-mail address will therefore be stored for the period of your active newsletter subscription if You have given your consent for this. The data that we also automatically collect during your subscription (IP address, date and time) will be deleted at the latest when You end your newsletter subscription.

We use the service of MailChimp, the Rocket Science Group LLC, 675 Ponce de Leon Avenue NE, Suite 5000, Atlanta, GA 30308, USA, to send the newsletter. The data is transferred to the USA on the basis of standard contractual clauses and a Data Processing Agreement concluded with us. Further information on data processing by Mailchimp can be found at: https://mailchimp.com/legal/privacy/ .

We use the MailChimp service to measure the success and reach of our newsletters by recording opening and click rates. For this purpose, MailChimp uses so-called web beacons or tracking pixels to enable statistical surveys. For us, the function is helpful to track whether our newsletter is opened and which topics are particularly interesting. The legal basis for data processing here is Art. 6 (1) (a) GDPR. Your data will only be stored as long as You have subscribed to the newsletter.

We also use the service of SmartrMail, registered to SmartrMail Pty Ltd 52 Cambridge Street, Collingwood, Victoria, Australia 3053 and number ABN 21 610 803 855 for the newsletter dispatch. The data is transferred to Australia on the basis of standard contractual clauses and a Data Processing Agreement concluded with us. Further information on data processing by SmartrMail can be found at: https://www.smartrmail.com/dpa/.

We use the SmartrMail service to measure the success and reach of our newsletters by recording opening and click-through rates. For this purpose, SmartrMail uses so-called web beacons or tracking pixels to enable statistical surveys. For us, the function is helpful to track whether our newsletter is opened and which topics are particularly interesting. The legal basis for data processing here is Art. 6 (1) (a) GDPR. Your data will only be stored as long as You have subscribed to the newsletter.

POSSIBILITY OF CANCELLATION / Newsletter unsubscription

You can unsubscribe or cancel our newsletter at any time. You will find the link at the end of each newsletter. By doing so, You revoke your consent or object to further use of your data for the purpose of sending the newsletter.

8. Google Webfonts

So-called Google web fonts from Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland are used to improve the visual presentation of various information on our Website. The web fonts are fonts and are transferred to your browser's cache when the page is called up in order to be able to use them for the display.

When the page is called up, no cookies are set for the website visitor. Data transmitted in connection with the page call is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can set your browser so that the fonts are not loaded by Google servers, for example by installing add-ons such as NoScript or Ghostery for Firefox.

Information on the data protection conditions of Google Web Fonts is available at: https://developers.google.com/fonts/faq#Privacy .

General information on data protection can be found in the Google Privacy Center at: http://www.google.com/intl/en-DE/privacy/ .

The legal basis for the processing of your personal data is our legitimate interest in a visually improved presentation of our Website in accordance with Art 6 (1) (f) GDPR.

9. Social Media

a. Icon-Links to Social Networks

On our Website we use small icons which refer to our company page on third-party platforms (Facebook Instagra, Twitter and YouTube). These are hyperlinks, so no data is automatically transferred from You, but only when You click on the icons and a new tab opens in your browser with the website of the third-party provider.

b. Facebook-Fanpage

 

We operate a fan page on the social media platform Facebook ( Facebook Inc., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, ("Facebook"), which we link to on our company page via the Facebook icon. If You do not click on the link, Facebook will not receive any data from You. If You click on the link to, for example, view our company presence on Facebook or "like" our site, Facebook will receive data from You (which data Facebook will receive depends also on whether You are logged in at Facebook while You click on the page or not).

