Privacy policy
As the provider of this website, we are legally obliged to inform you about the purpose, scope and type of collection and use of your personal data. Personal data is counted as data with which you can be personally identified. So that you get a good feeling for the way in which we collect, process and use data, we would like to give an overview of data processing. If you have any further questions, please do not hesitate to contact us. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
1) Responsible
Responsible for the processing of the data in terms of data protection is
Solidmind Group GmbH
represented by the managing director Lars Müller
Lindauer Str. 9
88239 Wangen im Allgaeu
Phone: + 49 (0) 89 412 09494
Email: info@biocbd.de
Website: www.biocbd.de
www.biocbd.de is a website of the Solidmind Group GmbH.
2) Data protection officer
Our data protection officer is:
Jens Müller
Solidmind Group GmbH
Lindauer Str. 9
88239 Wangen im Allgaeu
Email datenschutz@solidmind.de
Website: www.solidmindgroup.de
If you have any questions or suggestions about data protection, you can contact our data protection officer directly.
3) data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. Your personal data is transmitted in encrypted form with us. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible. To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art. Furthermore, we do not guarantee that our offer will be available at certain times; Disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
4) information about the processed data
When you use our website, personal data is collected about you. In the following, we will inform you which data we call up, for what purpose this is done and on what legal basis the processing is carried out.
4.1) Cookies
We use so-called session cookies to optimize our website. A session cookie is a small text file that is sent by the respective server when you visit a website and is temporarily stored on your hard drive. This file as such contains a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They serve z. B. to the fact that you can use the shopping cart function across several pages.
We also use a small amount of persistent cookies (also small text files that are stored on your device) that remain on your device and allow us to recognize your browser the next time you visit it. These cookies are stored on your hard drive and delete themselves after the given time. Their lifetime is 1 month to 10 years. In this way, we can present our offer in a more user-friendly, effective and secure way and, for example, show you information tailored to your interests on the page.
The cookies store about the following data and information:
- Language settings
- Entered search terms
- Information about the number of visits to our website and the use of individual functions of our website
When the cookie is activated, it will be assigned an identification number and no assignment of your personal data to this identification number will be made. Your name, IP address or similar data that would allow the cookie to be associated with you will not be inserted into the cookie. Based on the cookie technology, we only receive pseudonymous information, for example, which pages of our shop were visited, which products were viewed, etc.
The legal basis for the use of technical cookies is Art. 6 Para. 1 S. 1 lit. f) GDPR, as our interest is to offer a functional and secure website.
If the cookies are not technically necessary (for example cookies for the purpose of analysis or tracking), we will only save the cookie on your device on the basis of your prior consent via "opt-in". We will then explain the respective purpose of storing the cookie to you separately as part of the respective service that stores the cookie on your device.
We have the beeclever GmbH, Universitätsstr. To check and record your consent to the storage of cookies on your device and to check the cookies we use. 3, 56070 Koblenz, Germany (“beeclever”). To protect your data, we have concluded an order processing contract with beeclever. You can find more information about the data protection regulations at beeclever here: https://gdpr-legal-cookie.myshopify.com/pages/datenschutzerklarung.
You can revoke your consent to the storage of cookies at any time in the cookie settings. You can also set your browser in such a way that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or in general, or that cookies are completely prevented. However, this can limit the functionality of the website.
4.2) hosting our website
We host our website at Shopify International Ltd, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 (“Shopify”). Shopify provides an e-commerce platform through which we sell our products.
Shopify collects your personal data, such as first name, last name, address, contact and payment data, orders, your IP address, information about the Shopify-supported retailer shops that you visit, as well as information about the device and browser used.
Shopify uses this information to enable us, as a merchant, to process your order, perform risk and fraud checks, authentications and payments.
The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. b) GDPR, as it is about the fulfillment of a contract and Art. 6 Para. 1 S. 1 lit. f) GDPR, as there is a legitimate interest in making our website as user-friendly as possible for you.
