1. General information

1.1 Controller

The controller within the meaning of Art. 4 No. 7 GDPR is the person who alone or jointly with others determines the purposes and means of the processing of personal data.

With regard to our website, the responsible person is:

Otto Zimmermann GmbH
Untertürkheimer Str. 9
66117 Saarbrücken
Germany
E-mail: info@ozs.de
Phone: +49 681 58007-0

We have appointed a data protection officer in accordance with Art. 37 GDPR. You can contact our data protection officer Mrs Barbara Schwarz at datenschutz@ozs.de.

1.2 Processing of the shop data

Our website is an online shop where you can purchase various merchandise items.

As with any other online shop, we must collect personal data from you as part of the sales process. This includes, in particular, address data (surname, first name, street, postcode, city, country), contact details (email address, telephone number if applicable), billing and accounting data (surname, first name, street, postcode, city, country, purchase amount, selected payment method, etc.), as well as general technical personal data (such as your IP address, the status of your shopping basket, products placed in it, etc.).

In the course of contract processing, we will also pass on your personal data to third parties for the fulfilment of our contract for a specific purpose. Particularly sensitive data in the context of billing will only be transmitted on the basis of state-of-the-art encryption. The companies in question are the payment provider you have selected, as well as the respective postal and parcel service provider (GLS, DHL, DPD, etc.).

1.3 Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the device (e.g. computer, mobile phone, tablet, etc.) used to access it.

What personal data is collected and to what extent is it processed?

(1) Information about the browser type and version used;
(2) The operating system of the retrieval device;
(3) Host name of the accessing computer;
(4) The IP address of the retrieval device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user's system accessed our website (referrer tracking);
(8) Message whether the retrieval was successful;
(9) Amount of data transmitted

This data is stored in the log files of our system. This data is not stored together with the personal data of a specific user, so that individual site visitors cannot be identified.

Legal basis for the processing of personal data

Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.

Purpose of the data processing

The temporary (automated) storage of the data is necessary for the course of a website visit to enable delivery of the website. The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. In addition, we use the data to optimise the website and to generally ensure the security of our information technology systems.

Duration of storage

The deletion of the aforementioned technical data takes place as soon as they are no longer required to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing our website.

Possibility of objection and deletion

You can object to the processing at any time in accordance with Article 21 of the GDPR and request the deletion of data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them at the bottom of this privacy policy.

1.4 General information on making contact

Please note that complete data security on the transmission path to our IT systems cannot be guaranteed in the case of unencrypted communication by e-mail, so that we expressly recommend encrypted communication or the postal service for information requiring a high level of confidentiality. The following risks, among others, exist when transmitting data by email:

• personal data could be disclosed to third parties without authorisation if the email address is not entered correctly;

• You have no information on the recipient side, e.g. which or how many employees have access to the e-mail;

• the transmission of data by e-mail via several distributed intermediaries means that unauthorised third parties can access the data without encryption.

1.5 Processor

Some processors are used with regard to our website. If they are used for a special function (e.g. booking enquiry form) or a web service, they will be expressly named at that point. The following additional processors are used here:

• Hosting of the website

  To provide the content of our website, we work with a service provider who supports us in providing the necessary server capacity and storage options. Insofar as server access is required within the website, the data collected for this purpose is stored on servers of the company

  Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

  processed.

  Your data is processed on the basis of an order processing contract in accordance with Art. 28 GDPR, which is the legal basis for the transfer of data to this company.

2. Special information

2.1 Special functions of the website

Our website offers you various functions that collect, process and store personal data when you use them. Below we explain what happens to this data:

Order form

• What personal data is collected and to what extent is it processed?

  The data you enter in the form fields, such as address, surname, first name, etc., will be processed by us to fulfil the purpose stated below.

• Legal basis for the processing of personal data

  Art. 6 para. 1 lit. b GDPR (implementation of (pre)contractual measures)

• Purpose of the data processing

  The purpose of the data processing is to process your order so that we can handle potential contractual relationships with you or carry out pre-contractual measures.

• Duration of storage

  The data will be deleted as soon as it is no longer required for processing the order and there are no longer any legal retention obligations. This will usually be after 10 years (cf. § 147 para. 3 in conjunction with para. 1 nos. 1, 4 and 4a AO, § 14b para. 1 UStG).

• Possibility of objection and deletion

  You can find out what rights you have and how to exercise them at the bottom of this privacy statement.

• Necessity of providing personal data

  The information in the order form is neither contractually nor legally required, but is necessary for the conclusion of a contract. If you do not fill in the existing mandatory fields or do not fill them in completely, the order you have requested cannot be completed.