While Facebook uses this data under its own responsibility i.a. to create profiles and to generate so-called Custom Audiences, on our fan page we can only see aggregated data, i.e. statistics, that no longer have any personal reference. as "Page Insights". You can find more information about Page Insights at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data

Due to the requirements of the GDPR, we have concluded an agreement with Facebook, which regulates the joint responsibility for our fan page. You can find this agreement in English under the following link: https://www.facebook.com/legal/controller_addendum

Pursuant to this agreement, Facebook is primarily responsible for the aggregated Insight data. In addition, Facebook will comply with all obligations under the GDPR with regard to the processing of Insights data (including Art. 12, 13 GDPR, Art. 15-22 GDPR and Art. 32-34 GDPR). If You send us a request regarding our Facebook fan page, we will inform Facebook of this in a timely manner. Facebook will respond to the request in accordance with our agreement.

Our legitimate interest in processing personal data lies in the use and linking of different communication channels.

The processing is based on the legal grounds of Art. 6 (1) (a) and (f) GDPR (your consent to the setting of cookies and our legitimate interest in analysis, evaluation and marketing). You can find Facebook's data policy at the following link: https://www.facebook.com/policy.php

For the data transfer to the USA, we have concluded contracts with Facebook, including the standard contractual clauses. You can find out more here https://www.facebook.com/legal/technology_terms

c. Instagram Profile

We operate a profile on the social media platform Instagram (Facebook Inc., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (hereinafter: "Instagram"), which we link to on our Website via the Instagram icon. As long as You do not click on the link, Facebook does not receive any data from You. If You click on the link, for example to view our company presence on Instagram, Facebook receives data from You (which data Instagram receives also depends on whether You are logged in to Instagram with your user profile while You click on the page or not).

The processing is based on the following grounds of Art. 6 (1) (a) and (f) GDPR (your consent to the setting of cookies and our legitimate interest in analysis, evaluation and marketing). You can find Instagram's data policy at the following link: https://help.instagram.com/519522125107875?helpref=page_content

d. Twitter Profile

We operate a profile on the social media platform Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland (hereinafter: "Twitter"), which we link to on our Website via the Twitter icon. As long as You do not click on the link, Twitter does not receive any data from You. If You click on the link, for example to view our profile on Twitter, Twitter will receive data from You (which data Twitter receives also depends on whether You are logged in to Twitter with your user profile while You click on the page or not).

The processing is based on the legal grounds of Art. (1) (a) and (f) GDPR (your consent to the setting of cookies and our legitimate interest in analysis, evaluation and marketing). You can find Twitter's data policy at the following link: https://twitter.com/de/privacy

10. Social Media Plugins (with Shariff)

Please note the following: Social media plug-ins from social networks are integrated on our Website (Facebook, Instagram, Reddit, Pinterest). However, data is not sent to the respective social media platforms directly when You call up our Website, but only when You become active yourself by clicking on the respective share button (Shariff function ). You can recognise this by the fact that the buttons are initially greyed out and become coloured when You move your mouse over them.

If You are already logged in to the social media platform when You click on the button, a window will appear in which You can confirm whether You want to share the post on the respective platform. If You are not already logged in, the log-in field will appear on the platforms.

a. Facebook Plug-In (with Shariff)

The social network Facebook is offered (in Europe) by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: Facebook). Facebook is primarily responsible for data processing on Facebook. When the plug-in (a Facebook component) is clicked on, Facebook becomes aware that You have activated the component from one of our pages. If You are logged in to Facebook at the same time, Facebook will assign this information to your user profile on Facebook. The embedding of the Facebook sharing function on our Website and the associated data processing corresponds to our legitimate interests, because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Facebook is your consent, Art. 6 (1) (a) GDPR. The data policy of Facebook can be found here: https://www.facebook.com/policy.php.

b. Reddit Plug-In (with Shariff)

The social network Reddit is offered by reddit Inc, 520 Third Street, Suite 305, San Francisco, CA 94107 , USA (hereinafter: Reddit). Reddit is primarily responsible for data processing on Reddit. When the plug-in (a Reddit component) is clicked on, Reddit becomes aware that You have activated the component from one of our pages. If You are logged in to Reddit at the same time, Reddit will assign this information to your user profile on Reddit. Embedding the sharing function on Reddit on our Website and the associated data processing corresponds to our legitimate interests because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Reddit is your consent, Art. (1) (a) GDPR. Reddit´s data policy can be found here: https://www.redditinc.com/policies/privacy-policy.

