Privacy policy

Data protection 

I. Contact 

This information applies to data processing by: 
 
Tennis Point Europe GmbH 
Hans-Böckler-Str. 29-35 
33442 Herzebrock-Clarholz 
Germany 
Email: [email protected] 
Telephone: +49 (0) 5245 / 8353 - 3008 
https://www.bidibadu.de/ 
 
The external Data Protection Officer Nils Möllers from Keyed GmbH can be contacted at the above address, for the attention of the Data Protection Officer, or via email at [email protected].

II. Processing of personal data as well as type and purpose 

1. Web hosting 

To provide this website, we use the web hosting service Shopify 

Shopify.com. Inc, The Landmark @ One Market, Suite 300, San Francisco, CA 94105 (hereinafter “Shopify”). 

Shopify stores this website on its servers (hosting). In order to offer this website, it is necessary to commission a web hosting service. The use of Shopify takes place in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR due to our legitimate economic interest in making our offer available on this website. 

In connection with hosting, Shopify processes personal data on our behalf that arises from the following actions by the user: 

We have concluded a data processing agreement with Shopify for the use of Commerce Cloud. Through this contract, Shopify assures that it will process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject. For the USA, there is an adequacy decision from the EU Commission, the Trans-Atlantic Data Privacy Framework (hereinafter “TADPF”, further information on this under III. 9. of this data protection declaration). Shopify has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The forwarding of personal data to Shopify is also based on Shopify's binding internal data protection regulations in accordance with Art. 46 Para. 2b, 47 GDPR (so-called Corporate Binding Rules) as well as the European Commission's standard data protection clauses in accordance with Art. 46 Para. 2c) GDPR. Both sets of regulations are anchored in the Shopify Data Processing Addendum that we have concluded with Shopify. In addition, the Shopify Commerce Cloud is certified by reliable security standards, including PCI-DSS, SOC2, ISO 27001. 

For more information about data protection related to Shopify Commerce Cloud, see the Shopify Privacy Policy. 

2. When visiting our website 

When you visit our website https://www.bidibadu.de/ The browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected and stored without your intervention and deleted from the log files after 14 days: 

The data mentioned will be processed by us for the following purposes: 

The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Our legitimate interest follows from the data processing purposes listed above. In the event of an attack on our network infrastructure, we will evaluate your collected IP address to assert or defend against legal claims. 

We also use cookies and analysis services when you visit our website. Further explanations can be found in sections IV and V of this data protection declaration. 

3. As part of an order in our online shop 

If you would like to order products via our website as a guest or as a registered customer, we process the following mandatory information: 

The processing of this data takes place 

We work with you as part of your order 

parcelLab GmbH Landwehrstr. 39 80336 Munich and Emarsys Interactive Services GmbH, Willi-Schwabe-Straße 1, 12489 Berlin 

as a service provider for logistics and transaction notifications, to whom we transmit the data required for shipping and any returns, including your email address for notifications regarding tracking numbers and, if necessary, receipt of returns, etc. The service provider was carefully selected and commissioned by us, is bound to our instructions and is regularly checked, particularly with regard to the appropriate technical and organizational measures for data security. There is no data transfer to countries outside the EEA. 

The data processing takes place at your request and is necessary in accordance with Article 6 Paragraph 1 Sentence 1 Letters b and Letter f of the GDPR for the stated purposes for the fulfillment of the contract and for other pre-contractual measures as well as our legitimate interests. 

The personal data processed by us for the order will be stored until the statutory warranty obligation expires and then automatically deleted, unless we are obliged to store it for a longer period of time in accordance with Art GDPR consented. 

4. When creating a customer account 

We offer you the opportunity to create a customer account with us. To register and create a customer account, we require the following mandatory information: 

In addition, you can voluntarily provide further information (such as your date of birth). The processing of this data takes place 

We work with you 

Emarsys Interactive Services GmbH, Willi-Schwabe-Straße 1, 12489 Berlin (hereinafter “Emarsys”) 

as a specialized service provider for customer relationship management for documentation, administration and marketing purposes to whom we transmit your master data (title, first and last name, postal code, city, email address). This service provider was carefully selected and commissioned by us, is bound to our instructions and is regularly checked, particularly with regard to the appropriate technical and organizational measures for data security. There is no data transfer to non-EEA countries. 

