DATA PROTECTION
1) Introduction and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data refers to all data that can be used to personally identify you.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Galina Kanunnikova - FÉMINITÉ Fatale Mode
c/o Online-Impressum.de #26386
Europaring 90
53757 Sankt Augustin
Germany
Tel.: +4915168463040, Email: info@feminite-fatale.com. The controller of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
2) Data collection when visiting our website
2.1 If you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. However, we reserve the right to subsequently review the server log files if there are concrete indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
3.1 Amazon Web Services
For hosting our website and displaying the page content, we use the system of the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.
All data collected on our website is processed on the servers of this provider.
We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
3.2 Wix
For hosting our website and displaying the page content, we use the system of the following provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel.
Data is also transferred to: Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA.
All data collected on our website is processed on the servers of this provider.
We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
3.3 Google Cloud CDN
We use a Content Delivery Network from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
This service allows us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
Data may also be transferred to: Google LLC, USA.
We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
4) Cookies
To make visiting our website more attractive and enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing your browser (so-called "session cookies"); others remain on your device for a longer period and allow you to save page settings (so-called "persistent cookies"). In the latter case, you can find out how long cookies are stored in the overview of your web browser's cookie settings.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either to execute the contract, in accordance with Art. 6 (1) (a) GDPR in the event of consent being given, or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contact
5.1 Wix Chat
This website uses the live chat system of the following provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel.
The processing of personal data transmitted via the chat is carried out either according to Art. 6 para. 1 lit. b GDPR because it is necessary for the initiation or performance of a contract, or according to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the effective support of our website visitors.
Your data transmitted in this way will be deleted, subject to any conflicting statutory retention periods, once the matter concerned has been conclusively clarified.
In addition, further information may be collected and evaluated using cookies for the purpose of creating pseudonymized usage profiles. These, however, do not serve your personal identification and are not merged with other data sets. If this information contains personal reference, the processing takes place pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.
The setting of cookies can be prevented by appropriate browser settings. However, in this case, the functionality of our website may be limited.
You can object to the collection and storage of data for the purpose of creating a pseudonymized usage profile at any time with effect for the future.
Data are also transferred to: Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA.
We have concluded a data processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European data protection level.
When data are transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
5.2 WhatsApp Business
You have the option to contact us via the messaging service WhatsApp of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.
If you contact us via WhatsApp regarding a specific transaction (for example, an order placed), we store and use the mobile phone number you use on WhatsApp as well as—if provided—your first and last name pursuant to Art. 6 para. 1 lit. b GDPR to process and respond to your request. Based on the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address, or email address) to assign your request to a specific case.
If you use our WhatsApp contact for general inquiries (e.g., about the range of services, availability, or our website), we store and use the mobile phone number you use on WhatsApp as well as—if provided—your first and last name pursuant to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in providing the requested information efficiently and promptly.
Your data will always only be used to respond to your request via WhatsApp. There will be no disclosure to third parties.
Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For operating our WhatsApp Business account, we use a mobile device whose address book only contains the WhatsApp contact details of users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact details are stored in our address book has already consented, by accepting the WhatsApp terms of use when first using the app on their device, to the transmission of their WhatsApp telephone number from the address books of their chat contacts pursuant to Art. 6 para. 1 lit. a GDPR. The transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is thus excluded.
Please refer to WhatsApp's privacy policy for the purpose and scope of data collection, further processing and use of data by WhatsApp, and your related rights and privacy settings: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.
In the context of the above processing, data transfers to servers of Meta Platforms Inc. in the USA may occur.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European data protection level.
5.3 Contacting Us
When contacting us (e.g., via contact form or email), personal data are processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
Your data will be deleted once it is apparent from the circumstances that the matter concerned has been conclusively clarified and provided no statutory retention obligations prevent deletion.
6) Data processing when opening a customer account
Pursuant to Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account in the input mask of the corresponding form on our website.
