Privacy Policy

Last updated: November 2025

1 General Information

At this point, we would like to inform you about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects about their rights.

In principle, it is possible to use our website www.stachel.com without providing any personal data. If you, as a data subject, use a service that requires the provision of personal data, this is done on the basis of legal provisions according to Art. 6 I lit. a of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) or only with your consent.

If you have any questions about our privacy policy, you can contact the following persons by phone, letter, or email:

Name and address of the controller

Stachel-GreenFire KG
Kaaden Ring 47C
12623 Berlin

Phone: +49 (0) 151 41942750

Email: info@stachel.com

Contact for data protection inquiries

For questions regarding data protection, please contact the controller at the address mentioned above.

Definitions

Our privacy policy is based on the definitions according to Art. 4 GDPR. In our privacy policy, the following terms are primarily used:

Personal Data

According to Art. 4 GDPR, personal data means any information relating to an identified or identifiable natural person. This information may include: name, address, telephone number, and/or email address.

Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, storage, deletion, or destruction.

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures.

You can find more definitions in Art. 4 GDPR.

2 General Information on the Processing of Personal Data

Hosting

This website is hosted on the servers of Net-Build GmbH. The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the operation of this website. The legal basis for the use of hosting services is the protection of our legitimate interests in the analysis, optimization, and economic and secure operation of our website (see Art. 6 para. 1 sentence 1 lit. f GDPR).

Our hosting provider processes personal data in this context. The data is stored for as long as there is a purpose for it. After that, the data is deleted, unless legal retention obligations prevent this.

Collection of general data and information

Our website collects a series of general data and information with each access to the website by a data subject or an automated system. This general data and information is stored in the server’s log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites that are accessed on our website via an accessing system, (5) the date and time of an access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. These anonymously collected data and information are therefore evaluated by us statistically on the one hand, and furthermore with the aim of increasing data protection and data security in our company, to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Type of data processed

On our website, we collect and process inventory data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers, fax numbers, postal address), usage data (e.g., visited websites, clicked links, interest in content, access times, access locations), content data (e.g., comments, text entries, photos, videos), and meta and communication data (e.g., device information, browser information, IP addresses).

Categories of data subjects

The data subjects affected by the processing of personal data are all visitors to our website.

Purpose of processing

We collect and process the personal data of visitors to our website to communicate with them and inform them (e.g., contact and other inquiries, newsletters) and, if applicable, to carry out statistics, reach measurement, and analyses (e.g., with marketing and analysis tools) so that we can better design and optimize content and functions, to technically manage, optimize, and close security gaps on the website.

Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or as provided for by the European legislator or other legislators in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal provisions.

Rights of the data subject
a) Right to confirmation

Every data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact an employee of the controller.

b) Right of access

Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain free information from the controller at any time about the personal data stored about him or her and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

the purposes of the processing
the categories of personal data concerned
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the right to lodge a complaint with a supervisory authority
where the personal data are not collected from the data subject, any available information as to their source
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of access, he or she may, at any time, contact an employee of the controller.

c) Right to rectification

Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement, taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact an employee of the controller.

d) Right to erasure (“right to be forgotten”)

Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, provided that one of the following grounds applies and insofar as the processing is not necessary:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws consent on which the processing is based according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing.

The data subject objects to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR.

The personal data have been unlawfully processed.

The erasure of personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time, contact an employee of the controller. Our employee will arrange for the erasure request to be complied with immediately.

Where we have made the personal data public and are obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, insofar as processing is not required. Our employee will arrange the necessary measures in individual cases.

e) Right to restriction of processing

Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use.

The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.

The data subject has objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by us, he or she may, at any time, contact an employee of the controller. Our employee will arrange the restriction of processing.

f) Right to data portability

Every data subject affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Art. 20 para. 1 GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may at any time contact an employee.

g) Right to object

Every data subject affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

Where we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to us processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Furthermore, the data subject has the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her for scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may directly contact any employee. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

Every data subject affected by the processing of personal data has the right granted by the European legislator not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.

If the data subject wishes to exercise rights concerning automated decisions, he or she may, at any time, contact an employee of the controller.

i) Right to withdraw data protection consent

Every data subject affected by the processing of personal data has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise his or her right to withdraw consent, he or she may, at any time, contact an employee of the controller.

j) Duration of storage of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for contract fulfillment or contract initiation.

Use of Cookies
Description, scope, and purpose of data processing

Our website uses cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.