c. Twitter Plug-In (with Shariff)

The social network Twitter is offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter: Twitter). Twitter is primarily responsible for data processing at Twitter. When the plug-in (a Twitter component) is clicked on, Twitter becomes aware that You have activated the component from one of our pages. If You are logged in to Twitter at the same time, Twitter will assign this information to your user profile on Twitter. Embedding the Twitter sharing function on our Website and the associated data processing corresponds to our legitimate interests, because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Twitter is your consent, Art. 6 (1) (a) GDPR. For a possible third country transfer, the standard contractual clauses are used and Twitter is still certified under the Privacy Shield ( https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active ). Twitter´s data policy can be found here: https://twitter.com/en/privacy.

d. Pinterest Plug-In (with Shariff)

The social network Pinterest is offered by Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA (hereinafter: Pinterest). Pinterest is primarily responsible for data processing on Pinterest. When the plug-in (a Pinterest component) is clicked on, Pinterest becomes aware that You have activated the component from one of our pages. If You are logged in to Pinterest at the same time, Pinterest will assign this information to your user profile on Pinterest. The embedding of the Pinterest sharing function on our Website and the associated data processing corresponds to our legitimate interests, because we also want to present ourselves in this way. The legal basis for this is therefore Art. 6 (1) (f) GDPR. If You choose to activate the button to share a post, the legal basis for the resulting data processing and data transfer to Pinterest is your consent, Art. 6 (1) (a) GDPR. You can find Pinterest´s data policy here: https://policy.pinterest.com/en/privacy-policy

11. Other third-party content that is integrated on our Website 

a. YouTube

We integrate videos from YouTube of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (hereinafter: "YouTube") for the purpose of making our Website more appealing. We use the extended data protection mode so that information about You is only shared with YouTube if You activate the video by clicking on the play button of the video.

When You activate the video, YouTube uses cookies to collect information for analysis purposes and to improve the user experience. According to YouTube, the data is processed pseudonymously. However, if You are logged in to your Google or YouTube account, the data may be linked directly to your YouTube account.

Further information on data protection, including the storage period of your data with YouTube, can be found in Google's data protection guidelines at: https://policies.google.com/privacy?hl=en&gl=en.

The legal basis for the integration of the YouTube service on our Website and the associated processing of your data is Art. 6 (1) (f) GDPR.

Google is still certified under the Privacy Shield, but for data transfers Google now relies on the standard contractual clauses.

For this: https://policies.google.com/privacy/frameworks?hl=en and on the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

b. Google Maps

The map service Google Maps of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland is integrated on our Website (hereinafter: " Google Maps " or "Google"). We use the service so that You can quickly locate us and, if necessary, plan your journey to us.

If You call up our "Store in Vienna" page and have allowed Google Maps cookies via the cookie selection (External Media), it is possible that your IP address will be transferred to Google servers in the USA, as a connection to Google servers is automatically established. In addition to the IP address, Google Maps may receive the date and time our site is accessed, the internet address or URL of our site; furthermore, Google may process device IDs, cookie information and location information for various purposes. If You are signed into a Google service, Google may associate this data with your account (we have no control over this).

Information on how Google uses location information can be found at: https://policies.google.com/technologies/location-data#why-use . General information about Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en .

Incognito mode: If You access our site with your iPad, iPhone or Android device, have installed the Google Maps app on your device and have selected incognito mode there, some Google Maps services will be deactivated. This may also affect the use of Google Maps on our site. You can find more information on incognito mode at: https://support.google.com/maps/answer/9430563?co=GENIE.Platform%3DiOS&hl=en&oco=0 (iPhone/iPad) and https://support.google.com/maps/answer/9430563?co=GENIE.Platform%3DAndroid&hl=en (Android).

