Privacy Policy
Privacy Policy
Unless otherwise specified below, the provision of your personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are not obligated to provide this data. Failure to provide it will have no consequences. This applies only to the extent that no other information is provided regarding the processing operations described below.
“Personal data” refers to any information relating to an identified or identifiable natural person.
Server Log Files
You may visit our website without providing any personal information.
Each time you access our website, usage data is transmitted to us or our web host/IT service provider via your internet browser and stored in log files (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
This processing is based on Article 6(1)(f) of the GDPR, in accordance with our overriding legitimate interest in ensuring the smooth operation of our website and in improving our services.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the United States. An adequacy decision by the European Commission exists for Canada. For the U.S., an adequacy decision by the European Commission is in place: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the European Commission’s Standard Contractual Clauses.
Contact
Data Controller
Please contact us if you wish. The data controller is: Ronny Lethmate, Schwanenborg 9, 49835 Wietmarschen-Lohne, Germany, 05908 2209570, service@yvolve.shop
Customer Initiates Contact via Email
If you initiate business contact with us via email on your own initiative, we collect your personal data (name, email address, message text) only to the extent you provide it. The data processing serves to handle and respond to your contact request.
If the contact serves to carry out pre-contractual measures (e.g., consultation regarding a purchase interest, preparation of a quote) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) of the GDPR.
If the contact is made for other reasons, this data processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR.
We use your email address solely to process your inquiry. Your data will subsequently be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Collection and Processing When Using the Contact Form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. The purpose of data processing is to establish contact.
If the contact serves to carry out pre-contractual measures (e.g., consultation regarding a purchase interest, preparation of a quote) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) of the GDPR.
If contact is initiated for other reasons, this data processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR.
We use your email address solely to process your inquiry. Your data will subsequently be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Collection and Processing When Using the Withdrawal Button
If you have entered into a contract through our website, we provide you with a withdrawal function (withdrawal button) through which you can submit your notice of withdrawal immediately.
When you use the withdrawal function, we collect your personal data (name, email address, information identifying the contract or part of the contract you wish to withdraw from, and the time (date and time) the notice of withdrawal was sent) only to the extent you have provided it. The purpose of this data processing is to provide you with the legally required option to withdraw from your contract and to properly process your withdrawal.
If the contact relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) of the GDPR. Otherwise, the data processing is based on Article 6(1)(c) of the GDPR, to fulfill a legal obligation to provide you with a cancellation feature on our website.
We use your email address solely to process your notice of withdrawal. Your data will subsequently be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
The processing of your personal data serves the purpose of legally complying with the statutory requirements for the design of the withdrawal function and is carried out on the basis of Article 6(1)(c) of the GDPR.
This data processing is also carried out on the basis of Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in providing you with a user-friendly option to exercise your right of withdrawal. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR.
Use of Address Validation via the Google Maps API
We use the address validation service provided by Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; “Google”) on our website.
The purpose of this data processing is to check your entries in our address forms in real time for input and typing errors, and to supplement any missing data as necessary. If data is entered incorrectly, alternative suggestions for correcting the data are displayed. For this purpose, the address data you enter is transmitted to the provider, where it is stored and analyzed.
Among other things, the following information may be transmitted to Google and processed there: mailing addresses (country, city, ZIP code, street, house number), email address, phone number.
Your data may also be transferred to the United States in this process. An adequacy decision by the European Commission exists for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Google has obtained certification under the TADPF and is thereby obligated to comply with European data protection principles.
The processing of your personal data is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in maintaining an accurate data foundation to fulfill our contractual obligations. You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation.
The data is processed separately by the provider and is not combined with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than 30 days after entry.
For more information on Google’s Terms of Service and privacy policy, please visit: https://cloud.google.com/maps-platform/terms or https://www.google.de/policies/privacy/.
Customer Account Orders
Customer Account
When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. Processing is based on Article 6(1)(a) of the GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation. Your customer account will then be deleted.
Collection, Processing, and Disclosure of Personal Data When Placing Orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded.
Processing is based on Article 6(1)(b) of the GDPR and is necessary for the performance of a contract with you.
