Data protection statement
Data protection information
Thank you for your interest in our website. The protection of your privacy when processing personal data as well as the security of all business data is an important concern for us, which we take into account in our business processes. Here we inform you in detail about how we handle your data.
Note for our Swiss website visitors: This data protection information is based on the requirements of the GDPR (EU Data Protection Regulation) and the TTDSG (German Telemedia and Telecommunications Data Protection Act) with regard to the information obligations for the collection and processing of personal data as well as any necessary measures (consents) to create the legal basis required for this. Several references are made to articles of the GDPR and paragraphs of the TTDSG. These references are not relevant for our Swiss website visitors, but the associated notes and explanations also serve to ensure the greatest possible transparency for Swiss website visitors in the processing of their data. We thus also cover the relevant requirements of the DSG (Swiss Data Protection Act) and thus the corresponding contents of the data protection notices are also binding for the website visits of our Swiss customers and interested parties. Since the requirements of the GDPR and TTDSG regarding the obligation to obtain consent when visiting websites are stricter than those of the DSG, some processing of personal data of Swiss website visitors is formally carried out on the basis of consent, although this would not be required under the DSG.
Use the Consent-Tool:
§ 1 General information on the collection of personal data in connection with visits to our website
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour. We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
(2) The person responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is:
(3) This website is hosted by an external service provider (Profihost GmbH). The personal data collected on this website is stored on the hoster's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We have concluded an order processing agreement (AVV) with the website hoster. This is a contract required by data protection law, which ensures that the hoster only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
(5) If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed according to Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.
§ 2 Your rights
(1) In the following, we will inform you about your data subject rights in accordance with Art. 15 GDPR. You can exercise these rights at any time and therefore contact us directly. If you demand these rights from us, we will examine them in detail, taking into account the associated legal requirements and obligations. If necessary, we will request further information from you. We will explain to you in detail the results of our examination and our procedure for fulfilling your request. In doing so, it is possible that we will not be able to fully meet your requests in the way you would like. This should not prevent you from claiming your rights from us or from asking us about them. We will be happy to answer any questions you may have.
(2) Right to information
You have the right to request information from us at any time as to whether and which of your personal data is being processed by us. This also includes information on the purposes of the processing, if applicable the recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data if we have not collected it directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us. We reserve the right to charge a reasonable administration fee for making the following copies.
(3) Right of correction
You have the right to ask us to correct any inaccurate data we hold about you. This also includes the right to have incomplete personal data completed.
(4) Right to deletion
You have the right to request that we delete data we have stored about you. If we have published data about you, this also includes our obligation, within the framework of the "right to be forgotten" pursuant to Article 17(2) of the GDPR, to forward all links to this data and copies or replications of this data to other controllers of this published personal data, taking into account available technology and implementation costs.
(5) Right to restrict processing
You have the right to demand that we restrict the processing of data we have stored about you. After that, processing of this data is only possible with your consent or for a few legally defined purposes.
(6) Right to object to processing
Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is in particular not necessary for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the facts and either cease or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
(7) Right to revoke consent under data protection law
If you have given your consent to the processing of your data, you may revoke this consent at any time. Such a revocation will affect the permissibility of the processing of your personal data after you have expressed it to us.
(8) Right to data portability
You have the right to receive personal data that you have provided to us from us in a structured, common and machine-readable format for the purpose of transfer to another controller. At your request and taking into account the available technical possibilities, this also includes direct transfer from us to the other controller.
(9) Right of appeal to a supervisory authority
You have the right to complain to a data protection supervisory authority about our processing of data relating to you at any time.
§ 3 Collection of personal data when visiting our website
(1) Even with purely informative use of our website, we collect at least the personal data listed below, which your browser transmits to our server each time you call up the page. This is necessary for technical reasons in order to display our website to you and to ensure its stability and security (legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR):
- Host name
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access Status/HTTP Status Code
- Data volume transferred in each case
- Website from which the request comes (referrer)
- The specific pages of our website that you access
- Browser: Type, version and set language
- Operating system: type and version
- Screen resolution
- Colour depth
- Browser window size
- Installed browser plugins
Cookies are small text files that are stored on your end device assigned to the browser you are using. Furthermore, websites can store so-called HTML5 storage objects on your end device. In both cases, information is stored and read out again. This can be done for very different purposes, but no programs can be executed or malware transmitted.