The legal basis for the integration of Google Maps and, if applicable, the transmission of your data to Google is Art. 6 (1) (f) GDPR. There is an agreement between us and Google Maps on joint responsibility pursuant to Art. 26 GDPR. You can access this at: https://privacy.google.com/intl/en/businesses/mapscontrollerterms/ .

Google is still certified under the Privacy Shield, but for data transfers Google now relies on the standard contractual clauses.

For this: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI as well as https://policies.google.com/privacy/frameworks?hl=en&gl=en

12. Applicant data

On our Website we provide information about vacancies in our team and You can send us your application by e-mail. We process your data for the purpose of handling your application procedure, which means that your application will be viewed by the staff members who are responsible for shortlisting You. Your data will not be passed on to third parties and we will not use your data for other purposes.

Your applicant data will be stored by us. If we reject your application, we will only store the data for as long as necessary, for a maximum period of six months, unless You give us your consent to store the applicant data for longer in order to contact You after this period if necessary.

The legal basis for the processing of your data is § 26 BDSG and Art. 88 GDPR.

13. Use of service providers

We would like to point out that when processing your personal data, we may use service providers with whom we have concluded Data Processing Agreements (e.g. for website hosting). If processors in a third country (not within the EU) carry out the data processing, we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 et seqq. GDPR). The legal basis for the use of service providers is Art. 6 (1) (f) GDPR. The commissioning of service providers (specialists or other service providers in areas that we cannot serve ourselves) is in our legitimate interest. If You would like to receive a copy of the suitable or appropriate guarantees, please let us know (see point 1 above).

14. Your rights

When we process your data, You are a "data subject" within the meaning of the GDPR. You have the following rights:right to access the stored personal data, right torectification, right to restriction of the processing, right to erasure, right to be informed as well as right to data portability, in addition, You have aright to object and a right to withdraw consent and the right to file a complaint with the supervisory authority.

Below You will find details about the individual rights:

a. Right to access the stored personal data

You have the right to demand from us confirmation whether we process your personal data.

If we process your personal data, You have the right to disclosure in particular of the following information: the processing purposes, the categories of personal data being processed, the recipients or categories of recipients to whom your personal data have been or will be disclosed, if possible, the planned duration your personal data will be stored.

b. Right to rectification

You have the right to rectification and/or completion of the data we have stored about You if such data is incorrect or incomplete. We will initiate the correction or completion immediately

c. Right to restriction of processing

Under certain conditions, You have the right to demand that we restrict the processing of your personal data, for instance, if You contest the accuracy of your personal data and we have to verify for a certain period the accuracy of your personal data. For the duration of the verification, your data will only be processed in a restricted manner. Another example of restriction is if we no longer need your data, but You need it for a legal dispute.

d. Right to erasure

You have the right in certain situations to request that we delete your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected the data or if we have processed your data unlawfully. Another example would be if we process your data on the basis of your consent, You withdraw your consent and we do not process the data on any other legal basis. However, your right to erasure does not always exist. For example, we may process your personal data to comply with a legal obligation or because we need it for litigation.

e. Right to be informed 

If You have asserted your right towards us to rectification, erasure, or restriction, we are required to notify all recipients to whom we have disclosed your personal data, about the rectification, erasure, or restriction of the processing of your data, except when it results to be impossible or involves a disproportionate effort thereto.

f. Right to data portability 

You have the right, under certain conditions, to receive the personal data You have provided to us in a structured, commonly used and machine-readable format and the right to have this data transferred to another controller. This is the case where we process the data either on the basis of your consent or on the basis of a contract with You and that we process the data using automated procedures.

In this context, You have the right to obtain that we transfer your personal data directly to another controller, insofar as this is technically feasible and the freedoms and rights of other persons are not affected thereby.

This right to data portability does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

g. RIGHT TO OBJECT

At any time, You have the right, for reasons that arise from your particular situation, to object against the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR. This also applies to a profiling referred to in these provisions.