The data processing takes place at your request and is necessary in accordance with Article 6 Paragraph 1 Sentence 1 Letters b and Letter f of the GDPR for the purposes mentioned for the fulfillment of the contract and for other pre-contractual measures as well as due to our legitimate interests. 

We store the personal data we collect for registration and login until you request the deletion of your customer account. In the event of a request for deletion, we will only retain the necessary information about your orders if storage beyond this is necessary to fulfill the contract on the basis of Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR or if we are obliged to store it for a longer period of time in accordance with Article 6 Paragraph 1 Clause 1 Letter c of the GDPR due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO). 

5. As part of the use of the re-available function 

If the item you want is out of stock, you can use our back in stock function to be notified as soon as the item is available again. This requires you to provide your name and email address. 

The data processing takes place at your request and is in accordance with Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR and is required as pre-contractual measures. 

The personal data we collect will be deleted after your request has been dealt with, unless we have to retain it due to the nature of your request or we are obliged to store it for a longer period of time in accordance with Art. 

6.As part of using our contact form/customer service 

You can send general inquiries to us using the contact form provided on our site. We ask for your first and last name and a valid email address. We need this information in order to answer your request 

Any additional personal information such as your address, an order number or your telephone number will not be recorded unless you provide this information voluntarily. 

Data processing for the purpose of contacting us is carried out at your request and on the basis of Article 6 Paragraph 1 Sentence 1 Letter b GDPR or to protect our legitimate interests in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR. Our legitimate interest lies in being able to respond to inquiries from our customers and thus ensure functioning customer service. 

The personal data we collect for using the contact form will be deleted after the request you have made is processed, unless we have to retain it due to the nature of your request or we are obliged to store it for a longer period of time in accordance with Art. 

a. Fresh Desk Service 

To process your request, we work with the following specialized service provider to whom we transmit the necessary personal data: 

Customercare via Freshworks Inc., 2950S.Delaware Street, Suite 201, San Mateo, CA 94403 (hereinafter “Freshdesk”). 

This service provider was carefully selected and commissioned by us, is bound to our instructions and is regularly checked, particularly with regard to the appropriate technical and organizational measures for data security. Freshdesk uses servers in Europe for this purpose; data is not transferred to the USA. Further information on data protection at Freshdesk can be found at https://www.freshworks.com/privacy/data-hosting/. 

Klarna GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “Klarna”) 

(see Klarna’s privacy policy at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy) for the purpose of checking our credit risk. 

Klarna has the credit risk assessed by credit agencies and receives information and, if necessary, creditworthiness information based on mathematical-statistical procedures (scoring), the calculation of which includes, among other things, address data and your date of birth. 

Klarna works with the following credit agencies: 

The collection, storage and transfer is therefore carried out for the purpose of credit checks and in our interest in avoiding payment default and to prevent fraud on the basis of Art. 6 Para. 1, S. 1 lit. f GDPR. Based on this information, a statistical probability of loan default and thus your solvency (creditworthiness) is calculated. If the credit check is positive, an order on account is possible. If the credit check is negative, our shop system will not allow you to pay on account. The decision as to whether an order is also possible on account is based solely on an automated decision made by our online shop system, which Klarna or the credit agencies commissioned by it carry out, so that a manual check of your documents by one of our employees does not take place separately. 

To the extent that we make automated decisions with legal effect, you have the right to receive information about the logic involved, as well as the scope and intended effects of this data processing. You can have the automated decision reviewed by us by expressing your point of view and you have the right to human intervention by us. Please contact us for this [email protected]. 

(ii.) Klarna Pay Now 

1. Klarna instant transfer 

If you pay for your order via instant transfer, all you need is your account number, BIC or sort code, as well as the PIN and TAN of your online banking account. As part of the ordering process, you will automatically be redirected to a secure payment form from Klarna Bank AB (“Klarna”). Immediately afterwards you will receive confirmation of the transaction. We will then receive the transfer credit directly. Anyone who has an activated online banking account with a PIN/TAN procedure can use Sofortüberweisung as a payment method. Please note that a few banks do not yet support payment via instant transfer. 