Shopify processes the collected personal data primarily on servers in Ireland. However, there is a possibility that Shopify may transfer the personal data it collects to other regions, including Canada and the United States. Data can therefore be passed on to a third country. The data transfer is acc. Adequacy decision of the EU Commission https://eur-lex.europa.eu/legal-content/DE/TXT/?qid=1415699250815&uri=CELEX%3A32002D0002 has been classified as safe. The data transfer to companies in the USA is carried out by Shopify under the same security standards as to Canada. For more information, see Shopify's privacy policy https://www.shopify.de/legal/datenschutz. We have also concluded an order processing agreement with Shopify, thereby ensuring that your personal data is protected.
4.3) access data
In order to offer our services and to sell our products, we use the service of Shopify International Ltd, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 (“Shopify”). Shopify provides an e-commerce platform through which we sell our products.
In the course of this, information about you is collected when you use this website. Shopify automatically collects information about your usage behavior and your interactions with us and registers data about your computer or mobile device. In addition, Shopify collects, stores and uses data every time our website is accessed (so-called server log files). The access data include:
- Name and URL of the file accessed
- Date and time of the call
- amount of data transferred
- Notification of successful retrieval (HTTP response code)
- browser type and version
- Operating system
- Referer URL (i.e. the previously visited page)
- Web pages accessed by the user's system through our website
- The user's internet service provider
- IP address and the requesting provider
Shopify uses this log data without assignment to your person or other profiling for statistical evaluations for the purpose of the operation, security and optimization of our website, but also for anonymous recording of the number of visitors to our website (traffic) as well as the scope and type of Use of our website and services, also for billing purposes, to measure the number of clicks received from cooperation partners. Based on this information, we and Shopify can provide personalized and location-based content and analyze the data traffic, search for and correct errors and improve our services.
This is also our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR.
We reserve the right to retrospectively check the log data if, based on concrete evidence, there is a legitimate suspicion of illegal use. Shopify stores IP addresses in the log files for a limited period of time, if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. B. if you use one of our offers. After canceling the order process or after receipt of payment, your IP address will be deleted if it is no longer required for security purposes. Shopify also stores IP addresses if there is a specific suspicion of a criminal offense in connection with the use of our website. Shopify also saves the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).
Shopify processes the collected personal data primarily on servers in Ireland. However, there is a possibility that Shopify may transfer the personal data it collects to other regions, including Canada and the United States.
Data can therefore be passed on to a third country. The data transfer is acc. Adequacy decision of the EU Commission https://eur-lex.europa.eu/legal-content/DE/TXT/?qid=1415699250815&uri=CELEX%3A32002D0002 has been classified as safe. The data transfer to companies in the USA is carried out by Shopify under the same security standards as to Canada. You can find more information in Shopify's privacy policy https://www.shopify.de/legal/datenschutz. We have also concluded an order processing agreement with Shopify, thereby ensuring that your personal data is protected. 4.4) Order taking
As part of the order processing via our online shop, we collect and process your personal data (first name, last name, address, contact and payment data, orders). We process this data exclusively for processing your order.
If you place your order by phone, live or e-mail chat, your personal data will be recorded in our customer management system Gorgias, for which we provide the service of Gorgias Inc., 34 Harriet St, San Francisco, California 94103, Use USA (“Gorgias”).
Gorgias stores the personal data on its servers located in the USA. Data is therefore passed on to a third country in which the same data protection standards do not apply as in the European Union. In order to ensure a European level of data protection, we have concluded the Standard Contractual Clauses recommended by the European Commission as well as an order processing contract with Gorgias, thus ensuring that your personal data is protected.
A transfer of your data takes place within the scope of the shipping processing to the respective commissioned shipping service company (e.g. DHL) and in the context of the payment processing to the commissioned payment provider.
The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. b) GDPR, as this is the contractual fulfillment.
4.5) Payment Sofort GmbH
You have the option of processing your payment via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"). If you opt for the payment option via SOFORT, your data (usually: first name, last name, address, e- Mail address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing as well as order data) are automatically forwarded to SOFORT. The legal basis for the collected data processing and forwarding of the data is your consent in accordance with. Art. 6 para. 1 sentence 1 lit. a) GDPR and the fulfillment of the contract acc. Art. 6 para. 1 sentence 1 lit. b) GDPR and only insofar as this is necessary for payment processing.
