Data Privacy

This translation is only intended to make it easier for international customers to understand, the English wording is not legally binding.
Only the German Data Privacy are legally valid. By agreeing to the Data Privacy, you expressly agree to the German version.

Privacy policy for visitors to our website

Hello and thank you for your interest in our website. Among other things, we take your rights to privacy, data protection, and informational self-determination very seriously.
Therefore, we would like to inform you of the following:

Who we are

You can find all information about this in our Imprint and About Us.

Who is responsible for data protection at our company (data protection officer)

Since we are a very small company with only two permanent employees, everyone is responsible for data protection. Employees Andreas Kramer and Ron Bussenius, as well as CEO Moritz Brunnhofer, are the data protection officers.

What the privacy policy is about - definition

Our privacy policy is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public as well as for our customers and business partners.
To ensure this, we would like to explain the terminology used in advance. The terms used, such as "personal data" or their "processing," are defined in Article 4 of the General Data Protection Regulation (GDPR).

In this privacy policy we use, among other things, the following terms:

1. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2. Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
3. Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
4. Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
5. Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. It's safe to say right now: we don't use profiling!
6. Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7. Controller or Data Controller
The controller or data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are specified by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
8. Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
9. Recipient
A recipient is a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.
10. Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons authorised to process the personal data under the direct authority of the controller or processor.
11. Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Scope of processing of personal data

We generally only collect and use our users' personal data to the extent necessary to provide a functional website and our content and services. The collection and use of our users personal data generally only occurs with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

We collect and use your personal data exclusively in accordance with the provisions of the GDPR. Below, we inform you about the type, scope, and purpose of the collection and use of personal data. You can access this information at any time on our website.

Data transmission and logging for internal system and statistical purposes

For technical reasons, your internet browser automatically transmits data to our web server when you access our website. This includes, among other things, the date and time of access, the URL of the referring website, the file accessed, the amount of data sent, the browser type and version, the operating system, and your IP address. This data is stored separately from other data you enter when using our service. It is not possible for us to assign this data to a specific person. This data is evaluated for statistical purposes and subsequently deleted.

The legal basis for this is Article 6 (1) (f) GDPR, which states that the processing of personal data is possible even without the consent of the data subject if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular if the data subject is a child. The aforementioned purposes are in our interest. To the extent that we use cookies, please refer to our explanations under "How do we use cookies on this website?"

What happens when you register as a customer

When you register with us, we collect the following data from you: gender, first name, last name, email, password, and address (mandatory fields). This essentially includes everything we need to ship the ordered goods to you.
We record your actions to the extent necessary to fulfill the contractual relationship pursued here (e.g., in the case of a purchase "on account." However, since this is not currently offered, this does not occur for the time being). The legal basis is Article 6 (1) (b) GDPR. We store the data until the end of the statutory retention period.

How do we use Google Analytics

This website does NOT currently use Google Analytics! Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies about your use of the website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will shorten your IP address beforehand within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The legal basis is Article 6 (1) (f) GDPR, which states that the processing of personal data may be carried out without the consent of the data subject if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail, in particular if the data subject is a child. Our legitimate business interest is to evaluate user behavior on this website. Your interests are protected by your options for avoiding processing, which we will describe later, and by anonymization. We have also concluded a contract processing agreement with the provider, thus ensuring our right to give instructions to the provider. We delete the data after 14 months at the latest.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent cookies from being saved by selecting the appropriate settings in your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in.

We reserve the right to use Google Analytics in the future to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service & Privacy Policy

We use social media plugins

We currently do not use any social media plugins. However, we reserve the right to use the following social media plug-in: Facebook.
We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing, or the retention periods. We also have no information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research, and/or tailoring its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the respective plug-in provider. Through plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offering and make it more interesting for you as a user.

The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and publicly shares it with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this prevents your data from being assigned to your profile with the plug-in provider.

Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy policies of these providers provided below. There you will also find further information about your rights in this regard and settings options for protecting your privacy.

Our partner publisher, Hans im Glück Verlags GmbH, also maintains a company page with this provider. If you interact with this page, there is a possibility that the provider will process your data as described in paragraphs 2 to 5.

The legal basis is Article 6 (1) (f) GDPR, which stipulates that the processing of personal data is possible even without the consent of the data subject if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular if the data subject is a child. Our legitimate business interest is to give you the opportunity to voluntarily interact with us on social networks – as described here.

Address of the plug-in provider with their Privacy Policy:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
Facebook has submitted to the EU-US Privacy Shield.

Our obligation to collect this data
And: What happens if we don't collect this data

There is no legal obligation to collect this data. However, failure to collect it may make it more difficult to visit our website.

To whom do we transfer the data
And: When does the data leave the EU or the European Economic Area

The following companies may receive the above-mentioned data, and we will indicate below if the data leaves the European Union or the European Economic Area:

Third-country reference:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
Privacy Policy and further information on data collection
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA
Privacy & Terms

Others:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (Google Analytics)
Positive Group Deutschland GmbH (rapidmail), Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany (exclusively for newsletters)

Ensuring adequate data security

We maintain current technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third-party access. These measures are continually updated to reflect the current state of the art.

The use of cookies on this website

Furthermore, cookies are stored on your computer when you use the website. Cookies are small text files that are stored on your hard disk and associated with the browser you use. They allow certain information to be sent to the entity that placed the cookie (in this case, us). Cookies cannot run programs or transmit viruses to your computer. They are designed to make the website more user-friendly and effective. We provide information about your use via a banner.

Inventory Data 

If a contractual relationship is to be established, defined, or amended between you and us, we will collect and use your personal data to the extent necessary for these purposes.
Upon order of the competent authorities, we may, in individual cases, provide information about this data (inventory data) to the extent necessary for the purposes of criminal prosecution, to avert danger, to fulfill the statutory duties of the Office for the Protection of the Constitution or the Military Counterintelligence Service, or to enforce intellectual property rights.

Your Rights

You have certain rights. You have the right to information about the personal data processed about you, as well as the right to rectification or erasure, to restriction of processing, to object to processing, and to data portability. Upon your request, this information can also be provided electronically.

You also have the right to complain about us to the supervisory authority responsible for us. We politely point out that these rights may be subject to certain conditions, which we will insist on being met.

If you insist on the deletion of your data, we will obviously no longer be able to carry out any outstanding deliveries. We can, of course, delete all data from your profile, but for legal reasons, we must continue to retain a history of your orders in the form of invoices. The tax office requires us to keep invoices for at least 10 years.