General Data Protection Regulation (GDPR)
Privacy Policy
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
1.2 The controller for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is KOVALI KITCHEN LTD., Suite C, Level 7, World Trust Tower, 50 Stanley Street, Central, Hong Kong, E-mail: info@kovaloes.shop. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
2) Data collection when visiting our website
When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to retrospectively check the server log files if concrete indications point to illegal use.
3) Hosting & Content Delivery Network
- Shopify
We use the system of the following provider for hosting our website and displaying the page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc.
All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European data protection level.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your end device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies used by us, the processing takes place either in accordance with Art. 6 Para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the event of consent given, or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contacting Us
When you contact us (e.g. via contact form or e-mail), personal data is processed - exclusively for the purpose of processing and responding to your request and only to the extent necessary for this. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at a contract, an additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal retention obligations to the contrary.
6) Comment Function
In the context of the comment function on this website, in addition to your comment, information about the time of creation of the comment and the commenter name you have chosen will be stored and published on this website. Furthermore, your IP address will be stored for security reasons in order to enable attribution to the author in the event of illegal comments. Your e-mail address will be stored for contacting you if a third party should object to your published content as illegal.
7) Use of customer data for direct marketing
7.1 - Klaviyo
Our e-mail newsletters are sent via this provider: Klaviyo, 225 Franklin St, Boston, MA 02110, USA
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration to this provider in accordance with Art. 6 Para. 1 lit. f GDPR so that they can send newsletters on our behalf.
Subject to your express consent in accordance with Art. 6 Para. 1 lit. a GDPR, the provider also carries out a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent e-mails, which can measure opening rates and specific interactions with the content of the newsletter. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data records.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider that protects our site visitors' data and prohibits disclosure to third parties.
For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European data protection level.
7.2 In the event that you abandon your purchase with us before completing the order, you have the option to be reminded of the contents of your virtual shopping cart once by e-mail.
The only mandatory information for sending this reminder is your e-mail address. The provision of further data is voluntary and may be used to address you personally. For sending emails, we use the so-called double opt-in procedure, which ensures that you only receive a notification if you have explicitly confirmed your consent by clicking a verification link sent to the specified e-mail address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR for sending a shopping cart reminder. We store your IP address registered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later time. The data collected by us when registering for our e-mail notification service is used strictly for the intended purpose. You can unsubscribe from shopping cart reminders at any time by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your e-mail address will be immediately deleted from our distribution list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
8) Data processing for order fulfillment
8.1 Insofar as it is necessary for the fulfillment of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.
If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data transmitted by you when ordering (name, address, e-mail address) in order to inform you personally about upcoming updates within the legally provided period via a suitable communication channel (e.g. by post or e-mail) in accordance with our legal information obligations pursuant to Art. 6 Para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of communicating updates owed by us and will only be processed by us to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name and your delivery address and, if necessary for delivery, your telephone number, exclusively for the purpose of goods delivery in accordance with Art. 6 Para. 1 lit. b GDPR, to a shipping partner selected by us.
8.3 Use of special service providers for order processing and fulfillment
- Order processing is carried out via YIWU CUJIA TRADE CO.,LTD, F2, Building 8,No.89, Siyuan Road, Yidong Industrial Zone,Niansanli St, China. Name, address and, if applicable, other personal data are passed on in accordance with Art. 6 Para. 1 lit. b GDPR exclusively for the purpose of processing the online order. Your data will only be passed on insofar as this is actually necessary for the processing of the order.
8.4 Use of payment service providers
- Amazon Pay
If you choose "Amazon Pay" as the payment method, payment processing is handled by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to whom we transmit your information provided during the order process, along with information about your order, in accordance with Art. 6 Para. 1 lit. b GDPR. Your data is transmitted exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this. If cookies, i.e., small text files stored on the end device, are set when using Amazon Pay, this is done exclusively on the basis of your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time via the "Cookie Consent Tool" implemented on the website. Further information on Amazon Payments' data protection policies can be found at the following internet address: https://pay.amazon.de
- Apple Pay
If you choose "Apple Pay" as the payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is done via the "Apple Pay" function of your iOS, watchOS, or macOS device by charging a payment card stored with "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a previously set code and verify using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, your information provided during the order process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment execution. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made through Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."