Contact form(s)

• What personal data is collected and to what extent is it processed?

  We will process the data you have entered in the input mask of our contact forms to fulfil the purpose stated below.

• Legal basis for the processing of personal data

  Art. 6 para. 1 lit. a GDPR (consent through clear confirming action or behaviour)

• Purpose of the data processing

  We will only use the data recorded via our contact form or contact forms for processing the specific contact enquiry received through the contact form.

• Duration of storage

  After processing your request, the collected data will be deleted immediately, unless there are legal retention periods.

• Revocation and deletion option

  The revocation and deletion options are based on the general regulations on the right of revocation and deletion under data protection law described below in this data protection declaration.

• Necessity of providing personal data

  The use of the contact forms is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the contact form, but can also use the other contact options provided on our site. If you wish to use our contact form, you must fill in the fields marked as mandatory. If you do not fill in the required information on the contact form, you will either not be able to send the enquiry or we will unfortunately not be able to process your enquiry.

Login area

• What personal data is collected and to what extent is it processed?

  We will process the registration and login data you enter with us to fulfil the purpose stated below.

• Legal basis for the processing of personal data

  Art. 6 para. 1 lit. b GDPR (implementation of (pre)contractual measures)

• Purpose of the data processing

  You have the option of using a separate login area on our website. So that we can check your authorisation to use the protected area or the protected documents, you must enter your login data (e-mail or user name and password) in the corresponding form.

• Duration of storage

  The data collected will be stored for as long as you maintain a user account with us.

• Possibility of objection and deletion

  You can find out what rights they have and how to exercise them at the bottom of this privacy statement.

• Necessity of providing personal data

  The use of the login area on our website is contractually required for the use of the protected area. It is not possible to use the content protected by the login area without entering personal data. If you wish to use our login area, you must complete the fields labelled as mandatory (user name and password). The entry of the data requires the existence of a user account. It is not possible to log in if the data you have entered is incorrect. If you enter the data incorrectly or not at all, the protected area cannot be used. However, the rest of the site can still be used without a login.

Newsletter registration form

• What personal data is collected and to what extent is it processed?

  By registering for the newsletter on our website, we receive the e-mail address entered by you in the registration field and, if applicable, further contact data, provided that you communicate this to us via the newsletter registration form.

• Legal basis for the processing of personal data

  Art. 6 para. 1 lit. a GDPR (consent through clear confirming action or behaviour)

• Purpose of the data processing

  The data recorded in the registration mask of our newsletter will be used by us exclusively for sending our newsletter, in which we inform you about all our services and our news. After registration, we will send you a confirmation e-mail containing a link that you must click to complete the registration for our newsletter (double opt-in).

• Duration of storage

  You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link, which is also included in every newsletter. Your data will be deleted by us immediately after unsubscription. Likewise, your data will be deleted by us immediately in the event that your subscription is not completed. We reserve the right to delete without giving reasons and without prior or subsequent information.

• Revocation and removal option

  You can revoke your consent at any time in accordance with Art. 7 (3) GDPR. However, the processing carried out up to the time of the revocation remains unaffected by this. With regard to the other rights, we refer to the overview at the end of this data protection declaration.

• Necessity of providing personal data

  If you would like to use our newsletter, you must fill in the fields marked as mandatory and confirm your e-mail address by clicking on the double opt-in link. The newsletter registration details are neither necessary to enter into a contract with us, nor are they legally binding. They are used exclusively for sending our newsletter. If you do not fill in the necessary information, we will unfortunately not be able to provide you with our newsletter service.

2.2 Automated credit check / scoring

If you wish to conclude a contract with us, we reserve the right to carry out exclusively automated processing of your personal data in order to check your creditworthiness. We are also entitled to make such an automated decision pursuant to Article 22 (2) a of the GDPR. Whether the contract can be concluded or not depends on the result of the automated credit check. In a credit check, statistical probabilities of a payment default are calculated. The creditworthiness information may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical procedures. In this process, the customer's future risk of non-payment is inferred by means of a large number of characteristics, such as income, address data, occupation, marital status and previous payment behaviour. The result is expressed in the form of a payment value (so-called score). The information obtained in this way forms the basis of our decision on the establishment, implementation or termination of a contractual relationship. If you believe that you have been wrongly excluded from concluding a contract due to the credit check, you are welcome to explain your point of view to us by e-mail. We will then review the automated decision in accordance with Article 22 (3) of the GDPR in the specific individual case. In order to be able to carry out the credit check, we may store and process your personal data in accordance with Art. 6 Para. 1 lit. b GDPR.