Numerous internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited internet pages and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, we can provide users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized in the user’s interest. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website, because this is handled by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

The following data is stored and transmitted in the cookies:

Language settings
Items in a shopping cart
Log-in information
Entered search terms
Frequency of page views
Use of website functions

Legal basis for data processing

The legal basis for the processing of personal data using cookies for analysis purposes is, if consent has been given, Art. 6 I lit. a GDPR.

The legal basis for the processing of personal data using technically necessary cookies is otherwise Art. 6 I lit. f GDPR.

Duration of storage, objection, and removal options

Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the storage of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, not all functions of the website may be fully usable.

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent for storing certain cookies in your browser or for using certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not passed on to the provider of Borlabs Cookie.

The collected data will be stored until you request its deletion, or you delete the Borlabs cookie yourself, or the purpose for data storage ceases to apply. Mandatory legal retention periods remain unaffected. Details on Borlabs Cookie’s data processing can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The Borlabs Cookie Consent technology is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

TSL/SSL Encryption

This website uses TLS/SSL encryption to ensure the security of your data during transmission. This means that all personal data you enter, such as your name, address, or payment information, is transmitted securely and protected over the internet.

3 Special Information on the Processing of Personal Data

Registration on our website

The data subject has the option to register on the controller’s website by providing personal data. Which personal data is transmitted to the controller is determined by the respective input mask used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for their own purposes. The controller may arrange for the transfer to one or more processors, for example, a parcel service provider, who also uses the personal data exclusively for internal use attributable to the controller.

By registering on the controller’s website, the IP address assigned by the data subject’s Internet service provider (ISP), the date, and the time of registration are also stored. The storage of this data is based on the fact that only in this way can the misuse of our services be prevented, and this data, if necessary, enables the investigation of committed criminal offenses. In this respect, the storage of this data is necessary to secure the controller. This data is generally not passed on to third parties, unless there is a legal obligation to do so or the transfer serves criminal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services that, by their nature, can only be offered to registered users. Registered persons are free to modify the personal data provided during registration at any time or to have it completely deleted from the controller’s database.

The controller will provide any data subject with information about which personal data concerning him or her is stored at any time upon request. Furthermore, the controller will rectify or erase personal data at the request or instruction of the data subject, provided that no legal retention obligations prevent this. All employees of the controller are available to the data subject as contact persons in this regard.

Contact via the website

Our website contains information that enables quick electronic contact with our company and direct communication with us, including a general address for electronic mail (email address), due to legal regulations. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data voluntarily transmitted by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.

3. Inquiry by email, phone, or fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested; consent can be revoked at any time.

The data you send us via contact inquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

4. Communication via WhatsApp

Among other things, we use the instant messaging service WhatsApp for communication with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp does gain access to metadata generated during the communication process (e.g., sender, recipient, and time). We also point out that, according to WhatsApp’s own statements, it shares its users’ personal data with its parent company Meta, based in the USA. Further details on data processing can be found in WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in the fastest and most effective communication possible with customers, prospective customers, and other business and contractual partners (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, data processing is carried out exclusively on the basis of consent; this can be revoked at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after your inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/7735.

4 Legal Basis

Legal basis of processing

Art. 6 I lit. a GDPR serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Art. 6 I lit. d GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permitted to us because they have been specifically mentioned by the European legislator. He was of the opinion that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business for the well-being of all our employees and shareholders.

EU-US Trans-Atlantic Data Privacy Framework

Should personal data be processed in the USA, this will be done in accordance with the provisions of the so-called Data Privacy Framework (DPF).

Within the framework of the Data Privacy Framework (DPF), the EU Commission recognized the level of data protection for certain companies from the USA as secure in an adequacy decision dated 10.07.2023. The list of certified companies, as well as further information on the DPF, can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/.

5 Newsletter and Postal Advertising

Postal Advertising

We use your address in compliance with all legal regulations for the purpose of sending postal advertising.

The legal basis for this is our legitimate interest in direct marketing pursuant to Art. 6 Para. 1 lit. f in conjunction with Recital 47 GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be revoked at any time. More specific regulations may be communicated to you during the data collection process and shall take precedence over this regulation.

Your address remains with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to postal advertising, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion takes place after these reasons no longer apply.