Further information on data protection for Apple Pay can be found at the following internet address: https://support.apple.com
- EPS Transfer
If you select "EPS Transfer" as the payment method, payment processing is handled by the payment service provider PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria, to whom we transmit your information provided during the order process, along with information about your order, in accordance with Art. 6 Para. 1 lit. b GDPR. Your data is transmitted exclusively for the purpose of payment processing with the aforementioned payment service provider and only to the extent necessary for this. Further information on the relevant data protection provisions of PSA Payment Services Austria GmbH can be found at the following internet address: https://eservice.psa.at
- Google Pay
If you choose "Google Pay" as the payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing is handled via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality, by charging a payment card stored with Google Pay or a verified payment system there (e.g., PayPal). To authorize a payment via Google Pay for more than €25, you must first unlock your mobile device using the verification method set up (e.g., facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, your information provided during the order process, along with information about your order, is transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website, which is used to verify a completed payment. This transaction number contains no information about the real payment data of your payment methods stored in Google Pay but is created and transmitted as a uniquely valid numerical token. For all transactions via Google Pay, Google acts only as an intermediary for processing the payment. The transaction itself is carried out exclusively between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Google reserves the right to collect, store, and analyze certain transaction-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with further information collected and stored by Google when using other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com
Further information on data protection for Google Pay can be found at the following internet address:
https://payments.google.com
Further information on how Google uses personal data when you give us your consent can be found on Google's official page on
"Business Safety & Data Protection and Terms of Use"
- Klarna
If a Klarna payment service is selected, payment processing is handled by Klarna Bank AB (publ), https://www.klarna.com
https://cdn.klarna.com
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. Klarna uses the information obtained about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
Your personal data will be processed in accordance with the applicable data protection regulations and as described in Klarna's data protection policies for data subjects located in Germany https://cdn.klarna.com
or for data subjects located in Austria https://cdn.klarna.com
will be treated.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "installment payment" via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of the payment processing. The transmission takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent necessary for payment processing.
For payment methods credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "installment payment" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. Further data protection information, including on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local third-party payment methods.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of the payment processing. The transmission takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent necessary for payment processing.
For payment methods credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
If you choose the PayPal payment method "Purchase on Account", your payment data will first be transmitted to PayPal for payment preparation, whereupon PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for payment execution. The legal basis in each case is Art. 6 Para. 1 lit. b GDPR. In this case, RatePay performs an identity and creditworthiness check on its own behalf to determine creditworthiness according to the principle already mentioned above and transmits your payment data to credit agencies on the basis of its legitimate interest in determining creditworthiness in accordance with Art. 6 Para. 1 lit. f GDPR. A list of credit agencies that Ratepay may use can be found here: https://www.ratepay.com
When using a local third-party payment method, your payment data is initially transmitted to PayPal for payment preparation in accordance with Art. 6 Para. 1 lit. b GDPR. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the corresponding provider for payment execution in accordance with Art. 6 Para. 1 lit. b GDPR:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
Further data protection information can be found in PayPal's privacy policy: https://www.paypal.com
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment processing is handled by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we transmit your information provided during the order process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data is transmitted exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this. Further information on Shopify Payments' data protection can be found at the following internet address: https://www.shopify.com
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com
- SOFORT
If "SOFORT" is selected as the payment method, payment processing is handled by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we transmit your information provided during the order process, along with information about your order, in accordance with Art. 6 Para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transmitted exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this.You can find further information about SOFORT's data protection regulations at the following internet address: https://www.klarna.com
- Bancontact
If you choose "Bancontact" as your payment method, the payment will be processed by Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium. We will share your information provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) with them. Your data will be transferred exclusively for the purpose of payment processing and only to the extent necessary for this purpose.
9) Online Marketing
Facebook Pixel for creating Custom Audiences with Advanced Matching (with Cookie Consent Tool)
Our online offering uses the "Facebook Pixel" of the social network Facebook in advanced matching mode, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").
Based on explicit consent, when a user clicks on an ad displayed by us on Facebook, Facebook Pixel adds a supplement to the URL of our linked page. This URL parameter is then written into the user's browser via a cookie after redirection, which our linked page itself sets. In addition, this cookie collects specific customer data, such as email addresses, which we collect on our website linked to the Facebook ad during processes like purchases, account logins, or registrations (advanced data matching). The cookie is then read by Facebook Pixel and enables the forwarding of data, including specific customer data, to Facebook.
With the help of the Facebook Pixel with advanced matching, Facebook is able to precisely determine the visitors to our online offering as a target group for displaying ads (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel with advanced matching to show the Facebook Ads we place only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in certain topics or products, determined based on the visited websites) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel with advanced matching, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not appear annoying. This also allows us to evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion"). Compared to the standard version of Facebook Pixel, the advanced matching feature helps us better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.
All transmitted data is stored and processed by Facebook, allowing for a connection to the respective user profile and enabling Facebook to use the data for its own advertising purposes, in accordance with Facebook's Data Policy (https://www.facebook.com
These processing operations are carried out exclusively upon explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
The information generated by Facebook is usually transferred to a Facebook server and stored there; this may also involve a transfer to the servers of Meta Platforms Inc. in the USA. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
10) Web Analytics Services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies," which are text files stored on your end device that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server and stored there; this may also involve a transfer to the servers of Google LLC in the USA.