We transmit your data to the following provider(s) on the basis of the contract in progress in the cases listed below:

• Datenübertragung an Apple bei Auswahl der Zahlungsart "Apple Pay":

   

• Datenübertragung an Google bei Auswahl der Zahlungsart "Google Pay":

   

• Automatic identity and credit check when selecting Klarna payment methods

  • What personal data is collected and to what extent is it processed?

    If you choose the payment method purchase on account with Klarna invoice purchase or the payment method instalment purchase via Klarna instalment purchase or Klarna Sofort, you will be asked in the ordering process to consent to the transmission of the data required for the processing of the payment and an identity and credit check to Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden (hereinafter: Klarna). If you give your consent, Klarna will receive the following data from us: First and last name, street, house number, postcode, city, date of birth, telephone number and the data related to your order.

  • Legal basis for the processing of personal data

    Art. 6 para. 1 lit. b GDPR (implementation of (pre)contractual measures)

  • Purpose of the data processing

    For the purpose of checking identity and creditworthiness, Klarna transmits data to credit agencies and receives information from them as well as, if applicable, creditworthiness information on the basis of mathematical-statistical procedures, the calculation of which includes, among other things, address data (so-called score values). In this way, Klarna receives information about the statistical probability of a payment default, which is the basis for the decision about the establishment, implementation or termination of the contractual relationship. However, the selection of one of the offered payment methods before conclusion of the contract is not dependent on such information.

    The credit agencies are the following companies:

    • Bürgel Wirtschaftsinformationen GmbH & Co. KG, P.O. Box 5001 66, 22701 Hamburg, Germany
    • Creditreform Boniversum GmbH, Hellersbergstraße 11 41460 Neuss, Germany
    • Deltavista GmbH, Freisinger Landstr. 74, 80939 Munich, Germany
    • Arvato Infoscore Consumer Data GmbH / Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany
    • SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden

    Detailed information can be found in Klarna's Privacy Policy (https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf) and Terms of Use (https://klarna.com/de/AGB).

  • Duration of storage

    We will store the relevant data for the processing of the payment for as long as it is necessary for the execution of the transaction. Insofar as the data is subject to statutory retention obligations, the data will be deleted after the retention obligation has expired. The duration of the storage of the data by Klarna can be found in Klarna's privacy policy: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

  • Possibility of objection and deletion

    You can object to the processing at any time in accordance with Article 21 of the GDPR and request the deletion of the data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them at the bottom of this privacy policy.

2.3 Statistical analysis of visits to this website - web tracker

We collect, process and store the following data when this website or individual files on the website are accessed: IP address, website from which the file was accessed, name of the file, date and time of access, amount of data transferred and report on the success of the access (so-called web log). We use this access data exclusively in a non-personalised form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to evaluate visits to this website:

• BugSnag

  We use on our site the service BugSnag of the company SmartBear Software Inc., 450 Artisan Way 4th floor, 02145 Somerville, United States, e-mail: privacy@smartbear.com, website: https://www.bugsnag.com/. The transfer also takes place to a third country for which there is no adequacy decision by the Commission. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  The Bugsnag plugin is a tool designed to identify, monitor and resolve bugs in applications. It enables the automatic collection and aggregation of bug reports, providing developers with accurate real-time analysis and bug tracking.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://smartbear.com/privacy/.

• Custom Audiences

  We use on our site the service Custom Audiences of the company Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, e-mail: impressum-support@support.facebook.com, website: http://facebook.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  Facebook Custom Audience is an advertising tool from Facebook that can be used to run targeted advertising campaigns to page visitors.

  You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.facebook.com/privacy/policy/.

  The provider also offers an opt-out option at https://www.facebook.com/privacy/policy/.

• Facebook Connect

  We use on our site the service Facebook Connect of the company Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, e-mail: impressum-support@support.facebook.com, website: http://www.facebook.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  Via Facebook Connect, users can use their Facebook profile to simplify logging in to other web services.

  You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.facebook.com/privacy/policy/.

  The provider also offers an opt-out option at https://www.facebook.com/privacy/policy/.

• Google Ads

  We use on our site the service Google Ads of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  Google Ads is an advertising system with which we can place adverts on external websites on the Internet to inform our customers about our services. Google Ads displays adverts on external websites that are individually tailored to our clientele and lead to our website according to parameters set by us. If the site visitor clicks on the Google Ads advert, they are taken to our website. In order to be able to measure the success and remuneration of Google Ads advertisements, Google Ads measures the success of the advertising measure when our website is accessed. Our website processes the data provided by Google Ads in order to analyse and improve our advertising measures and to calculate any remuneration that may be due. Your data may also be used for remarketing purposes if you have given your consent.