2. Klarna direct debit 

If you choose the direct debit payment method when placing your order, you must provide your account details (IBAN and BIC), which will be passed on to Klarna. The payment amount is due for payment by direct debit upon conclusion of the contract and will be debited from your specified account by Klarna. The debit takes place after the goods have been dispatched. The time will be communicated to you by email. The direct debit payment method requires, among other things, a successful identity and credit check (see III. 1. e.i.) 

(iii.) Klarna Pay over time (“payment in installments”) 

If you select installment payment as a payment option for your order, your personal data will be passed on by Stripe to Klarna for the purpose of identity and creditworthiness checks. 

Klarna has the credit risk assessed by credit agencies and receives information and, if necessary, creditworthiness information based on mathematical-statistical procedures (scoring), the calculation of which includes, among other things, address data and your date of birth. For the exact procedure, please see III. 1. e. i. There you will find a list of the credit agencies that Klarna works with. 

The personal data transmitted to Klarna is usually first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data that is necessary to process an installment purchase. To decide on the establishment, implementation or termination of a contractual relationship, Klarna collects and uses data and information about the previous payment behavior of the person concerned as well as probability values for their behavior in the future (so-called scoring). The calculation of the scoring is carried out on the basis of scientifically recognized mathematical and statistical methods. 

To the extent that we make automated decisions with legal effect, you have the right to receive information about the logic involved, as well as the scope and intended effects of this data processing. You can have the automated decision reviewed by us by expressing your point of view and you have the right to human intervention by us. Please contact [email protected]. 

2. To ship your order 

In order to be able to ship your order in our shop (Art. 6 Para. 1 S. 1 lit. b GDPR) and due to our legitimate interests in making shipping as uncomplicated and smooth as possible (Art. 6 Para. 1 S. 1 lit. f GDPR), we transmit your data that you have provided as the delivery address and your email address to shipping service providers who transport your shipment, exclusively for the purposes of delivering goods and for individualized purposes Goods delivery announcement. If it is necessary to coordinate a delivery date, for example for freight forwarding goods (Art. 6 Para. 1 S .1 lit. b GDPR) and you have provided us with your telephone number, we will also transmit this to shipping service providers who transport your shipment, exclusively for the purpose of agreeing a delivery date. These service providers are subject to postal secrecy. 

3. Regarding customer review requests 

a. Trusted Shops Reviews 

To display our Trusted Shops seal of quality and the Trusted Shops products for buyers after an order, the Trusted Shops trust badge is integrated on this website. 

This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer (Art. 6 para. 1 sentence 1 lit. f GDPR). The Trustbadge and the services advertised with it are an offer from 

Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (hereinafter “Trusted Shops”). 

When you access the trust badge, the web server automatically saves a so-called server log file, which contains, for example, your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your site visit. 

Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies. 

b. Google reviews 

The Google Customer Reviews survey gives you the opportunity to rate the purchasing process on our website. If you expressly agree to participate in Google customer reviews (Art. 6 Para. 1 S. 1 lit. a GDPR), Google will send you a survey after the order has been delivered. To do this, we provide the following information about your order 

The pseudonymized hash value of the email address is used to take into account any possible objection to Sovendus advertising (Art. 21 Para. 3, Art. 6 Para. 1 Sentence 1 Letter c GDPR). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymized after seven days (Art. 6 Para. 1 S. 1 lit. f GDPR). We also transmit pseudonymized order number, order value with currency, session ID, coupon code and time stamp to Sovendus for billing purposes (Art. 6 Para. 1 S. 1 lit. f GDPR). If you are interested in a voucher offer from Sovendus, there is no advertising objection to your email address and you click on the voucher banner that is only displayed in this case, we will send your salutation, name and your email address in encrypted form to Sovendus in order to prepare the voucher (Art. 6 Para. 1 lit. b, f GDPR). 

For further information on how Sovendus processes your data, please see the online data protection information at www.sovendus.de/datenschutz. 

 5. Integration of the Trusted Shop Trustbadge 

The Trusted Shops trust badge is integrated on this website to display our Trusted Shops seal of approval and any reviews collected, as well as to offer Trusted Shops products to buyers after an order. 

This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (hereinafter “Trusted Shops”). The trust badge is made available as part of order processing by a CDN provider (content delivery network). Trusted Shops also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on data protection from Trusted Shops can be found here: www.trustedshops.de/impressum/#datenschutz. 