This website uses Google (Universal) Analytics exclusively with the "_anonymizeIp()" extension, which ensures the anonymization of the IP address by shortening it and excludes direct personal identification. Through this extension, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and truncated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser within the scope of Google (Universal) Analytics will not be merged with other Google data.
Google Analytics also enables, through a special function called "demographic characteristics," the creation of statistics with statements about the age, gender, and interests of site visitors based on an evaluation of interest-based advertising and with the inclusion of third-party information. This allows for the definition and differentiation of user groups on the website for the purpose of optimizing marketing measures for target groups. However, data records collected via "demographic characteristics" cannot be assigned to a specific person.
Details on the processing initiated by Google Analytics and Google's handling of data from websites can be found here: https://policies.google.com
All the processing operations described above, in particular the setting of Google Analytics cookies for reading information on the end device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Google Analytics will not be used during your visit to the site.
You can revoke your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.
As an extension of Google Analytics, the "Google Signals" service can also be used on this website. With Google Signals, Google can create cross-device reports (so-called "Cross Device Tracking"). If you have activated "personalized ads" in your Google account settings and linked your internet-enabled devices to your Google account, Google can analyze user behavior across devices with your corresponding consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR (see above) and create database models based on this. This takes into account the logins and device types of all site visitors who were logged into a Google account and performed a conversion. The data shows, among other things, on which device you first clicked on an ad and on which device the corresponding conversion took place. If Google Signals is used, we do not receive personal data from Google, but only statistics generated based on Google Signals. You have the option to deactivate the "personalized ads" function in your Google account settings and thus stop cross-device analysis. To do this, follow the instructions on this page: https://support.google.com
Further information can be found here: https://support.google.com
As an extension of Google Analytics, the "UserIDs" function can also be used on this website. By assigning individual UserIDs, we can have Google create cross-device reports (so-called "Cross Device Tracking"). This means that your usage behavior can also be analyzed across devices if you have given your corresponding consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR and if you have set up a personal account by registering on this website and are logged into your personal account on different end devices with your relevant login data. The data collected in this way shows, among other things, on which end device you first clicked on an ad and on which end device the corresponding conversion took place.
We have concluded an order processing agreement with Google for the use of Google Analytics, obliging Google to protect the data of our site visitors and not to pass it on to third parties.
For the transfer of data from the EU to the USA, Google relies on so-called standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information on Google (Universal) Analytics can be found here: https://policies.google.com
11) Retargeting/Remarketing/Recommendation Advertising
TikTok Pixel
This website uses the "TikTok Pixel", a tracking technology of the social network "TikTok" by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").
Using cookies (small text files stored on the end device used), information about browsing behavior on our website is collected in pseudonymized form, transmitted to TikTok, stored there and evaluated, in order to then enable the display of interest-based and personalized product recommendations on TikTok. The information thus collected and pseudonymously processed generally includes the device ID, device type, timestamp, the operating system used and the IP address. The information can be assigned to the user's person with the help of further information that TikTok has stored about the user, e.g. due to ownership of an account on the social network "TikTok". TikTok can also combine the information collected via the pixel with other information that TikTok has collected via other websites and/or in connection with the use of the social network "TikTok" and thus create pseudonymized usage profiles. In no case can the collected information be used to personally identify visitors to this website.
The TikTok Pixel also allows us to track the effectiveness of advertisements on TikTok. If the user is redirected from an ad on TikTok to pages of this website and the cookies have not yet expired, the pixel records certain user actions predefined by us and can track them (e.g., completed transactions, leads, search queries on the website, views of product pages). When such an action is performed, your browser sends an HTTP request (Request) to the TikTok server via the TikTok Pixel from the cookie, with which certain information about the action is transmitted. This transmission enables TikTok to create statistics on user behavior on our website after redirection from a TikTok ad, which serve to optimize our offering.
All processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. We have concluded an order processing agreement with TikTok for the use of the TikTok Pixel, obliging TikTok to protect the data of our site visitors and not to pass it on to third parties. TikTok generally transmits collected information outside the European Economic Area and relies on so-called standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
12) Page Functionalities
12.1 Facebook Plugins with 2-click solution
Our website uses so-called social plugins ("plugins") from the social network Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
To increase the protection of your data when visiting our website, the plugins are initially deactivated using a so-called "2-click" solution. You can recognize deactivated plugins by their gray background. This integration ensures that when a page of our website containing such plugins is accessed, no connection is yet established with Facebook's servers. Only when you activate the plugins and thereby give your consent to data transfer in accordance with Art. 6 para. 1 lit. a GDPR, does your browser establish a direct connection to Facebook's servers. The content of the respective plugin is transmitted directly to your browser and integrated into the page. The plugin then transmits data (including your IP address) to Facebook. We have no influence on the scope of data that Facebook collects with the help of the plugins. To our knowledge, Facebook receives information about which of our websites you have currently and previously visited. By integrating the plugins, Facebook also receives information that your browser has accessed the corresponding page of our website even if you do not have a profile on Facebook or are not currently logged in. The collected information (including your IP address) is transmitted directly from your browser to a server of Meta Platforms Inc. in the USA and stored there. If you interact with the plugins, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your contacts there.