- This website stores the elements listed below on your terminal device, either directly or via external sources. You can use our Consent Tool, which you can access via the button at the beginning of this data protection notice, to give and withdraw consent to the setting of certain elements or element categories. In some cases, you can also give your consent directly on the page on which the element is used. You will then be informed of this on the respective page. The legal basis for the use of these elements is your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR and § 25 para. 1 TTDSG. The legal basis for the use of the other elements is generally our balancing of interests for the operation of our website due to technical necessity in accordance with Art. 6 para. 1 p. 1 lit. f of the GDPR. If another legal basis applies in individual cases, you will be informed of this in the description of the corresponding functionality to which an element is assigned.
- You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We generally recommend that you delete cookies, browser history and other temporary web storage objects automatically or manually on a regular basis to increase the protection of your privacy.
§ 4 Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data that we use to provide the respective service and for which the aforementioned data processing principles apply. Mandatory data is marked with an asterisk. Information in fields not marked in this way is purely voluntary.
(2) When you contact us by email or via a contact form, your email address and other data you provide will be stored by us in order to answer your enquiry. If a business relationship exists between you and us or is established as a result of your enquiry, we store this data for the duration of our business relationship. Otherwise, we delete this data after the storage is no longer necessary for the complete processing of your enquiry. If legal storage obligations prevent deletion, we restrict the processing of the data for their duration and then delete them. When contacting us via a contact form, please note the mandatory field markings as described under para. 1 in order to avoid transmitting personal data that you do not require. By sending the contact form or your e-mail, you declare your consent that we may process the data transmitted by you in the aforementioned manner (legal basis: Art. 6 para. 1 p. 1 lit. a GDPR).
(3) In some cases, we use third-party tools or services to process your data. These have been carefully selected and commissioned by us and we have concluded agreements with them to protect your data to the extent required by data protection law. In some cases, these companies are based in the USA or other third countries that are not secure under data protection law. When using the corresponding tools or services, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
§ 5 Provision of personal data due to legal or contractual obligations of the data controller or data subject
(1) If you purchase goods or services on our website via our webshop, the conclusion of the contract requires the provision of the usual personal data, including payment information, which depends on the payment method you have chosen. Unfortunately, it is not possible to purchase goods or services without providing this data.
§ 6 Automated decision-making including profiling
(1) If you purchase goods or services in our webshop, it is possible, depending on the payment method you have chosen, that the payment service provider commissioned by us to process the payment will carry out an automated decision-making process within the meaning of Art. 22 GDPR with regard to the guarantee of the respective payment method. This takes place under the responsibility and in accordance with the terms and conditions of the payment service provider. We have no influence on this.
(2) We ourselves do not carry out any automated decision-making including profiling within the meaning of Art. 22 GDPR.
In the following, we inform you in detail about special forms of use, email-based information services, tracking and analysis tools, social media offers and other third-party services used on our website.
Special forms of use
1. Use of our webshop
(1) If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment data to our house bank or other payment service providers. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR.
(2) You can voluntarily create a customer account, through which we can save your data incl. your preferred payment method and shipping method for future purchases. When you create a customer account, the data you provide will be stored revocably. It is also possible to create a customer account without placing an order. You can log in to your customer account using your email address and a password chosen by you. We may also process the data you provide in order to send you emails with technical information. If you have already placed an order in our webshop, we may inform you about other similar products from our portfolio until you revoke your permission. Cancellation is possible at any time via the unsubscribe link contained in each newsletter.
(3) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.