  For processing itself, the service or we collect the following data: Data on page visitors' advertising interests, page visitors' interactions with advertisements related to our website, data on the visit to our website by page visitors who have previously clicked on Google Ads advertisements and arrived at our website, data on the terminal device used, the IP address and the user's browser and further data from Google services for the provision and refinement of Google advertisements related to our website.

  if the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. when Google Ads are used on our website, Google may transmit and process information from other Google services in order to provide background services for the improvement and individualisation of Google advertising. For this purpose, data may also be processed by other Google services such as Google Apis, Google Cloud, Google Ads, Google Analytics, Google Tag Manager, Google Marketing Platform and Google Fonts in accordance with the Google Privacy Policy under Google's own responsibility under data protection law. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list. Further information on the responsible handling of business data can be found at https://business.safety.google/privacy/.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Ads mit Google Remarketing

  We use on our site the service Google Ads mit Google Remarketing of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  Google Ads is an advertising system with which we can place adverts on external websites on the Internet to inform our customers about our services. Google Ads displays adverts on external websites that are individually tailored to our customer base and lead to our website according to parameters set by us. We also use the Google Ads Remarketing function with Google Ads. When displaying advertising, Google Ads Remarketing also accesses remarketing target groups of the Google Analytics service and displays individualised target group-oriented advertising based on the site visitors and their behaviour. If the site visitor clicks on the Google Ads advert, they are taken to our website. In order to be able to measure the success and remuneration of Google Ads advertisements, Google Ads measures the success of the advertising measure when our website is accessed. Our website processes the data provided by Google Ads in order to be able to analyse and improve our advertising measures and to calculate any remuneration that may be due.

  For processing itself, the service or we collect the following data: Data on the advertising interests of site visitors, interactions of site visitors with adverts relating to our website, data on visits to our website by site visitors who have previously clicked on Google Ads adverts and reached our website, data on Google Analytics remarketing target groups under previously defined individual advertising preferences of site users, data on the end device used, the IP address and the browser of the user and other data from Google services for the provision and refinement of Google advertising relating to our website.

  if the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. when Google Ads are used on our website, Google may transmit and process information from other Google services in order to provide background services for the improvement and individualisation of Google advertising. For this purpose, data may also be processed by other Google services such as Google Apis, Google Cloud, Google Ads, Google Analytics, Google Tag Manager, Google Marketing Platform and Google Fonts in accordance with the Google Privacy Policy under Google's own responsibility under data protection law. You can view the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Analytics

  We use on our site the service Google Analytics of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  Google Analytics is a web tracker that analyses the behaviour of page visitors and their interactions with our website and provides us with evaluations and forecasts about the content and products of our website and their popularity (so-called tracking). we have integrated Google Analytics so that the service can compile an analysis of the page users' surfing behaviour. For this purpose, Google collects the page interactions of page visitors with our website and, if applicable, existing information resulting from the reading of cookies or other storage technologies and processes it statistically for us. google Analytics uses data processing technologies that make it possible to track individual page visitors and their interaction with other Google services such as the Google Ads advertising network. Data from other Google services are also used to close data gaps and to create comprehensive statistics on the content of our website by means of machine learning technologies, modelled statistics and forecasting functions. If Google Analytics is activated on our website, the data determined by Google Analytics are transmitted to servers of the company Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. we carry out the analysis through Google Analytics in order to constantly optimise our internet offer and make it more available. This is a so-called reach measurement.

  For processing itself, the service or we collect the following data: Data on the interactions of page visitors with the content of the website, data on the handling of the services presented on our website, data from external Google services, insofar as they interact with our website, such as advertising data or data on behaviour in relation to advertising, data on the gross geographical origin, the browser used, operating system and other information on the terminal device used.

  Google Analytics will store the data relevant for the provision of web tracking for as long as it is necessary to fulfil the booked web service. Data collection and storage is anonymised. Insofar as individual interactions of site visitors make it possible to subsequently establish a personal reference to specific actions, we will delete the collected data when the purpose has been achieved. The data will be deleted at the latest when it is not subject to any statutory retention obligations. As a rule, we will delete this data after 12 months at the latest. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://tools.google.com/dlpage/gaoptout?hl=de.

• Google Merchant Center Analytics

  We use on our site the service Google Merchant Center Analytics of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  We can upload our product data to the Google Merchant Centre and make it available for Google Shopping or other Google services. Google Merchant Centre Analytics prepares data on customer interactions with our products and our shop so that we can gain an insight into the performance of our products and make improvements as a result.