You can delete your customer account at any time by sending a message to the controller's address listed above. After your customer account has been deleted, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention periods that conflict with this, and we have no legitimate interest in continuing to store it.
7) Use of customer data for direct marketing
7.1 Registration for Our Email Newsletter
When you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter after you have explicitly confirmed your consent by clicking on a verification link sent to the provided email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In this process, we store your IP address registered by your Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any possible misuse of your email address at a later time. The data collected during newsletter registration is used strictly for this purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the contact person named at the beginning. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have explicitly consented to further use of your data or we reserve the right to use your data beyond this in a legally permitted manner, about which we will inform you in this declaration.
7.2 Email Notification for Product Availability
For temporarily unavailable items, you can register to receive email notifications about product availability. We will send you a one-time email notification when the selected item becomes available. The only mandatory information required to send this notification is your email address. Providing additional data is voluntary and may be used to address you personally. For sending these emails, we use the double opt-in procedure, ensuring that you only receive notifications after you have explicitly confirmed your consent by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data according to Art. 6 para. 1 lit. a GDPR. We store your IP address as registered by your Internet Service Provider (ISP) as well as the date and time of registration to trace any potential misuse of your email address later. The data collected during the registration for our email notification service about product availability is strictly used for this purpose.
You can unsubscribe from the availability notifications at any time by sending a corresponding message to the contact person named at the beginning. After unsubscribing, your email address will be deleted immediately from the distribution list set up for this purpose unless you have explicitly consented to further use of your data or we reserve the right to use your data beyond this in a legally permitted manner, about which we inform you in this declaration.
7.3 Shopping Cart Reminders via Email
If you abandon your purchase with us before completing the order, you have the option to receive a one-time email reminder about the contents of your virtual shopping cart.
The only mandatory information for sending this reminder is your email address. Providing additional data is voluntary and may be used to address you personally. For sending these emails, we use the double opt-in procedure, ensuring that you only receive the reminder after you have explicitly confirmed your consent by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6 para. 1 lit. a GDPR for sending a shopping cart reminder. We store your IP address registered by your Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any possible misuse of your email address later. The data collected during registration for our email notification service is used strictly for this purpose.
You can unsubscribe from shopping cart reminders at any time by sending a corresponding message to the contact person named at the beginning. After unsubscribing, your email address will be deleted immediately from the distribution list set up for this purpose unless you have explicitly consented to further use of your data or we reserve the right to use your data beyond this in a legally permitted manner, about which we inform you in this declaration.
8) Data processing for order processing
8.1 Data Disclosure for Contract Fulfillment and Service Providers
Where necessary for contract processing for delivery and payment purposes, we disclose personal data collected by us pursuant to Art. 6(1)(b) GDPR to the commissioned transport company and the commissioned financial institution.
If we are obligated to provide you with updates for goods with digital elements or for digital products under a corresponding contract, we process the contact data you provided during the order process to inform you personally in accordance with our legal information obligations under Art. 6(1)(c) GDPR. Your contact data is strictly used for communications about updates we owe and is processed by us only to the extent necessary for this purpose.
For the fulfillment of your order, we also work with the following service providers who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the information below.
8.2 Use of Payment Service Providers (Payment Services)
- Apple Pay
If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the “Apple Pay” feature of your device running iOS, watchOS, or macOS by charging a payment card stored in “Apple Pay.” Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. To authorize a payment, you must enter a previously configured code and verify your identity via Face ID or Touch ID.
For payment processing purposes, the data you provide during the ordering process, along with information about your order, will be transmitted in encrypted form to Apple. Apple then re-encrypts this data with a developer-specific key before forwarding it to the payment service provider of the card stored in Apple Pay. The encryption ensures that only the website where the purchase was made can access the payment data. After the payment is completed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the transaction.
If personal data is processed during this transmission, it is solely for payment processing purposes according to Art. 6(1)(b) GDPR.