Since Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden), your data can only be passed on to Klarna Bank AB for the purpose of payment processing and only to the extent that it is necessary for this is.
You have the option of withdrawing your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past. You can find more information about SOFORT's data protection provisions at the following Internet address:
https://www.klarna.com/sofort/datenschutz/.
4.6) Order processing
We process your order through the service provider Xentral ERP Software GmbH, Fuggerstrasse 11, 86150 Augsburg, Germany ("XENTRAL"). In order to process your online order, we pass on your personal data (such as name, address, payment data, order and any other personal data) to XENTRAL. Your data will only be passed on if this is actually necessary to process the order.
The legal basis for the collected data processing and data transfer is Art. 6 Para. 1 S. 1 lit. b) GDPR, in order to fulfill the contract concluded with you.
Details on data protection from XENTRAL and the data protection declaration of Xentral ERP Software GmbH can be viewed under the following link:
https://xentral.com/datenschutz. We have concluded an order processing contract with XENTRAL and in this way we have ensured that your personal data is protected.
4.7) newsletter
We need your email address to register for the newsletter. The registration for the newsletter is logged. After registering, you will receive a message to the e-mail address provided, asking you to confirm your registration ("double opt-in"). This is necessary so that third parties cannot log in with your email address. You can then add further data such as first name and surname.
You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter. A message in text form to the contact details mentioned under item 1 (e.g. email, letter) is sufficient for this. You will of course also find an unsubscribe link in every newsletter.
We save the log-in details as long as they are needed for sending the newsletter. The logging of the application and the shipping address are stored as long as there was an interest in the proof of the originally given consent, as a rule, these are the limitation periods for civil claims, thus a maximum of three years.
We use the newsletter service of Klaviyo, Inc., 225 Franklin St, Boston, MA 02110 (“Klaviyo”) to send the newsletter. In this case, we will pass on your data to a third company. Since Klaviyo is based in the USA, it is passed on to an EU third country, in which different data protection regulations apply than in the EU. Klaviyo has been certified in the course of its Privacy Shield and is therefore obliged to comply with the data protection standards applicable in the European Union. Further information can be found here:
https://www.privacyshield.gov/participant?id=a2zt00000008RNFAA2 as well as in Klaviyo's privacy policy
https://www.klaviyo.com/privacy. In addition, we have concluded an order processing contract with Klaviyo, thereby ensuring that your personal data is protected.
The legal basis for sending the newsletter is our legitimate interest in direct advertising in accordance with. Art. 6 para. 1 sentence 1 lit. f) GDPR and recital 47 p. 7 GDPR in connection with your consent under competition law in accordance with Section 7 (2) No. 3 UWG.
4.8) Product recommendations
Independently of the newsletter, we will regularly send you product recommendations by email. In this way, we send you information about products from our range that you might be interested in based on your last purchases of goods or services from us. In doing so, we strictly adhere to the legal requirements.
You can object to this at any time. A message in text form to the contact details mentioned under item 1 (e.g. e-mail, letter) is sufficient for this. You will of course also find an unsubscribe link in every email.
The legal basis for this is the legal permission according to Art. 6 Para. 1 S. 1 lit. f) GDPR in conjunction with Section 7 (3) UWG.
4.9) Email contact
If you contact us by email or telephone, we will process your details in order to process your request, but also to address follow-up questions to you.
The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. b) GDPR if it concerns the implementation of pre-contractual measures or, if you are already our customer, to implement the concluded contract.
Otherwise, the legal basis results from your consent in accordance with. Art. 6 para. 1 sentence 1 lit. a) GDPR or acc. Art. 6 para. 1 sentence 1 lit. f) GDPR out of our legitimate interest in answering your inquiries.
4.10) Live chat contact
To enable you to contact us quickly, we use the live chat system from Gorgias Inc., 34 Harriet St, San Francisco, California 94103, USA (“Gorgias”).
Georgias processes and saves your IP address as part of the general chat function. If this exchange results in further communication of personal data such as first name, last name, address, contact and order data, the data will be processed as described under point 4.4 Order processing .