  You can access certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

• Google Tag Manager

  We use on our site the service Google Tag Manager of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  Google Tag Manager provides a technical platform for executing and bundling other web tools and web tracking programmes by means of so-called "tags". in this context, Google Tag Manager stores cookies on your computer and analyses your surfing behaviour (so-called "tracking"), insofar as web tracking tools are executed using Google Tag Manager. The data generated by the "tags" are compiled, stored and processed by Google Tag Manager under a uniform user interface. All integrated "tags" are listed separately again in this data protection declaration. When you use our website with the integration of Google Tag Manager "tags" activated, data such as your IP address and your user activities in particular are transmitted to Google servers. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager before transmission by means of IP anonymisation of the source code. With Tag Manager, measured values from different service providers (Google and third-party providers) can be linked and evaluated on the basis of the so-called tag management. Google Tag Manager helps us to compile reports on website activity and to control the web tools of our website.

  For processing itself, the service or we collect the following data: Cookies, web tracking data, outgoing or incoming links, information generated by the integration and activation of JavaScript code on the website from Google Tag Manager and the web tools triggered by Google Tag Manager.

  you can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://policies.google.com/privacy.

• Amazon CloudFront (CDN)

  We use on our site the service Amazon CloudFront (CDN) of the company Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg, e-mail: privacyshield@amazon.com, website: https://aws.amazon.com/de/cloudfront/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.

  Amazon CloudFront CDN is a content delivery network that mirrors our content across multiple servers to ensure optimal accessibility worldwide.

  You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  With regard to the processing, you have the right to object as set out in Art. 21. You can find more information at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr.

• EcomSend für Shopify

  On our website we use the service EcomSend für Shopify of the company Channelwill, London, United Kingdom, website: https://www.channelwill.com/.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  EcomSend enables us to display pop-ups with different content in our online shop.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.channelwill.com/privacy-policy-channelwill/.

• Google Cloud APIs

  We use on our site the service Google Cloud APIs of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  We use Google APIs in order to be able to load additional services from Google on the website. Google Apis is a collection of interfaces for communication between the various Google services used on your website. The service is used in particular to display the Google Fonts fonts and to provide the Google Maps map.

  For processing itself, the service or we collect the following data: IP address

  If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. when using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Cloud, Google Maps, Google Ads and Google Fonts in accordance with the Google data protection declaration under Google's responsibility under data protection law. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Fonts

  We use on our site the service Google Fonts of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  We use the Google Fonts service to be able to integrate attractive fonts on our website in order to be able to show you our website in a visually better version. The service may also be used on our website if other Google services are reloaded on our website that require Google Fonts fonts to run. This is the case, for example, if our website uses Google services that require Google Fonts to run.

  For processing itself, the service or we collect the following data: Data on fonts, IP address of the page visitor, statistics on the use of fonts and other data from Google services related to our website.

  If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. when using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Apis, Google Cloud and Google Ads in accordance with the Google Privacy Policy. You can view the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google reCaptcha

  We use on our site the service Google reCaptcha of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  If Google reCaptcha is activated on our website, the data determined by Google reCaptcha will be transmitted to servers of the company Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. based on specific characteristics and an analysis of page behaviour, the service recognises whether the entries made are automated entries by means of a programme (so-called bot) or human. The service has three different levels. Either the service automatically recognises that the input is not automated by a bot or it lets the user select a captcha checkbox. A third option is the display of small image or voice tasks / text tasks that have to be solved by the site visitor. Google reCaptcha is a capcha service that is used on our website for security reasons to prevent bots (robot programs) from interacting with our website. Google reCaptcha verifies on our behalf that only humans and not bots can use our website. This enables us to protect the special functions of our website (e.g. contact forms or other input options such as the login area) from improper page access.

  For processing itself, the service or we collect the following data: User behaviour (e.g. mouse gestures or input behaviour), IP address, browser data, computer information.

  If you wish to use the input options protected by Google reCaptcha on our website, you must allow the use of Google reCaptcha and, if necessary, solve the corresponding captchas. If you do not fill in the captcha or do not allow the use of Google reCaptcha, you will not be able to use the form protected by the captcha. Alternatively, you can always use our other contact options (e.g. post or email). You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

  The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• LinkedIn

  We use on our site the service LinkedIn of the company LinkedIn Ireland Unlimited Company, Wilton Place, 2 Dublin, Ireland, e-mail: info_impressum@cs.linkedin.com, website: https://www.linkedin.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  When using the Linkedin plugin, we establish a connection to the Linkedin platform in order to give logged-in Linkedin members the opportunity to interact with us.

  You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

  The provider also offers an opt-out option at https://www.linkedin.com/help/linkedin/answer/68763?lang=de.