When you access the trust badge, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. Individual access data is stored in a security database for the analysis of security issues. The log files are automatically deleted no later than 90 days after creation. 

Further personal data will be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered to use the product is automatically checked using a neutral parameter, the email address hashed using a cryptological one-way function. Before transmission, the email address is converted into this hash value, which cannot be decrypted by Trusted Shops. After checking for a match, the parameter is automatically deleted. 

This is necessary to fulfill our and Trusted Shops' overriding legitimate interests in providing the buyer protection and transactional evaluation services linked to the specific order in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Further details, including how to object, can be found in the Trusted Shops data protection declaration linked above and in the Trustbadge. 

6. When clicking on embedded YouTube videos 

On our website, we use components (videos) from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter “YouTube”), a company of 

Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter “Google”), 

a. 

We use the “extended data protection mode” option provided by YouTube: If you access a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by notifying your browser. According to YouTube, in “extended data protection mode” your data - in particular which of our websites you have visited and device-specific information including the IP address - will only be transmitted to the YouTube server in the USA if you watch the video. By clicking on the video you trigger this transmission. 

If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. 

For the USA, there is an adequacy decision from the EU Commission, the Trans-Atlantic Data Privacy Framework (hereinafter “TADPF”, further information on this under III. 9. of this data protection declaration). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The processing of personal data by Google is also based on the standard data protection clauses of the European Commission in accordance with Art. 46 Para. 2c) GDPR. Google has also implemented extensive technical and organizational measures designed to protect personal information from accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access. These measures by Google are in accordance with Standard ISO/IEC 27001:2013 certified. 

Further information on data protection in connection with YouTube can be found in the Google privacy policy. 

7. For travel booking inquiries 

If you have given us your express consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR, we will send the following data from the booking form by email to the tour operator Patricio Travel GmbH, Am Hafen 8, D-94130 Obernzell: 

We also transmit the following personal data provided by you: 

Your data is transmitted in the booking form for the purpose of ensuring that you receive travel offers and information materials tailored to your personal interests from Patricio Travel GmbH and that you can be contacted for a possible booking of a trip with Patricio Travel GmbH. 

The data passed on may only be used by Patricio Travel GmbH for the purposes mentioned. 

8. For other purposes 

In addition, we will only share your personal information with third parties if: 

9. Information about possible risks of data transfers to unsafe third countries, especially to the USA 

A “third country” is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered “unsafe” if the EU Commission has not issued an adequacy decision for this country in accordance with Article 45 (1) GDPR, which confirms that there is adequate protection for personal states in the country. On July 10, 2023, the EU Commission issued a new adequacy decision with the Trans-Atlantic Data Privacy Framework (TADPF). S.d. Art. 45 Para. 1 GDPR was adopted for secure data traffic between the EU and the USA. The USA is therefore considered a so-called safe third country. 

In this data protection information we inform you when and how we transfer personal data to the USA or other unsafe third countries. We only transmit your personal data if the recipient is certified according to the TADPF or if 

Guarantees according to Article 46 Paragraph 1 GDPR can be so-called Binding Corporate Rules according to Article 46 Paragraph 2 Letter b GDPR, i.e. binding internal data protection regulations of a provider agreed with the supervisory authorities. According to Article 46 Paragraph 2 Letter c of the GDPR, so-called standard contractual clauses issued by the European Commission in accordance with Article 93 Paragraph 2 of the GDPR also come into consideration as suitable guarantees. In these standard contractual clauses, the recipient assures that the data will be adequately protected and thus ensure a level of protection comparable to the GDPR. We ensure beforehand that the recipient can fulfill the agreed guarantees. 

IV. Cookies and pixel tags 

1. What are cookies and pixel tags? 

We use cookies on our site. These are small files that your browser creates automatically and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. 

The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we receive direct knowledge of your identity. 

We use pixel tags (also called tracking pixels or tracking pixels) as part of our online offering. Pixels are small graphics that are integrated into the HTML code of our site. The pixel tag itself does not store any information on your device or changed, pixels on your device do not cause any damage and do not contain any viruses, Trojans or other malware. 