Your data may be disclosed, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly comply with legal requirements. The scope of data transfer is limited to the minimum necessary.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the United States. An adequacy decision by the European Commission exists for Canada. For the United States, an adequacy decision by the European Commission is in place: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the European Commission’s Standard Contractual Clauses.
Reviews Advertising
Data Collection When Posting a Comment or Review
When you comment on or rate an article or post, we collect your personal data (name, email address, comment text) only to the extent that you provide it. The processing serves the purpose of enabling comments and ratings and displaying comments and ratings.
By submitting the comment or review, you consent to the processing of the data you have provided. Processing is based on Article 6(1)(a) of the GDPR with your consent. You may withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal. Your personal data will then be deleted.
When your comment or review is published, only the name you provided will be displayed.
Use of Judge.me
We use the “Judge.me” review system from Judge.me Ltd (c/o Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB; “Judge.me”) on our website.
Judge.me enables us to collect customer reviews and display them on our website to provide you with insight into the quality of our services.
After placing an order, you may receive an invitation from us or Judge.me to submit a review, and you may then submit a review. In doing so, the following data, among others, may be processed by us or Judge.me: email address, name, phone number, address, information about your device (IP address, information about your web browser and the operating system used), information about the product purchased or the service used (order number, product details), the content of your review and the star rating you provided, and your product photos or videos (if you included them with your product review). This data may also be used, if necessary, to verify your review.
Judge.me uses technologies such as cookies.
Your data may be transferred outside the EU to the United Kingdom. An adequacy decision by the European Commission is in place for the United Kingdom.
Your data may be transferred to the United States. An adequacy decision by the European Commission is in place for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Judge.me is not certified under the TADPF. This data transfer is based on special contracts that have been approved for use in the United Kingdom and that provide the same level of protection as that afforded to personal data in the United Kingdom.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1), sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6( 1(a) of the GDPR, provided that you have expressly consented to the transfer of your data and to receiving the review request. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on data protection when using Judge.me, please visit: https://judge.me/privacy.
Use of Your Email Address to Send Newsletters
We use your email address to send you information and offers via newsletter, provided you have expressly consented to this. Data processing serves exclusively for the purpose of sending promotional communications. To this end, we process your email address as well as any other data you voluntarily provided when subscribing to our newsletter.
Processing is based on Article 6(1)(a) of the GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list. Even after removal from the mailing list, we may continue to store your email address on a so-called blacklist to prevent you from receiving future newsletter emails from us. This storage is based on Article 6(1)(f) of the GDPR, in accordance with our and your legitimate interest in preventing the reuse of your email address for sending our newsletter. You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation.
Use of the Email Address for Sending Direct Marketing
We use your email address, which we received in connection with the sale of a product or service, to send you electronic advertisements for our own products or services that are similar to you have already purchased from us, provided you have not objected to this use. Providing your email address is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. The processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in direct marketing.
You may object to this use of your email address at any time by notifying us. The contact information for exercising your right to object can be found in the legal notice. You may also use the link provided for this purpose in the promotional email. No costs other than the transmission costs according to the standard rates will be incurred for this.
Use of Klaviyo
We use the services of Klaviyo Inc. (125 Summer St, Floor 7, Boston, MA 02111, USA; “Klaviyo”) to send our newsletter under a data processing agreement.
We share the information you provided when signing up for the newsletter (email address, first and last name if applicable) with Klaviyo. The data is processed for the purpose of sending the newsletter and analyzing its performance.
To analyze newsletter campaigns, the newsletters we send contain a 1x1-pixel image (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and, if applicable, whether you have clicked on any embedded links. In this context, we collect your personal data, such as your IP address, browser type, device, and the time of access. This data may be used to create usage profiles under a pseudonym. The collected data is not used to identify you personally. The collected data is used solely for statistical analysis to improve newsletter campaigns.
Your data is generally transmitted to and stored on Klaviyo’s servers in the United States. An adequacy decision by the European Commission is in place for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo is certified under the TADPF and is therefore committed to complying with European data protection principles.