• PreProduct für Shopify

  On our website we use the service PreProduct für Shopify of the company PreProduct, London, United Kingdom, e-mail: hello@preproduct.io, Website: https://preproduct.io/.

  The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.

  PreProduct enables us to record pre-orders for upcoming and sold-out products.

  With regard to the processing, you have the right to object as set out in Art. 21. You can find more information at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://preproduct.io/privacy-policy/.

• Rechtstextsnippet und Module

  We use on our site the service Rechtstextsnippet und Module of the company Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, e-mail: support@website-check.de, website: https://www.website-check.de/. Personal data is transmitted exclusively to servers in the European Union.

  The legal basis for the processing is Art. 6 para. 1 lit. c GDPR. The use of the service helps us to comply with our legal obligations.

  With the help of the service, the contents of our legal texts are reloaded on our website. The respective current legal texts are reloaded via the integration on our page. This integration may also be used to reload further technical modules with regard to the legal texts or legally required elements.

  You can find out what rights you have with regard to processing at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.website-check.de/datenschutzerklaerung/.

• Qteedy

  We use on our site the service Qteedy of the company Paidify, Stevana Sremca 11, 21000 Novi Sad, Azerbaijan, e-mail: support@easyquote.pw, website: https://easyquote.pw/. The transfer also takes place to a third country for which there is no adequacy decision by the Commission. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

  The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

  With the help of the Qteedy service (an app for Shopify), we can enable our customers to create a quote from the contents of the shopping basket or from a single product instead of placing an order. We can adjust the price for each individual customer and then automatically convert a quote into an order.

  You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://easyquote.pw/privacy_policy.

• Shopify

  We use on our site the service Shopify of the company Shopify International Limited, Victoria Buildings, 2. Etage, 1-2 Haddington Road, D04 XN32 Dublin, Ireland, e-mail: hilfe@shopify.de, website: https://www.shopify.de/. The transfer also takes place to a third country outside the EU. For this third country, there is an adequacy decision of the Commission. On the page of the EU Commission (link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de) you will find an up-to-date list of all adequacy decisions.

  The legal basis for the processing of personal data is the contract already concluded or to be concluded between you and us in accordance with Art. 6 Para. 1 lit. b GDPR.

  Through Shopify's CRM, we can operate our shop and make it available to you.

  You can find out what rights you have with regard to processing at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.shopify.de/legal/datenschutz.

• Website-Check Siegel

  We use on our site the service Website-Check Siegel of the company Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, e-mail: support@website-check.de, website: https://www.website-check.de/. Personal data is transmitted exclusively to servers in the European Union.

  The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.

  The script of Website-Check GmbH is the technical integration of the Website-Check seal. With this seal, we would like to show that we take the issue of data protection very seriously. The transmission of data to Website-Check GmbH takes place for the delivery and display of the seal on our site.

  With regard to the processing, you have the right to object as set out in Art. 21. You can find more information at the end of this privacy policy.

  For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.website-check.de/datenschutzerklaerung/.

• Social Plug-In - "Facebook by META"

  • What personal data is collected and to what extent is it processed?

    On our website we have integrated a social plug-in of the social network "Facebook by META", which is operated by the Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, e-mail: impressum-support@support.facebook.com, website: http://www.facebook.com/ ("Facebook by META"). When you call up a page that contains such a plug-in, your browser automatically establishes a background connection to the servers of Facebook by META. The content of the plug-in is transmitted directly to your browser by Facebook by META and only integrated into our site. Through this integration, Facebook by META receives the information that your browser has loaded a specific page of our website. This also applies if you do not have a Facebook by META profile or are not currently logged in to Facebook by META. This information (including your IP address) is transmitted by your browser directly to a server of Facebook by META in Ireland and stored there. If you are logged in to Facebook by META, Facebook by META can directly assign your visit to our website to your Facebook by META profile. If you interact with the plug-ins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a server of Facebook by META and stored there. The information is also published on your Facebook by META profile and displayed to your Facebook by META contacts that you have activated for this purpose.

  • Legal basis for the processing of personal data

    Art. 6 para. 1 lit. a GDPR (if you have registered with "Facebook by META") and Art. 6 para. 1 lit. f GDPR (if you have not registered with Facebook by META ). Insofar as processing takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, the legitimate interest of the site operator is to enable user interaction with the content of the site operator at Facebook by META.

  • Purpose of the data processing

    The primary purpose of the data collection is to offer you a possibility of social interaction linked to Facebook by META and thus to make our website interactive. The scope of data collection and the further processing and use of the data you leave behind by Facebook by META, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection information of Facebook by META: https://www.facebook.com/privacy/policy/

  • Duration of storage

    Facebook by META will store the data relevant for the provision of the web service for as long as it is necessary. Insofar as the data is subject to statutory retention obligations, it will be deleted after the retention obligation has expired.