(4) To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
2. Use of Roomvo
(1) This website uses the Roomvo tool from Leap Tool Inc, 1255 Bay St Unit 403, Toronto, ON M5R 2A9, Canada. There is an adequacy decision for Canada pursuant to Art. 45 (3) GDPR. This ensures that your personal data in Canada enjoys a level of protection comparable to European data protection law. We have concluded an order processing agreement with Leap Tool in accordance with the requirements of the GDPR.
(2) Roomvo is a tool that allows you to view selected carpets and other items in a room. When you click the "View in room" button on a product page, a connection to Roomvo's servers is established. In the process, the date and time, the page from which you access Roomvo, your IP address, the operating system and the browser version are transmitted.
(3) Roomvo allows you to upload your own images. This allows you to display the items you have selected in your own premises. The images are processed and temporarily stored on Leap Tool servers. We have no knowledge of the exact storage period. If you do not wish to upload your own images, you can also use neutral images provided by us.
(4) The use of Roomvo is voluntary, the processing of your data is thus based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, which you declare by using Roomvo. As an alternative to Roomvo, we offer you the option of sending us images of rooms via WhatsApp, in which we graphically embed the carpets you want and send the result back to you for viewing.
(5) If you send the configured image to yourself or a third party via the email function provided by Roomvo, the email addresses you provide will be recorded by Roomvo in order to send the email you requested. Your data is only passed on when you send the email and thus with your consent according to Art. 6 para. 1 p. 1 lit. a GDPR.
(7) Roomvo offers you the possibility to rate your experience with the tool. You can do this by clicking on an appropriate number of rating stars and entering a free text. This data is transmitted to Leap Tool. The provision of experiences is voluntary, the processing of your data is thus based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, which you declare by your action.
(8) Through our partner Leap Tool, we receive anonymised statistical data on the relationship between the use of the available room images, our own room images, user experiences and purchasing behaviour. We do not receive any other data, in particular we cannot identify users from this information.
(9) When using Roomvo, the analysis service Amplitude is automatically integrated. We have no influence on this. Please note our corresponding data protection information under "Web Analytics", point 4.
(10) For more information about Leap Tools Inc. privacy practices, please visit:
Email and messenger-based information services
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. Your consent is the legal basis according to Art. 6 Para. 1 S. 1 lit. a GDPR for all processing of personal data in connection with our newsletter.
(2) We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after 60 days at the latest. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your email address. If further information can be provided, this is voluntary and will be used to address you personally. After your confirmation, we process this data for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
(4) You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare the revocation by clicking on the link provided in every newsletter email.
(5) We would like to point out that your consent also extends to the evaluation of your user behaviour associated with the sending of the newsletter and carried out by us. For this evaluation, the emails sent contain so-called web beacons or tracking pixels. For the evaluations, we link the data mentioned in § 3 para. 1 and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. The data is only collected pseudonymously, i.e. the IDs are not linked to your other personal data, a direct personal reference is excluded. The information is stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking takes place.
(7) We use the services of CleverReach to send out newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. We have carefully selected this service provider and concluded an order processing contract with it. In addition, this service provider is obliged to comply with the data protection rules and our instructions. Your data required for sending the newsletter is stored securely on a server of this service provider in Germany or Ireland. Only authorised persons have access to the data stored by the service provider. For further information, please contact the service provider directly or refer to the data protection information on the company's website: https://www.cleverreach.com/en-de/privacy-policy/. For more information on data analysis through CleverReach newsletters, please visit: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/.
3. Communication via WhatsApp for the visualisation of selected products
(1) Sie haben die Möglichkeit, uns über den Messenger-Dienst WhatsApp eigene Bilder von Räumlichkeiten zuzusenden, in die wir von Ihnen ausgesuchte Artikel (Teppiche) zu Visualisierungszwecken einbetten.
(2) Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp obtains access to metadata that is generated in the course of the communication process (e.g. sender, recipient and time). We would also like to point out that, according to its own statement, WhatsApp shares personal data of its users with its parent company Meta, which is based in the USA.