The legal basis for processing is in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR the fulfillment of a contract or pre-contractual measures or, if this is not the legal basis, acc. Art. 6 para. 1 sentence 1 lit. f) GDPR our legitimate interest in answering your inquiries efficiently.
Gorgias stores the personal data on its servers located in the USA. Data is therefore passed on to a third country in which the same data protection standards do not apply as in the European Union. In order to ensure a European level of data protection, we have concluded the Standard Contractual Clauses recommended by the European Commission as well as an order processing contract with Gorgias, thus ensuring that your personal data is protected. You can find more information on data protection at Gorgias here:
https://www.gorgias.com/privacy. 4.11) Telephone contact
To enable you to contact us quickly, we use the telephone system from AirCall SAS, 11-15 rue Saint Georges, 75009 Paris, France (“AirCall”).
AirCall processes and saves your name, telephone number, IP address and a recording of the conversation.If this exchange results in further communication of personal data such as first name, last name, address, contact and order data, these will be in our customer management tool Gorgias saved. The recording of the conversation is also passed on to Gorgias.
If you do not want the conversation to be recorded, you have the option of objecting to the recording at the beginning of the telephone conversation. Art. 6 para. 1 sentence 1 lit. b) GDPR the fulfillment of a contract or pre-contractual measures or, if this is not the legal basis, acc. Art. 6 para. 1 sentence 1 lit. f) GDPR our legitimate interest in answering your inquiries efficiently and in continuously improving our customer support with regard to call recording.
We have concluded an order processing contract with AirCall and in this way we have ensured that your personal data is protected. You can find more information on data protection at AirCall here: https://aircall.io/privacy.
4.12) Analysis tools
4.12.1) Google AdWords
We use Google AdWords, an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google AdWords” or “Google”). Google AdWords uses so-called "cookies", text files that are saved on your computer or device when you click on an advertisement placed by Google (conversion tracking). With this function we can present you with advertisements on other websites within the Google Display Network based on your interest.
This information generated by the cookie is usually transferred to a Google server in the USA and stored there. The data collected here are collected anonymously and do not allow any conclusions to be drawn about you.
Our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR is to find out how successful our advertisements are and to present you with advertisements that match your interests.
Google has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. As a result, Google is committed to complying with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. In addition, we have concluded an order processing contract with Google.
You can find more information on Google's privacy policy here: https://policies.google.com/privacy.
You can also deactivate ads based on your interests in your Google browser. To do this, simply activate the “Off” button under the following Link: https://adssettings.google.de/anonymous?sig=ACi0TCgq1KJQXikUwXnV6jUE12CrtL-5ki9mMHndDT52SI8ZEKHp3558C__XL-RyDujKcMyq44dzS_JM8phzFlu4o2ba_IezEAZcuHZbuEaW0PVqeRBSFz8&hl=de.
4.12.2) Google Analytics
We use Google Analytics, a web analysis service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google Analytics” or “Google”). Google Analytics uses so-called "cookies", text files that are stored on your computer or terminal device and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
Our legitimate interest in accordance with Art 6 Para. 1 S. 1 lit. f) GDPR lies in finding out how often and in what way our website is used.
Google has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. As a result, Google is committed to complying with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveIn addition, we have concluded an order processing agreement with Google. You can find more information on Google's data protection declaration here: https://policies.google.com/privacy.
We have activated IP anonymization on this website (anonymizeIp). As a result, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on the activities on the website and to provide us with other services related to the use of the website and the internet.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent the transfer of the data generated by the cookie and relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de.
4.12.3) Microsoft Bing Ads
We use Microsoft Bing Ads, an online advertising program from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft Bing Ads” or “Microsoft”). Microsoft Bing Ads uses so-called "cookies", text files that are saved on your computer or device when you click on an advertisement placed by Microsoft Bing Ads (conversion tracking). This function enables us to present you with advertisements on other websites within the Microsoft display network that are based on your interest.
This information generated by the cookie is usually transferred to a Microsoft server in the USA and stored there. The data collected here are collected anonymously and do not allow any conclusions to be drawn about you.