In the event of an objection, we will cease to process your personal data, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal rights.

When we process your personal data to perform direct marketing, You have at any time the right to object to the processing of your personal data for the purpose of such marketing. This also applies to profiling, as far as it is related to direct marketing. If You object to the processing of your personal data for direct marketing purposes, we will no longer process them for these purposes.

h. Right of withdrawal

Under Art. 7 (3) GDPR You have the right to withdraw your consent at any time. The withdrawal of consent does not retroactively render the processing unlawful.

i. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. You may in particular exercise your right of to lodge a complaint in the member state of your place of residence, employment or the place of the alleged infringement, if You believe that the processing of your personal data is violating the GDPR. 

15. Validity and last amendment of this Privacy notice

Version: August 2021

Customized data protection: www.datenschutz-stuttgart.com 

Cookie Policy 

Please note the following information: You can ensure yourself that no cookies are stored on your computer at all, or that the storage of only certain cookies is permitted. You can select this in your internet browser settings. You can also view and delete the stored cookies there.

If You block all cookies, You may not be able to use all the functions on our Website.

We use cookies on our Website. Cookies are text files that are sent to your browser by our web server when You visit our Website and are stored on your computer for later retrieval. A cookie therefore enables your internet browser to be identified when You call up the website again. There are session cookies, which are cookies that are deleted when You close your browser, and there are persistent cookies, which are stored on your hard drive until their preset expiry date is reached or until they are actively removed by You.

1. First-Party Cookies

We use our own cookies to ensure the functionality of our Website. Some elements of our Website require that your internet browser is recognised after a page change.

In the overview You can see for which purposes your data is collected and for how long it is stored:

Name

 

 

Purpose

 

 

Storage period

 

 

crumb

 

 

Prevents cross-site request forgery (CSRF).

 

 

Session

 

 

For the processing of personal data in cookies that we set on our Website in order to ensure the functionality of our Website and our offer, the legal basis is Art. 6 (1) (f) GDPR, insofar as personal data are contained in the cookies.We also use cookies that are not necessary in principle, but are helpful, e.g. to ensure the functionality of our Website and to collect and analyse statistics on access to our Website. In the overview You can see the purposes for which your data is collected and the period for which it is stored:

Name

 

 

Purpose

 

 

Storage period

 

 

_fbp

 

 

Is set by Facebook and identifies browsers in order to provide analysis services for advertising and websites

 

 

3 months

 

 

fr

 

 

Set by Facebook and used to deliver ads and measure and improve their relevance.

 

 

3 months

 

 

IDE

 

 

Set by Google DoubleClick to record and report the user's actions on the website after viewing or clicking on one of the provider's ads. The purpose is to measure the effectiveness of an ad and display targeted ads to the user.

 

 

13 months

 

 

test_cookie

 

 

Set by Google DoubleClick , to check whether the user's browser supports cookies.

 

 

15 minutes

 

 

VISITOR_INFO1_LIVE

 

 

Set by YouTube to attempt to estimate user bandwidth on pages with embedded YouTube videos.

 

 

6 months

 

 

YSC

 

 

Set by YouTube and registers a unique ID to gather statistics of the videos the user has watched.

 

 

session

 

 

yt.innertube::nextId

 

 

This cookie registers a unique ID to obtain statistics of videos from YouTube that the user has watched.

 

 

never

 

 

yt.innertube::requests

 

 

This cookie registers a unique ID to obtain statistics about videos from YouTube that the user has watched.

 

 

never

 

 

_gcl_au

 

 

This cookie is used by Google Tag Manager to track and store conversions.

 

 

3 months

 

 

CONSENT

 

 

Set and used by YouTube to determine if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for the website's compliance with the GDPR.

 

 

16 years 5 monthsdays 3 Tage 12 hours

 

 

 

user_segment

 

 

Used to enable retargeting.