(3) The use of WhatsApp is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR, which you declare by using the service for the aforementioned purpose. Due to the linking of the address book of the smartphone used for communication with WhatsApp, your contact details (name, telephone number) are automatically transferred to WhatsApp as a result. Your consent also extends to this. You are completely free to use this offer. Alternatively, you can also use the visualisation via Roomvo.
(4) We store the communication content exchanged via WhatsApp for a period of 3 months or until you request us to delete it or revoke your consent to store it. This also applies to the images you send us if they were stored on other systems for processing purposes. Mandatory legal provisions - in particular retention periods - remain unaffected.
(5) We have concluded an order processing agreement (AVV) with WhatsApp.
The legal basis for the use of all web analytics tools listed in this section is Art. 6 para. 1 p. 1 lit. a GDPR and Section 25 para. 1 TTDSG, i.e. your corresponding consent, which you have given through your selection made in our Consent Tool. If you have not given your consent there, the tools listed in this section will not be used. You can revoke your consent at any time by changing your selection in our Consent Tool.
1. Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) This website uses Google Analytics with anonymisation function. This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references.
(3) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via an individual user ID ("Universal Analytics"). This user ID is a pseudonym that is not merged with personal data either by us or by Google. A prerequisite for cross-device tracking on our website is that you are also logged in to your Google account. If you install the corresponding opt-out plug-in for Google Analytics as described in paragraph 3, your access to our website can no longer be tracked across devices. You must do this on every device you use and for every browser you use.
(5) Third-party information: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland General privacy notice: https://policies.google.com/privacy?hl=en&gl=en and https://policies.google.com/technologies/partner-sites?hl=en Specific data protection information on Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631
2. Use of Matomo
(1) This website uses the web analytics service Matomo installed on our web server. Matomo stores cookies (see § 3 for more details) on your computer. The information collected in this way is stored by the responsible party exclusively on its server in Germany. You can object to the use of Matomo in the following dialogue. Please note that you must set this opt-out cookie again if the cookie memory of your browser is deleted manually or automatically. Likewise, setting the cookie is also required separately when using any other browser or terminal device.[Matomo iFrame]
(3) The Matomo application is an open source project. Information from the third-party provider on data protection can be found at: https://matomo.org/privacy/policy.
3. Integration of Hotjar
(1) This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com).
(2) Hotjar is a tool for analysing your user behaviour on this website. With Hotjar, we can record your mouse movements, scrolling movements and clicks, among other things. Hotjar can also determine how long you have stayed with the mouse pointer on a certain spot. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.
(3) Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels). In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.
(4) Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or use of device fingerprinting).
(5) We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
4. Use of Amplitude
(1) This website uses Amplitude, an analytics service provided by Amplitude Inc, 631 Howard St 5th floor, San Francisco, CA 94105, USA. This is used by Leap Tool Inc. to analyse user behaviour with the aim of supporting the further development of the Roomvo application. For this purpose, anonymised information about your usage is transmitted to a server of Amplitude. There is no transmission of data that allows conclusions to be drawn about an individual user. We have no access to this data.
(2) The legal basis for data processing is your consent given through the use of Roomvo in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.
(3) Hinweise zum Datenschutz von Amplitude finden Sie unter: https://amplitude.com/privacy.
Social media and other third party services
1. Social Media
(1) We currently do not use any plug-ins from social media providers on our website, but have only set links to our presences at the following social media providers: Facebook, Instagram, Pinterest, YouTube. The mere presence of these links does not result in the transmission of personal data to the respective provider. Only when you click on the link, which you can recognise by the respective social media icon, and thereby call up our page hosted by the respective provider, does the provider become aware of this and the data listed in § 3 para. 1 is transmitted. If you are logged into your user account with the respective provider, the data will be merged with your user account and processed by the social media provider for its own purposes, which is why we recommend that you log out of your user account beforehand.
2. Integration of payment services
(1) We have integrated payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of processing the payment. The respective contractual and data protection provisions of the respective providers apply to these transactions.