Apple stores anonymized transaction data, such as approximate purchase amount, date and time, and transaction success. This data is completely anonymized and used to improve Apple Pay and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, your Mac and the authorizing device communicate via an encrypted channel on Apple servers. Apple does not process or store this information in a format that can identify you. You can disable Apple Pay on your Mac in your iPhone settings under "Wallet & Apple Pay" > "Allow Payments on Mac."
Further privacy information on Apple Pay is available at:
https://support.apple.com/en-us/HT203027
- Billie GmbH
One or more online payment options on this website are provided by: Billie GmbH, Charlottenstraße 4, 10969 Berlin, Germany.
If you select a payment method where you pay in advance (e.g., credit card), your payment data provided during the order (including name, address, bank and card information, currency, and transaction number) and information about your order will be forwarded to Billie in accordance with Art. 6(1)(b) GDPR. Data is shared solely for the purpose of payment processing and only as necessary.
If you choose a method where Billie pays in advance (e.g., invoice or installment purchase, or direct debit), you will be asked to provide certain personal data (first and last name, address, postal code, city, date of birth, email address, phone number, and potentially an alternative payment method).
To safeguard our legitimate interest in verifying the solvency of our customers, this data will be transmitted to Billie pursuant to Art. 6(1)(f) GDPR for the purpose of a credit check. Billie evaluates whether the selected payment method can be granted based on your data and other factors (such as shopping cart, invoice amount, order history, payment history).
Billie may also use identity and creditworthiness data from the following credit agencies pursuant to Art. 6(1)(f) GDPR:
-
Creditreform Berlin Wolfram KG
-
Creditreform Boniversum GmbH
-
SCHUFA Holding AG
-
Euler Hermes Deutschland
The credit check may include probability values (so-called score values) based on a recognized mathematical-statistical method. Address data may be included in the score calculation.
You may object to the processing of your data at any time by notifying us or the provider. However, the provider may still be entitled to process your personal data if necessary for contractual payment processing.
- Google Pay
If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing takes place via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality by charging a payment card stored in Google Pay or a verified payment system there (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, you must first unlock your mobile device using the configured verification method (such as facial recognition, password, fingerprint, or pattern).
For payment processing purposes, your information provided during the order process together with details about your order are forwarded to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which verifies the payment. This transaction number contains no information about the real payment data of your payment methods stored in Google Pay but is generated and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google acts only as an intermediary for processing the payment. The transaction is conducted exclusively between the user and the originating website by charging the payment method stored in Google Pay.
If personal data are processed during these transmissions, this processing is carried out exclusively for the purpose of payment processing according to Art. 6(1)(b) GDPR.
Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you attached to the transaction, the names and email addresses of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.
According to Google, this processing is performed solely under Art. 6(1)(f) GDPR based on the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information collected and stored when using other Google services.
Google Pay's terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay is available at:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
On this website, one or more online payment methods from the following provider are available: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If you choose a payment method where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about your order are forwarded to this provider according to Art. 6(1)(b) GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary.
If you select a payment method where the provider pays in advance (e.g., invoice or installment purchase or direct debit), you will be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and if applicable, data on an alternative payment method).
To protect our legitimate interest in determining the creditworthiness of our customers, these data will be forwarded by us according to Art. 6(1)(f) GDPR to the provider for the purpose of a credit check. The provider checks, based on the personal data you have provided and further data (such as shopping cart, invoice amount, order history, payment experiences), whether the selected payment method can be granted considering payment and/or default risks.
For decision-making during the application review, besides internal provider criteria, identity and creditworthiness information from the following credit agencies may also be included according to Art. 6(1)(f) GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Where score values influence the credit report result, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but not exclusively, address data.
You can object to this processing of your data at any time by sending us or the provider a message. However, the provider may still be entitled to process your personal data if this is necessary for contract-compliant payment processing.
- Mollie
On this website, one or more online payment methods from the following provider are available: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands.