 

 

session

 

 

test

 

 

No description available

 

 

never

 

 

We obtain your consent for the processing of personal data in cookies that are not necessary to ensure the functionality of our Website. Therefore, the legal basis is Art. 6 (1) (a) GDPR. 

Possibility of objection and removal 

As communicated in the introduction to this section, You can enable or restrict the transmission of cookies by changing the settings in your internet browser. You can delete cookies that have already been stored by your internet browser there at any time. If cookies are restricted or disabled for our Website, it may not be possible to use all functionalities. 

2. Third-Party-Cookies

We use cookies from so-called "third-party providers" on our Website. This means that in the course of your visit to our Website, data from in your web browser is transmitted to the third party's web server and stored there. The processing operation triggered on our Website is therefore a transmission. We do not receive your personal data.

a) Google Analytics

The Google Analytics analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: " Google Analytics") is implemented on our Website. 

Google Analytics uses cookies that store the following information:

  • Type of internet browser used
  • version of the internet browser
  • the operating system You are using
  • referrer (previously visited website)
  • your shortened IP address 
  • Time of the server request 

Name, purpose and storage period of the cookie:

  • _ga; used to distinguish users in order to generate statistical data on the use of the website; duration: 2 years 

Name, purpose and storage period of the cookie:

  • _gat_UA-124329543-1, limits the request rate for Google Analytics; duration: until the browser session is terminated.

Name, purpose and storage period of the cookie:

  • _gid, used to distinguish users in order to generate statistical data about website usage; duration: 24 hours

We use a feature of Google Analytics that anonymises your IP address before storing or processing it. As a rule, your IP address is still shortened within the European Union/EEA and only then transmitted, for example, to Google servers in the USA. The processing of your information is pseudonymous and we will not merge it with any other personal data about You.

We are only shown statistics via the tool, which we can use to optimise our Website and offers.

Before we set the cookies, we obtain your consent for this (Art. 6 (1) (a) GDPR).

You can prevent the collection of the data generated by the cookie and related to your use of the Website (including your (anonymised) IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

You can either prevent the storage of Google cookies directly in your browser settings yourself or prevent the processing of your data by clicking on the following link and bringing about an "opt-out": Click here to opt-out of Google Analytics. In doing so, an "opt-out cookie" will be set, which will prevent the collection of your user data on this website in the future, unless the opt-out cookie is deleted. 

You can find Google's privacy policy at the following link: https://policies.google.com/privacy?hl=en.

Google is still certified under the Privacy Shield, but for data transfers Google now relies on the standard contractual clauses.

For this: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631 and on the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI and https://policies.google.com/privacy/frameworks?hl=en&gl=en.

b) Facebook-Pixel

On our Website, we use the analytics tool Facebook Pixel from Facebook Inc, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland ("Facebook"). Facebook Custom Audiences works with a JavaScript code snippet that is executed when someone opens a page. We use this to analyse the effectiveness of our advertising. We cannot identify individual users or specifically target them with ads through our Facebook Business Profile, only groups of users.

We use Facebook Pixel in such a way that the sending of pixel actions to Facebook is interrupted until cookie consent has been given. With Facebook Pixel, we want to ensure that advertising is displayed to those visitors to our Website on Facebook who meet certain characteristics (interest in certain products, gender, certain age, live in a certain city, etc.). Facebook calls the grouping of users according to certain characteristics "Custom Audiences". The advertisements shall be shown on Facebook to those who are potentially interested and not to those who are not likely to be interested in our product.

Our Custom Audience consists of the "Custom Audience through websites" function, i.e. the Facebook pixel matches visitors to our Website with people on Facebook. The following data is sent to Facebook:

Context data: This includes the redirect URL, browser information and the person's Facebook user ID (hashed).