The processing of your personal data is based on Article 6(1)(f) of the GDPR, which is grounded in our overriding legitimate interest in a targeted, effective, and user-friendly newsletter system. You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.
For more information on data protection at Klaviyo, please visit https://www.klaviyo.com/legal/privacy-notice and https://www.klaviyo.com/legal/data-processing-agreement.
Merchandise Management
Use of an External Merchandise Management System
We use a merchandise management system for contract fulfillment as part of data processing on our behalf. To this end, your personal data collected in connection with your order is transferred to
plentysystems AG, Johanna-Waescher-Straße 7, 34131 Kassel.
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6(1)(b) of the GDPR.
Payment Service Providers
Use of PayPal Express
We use the PayPal Express payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449, Luxembourg; “PayPal”) on our website. The purpose of this data processing is to offer you the option of paying via the PayPal Express payment service.
To integrate this payment service, it is necessary for PayPal to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, and your device’s location) when you visit the website. Cookies may also be used for this purpose. These cookies enable the recognition of your browser.
The processing of your personal data is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in offering a customer-oriented selection of various payment methods. You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.
When you select and use PayPal Express, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR. For more information on data processing when using the PayPal Express payment service, please refer to the corresponding privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.
Use of PayPal Checkout
We use the PayPal Checkout payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449, Luxembourg; “PayPal”) on our website. The purpose of this data processing is to offer you the option of paying via this payment service. When you select and use payment via PayPal, credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.
In this process, cookies may be stored that enable the recognition of your browser. The resulting data processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.
Credit Card via PayPal, Direct Debit via PayPal, and “Pay Later” via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, PayPal reserves the right to obtain a credit check, if necessary, based on mathematical and statistical methods using credit reporting agencies. To this end, PayPal transmits the personal data required for a credit check to a credit bureau and uses the information received regarding the statistical probability of default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (scores) calculated using scientifically recognized mathematical and statistical methods, which incorporate, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of conducting a credit check for the initiation of a contract.
The processing is carried out on the basis of Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in protecting against payment default when PayPal makes an advance payment.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Article 6(1)(f) of the GDPR by notifying PayPal. Providing this data is necessary to conclude the contract using your preferred payment method. Failure to provide this data will result in the contract not being able to be concluded using the payment method you selected.
Third-Party Providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) of the GDPR. To facilitate this payment method, PayPal may then forward the data to the respective provider. This processing is based on Article 6(1)( b of the GDPR. Examples of local third-party providers include:
- Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Purchase on Account via PayPal
When paying via the “Purchase on Account” payment method, the data required for payment processing is first transmitted to PayPal. To process this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; “Ratepay”) in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR. Ratepay may conduct a credit check based on mathematical-statistical methods (probability or score values) using credit bureaus, following the procedure described above. The purpose of this data processing is to conduct a credit check for the purpose of entering into a contract. The processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in protecting against payment default when Ratepay makes an advance payment. For more information on data protection and which credit bureaus Ratpay uses, please visit https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
For more information on data processing when using PayPal, please refer to the corresponding privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Use of Shopify Payments
We use the “Shopify Payments” payment service provided by Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website.
In this case, payment processing is handled by the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; “Stripe”). The purpose of this data processing is to enable us to offer you payment via the Shopify Payments service. When you select and use a corresponding “Shopify Payments” payment method, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.
Stripe reserves the right to obtain a credit check, if necessary, based on mathematical and statistical methods using credit reporting agencies. To this end, Stripe transmits the personal data required for a credit check to a credit bureau and uses the information received regarding the statistical probability of default to make a balanced decision regarding the establishment, performance, or termination of the contractual relationship. The credit report may include probability values (score values) that are calculated based on scientifically recognized mathematical and statistical methods and incorporate, among other things, address data into their calculation. Your legitimate interests are taken into account in accordance with statutory provisions. The data processing serves the purpose of a credit check for the initiation of a contract. The processing is based on Article 6(1)(f) of the GDPR, grounded in our overriding legitimate interest in protecting against payment default when Stripe makes an advance payment.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Article 6(1)(f) of the GDPR by notifying Stripe. The provision of this data is necessary for the conclusion of the contract using your preferred payment method. Failure to provide this data will result in the contract not being able to be concluded using the payment method you have selected.