Pixels can send personal data, such as your IP address, the referrer URL of the website visited, the time at which the pixel was viewed, the browser used, and previously set cookie information to a web server. This makes it possible to carry out range measurements and other statistical evaluations that serve to optimize our offering. 

On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website, that you have already logged into your user account or to display your shopping cart. These are automatically deleted after you leave our site. 

In addition, to optimize user-friendliness, we also use temporary, so-called comfort cookies, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically be recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again. As a rule, these are deleted after a maximum of 30 days. Only comfort cookies that affect language settings are stored for 365 days. 

On the other hand, we use cookies and pixel tags as part of third-party tools to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you (see under V.). These analysis, tracking and targeting cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time. 

2. What are the legal bases for processing using cookies and pixel tags? 

The legal basis for processing personal data using cookies and pixel tags depends on the category of cookies and pixel tags used. We use cookies, which are necessary to maintain the functions of the website, to protect our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR; Our legitimate interest is to offer a smoothly functioning and attractively designed website. All other cookies that are not necessary to maintain the functions of the website will only be used by us with your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. You can obtain this consent via our websiteCookie consent toolgrant or revoke it at any time with effect for the future. You have the option of either agreeing to the use of all cookie categories or making an individual selection. 

3. Consent Management with OneTrust 

On our website, the consent management service OneTrust is provided by OneTrust, LLC, Dixon House, 1 Lloyd’s Avenue, London EC3N 3DQ, United Kingdom (hereinafter “OneTrust”). In this context, the date and time of the visit, browser information, consent information, device information and the IP address of the requesting device are processed. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter f GDPR (legitimate interest). Obtaining and managing legally required consent is to be viewed as a legitimate interest within the meaning of the aforementioned provision, as the interference with the rights of users as a result of the use of anonymized IP addresses and the involvement of a service provider based in Germany is very low. OneTrust stores consents and revocations on our behalf and on our instructions. The storage takes place on the basis of Art. 6 Paragraph 1 Sentence 1 Letter f GDPR. Being able to comply with the accountability obligation in accordance with Article 5 Para. 2 GDPR is a legitimate interest. You can find further information about data protection at OneTrust here. 

V. Tracking and Targeting 

The tracking and targeting measures we use listed below will be carried out if you have given us your consent (see IV.3). 

With the tracking measures we use, we want to ensure a needs-based design and the ongoing optimization of our website. We also use tracking measures to statistically record the use of our website. We also want to use the targeting measures we use to ensure that you only see advertising that is tailored to your actual or perceived interests on your devices. 

The respective data processing purposes and data categories can be found in the description of the corresponding tracking tools. 

1. AWIN 

The advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter “AWIN”) is used on our website due to our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Using AWIN we can deliver advertising content and analyze the success of the campaigns. 

As part of its service, AWIN stores cookies on the devices of users who visit our website to document transactions (e.g. leads and sales). These cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing within the advertising network. A cookie only contains information about when a certain advertising medium was clicked on by a device and, in the case of an order, the OR total, order ID, whether it is a new or existing customer and the time of the order. An individual number sequence that cannot be assigned to the individual user is stored in the tracking cookies 

be documented. 

You can prevent the installation of cookies by setting the browser software accordingly; However, we would like to point out that in this case not all functions of this website may be able to be used to their full extent. Please note that if you deactivate the display of personalized advertisements from AWIN and other advertising partners, you will continue to receive advertisements that are less tailored to your interests/surfing behavior. Further information can be found in the AWIN’s privacy policy. 

2. Microsoft Advertising 

We use conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.This allows us to track users' activities on our website if they have come to our website via ads from Microsoft Advertising. 
If you reach our website via a Microsoft Advertising ad, a cookie will be placed on your computer. Microsoft stores data about the use of the website (e.g. length of stay, which areas of the website were accessed and which advertisement you used to reach our website) as well as, in the case of an order based on this, the order value and the time of the order. Information about your identity is not collected. 

For the USA, there is an adequacy decision from the EU Commission, the Trans-Atlantic Data Privacy Framework (hereinafter “TADPF”, further information on this under III. 9. of this data protection declaration). Microsoft has certified itself according to the TADPF and thus obliged to comply with European data protection principles. In the event that personal data is transferred from Microsoft to the USA, this will also be done on the basis of the European Commission's standard data protection clauses in accordance with Article 46 (2c) GDPR. Microsoft has also implemented extensive technical and organizational measures designed to protect personal information from accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access. These measures by Microsoft are in accordance with Standard ISO/IEC 27001:2013 certified. 