Our legitimate interest in accordance with Art 6 Para. 1 S. 1 lit. f) GDPR is to find out how successful our advertisements are and to present you with advertisements that match your interests.
Microsoft has submitted to the Privacy Shield Agreement between the European Union and the USA and is certified. As a result, Microsoft undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the entry linked below:
https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK. In addition, we have concluded an order processing agreement with Microsoft.
If you do not want Microsoft to use your data as explained, you can refuse to set the cookie. To do this, you have the option of preventing this for all cookies in your browser settings.
In addition, you also have the option of declaring an opt-out to Microsoft and in this way preventing the setting of the cookie and the processing of the data by Microsoft. You can declare your objection under the following link:
https://choice.microsoft.com/de-DE/opt-out. 4.12.4) Outbrain
We use the technology of the provider Outbrain UK Ltd., 5 New Bridge Street, London, EC4V 6JA, UK (“Outbrain”). Outbrain uses a visitor pixel and so-called “cookies”, text files that are stored on your computer or device. In this way, Outbrain can point you to further content within our website and on third-party websites that may also be of interest to you. The additional reading recommendations integrated by Outbrain, for example below an article, are determined on the basis of the content you have read so far. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.
The data collected by Outbrain are: device source, browser type and your anonymized IP address. To anonymize the IP address, the last octet of the IP address is removed to ensure full anonymization. We cannot identify you personally.
The legal basis for this data processing is our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR, which is to present you content that corresponds to your interests and thus to achieve the best possible use of our website.
4.12.5) Google reCAPTCHA
We use Google reCAPTCHA, a service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google recCAPTCHA” or “Google”). Google reCAPTCHA checks whether data input, e.g. when registering for the customer account on our website, is input from a person or from an automated program. For this purpose, Google reCAPTCHA analyzes your behavior when you visit our website using various characteristics. The analysis begins as soon as you enter the website. Among other things, the IP address, length of stay or mouse movements are evaluated.
The analysis by Goolge reCAPTCHA takes place completely in the background, so that you are not informed of the analysis taking place.
Our legitimate interest in accordance with Art 6 Para. 1 S. 1 lit. f) GDPR is to protect our website from spam and abusive automated spying.
Google has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. As a result, Google is committed to complying with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. In addition, we have concluded an order processing contract with Google.
4.12.6) Adcell
We use the ADCELL partner program from Firstlead GmbH, Rosenfelder Str. 15-16, 10315 Berlin, Germany (“ADCELL”).
ADCELL always sets a so-called “cookie”, text files that are stored on your computer or device when you click on an advertisement with a partner link. In this way it is possible for us to understand where the order came from and in this way to correctly invoice our partners. In addition, ADCELL uses so-called tracking pixels to evaluate information such as visitor traffic on the site.
The information generated by cookies and tracking pixels about the use of this website (including the IP address) and the delivery of advertising formats are transmitted to an ADCELL server and stored there. Among other things, ADCELL can recognize that the partner link was clicked on this website. ADCELL can pass this (anonymized) information on to contractual partners under certain circumstances, but data such as the IP address are not merged with other stored data.
The legal basis for the processing is acc. Art. 6 para. 1 sentence 1 lit. f) GDPR our legitimate interest in correctly billing our partners and being able to assess the effectiveness of advertisements.
You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also deactivate tracking by ADCELL. For more information, see the link below:
https://www.adcell.de/datenschutz.
4.12.7) Tap affiliates
We use the Tapfiliate affiliate program from Tapfiliate BV, Rapenburgerstraat 173, 1011 VM Amsterdam, The Netherlands (“Tapfiliate”).
Tapfiliate always sets a so-called “cookie”, text files that are stored on your computer or device when you click on an advertisement with a partner link. In this way it is possible for us to understand where the order came from and in this way to correctly invoice our partners. Tapfilitate also enables us to create, manage and analyze marketing and recommendation programs.
Tapfilitate stores and processes the following personal data: first name, last name, contact details, email address, IP address.
This data can be passed on to third parties by Tapfiliate for the provision of services, if this is necessary for the provision of services.
The legal basis for the processing is acc. Art. 6 para. 1 sentence 1 lit. f) GDPR our legitimate interest in correctly billing our partners and measuring the success of our marketing measures.