In addition, the pixel helps to statistically track the effectiveness of advertisements, this is called "conversion" by Facebook. The Facebook Pixel tells us whether people in the target group have visited our Website, searched for a particular product on our Website, looked at a particular product or product category, whether a purchase was initiated, whether a purchase was completed. The Facebook Pixel tells us whether people were directed to our site from a paid search engine result and whether people are interested in special offers. We can only tell from the statistics that this has happened - we cannot identify individual people.

We have noticed that our product receives significantly more attention when we use Facebook Pixel. Therefore, it is in our legitimate interest to integrate Facebook Pixel on our Website (legal basis Art. 6 (1) (f) GDPR). We also obtain your consent before setting cookies and pixels (legal basis Art. 6 (1) (a) GDPR).

In your Facebook profile, You can choose yourself whether You want to receive personalised advertising. You can object to the collection by Facebook Pixel and the use of your data for Facebook Ads (as part of a Custom Audience). If your browser does not accept third-party cookies, the Facebook Pixel will not be set.

Facebook´s data policy can be found here: https://www.facebook.com/policy.php . You can find more information from Facebook about the Facebook Pixel here: https://www.facebook.com/business/help/651294705016616 .

For the data transfer to the USA, we have concluded contracts with Facebook, including the standard contractual clauses. You can find more about this here:

https://www.facebook.com/legal/technology_terms

Facebook is still certified under the Privacy Shield; however, we do not base data transfer to the US on this. Information on this can be found at:

https://www.facebook.com/about/privacyshield

as well as https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

c) Squarespace Analytics

This Website uses Squarespace Analytics, a web analytics service provided by Squarespace Ireland Ltd, Le Pole House, Ship Street Great, Dublin 8, Ireland ("Squarespace"). Squarespace Analytics uses cookies. The information generated by the cookies about your use of this Website (including your IP address) will be transmitted to and stored by Squarespace on servers in the United States. Squarespace is certified under the EU-US Privacy Shield, but for data transfers Squarespace now relies on the standard contractual clauses.

Squarespace will use the information collected to evaluate your use of the Website for us and to compile reports on Website activity and to provide other services related to Website and internet use. Squarespace may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Squarespace's behalf. Squarespace will not associate your IP address with any other data held by Squarespace. You have the option of preventing cookies from being stored on your computer by making the appropriate browser settings. You can find out more about data processing by Squarespace Analytics at https://de.squarespace.com/privacy/ .

Functional and necessary cookies

Squarespace uses some cookies that are necessary because they allow visitors to navigate the Website and use important features. These are the following cookies:

Name

Purpose

 

 

Storage period

 

 

crumb

 

 

Used to deliver advertisements and measure and improve their relevance.

 

 

session

 

 

The legal basis for data processing is our legitimate interest in an appealing and functional Website in accordance with Art 6 (1) (f) GDPR.

Analytics and performance cookies

Squarespace uses analytics and performance cookies to collect information for us about how You interact with our Website. These are the following cookies:

Name

 

 

Purpose

 

 

Storage period

 

 

SS_MATTR

 

 

These cookies provide us with information about your visit, such as device and browser usage and referring pages. This helps us identify areas for improvement and those that are most appreciated. The cookies collect information in anonymised form.

 

 

10 years

 

 

SS_MID

 

 

Identifies unique visitors and tracks a visitor's sessions on a website.

 

 

10 years

 

 

SS_lastvisit

 

 

Identifies unique visitors and tracks a visitor's sessions on a website.

 

 

1 year

 

 

ss_cid

 

 

Identifies unique visitors and tracks a visitor's sessions on a website.

 

 

2 years

 

 

ss_cpvisit

 

 

Identifies unique visitors and tracks a visitor's sessions on a website.

 

 

2 years

 

 

ss_cvisit

 

 

Identifies unique visitors and tracks a visitor's sessions on a website.

 

 

30 minutes

 

 

ss_cvr

 

 

Identifies unique visitors and tracks a visitor's sessions on a website.

 

 

2 years

 

 

ss_cvt

 

 

Identifies unique visitors and tracks a visitor's sessions on a website.