If you choose a payment method where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about your order are forwarded to this provider according to Art. 6(1)(b) GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary.
- PayPal
On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you choose a payment method where you pay in advance, your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about your order are forwarded to this provider according to Art. 6(1)(b) GDPR. The transfer takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary.
If you select a payment method where we pay in advance, you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and if applicable, data on an alternative payment method).
To protect our legitimate interest in determining your creditworthiness, these data will be forwarded by us according to Art. 6(1)(f) GDPR for the purpose of a credit check to the provider. The provider checks, based on the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experiences), whether the selected payment method can be granted considering payment and/or default risks.
The credit report may contain probability values (so-called score values). Where score values influence the credit report result, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but not exclusively, address data.
You can object to this processing of your data at any time by sending us or the provider a message. However, the provider may still be entitled to process your personal data if this is necessary for contract-compliant payment processing.
- PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local payment methods from third parties.
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—"Pay Later" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") within the scope of payment processing. This transfer is carried out pursuant to Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or—if offered—"Pay Later" via PayPal. For this purpose, your payment data may be passed on to credit agencies based on PayPal’s legitimate interest under Art. 6(1)(f) GDPR to determine your creditworthiness. The result of the credit check regarding the statistical likelihood of payment default is used by PayPal to decide on providing the respective payment method. The credit report may include probability values (so-called score values). Where score values influence the credit report result, they are based on a scientifically recognized mathematical-statistical method. The calculation of score values includes, among other things but not exclusively, address data. You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contract-compliant payment processing.
If the PayPal payment method "Invoice Purchase" is available and selected, your payment data will first be transmitted to PayPal to prepare the payment. PayPal will then forward this data to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for payment execution. The legal basis is Art. 6(1)(b) GDPR. In this case, Ratepay performs an identity and credit check in its own name to determine creditworthiness according to the principles mentioned above and forwards your payment data to credit agencies based on the legitimate interest in determining creditworthiness under Art. 6(1)(f) GDPR. A list of credit agencies Ratepay may access can be found here:
https://www.ratepay.com/legal-payment-creditagencies/
When using a local third-party payment method, your payment data will first be transmitted to PayPal for payment preparation according to Art. 6(1)(b) GDPR. Depending on your selection of a local payment method, PayPal will then transmit your payment data for payment execution to the respective provider pursuant to Art. 6(1)(b) GDPR:
-
Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
-
Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
-
iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
-
bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
-
blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
-
eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2 1200 Vienna, Austria)
-
MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
-
Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
Further data protection information is available in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- SOFORT
On this website, one or more online payment methods from the following provider are available: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.
If you choose a payment method where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about your order are forwarded to this provider according to Art. 6(1)(b) GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary.
- Stripe
On this website, one or more online payment methods from the following provider are available: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
If you choose a payment method where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about your order are forwarded to this provider according to Art. 6(1)(b) GDPR. The transfer takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary.
If you select a payment method where the provider pays in advance (e.g., invoice or installment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and if applicable, data on an alternative payment method).
To protect our legitimate interest in determining the creditworthiness of our customers, these data will be forwarded by us according to Art. 6(1)(f) GDPR to the provider for the purpose of a credit check. The provider checks, based on the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment experiences), whether the selected payment method can be granted considering payment and/or default risks.
The credit report may contain probability values (so-called score values). Where score values influence the credit report result, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but not exclusively, address data.
You can object to this processing of your data at any time by sending us or the provider a message. However, the provider may still be entitled to process your personal data if this is necessary for contract-compliant payment processing.
- Wix Payments
On this website, one or more online payment methods from the following provider are available: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel.
If you choose a payment method where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about your order are forwarded to this provider according to Art. 6(1)(b) GDPR. The transfer takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary.
In connection with the aforementioned services, data may also be transmitted by further processing on behalf of Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA.