You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
4.13) Social media pixels
4.13.1) Facebook pixels
We use the pixel from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 on our website , Ireland ("Facebook").
On the one hand, the Facebook pixel gives us the opportunity to better define the target group for our online offer. The pixel enables us, if you visit our site and have a Facebook account, to show our ads on Facebook. The aim is that our advertisements are only shown to Facebook members who are also interested in our products and who therefore do not find them annoying.
On the other hand, the Facebook Pixel enables us to understand the effectiveness of our Facebook ads for market research purposes, as we can see whether Facebook members have been directed to our website after clicking on one of our ads (conversion tracking).
The legal basis for this data processing is acc. Art. 6 para. 1 sentence 1 lit. f) GDPR our legitimate interest in analyzing user behavior in order to optimize our advertising offer and our advertising.
Facebook has submitted to the Privacy Shield Agreement between the European Union and the USA and is certified. As a result, Facebook undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the entry linked below:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active)In addition, we have concluded an order processing contract with Facebook.
4.13.2) Pinterest pixels
We use the pixel from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”) on our website to inform you if you are interested in our website and products and are members of the Pinterest network to display relevant advertisements on Pinterest. To achieve this, we have integrated a conversion tracking pixel on our website. In this way, Pinterest is informed of a visitor to our website that you have visited our site and what content you have viewed. Pinterest will then show you ads on products that you have viewed on our site.
The legal basis for this data processing is acc. Art. 6 para. 1 sentence 1 lit. f) GDPR our legitimate interest in analyzing user behavior in order to optimize our advertising offer and our advertising.
4.14) Integration of the Trusted Shop Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any reviews collected, as well as to offer Trusted Shops products to buyers after an order. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”).
The legal basis is acc. Art. 6 para. 1 sentence 1 lit. f) GDPR our legitimate interest in optimal marketing by enabling safe shopping.
The Trustbadge is provided by a CDN provider (Content Delivery Network) as part of order processing. Trusted Shops also uses service providers from the USA. An adequate level of data protection is ensured.
When the Trustbadge is called, the Web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, transferred data volume and the requesting provider (access data) and documents the call. Individual access data is stored for analysis of security issues in a security database. The logfiles are automatically deleted no later than 90 days after creation.
Further personal data is transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you are already registered as a buyer for a product use is automatically checked using a neutral parameter, the email address hashed by a cryptological one-way function. The email address is converted into this hash value, which cannot be decrypted for Trusted Shops, before it is transmitted. After checking for a match, the parameter is automatically deleted.
This is for the fulfillment of our and Trusted Shops' predominant legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services according to Art. 6 para. 1 sentence 1 lit. f) GDPR required.
4.15) Sending of evaluation reminders by email by Trusted Shops
During or after your order, you have the option of giving your express consent in order to have Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”) remind you of the evaluation of your order.
In the event that you give your express consent, we will send your email address to Trusted Shops.
The legal basis for the processing is your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR.
This consent can be revoked at any time by sending a message to the contact option described below or directly to Trusted Shops.
5) storage period
Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued.
In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will be stored by us only for these legal purposes, but not otherwise processed and deleted after expiration of the statutory retention period.
6) Your rights as a data subject
In the following we would like to inform you about your rights with regard to your personal data. If you would like to assert these rights, please send your request by e-mail or post, clearly identifying yourself to the address given in section 1.
Below is an overview of your rights:
Right to information (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to deletion ("right to be forgotten") (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to complain to a supervisory authority
In addition, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, Your place of work or the location of the alleged infringement if you are of the opinion that the processing of your personal data is unlawful.
Revocation of consent to processing
If you have given us your consent to process your data, you can revoke this at any time with effect for the future. This does not affect the legality of the processing of your data until you withdraw your consent.
Automated decision-making (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing - including profiling - that has legal effects on you or similarly significantly affects you. There is no automated decision-making on the basis of the personal data collected.
Assertion
You can contact our at any time to assert your rights or for other data protection concerns Data protection officer acc. Contact section 2 of this data protection declaration.
Status: March 2020