In addition, we have concluded an order processing agreement with Microsoft for the use of Microsoft Advertising. Through this contract, Microsoft guarantees that it will process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject. 

If you do not want to take part in the tracking process, you can also refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies. Further information about data protection and the cookies used by Microsoft Advertising can be found on the Microsoft website. 

3. Econda Web Analytics 

In order to optimize the website and the databases in the background, we use web analysis solutions from econda GmbH, Eisenlohrstr. 43, 76135 Karlsruhe (hereinafter “econda”). 

For the procedures used, usage profiles are created under a pseudonym. Cookies are also used for this. Econda is entitled to use the “Tested Data Protection” seal of approval for the “Web Shop Controlling” area. The data collected using econda technology will not be used to personally identify you as a visitor to this website without your separate consent and will not be combined with directly personal data about the bearer of the pseudonym. For more information please visit www.econda.de. 

4. Emarsys Webextend 

Webextend tracking cookies/pixel tag: We use the cookie/pixel tag from Emarsys Interactive Services GmbH, Willi-Schwabe-Straße 1, 12489 Berlin, (hereinafter “Emarsys Webextend”) to create newsletters and newsletters tailored to you and your interests. For this purpose, we use existing information, such as receipt and read confirmations of emails, information about your computer and connection to the Internet, operating system and platform, your surfing history, date and time of visit to the homepage, products/articles that you have viewed. We generally use this information in a pseudonymized form, but if necessary also to send you newsletters that correspond to your areas of interest. 

If you do not want to receive personalized advertising via newsletter, you can do so at any time by email [email protected]contradict. Alternatively, you can unsubscribe using the unsubscribe link at the end of each newsletter. 

The information generated by the cookie about your use of this website, such as click behavior on texts and products or interactions with videos, is transmitted to a Google server in the USA and stored there. 

For the USA, there is an adequacy decision by the EU Commission, namely the Trans-Atlantic Data Privacy Framework (hereinafter “TADPF”, further information on this under III. 9. of this data protection declaration). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The processing of personal data by Google is also carried out under Google's own responsibility on the basis of the European Commission's standard data protection clauses in accordance with Article 46 (2c) GDPR. Google has also implemented extensive technical and organizational measures designed to protect personal information from accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access. These measures by Google are in accordance with Standard ISO/IEC 27001:2013 certified. 

Further information on data protection can be found in the Privacy Policyfrom Google and on the Google website on the topic Privacy and Terms of Use. 

10. Google Analytics 

On our website we use Google Analytics, a web analysis and advertising service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies and pixel tags (see IV above) are used. The information processed in this way about your use of this website such as 

as well as other information about the use of our website. The IP addresses are anonymized so that they cannot be assigned to you personally (IP masking). 

For the USA, there is an adequacy decision from the EU Commission, the Trans-Atlantic Data Privacy Framework (hereinafter “TADPF”, further information on this under III. 9. of this data protection declaration). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. We have concluded order processing agreements with Google for the use of the marketing platform. In this, Google assures that they process the data in accordance with our instructions and ensure that the rights of the data subject are protected. The information may be transferred to third parties if this is required by law or if third parties process this data on behalf of you. 

You can find further information on data protection in connection with Google Analytics here. 

By using Google Analytics, Google processes the information on our behalf to evaluate the use of the website, to compile reports on website activities and to provide us with other services related to website and internet usage for the purposes of market research and the needs-based design of these websites. 

We only use Google Analytics with IP anonymization activated. This means that the user's IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. 

We have activated the advertising functions of Google Analytics. This creates reports on target groups, demographic characteristics such as age, gender and interests of site visitors, as well as our marketing campaigns. The data for this comes from campaigns carried out via Google services, from interest-based advertising from Google, the Google Display Network and from visitor data from third parties. This does not immediately reveal your identity to us. With the help of these reports, we can better evaluate user behavior in connection with our online offerings and optimize the approach to target groups. 