When transmitting data to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
For the transmission of data to the USA, the provider relies on standard contractual clauses of the European Commission, which aim to ensure compliance with the European data protection level.
9) Web analysis services
Wix Analytics
This website uses the web analysis service of the following provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel
Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used, such as the IP address and browser information, in order to evaluate it for statistical analyses of user behavior on our website and to create pseudonymized user profiles. Among other things, this makes it possible to evaluate movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g., text input, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally excludes direct personal reference. It will not be combined with clear personal data collected in other ways.
All processing described above, in particular the reading or storage of information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the "Cookie Consent Tool" provided on the website.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
When data is transferred to the provider's location, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.
10) Page functionalities
10.1 Facebook Connect
On our website, we provide a Single Sign-On function from the following provider:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
In addition to data being transferred to the provider's location mentioned above, data may also be transferred to: Meta Platforms Inc., USA.
If you have an account with this provider, you can use your account credentials to register or create a user account on our website.
When visiting this page, a direct connection may be established between your browser and the provider’s servers via this login function, even if you do not have an account with the provider or are not logged in. The provider thereby receives the information that you have visited our site. The information collected in this context (including your IP address, if applicable) is transmitted directly from your browser to a server of the provider and stored there. However, this information is not used to personally identify you and is not shared with third parties.
These data processing activities are carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in providing a user-friendly and interactive online presence.
If you click the login button to register on our website using your account with the provider, the provider will, based on your explicit consent pursuant to Art. 6(1)(a) GDPR, transmit the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) to us.
We store and use the data transmitted by the provider to create a user account with the necessary information (salutation, first name, last name, address data, country, email address, date of birth), provided you have released this data to the provider. Conversely, based on your consent, data (e.g. information about your browsing or purchasing behavior) can be transmitted from us to your provider account.
You may revoke your consent at any time with future effect.
For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
10.2 Google Sign-In
On our website, we provide a Single Sign-On function from the following provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
In addition to data being transferred to the provider's location mentioned above, data may also be transferred to: Google LLC, USA.
If you have an account with this provider, you can use your account credentials to register or create a user account on our website.
When visiting this page, a direct connection may be established between your browser and the provider’s servers via this login function, even if you do not have an account with the provider or are not logged in. The provider thereby receives the information that you have visited our site. The information collected in this context (including your IP address, if applicable) is transmitted directly from your browser to a server of the provider and stored there. However, this information is not used to personally identify you and is not shared with third parties.
These data processing activities are carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in providing a user-friendly and interactive online presence.
If you click the login button to register on our website using your account with the provider, the provider will, based on your explicit consent pursuant to Art. 6(1)(a) GDPR, transmit the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) to us.
We store and use the data transmitted by the provider to create a user account with the necessary information (salutation, first name, last name, address data, country, email address, date of birth), provided you have released this data to the provider. Conversely, based on your consent, data (e.g. information about your browsing or purchasing behavior) can be transmitted from us to your provider account.
You may revoke your consent at any time with future effect.
The provider is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with European data protection standards based on an adequacy decision by the European Commission.
Further privacy information from Google is available here: https://business.safety.google/intl/de/privacy/
10.3 FontAwesome
This website uses so-called web fonts for the uniform display of fonts provided by the following provider:
Fonticons, Inc., 710 Blackhorn Dr, Carl Junction, MO 64834, USA.
When you visit a page, your browser loads the required web fonts into its browser cache to correctly display text and fonts and establishes a direct connection to the provider’s servers. In doing so, certain browser information, including your IP address, may be transmitted to the provider.
Processing of personal data in connection with the font provider only occurs if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service via the cookie consent tool provided on the website.
If your browser does not support web fonts, a standard font will be used from your computer.
For data transfers to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
10.4 Fonts.com
This website uses so-called web fonts for the uniform display of fonts provided by the following provider:
Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA.