  • Possibility of objection and deletion

    If you do not want the social plug-in from Facebook by META to run, you can also prevent it from running by installing an appropriate add-on or script blocker. If you do not want Facebook by META to assign the data collected via our website to your Facebook by META profile, you must log out of Facebook by META before visiting our website. The options for objection and removal are also based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.

• Social Plug-In - "Instagram"

  • What personal data is collected and to what extent is it processed?

    On our website we have integrated a social plug-in of the social network "Instagram", which is operated by the Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, e-mail: impressum-support@support.facebook.com, website: https://www.instagram.com/ ("Instagram"). When you call up a page that contains such a plug-in, your browser automatically establishes a background connection to the servers of Instagram. The content of the plug-in is transmitted directly to your browser by Instagram and only integrated into our site. Through this integration, Instagram receives the information that your browser has loaded a specific page of our website. This also applies if you do not have a Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to a server of Instagram in Ireland and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram profile. If you interact with the plug-ins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a server of Instagram and stored there. The information is also published on your Instagram profile and displayed to your Instagram contacts that you have activated for this purpose.

  • Legal basis for the processing of personal data

    Art. 6 para. 1 lit. a GDPR (if you have registered with "Instagram") and Art. 6 para. 1 lit. f GDPR (if you have not registered with Instagram ). Insofar as processing takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, the legitimate interest of the site operator is to enable user interaction with the content of the site operator at Instagram.

  • Purpose of the data processing

    The primary purpose of the data collection is to offer you a possibility of social interaction linked to Instagram and thus to make our website interactive. The scope of data collection and the further processing and use of the data you leave behind by Instagram, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection information of Instagram: https://help.instagram.com/519522125107875

  • Duration of storage

    Instagram will store the data relevant for the provision of the web service for as long as it is necessary. Insofar as the data is subject to statutory retention obligations, it will be deleted after the retention obligation has expired.

  • Possibility of objection and deletion

    If you do not want the social plug-in from Instagram to run, you can also prevent it from running by installing an appropriate add-on or script blocker. If you do not want Instagram to assign the data collected via our website to your Instagram profile, you must log out of Instagram before visiting our website. The options for objection and removal are also based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.

2.5 Use of web storage

In simple terms, "web storage" technology is a technical option in which - similar to cookies - data and information can be stored on the user's computer or end device. Data can generally be stored in web storage in two ways. The name of the web storage depends on the storage duration. A distinction is made between permanent storage (localStorage) and storage limited to the "session" (sessionStorage). A session begins when the page is called up and ends when the page is left (e.g. by closing the tab or the browser). The localStorage or sessionStorage is accessed via the scripts and web services used.

localStorage:

Name	Purpose	Legal basis
bugsnag-anonymous-id	Used for logging and notification of errors that occur on the website.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
sessionType	Displays the current position in the order process.	Art. 6 para. 1 lit. b GDPR - Technically necessary for contract fulfilment and shop navigation
__ui	Saves the session on the checkout page.	Art. 6 para. 1 lit. b GDPR
cartToken	Saves the contents of the shopping basket.	Art. 6 para. 1 lit. b GDPR
trackedSourceId	Tracks the checkout session for analysis.	Art. 6 para. 1 lit. a GDPR - Consent
trackedCompleteOrderSourceId	Tracks the checkout session for analysis.	Art. 6 para. 1 lit. a GDPR - Consent
lastSeenErrorReceiptId	Saves information on errors in the checkout process.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
ecomsend_expires_time114418	Saves information on the display duration of the pop-ups.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
lastExternalReferrer	Saves how the user reached the website by registering their last URL address.	Art. 6 para. 1 lit. a GDPR - Consent
lastExternalReferrerTime	Saves how the user reached the website by registering their last URL address.	Art. 6 para. 1 lit. a GDPR - Consent
PPcartSessionShopData	Saves the shopping basket of pre-orders.	Art. 6 para. 1 lit. b GDPR
_gcl_ls	Used by Google for conversion tracking in Google Ads and Google Tag Manager. Helps measure the effectiveness of advertising campaigns by tracking user interactions with adverts and websites. Stores data related to ad clicks and conversions and enables website owners to understand how users interact with their ads and make data-driven decisions to optimise their campaigns.	Art. 6 para. 1 lit. a GDPR - Consent
sourceType	Saves the previous page in the shopping basket to enable a smooth checkout.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
apollo-cache-persist	Shopify uses the Apollo Client Cache to shorten the loading time of the website during checkout.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
shopifyChatData	Saves data on interactions with the Shopify chat.	Art. 6 para. 1 lit. a GDPR - Consent
shopPayRememberMeOptInAuto	Saves whether a customer who pays with Shop Pay wants to save their data for easier login and checkout.	Art. 6 para. 1 lit. f GDPR - Legitimate interest

sessionStorage:

Name	Purpose	Legal basis
ecomsend_pp_already_show114418	Saves information on the display of pop-ups.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
ecomsend_pp_window_normal114418	Saves information on the display type of the pop-ups.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
checkout_modal_preflight_*	Saves information about the checkout to make it smoother.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
__quiltRouterScroll	Saves settings for the scroll position when displaying the website.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
_shs_state	Saves information such as preferences and sessions in order to store them for the user's next website visit and to simplify this visit.	Art. 6 para. 1 lit. f GDPR - Legitimate interest
ri-*	Saves information such as preferences and sessions in order to store them for the user's next website visit and to simplify this visit.	Art. 6 para. 1 lit. f GDPR - Legitimate interest

3. Your rights

3.1. right to information

You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you have the right to access the information specified in Art. 15 (1) and (2) GDPR. We will also be happy to provide you with a copy of the data, provided that the rights and freedoms of other persons are not affected (see Art. 15 para. 4 GDPR).

3.2 Right of rectification

In accordance with Art. 16 GDPR, you have the right to have any incorrect personal data stored by us (e.g. address, name, etc.) corrected at any time. You can also request the completion of the data stored by us at any time. A corresponding adjustment will be made immediately.

3.3 Right to cancellation

In accordance with Art. 17 (1) GDPR, you have the right to demand that we erase the personal data we have collected about you if

• the data is no longer required;
• the legal basis for the processing no longer applies due to the withdrawal of your consent;
• You have objected to the processing and there are no overriding legitimate grounds for the processing
• Your data is being processed unlawfully;
• a legal obligation requires this
• a collection pursuant to Art. 8 para. 1 GDPR has taken place.

Pursuant to Article 17 (3) of the GDPR, this right does not exist if

• processing is necessary for the exercise of the right to freedom of expression and information;
• Your data have been collected on the basis of a legal obligation;
• processing is necessary for reasons of public interest;
• the data are necessary for the assertion, exercise or defence of legal claims.

3.4 Right to restriction of processing

According to Art. 18 (1) GDPR, you have the right in individual cases to demand the restriction of the processing of your personal data.

This is the case when

• the accuracy of the personal data is contested by you
• the processing is unlawful and you do not consent to its erasure
• the data is no longer required for the purpose of processing, but the data collected serves the establishment, exercise or defence of legal claims
• an objection to the processing has been lodged pursuant to Art. 21 para. 1 GDPR and it is not yet clear which interests prevail.

3.5 Right of cancellation

If you have given us your express consent to process your personal data (Art. 6 para. 1 lit. a GDPR), you can revoke this consent at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

3.6 Right to object

---

Insofar as you no longer wish us to process your data due to a special situation, you can object to the storage and processing of your data at any time in accordance with Art. 21 GDPR for data that we have collected on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest)

---

3.7 Right to data portability

We will provide you or a controller designated by you with the following data in a commonly used, machine-readable format upon request in accordance with Art. 20 (1) GDPR:

• Data collected on the basis of express consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR;
• Data that we have received from you in accordance with Art. 6 para. 1 lit. b GDPR in the context of existing contracts; insofar as the data has been processed as part of an automated process.

3.8 How do you exercise your rights?

You can exercise your rights at any time by contacting us using the contact details below:

Otto Zimmermann GmbH
Untertürkheimer Str. 9
66117 Saarbrücken
Germany
E-mail: info@ozs.de
Phone: +49 681 58007-0

3.9 Right to lodge a complaint with the supervisory authority pursuant to Art. 77 para. 1 GDPR

If you suspect that your data is being processed unlawfully on our website, you can of course seek legal clarification of the issue at any time. You also have every other legal option available to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Art. 77 para. 1 GDPR. You have the right to lodge a complaint under Art. 77 GDPR in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the above-mentioned places. The supervisory authority with which the complaint has been lodged will then inform you of the status and outcome of your complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. For example, you can contact the supervisory authority responsible for us Unabhängiges Datenschutzzentrum Saarland, Fritz-Dobisch-Straße 12, 66111 Saarbrücken, poststelle@datenschutz.saarland.de. Further information and an encrypted contact option can be found at https://datenschutz.saarland.