If you do not want your user behavior to be taken into account in these reports, you can deactivate this via the ad settings in your own Google account or prevent the collection of data by Google Analytics as described below. You can also limit collection by not logging into your own Google account when you visit our pages. 

We do not use the Universal Analytics with User ID offered by Google. 

If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on behalf of you. 

The user data collected via cookies is automatically deleted after 14 months. 

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help. Information about Google's data usage can be found in their Privacy Policy. 

11. Shop line 

On our website we use technology (e.g. tracking pixels) from Ladenzeile GmbH, Zimmerstraße 50, 10888 Berlin, Germany (hereinafter “Ladenzeile”). It operates the Ladenzeile and ShopAlike portals. This technology is executed on your device when an order process is completed. Anonymous data about your ordering process (e.g. value of the shopping cart) as well as your IP address are recorded in a pseudonymized form by Ladenzeile. This is done based on your consent in order to attribute sales, for marketing purposes and to prove civil claims. Ladenzeile deletes the data as soon as it is no longer needed for these purposes. For this purpose, we refer to Ladenzeile’s data protection declaration: https://www.ladenzeile.de/datenschutzerklaerung.html. If you do not agree to tracking, you can prevent this in the browser using the do-not-track setting. 

12. ProductsUp 

We use ProductsUp conversion tracking on our website. This is software for optimizing feed management. The provider is Products Up GmbH, Bahnhofstr. 5, 91425 Simmelsdorf, Germany (hereinafter “Products Up”). ProductsUp conversion tracking allows us to analyze the behavior of our website visitors. For this purpose, the pages you visit and your purchasing activity, which your browser transmits to our web server when you access the website, are recorded. This allows us to measure website interactions such as time spent, conversions, scroll events, clicks and page views of website visitors. When analyzed with ProductsUp, the IP address is anonymized as early as possible so that the interactions can only be assigned to the website visitor for the duration of the current day at most, so that they can be recognized on subsequent visits. The data will be deleted as soon as it is no longer needed for this purpose. 

Without your consent, no cookies will be stored in your browser and no information will be read from your device's memory. The processing takes place on the basis of Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time. You can prevent tracking in your browser using the do-not-track setting. 

For further information, please see Products Up's privacy policy at: https://www.productsup.com/privacy-policy/. 

13. Dynamic Yield 

We use the personalization software from Dynamic Yield GmbH, Unter den Linden 26-30, 10117 Berlin (hereinafter “Dynamic Yield”) on our website to personalize the user experience by creating individual product recommendations and to monitor results through A/B testing and real-time analysis. Cookies and local storage are used. The data analyzed by Dynamic Yield helps us understand which pages and products are of particular interest to website visitors. 

Data processing is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR. IP address, user IDs, pages accessed, referrers, URL parameters, search queries/terms, information on search results, membership of target groups, interactions, geographical location as well as technical, non-behavioral information about your device and browser are processed. The data will be deleted 12 months after collection. 

If you have also given your consent in Google Analytics, Google will receive data/segments processed by Dynamic Yield for further use. You can find information about Google Analytics or Google in this data protection declaration. 

The collected data may, in exceptional cases, be transmitted to Dynamic Yield's headquarters in Israel for technical support measures. These are secured by an adequacy decision within the meaning of Art. 45 GDPR. 

We have concluded an order processing agreement with Dynamic Yield in accordance with Article 28 of the GDPR. Further information on data protection at Dynamic Yield can be found at https://www.dynamicyield.com/de/gdpr-and-privacy/ and in Dynamic Yield's data protection declaration: https://www.dynamicyield.com/privacy-policy/. 

VI. Rights of those affected 

You have the right: 

To assert your data subject rights against us, please contact us [email protected]. 

VII. Right to object in accordance with Art. 21 GDPR 

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a special situation. 

If you would like to exercise your right to object, simply send an email to [email protected]. 

VIII. Data security 

All data you personally transmit is encrypted using the generally accepted and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognize a secure TLS connection by, among other things, the appended s to http (i.e. https://..) in the address bar of your browser or by the lock symbol in the top area of your browser. 

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. 

IX. Currentness and changes to this data protection declaration 

This data protection declaration is currently valid and is valid as of January 2026. 

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be viewed at any time on the website Data protection can be accessed and printed out by you.