For more information on data processing when using the Shopify Payments payment service, please see Shopify’s Privacy Policy at: https://www.shopify.com/de/legal/datenschutz.
For more information on data processing when payments are processed via the payment service provider Stripe, please see Stripe’s Privacy Policy at: https://stripe.com/de/privacy.
Cookies
Our website uses cookies. Cookies are small text files that are stored in or by the web browser on a user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again.
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your web browser, you can be notified before cookies are set, decide individually whether to accept them, and prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time.
However, please note that you may then be unable to use all features of this website to their full extent.
The links below provide information on how to manage (including disabling) cookies in the most common browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically Necessary Cookies
Unless otherwise specified below in this Privacy Policy, we use only these technically necessary cookies for the purpose of making our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you navigate to another page and to provide you with services. Some features of our website cannot be offered without the use of cookies. For these features, it is necessary for the browser to be recognized even after you navigate to another page.
The use of cookies or comparable technologies is based on Section 25(2) of the German Telemedia Act (TDDDG). The processing of your personal data is based on Article 6(1)(f) of the GDPR, grounded in our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our services.
You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.
Use of Consentmanager
We use the consent management tool Consentmanager from Consentmanager AB (Håltegelvägen 1b, 72348 Västerås, Sweden; “Consentmanager”) on our website.
This tool allows you to grant consent to data processing via the website—in particular, the use of cookies—and to exercise your right to withdraw consent that has already been granted.
The purpose of data processing is to obtain and document the necessary consents for data processing and thereby comply with legal obligations.
Cookies may be used for this purpose. In doing so, the following information, among other things, may be collected and transmitted to Consentmanager: Date and time of the page visit, information about the browser and device you are using, anonymized IP address, opt-in and opt-out data. This data is not shared with any other third parties.
Data processing is carried out to fulfill a legal obligation based on Article 6(1)(c) of the GDPR.
For more information on data protection at Consentmanager, please visit: https://www.consentmanager.net/privacy.php
Analysis
Use of Google Analytics 4
We use the web analytics service Google Analytics, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”), on our website.
Data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. To this end, Google will use the information collected on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website and internet usage.
The following information, among other things, may be collected: IP address, date and time of the page visit, click path, information about the browser and device you are using, pages visited, referrer URL (the website from which you accessed our website), location data, and purchase activities. Google may link your data with other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google has about you.
Google truncates the IP address beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area.
Google uses technologies such as cookies, browser-based web storage, and web beacons, which enable an analysis of your use of the website. The use of cookies or similar technologies is based on your consent pursuant to Section 25(1), Sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR.
The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
The information generated in this way regarding your use of this website is generally transmitted to a Google server in the United States and stored there. An adequacy decision by the European Commission is in place for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Google has obtained certification under the TADPF and is therefore committed to complying with European data protection principles. Both Google and U.S. government authorities have access to your data.
For more information on terms of use and data protection, please visit https://policies.google.com/technologies/partner-sites, https://policies.google.com/privacy?hl=de&gl=de, and https://business.safety.google/privacy/.
Use of Shopify Analytics
We use the analytics and statistics functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website as part of a data processing agreement. Shopify is an affiliate of Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
Data processing is carried out for the purpose of analyzing this website and its visitors. To this end, data is stored for marketing and optimization purposes and made available in reports, analyses, and statistics. Among other things, the following device information is collected and processed: information about the web browser, the IP address, the time zone, and some of the cookies installed on your device.
As you navigate the website, information is also collected regarding the web pages or products you visit, the referrer URL (the website from which you accessed our site), and how you interact with the website. Technologies such as cookies, web beacons, tags, and pixels (electronic files used to track how you navigate the website) are used for this purpose.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the United States. An adequacy decision by the European Commission exists for Canada. For the United States, an adequacy decision by the European Commission is in place: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the European Commission’s Standard Contractual Clauses.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1), Sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
You can find more detailed information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz, information on the data processing agreement at https://www.shopify.com/de/legal/dpa, and information on the cookies used at https://www.shopify.com/de/legal/cookies.