You can revoke your consent at any time by deactivating the activated plugin again by clicking on it. However, the revocation has no effect on the data already transferred to Facebook.
For information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your related rights and setting options for protecting your privacy, please refer to Facebook's data policy: https://www.facebook.com
12.2 Instagram-Plugin as Shariff solution
Our website uses so-called social plugins ("plugins") from the online service Instagram, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
To increase the protection of your data when visiting our website, these buttons are not fully integrated as plugins, but merely embedded on the page using an HTML link. This type of integration ensures that when a page of our website containing such buttons is accessed, no connection is yet established with Instagram's servers. When you click on the button, a new browser window opens and calls up the Instagram page, where you can interact with the plugins there (possibly after entering your login data).
For information on the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your related rights and setting options for protecting your privacy, please refer to Instagram's data policy: https://help.instagram.com
12.3 Use of YouTube videos
This website uses the YouTube embedding function to display and play videos from the provider "YouTube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information when the video(s) are played. If the playback of embedded YouTube videos is started, the provider "YouTube" uses cookies to collect information about user behavior. According to "YouTube", these serve, among other things, to record video statistics, improve user-friendliness and prevent abusive actions. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not wish the assignment with your profile on YouTube, you must log out before activating the button. You have a right to object to the creation of these user profiles, whereby you must address YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Regardless of the playback of embedded videos, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations beyond our control.
All processing described above, in particular the reading out of information on the terminal device used via the tracking pixel, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR. Without this consent, YouTube videos will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website or through alternative options communicated to you on the website.
Further information on data protection at "YouTube" can be found in the YouTube Terms of Use at https://www.youtube.com
12.4 Shopsync for Shopify
This website uses the Shopify app "Shopsync" from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
ShopSync is used to synchronize the newsletter service "Mailchimp" with our Shopify account in such a way that, on the one hand, updates in Mailchimp email lists (e.g. an opt-out by a newsletter recipient) are automatically stored on Shopify, and on the other hand, new contact data generated through contract conclusions on Shopify are automatically transferred to Mailchimp email lists.
In the first case, data processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in the effective and cross-system maintenance of advertising recipient files and the efficient observance of legally relevant status changes.
In the second case, solely based on the express consent of the user in accordance with Art. 6 (1) lit. a GDPR after a contract is concluded on Shopify for inclusion in the Mailchimp list, their first and last name, address, and email address, together with transaction-related information (purchase amount, time and date of purchase), are transferred to Mailchimp by ShopSync.
Data transferred in this way is not stored or retained by ShopSync after synchronization. All information synchronized between Shopify and Mailchimp is transmitted via SSL (Secure Socket Layer) technology, and all transmitted information remains encrypted during the synchronization process.
The synchronization process requires the transmission of information over a secure connection to servers hosted by Amazon Web Services in the USA.
Further data protection information on ShopSync can be found here: https://shopsync.io
13) Tools and other
Cookie Consent Tool
This website uses a so-called "Cookie Consent Tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users in the form of an interactive user interface when they visit the page, where consent for certain cookies and/or cookie-based applications can be given by checking a box. Through the use of this tool, all cookies/services requiring consent are only loaded if the respective user has given their consent by checking the corresponding boxes. This ensures that such cookies are only placed on the user's terminal device if consent has been given.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies, and thus in a legally compliant design of our website.
Another legal basis for the processing is Art. 6 (1) lit. c GDPR. As controllers, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user's consent.
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
Further information about the operator and the setting options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
14) Rights of the data subject
14.1 Applicable data protection law grants you, as the data subject, the following rights (rights of access and intervention) against the controller with regard to the processing of your personal data, with reference to the stated legal basis for the respective exercise conditions:
- Right to information according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing according to Art. 18 GDPR;
- Right to notification according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to withdraw given consent according to Art. 7 (3) GDPR;
- Right to lodge a complaint according to Art. 77 GDPR.
14.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
15) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).
When personal data is processed on the basis of explicit consent in accordance with Art. 6 (1) lit. a GDPR, this data will be stored until the data subject withdraws their consent.
If statutory retention periods exist for data processed within the framework of legal transactions or similar obligations on the basis of Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the expiry of the retention periods, provided that it is no longer required for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in continued storage.
When personal data is processed on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.
When personal data is processed for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.