When you visit a page, your browser loads the required web fonts into its browser cache to correctly display text and fonts and establishes a direct connection to the provider’s servers. In doing so, certain browser information, including your IP address, may be transmitted to the provider.
Processing of personal data in connection with the font provider only occurs if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service via the cookie consent tool provided on the website.
If your browser does not support web fonts, a standard font will be used from your computer.
For data transfers to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
10.5 Google Web Fonts
This website uses so-called web fonts for the uniform display of fonts provided by the following provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When you visit a page, your browser loads the required web fonts into its browser cache to correctly display text and fonts and establishes a direct connection to the provider’s servers. In doing so, certain browser information, including your IP address, may be transmitted to the provider.
Data may also be transferred to: Google LLC, USA.
Processing of personal data in connection with the font provider only occurs if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service via the cookie consent tool provided on the website.
If your browser does not support web fonts, a standard font will be used from your computer.
The provider is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with European data protection standards based on an adequacy decision by the European Commission.
Further privacy information from Google is available here: https://business.safety.google/intl/de/privacy/
10.6 MyFonts
This website uses so-called web fonts for the uniform display of fonts provided by the following provider:
Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA.
When you visit a page, your browser loads the required web fonts into its browser cache to correctly display text and fonts and establishes a direct connection to the provider’s servers. In doing so, certain browser information, including your IP address, may be transmitted to the provider.
Processing of personal data in connection with the font provider only occurs if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service via the cookie consent tool provided on the website.
If your browser does not support web fonts, a standard font will be used from your computer.
For data transfers to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
10.7 Google reCAPTCHA
We use the CAPTCHA service from the following provider on this website:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transferred to: Google LLC, USA.
For the visual design of the CAPTCHA window, the provider uses "Google Fonts", i.e., fonts loaded from the internet by Google. No further information is processed beyond what has already been transmitted through the reCAPTCHA functionality.
This service checks whether input is made by a human or misused by automated processing, preventing spam, DDoS attacks, and similar threats. To verify that the action is performed by a human and not a bot, the provider collects the IP address of the device used, information about the browser and operating system, as well as the date and duration of the visit, and transmits this data to the provider's servers for evaluation. Cookies may also be used—small text files stored in the browser of your device.
If the processing described above involves cookies, they are only set if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect by deactivating this service via the cookie consent tool provided on the website.
If the described processing occurs without the use of cookies, the legal basis is our legitimate interest in determining individual responsibility online and preventing misuse and spam pursuant to Art. 6(1)(f) GDPR.
We have concluded a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.
The provider is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with European data protection standards based on an adequacy decision by the European Commission.
Further privacy information from Google is available here: https://business.safety.google/intl/de/privacy/
11) Tools and Other
Cookie Consent Tool
This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users when they visit the page in the form of an interactive user interface, where consent for specific cookies and/or cookie-based applications can be given by checking the boxes. By using the tool, all cookies/services that require consent are only loaded if the respective user gives their consent by checking the corresponding boxes. This ensures that such cookies are only placed on the user's device if consent has been given.
The tool uses technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
A further legal basis for processing is Art. 6 (1) (c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user's consent.
Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
12) Rights of the data subject
12.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis stated for the respective conditions for exercising these rights:
Right to information pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to revoke consent given in accordance with Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.
12.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
If you exercise your right to object, we will stop processing the data in question. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise your right of objection as described above.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
13) Duration of storage of personal data
The duration of storage of personal data is determined by the respective legal basis, the purpose of the processing and – where applicable – also by the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that are processed within the framework of legal transactions or obligations similar to legal transactions on the basis of Art. 6 (1) (b) GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer required to fulfil or initiate a contract and/or we no longer have a legitimate interest in continuing to store them.
When processing personal data on the basis of Art. 6 (1) (f) GDPR, these data will be stored until you exercise your right of objection in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Art. 6 (1) (f) GDPR, these data will be stored until you exercise your right of objection in accordance with Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this statement on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.