 

 

30 minutes

 

 


Before we set the cookies, we obtain your consent for this (Art. 6 (1) (a) GDPR).

c. Shopify cookies

During the ordering process in our shop, Shopify collects processed personal data of the buyer such as name, address and email address. When using our shop, we receive data of your internet protocol (IP) with information about your browser and operating system. Our shop is operated by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Shopify provides us with its online e-commerce platform to sell our products and services. Your data is processed through Shopify's data storage, databases and general program functions. Shopify stores your data on a secure server with a firewall.

Here is a list of the cookies used by Shopify. These are listed here to give You the choice to allow cookies or not.

Functional and necessary cookies

Shopify uses some cookies that are necessary because they allow visitors to navigate our Website and use important features. These are the following cookies: 

Name

 

 

Purpose

 

 

Storage period

 

 

_shopify_m

 

 

Used to manage customer privacy settings.

 

 

1 year

 

 

_shopify_tm

 

 

Used to manage customer privacy settings.

 

 

30 minutes

 

 

_shopify_tw

 

 

Used to manage customer privacy settings.

 

 

2 weeks

 

 

_tracking_consent

 

 

Tracking setting

 

 

1 year

 

 

cart_currency

 

 

Used in conjunction with the shopping cart.

 

 

2 weeks

 

 

cart_sig

 

 

Used in conjunction with the checkout.

 

 

2 weeks

 

 

master_device_id

 

 

Used in conjunction with the merchant login.

 

 

2 years

 

 

PHPSESSID

 

 

These cookies store temporary data to enable website functionality.

 

 

session

 

 

secure_customer_sig

 

 

Used in conjunction with the customer login.

 

 

20 years

 

 

The legal basis for data processing is our legitimate interest in an appealing and functional Website in accordance with Art 6 (1) (f) GDPR.

Analytics and marketing cookies

Shopify uses analytics and marketing cookies to help us better understand how customers interact with our Website. Cookies are also used to track website visitors across websites. The aim here is to serve advertisements that are relevant and engaging to individual users. The cookies in question are as follows:

Name

 

 

Purpose

 

 

Storage period

 

 

_fbp

 

 

Set by Facebook and identifies browsers to provide analytics services for advertising and websites.

 

 

3 months

 

 

_gcl_au

 

 

This cookie is used by Google Tag Manager to track and store conversions.

 

 

3 months

 

 

_landing_page

 

 

Tracking of landing pages.

 

 

2 weeks

 

 

_orig_referrer

 

 

Tracking of landing pages.

 

 

2 weeks

 

 

_shopify_d

 

 

Shopify analytics.

 

 

session

 

 

_shopify_evids

 

 

Shopify analytics.

 

 

session

 

 

_shopify_s

 

 

Shopify analytics.

 

 

30 minutes

 

 

_shopify_sa_p

 

 

Shopify analytics related to marketing & recommendations.

 

 

30 minutes

 

 

_shopify_sa_t

 

 

Shopify analytics related to marketing & recommendations.

 

 

30 minutes

 

 

_shopify_y

 

 

Shopify analytics.

 

 

1 year

 

 

cookietest

 

 

This cookie is used to determine if the visitor has accepted the cookie consent field.

 

 

session

 

 

optimizelyEndUserId

 

 

A cookie set by the website optimisation platform Optimizely. This cookie is a unique user identifier.

 

 

6 months

 

 

tms_default_locale

 

 

No description available.

 

 

1 day

 

 

tms_previous_pathname

 

 

No description available.

 

 

session

 

 


Before we set the cookies, we obtain your consent for this (Art. 6 (1) (a) GDPR).

For more information on Shopify Analytics, please visit https://help.shopify.com/en/manual/reports-and-analytics/shopify-reports . Shopify´s privacy policy can be found at: https://www.shopify.com/legal/privacy .

3. Validity and last amendment of this cookie policy

Version: August 2021