We use the following service providers for sending our postal mailings:

Kopierzentrum Homburg
Talstraße 53
66424 Homburg

DIALOGISTIKER GmbH
Robert-Bosch-Straße 11A
D-63128 Dietzenbach
Phone +49 69 61999-0
Fax +49 69 61999-211
move@dialogistiker.de

6 Integration of Third-Party Services and Content

Tracking and Analysis Tools
Google Analytics (with Anonymization Function)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering, and evaluation of data regarding the behavior of visitors to websites. A web analysis service records, among other things, data about which website a data subject came from (so-called referrers), which subpages of the website were accessed, or how often and for what duration a subpage was viewed. Web analysis is primarily used to optimize a website and for the cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The data controller uses the suffix “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this suffix, the IP address of the data subject’s internet connection is shortened and anonymized by Google if the access to our website occurs from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide further services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. With each call-up of one of the individual pages of this website, which is operated by the data controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google receives knowledge of personal data, such as the IP address of the data subject, which serves Google, among other things, to track the origin of visitors and clicks and subsequently enable commission settlements.

By means of the cookie, personal information, such as the access time, the location from which access originated, and the frequency of visits to our website by the data subject, is stored. With each visit to our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass this personal data collected via the technical process on to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the possibility to object to and prevent the collection of data generated by Google Analytics relating to the use of this website as well as the processing of this data by Google. To do this, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information regarding visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s information technology system is later deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of control, the possibility of reinstallation or reactivation of the browser add-on exists.

Further information and Google’s applicable privacy policy can be accessed at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link: https://www.google.com/intl/de_de/analytics/.

b. Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them within the Google advertising network (Remarketing or Retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://adssettings.google.com/anonymous?hl=en.

The use of this service is based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. Consent can be revoked at any time.

Further information and the privacy policy can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=en.

The company holds a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It serves only to manage and deploy the tools integrated through it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Social Media

Privacy Policy on the Use and Application of YouTube

The data controller has integrated components of YouTube on this website. YouTube is an internet video portal that allows video publishers to post video clips free of charge and other users to view, rate, and comment on them, also free of charge. YouTube permits the publication of all types of videos, which is why complete films and television programs, but also music videos, trailers, or videos created by users themselves, are accessible via the internet portal.

The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

With each call-up of one of the individual pages of this website, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be accessed at https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google receive knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject is visiting when a subpage containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the same time as calling up our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by the data subject, they can prevent the transmission by logging out of their YouTube account before calling up our website.

The privacy policy published by YouTube, which is accessible at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing, and use of personal data by YouTube and Google.

Other Tools
Privacy Policy on the Use and Application of Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g., location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads led to corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

Google Recaptcha

We use the “Google reCAPTCHA” service on our website to protect ourselves from spam and automated abuse. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for the use of reCAPTCHA is your consent according to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

The data processed by Google reCAPTCHA includes your IP address, browser information, operating system, cookies set by Google, and user interactions required to distinguish humans from bots.

The purpose of data processing is to verify user interactions and protect the website from spam and abuse.

Further information on the privacy policy of reCAPTCHA can be found at: https://policies.google.com/privacy#infocollect

Information on the cookies set can be found at: https://policies.google.com/technologies/cookies

eCommerce and Payment Providers

a. Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content design, and modification of our contractual relationships. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to use the service or for billing purposes. The legal basis for this is Art. 6 Para. 1 lit. b GDPR.

The collected customer data will be deleted after completion of the order or termination of the business relationship and expiry of any existing legal retention periods. Statutory retention periods remain unaffected.

b. Data Transmission upon Conclusion of Contract for Online Shops, Dealers, and Shipping of Goods

When you order goods from us, we pass your personal data on to the transport company entrusted with the delivery as well as to the payment service provider commissioned with the payment processing. Only such data is released as the respective service provider requires to fulfill its task. The legal basis for this is Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. If you have given corresponding consent according to Art. 6 Para. 1 lit. a GDPR, we will pass your email address to the transport company entrusted with the delivery so that they can inform you by email about the shipping status of your order; you can revoke this consent at any time.

c. Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g., name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 Para. 1 lit. b GDPR (contract fulfillment) and in the interest of a payment process that is as smooth, convenient, and secure as possible (Art. 6 Para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 Para. 1 lit. a GDPR is the legal basis for data processing; consents can be revoked at any time for the future.

We use the following payment services / payment service providers within the scope of this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found here: https://policies.google.com/privacy.

giropay

The provider of this payment service is paydirekt GmbH, Stephanstraße 14 – 16, 60313 Frankfurt am Main (hereinafter “giropay”).

Details can be found in giropay’s privacy policy: https://www.paydirekt.de/agb/index.html.

Shopify Payment

The provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify Payment”).

Details can be found in Shopify Payment’s privacy policy: https://www.shopify.de/legal/datenschutz.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transmit data to its parent company in the USA. Data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.

Further information can be found in American Express’s privacy policy: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transmit data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a safe third country under data protection law. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union.

VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.