Plug-ins and Other Information
Use of Social Plug-ins
We use social network plug-ins on our website. The integration of social plug-ins and the associated data processing serve the purpose of optimizing advertising for our products.
When social plug-ins are integrated, a connection is established between your computer and the servers of the social network providers, and the plug-in is displayed on the page via a notification sent to your browser, provided you have expressly consented to this. In this process, both your IP address and information about which of our pages you have visited are transmitted to the provider’s servers. This applies regardless of whether you are registered with or logged into the social network. Data is also transmitted for users who are not registered or logged in. If you are simultaneously connected to one or more of your social network accounts, the collected information may also be associated with your corresponding profiles. When using the plug-in functions (e.g., by clicking the button), this information is also associated with your user account. You can prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1), Sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
The social networks listed below are integrated into our website via social plugins. For more information on the scope and purpose of data collection and use, as well as your rights in this regard and options for protecting your privacy, please refer to the providers’ privacy policies linked below.
Facebook, operated by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are joint controllers for the collection of your data that occurs when the service is integrated and for the transfer of this data to Facebook. This is based on an agreement between us and Meta Platforms Ireland regarding the joint processing of personal data, which defines the respective responsibilities. The agreement is available at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are specifically responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR regarding the correct technical implementation and configuration of the service, and for complying with the obligations under Articles 33 and 34 of the GDPR, to the extent that a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling data subjects to exercise their rights under Articles 15–20 of the GDPR, to comply with the security requirements of Article 32 of the GDPR with respect to the security of the service, and to fulfill the obligations under Articles 33 and 34 of the GDPR, to the extent that a personal data breach affects Meta Platforms Ireland’s obligations under the Joint Processing Agreement.
Your data may be transferred to the United States. An adequacy decision by the European Commission is in place for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Meta has obtained certification under the TADPF and has thereby committed to complying with European data protection principles.
For more information on Facebook’s collection and use of data, your rights in this regard, and ways to protect your privacy, please see Facebook’s Privacy Policy at https://www.facebook.com/about/privacy/.
Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://help.instagram.com/155833707900388
Your data may be transferred to the United States. An adequacy decision by the European Commission is in place for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Meta has obtained certification under the TADPF and is therefore committed to complying with European data protection principles.
Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
Data processing serves the purpose of ensuring consistent font display on our website. To load the fonts, a connection to Google’s servers is established when you visit the page. Cookies may be used in this process. Among other things, your IP address and information about the browser you are using are processed and transmitted to Google. This data is not linked to your Google account.
Your data may be transferred to the United States. An adequacy decision by the European Commission is in place for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Google has obtained certification under the TADPF and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1), Sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is carried out with your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on data processing and data protection, please visit https://www.google.de/intl/de/policies/ and https://developers.google.com/fonts/faq.
Data Subject Rights and Retention Period
Retention Period
After the contract has been fully executed, the data will initially be stored for the duration of the warranty period; thereafter, it will be stored in accordance with statutory retention periods—particularly those under tax and commercial law—and then deleted upon expiration of these periods, unless you have consented to further processing and use.
Rights of the Data Subject
Provided the legal requirements are met, you are entitled to the following rights under Articles 15 through 20 of the GDPR: the right of access, the right to rectification, the right to erasure, the right to restriction of processing, and the right to data portability.
In addition, pursuant to Article 21(1) of the GDPR, you have the right to object to processing based on Article 6(1)(f) of the GDPR, as well as to processing for the purposes of direct marketing.
Right to lodge a complaint with the supervisory authority
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.
You may lodge a complaint, among other places, with the supervisory authority responsible for us, which you can contact using the following information:
State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover
Tel.: +49 511 1204500
Fax: +49 511 1204599
Email: poststelle@lfd.niedersachsen.de
Right to Object
If the processing of personal data described here is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right to object to such processing at any time for reasons arising from your particular situation, with effect for the future.
Once you have objected, the processing of the data in question will be terminated, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If personal data is processed for direct marketing purposes, you may object to this processing at any time by notifying us. Once you have objected, we will cease processing the relevant data for direct marketing purposes.