(2) The payment service providers shall also perform risk management and payment flow control tasks. In order to check your identity and solvency, they carry out queries and obtain information from publicly accessible databases and credit reference agencies. The information received about the statistical probability of a payment default is used by the payment service providers for a weighed decision about the establishment, implementation or termination of the contractual relationship.
(3) The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents can be revoked at any time for the future.
(4) We use the following payment services or payment service providers within the scope of this website:
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://www.paypal.com/uk/webapps/mpp/ua/pocpsa-full.
The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We use Stripe to handle the following payment processes in our webshop: credit card payments, Apple Pay, giropay, Google Pay. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details under: https://stripe.com/de/privacy und https://stripe.com/en-de/guides.
You can find further details on this in Klarna's data protection information: https://www.klarna.com/uk/privacy/.
The provider of this payment service is paydirekt GmbH, Stephanstraße 14 - 16, 60313 Frankfurt am Main. Details on data protection can be found in the data protection information of giropay: https://www.paydirekt.de/agb/index.html.
The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter "American Express"). American Express may transmit data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules of American Express. Details can be found at: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard"). Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details of this can be found at: https://www.mastercard.com//europe/en/data-privacy.html und https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA"). The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details on this can be found at: https://www-visa-de.translate.goog/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp.
Installment purchase by easycredit
The provider of this payment service is easyCredit TeamBank AG Nürnberg, Beuthener Str. 25, 90471 Nürnberg. We offer you the option of payment by instalments via this payment service provider. You can find the data protection information of easyCredit under: https://ratenkauf.easycredit.de/widget/app/#/datenschutz.
3. Integration of the Trusted Shops trust badge and the Trusted Shops offer
(1) Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected ratings) and to offer Trusted Shops products to buyers after an order has been placed.
(2) This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany, with whom we are jointly responsible for data protection pursuant to Art. 26 GDPR. Within the scope of this data protection notice, we inform you in the following about the essential contractual contents in accordance with Art. 26 (2) GDPR.
(4) When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call-up, transferred data volume and the requesting provider (access data) and documents the call-up. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to you personally. The anonymised data is used in particular for statistical purposes and for error analysis.
(5) After the order has been completed, your email address, which has been hashed using a cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services in accordance with Art. 6 (1) sentence 1 lit. f GDPR. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will subsequently be given the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.
(6) Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and further contractual measures and in the case of Israel by an adequacy decision.
(7) Within the framework of the joint responsibility existing between us and Trusted Shops GmbH, please prefer to contact Trusted Shops GmbH with data protection questions and to assert your rights using the contact options specified in the data protection information linked above. Irrespective of this, however, you can always contact the data controller of your choice. Your enquiry will then, if necessary, be passed on to the other data controller for a response.
4. Integration of other third party services
(1) On this website, we use the Google Tag Manager to manage tags/plug-ins. We use this service on the basis of your consent, which you have given through your selection in our Consent Tool (legal basis Art. 6 para. 1 p. 1 lit. a DSGVO and § 25 para. 1 TTDSG).
(3) Further information on the purpose and scope of data collection and processing by Google can be found in the data protection information provided below. There you will also find further information about your rights in this regard and setting options for protecting your privacy:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy?hl=en und https://policies.google.com/technologies/partner-sites?hl=en
The legal basis for the use of all marketing tools listed in this section is Art. 6 para. 1 p. 1 lit. a GDPR and Section 25 para. 1 TTDSG, i.e. your corresponding consent given by your selection made in our Consent Tool. If you have not given your consent there, the tools listed in this section will not be used. You can revoke your consent at any time by changing your selection in our Consent Tool.
1. GA Audiences
(2) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge. Through the integration of GA Audiences, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
(3) You can permanently deactivate participation in this tracking procedure by installing the corresponding plug-in in your browser, available under the following link: https://www.google.com/settings/ads/plugin.
(4) Further information on the purpose and scope of the data collection and its processing as well as further information on your rights in this respect and setting options for protecting your privacy can be obtained from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy?hl=en und https://policies.google.com/technologies/partner-sites?hl=en
Last edited on: 29.08.2022