Privacy policy

Data Protection Policy

Unless otherwise stated below, the provision of your personal data is neither required by law nor contract, nor is it necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to provide the data will have no consequences. This applies only insofar as no other statement is made in the following processing operations.

“Personal data” means any information relating to an identified or identifiable natural person.

Server Log Files

You may visit our websites without providing any personal information.

Each time our website is accessed, usage data is transmitted to us or to our web host / IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider.

Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website as well as improving our offering.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. For Canada, an adequacy decision of the EU Commission exists. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is carried out on the basis of contractual obligations that are comparable to the EU Commission’s Standard Contractual Clauses.

Contact

Controller / Data Protection Officer

Controller responsible for data processing:
Diana Schuhmacher, Kirchplatz 7, 32791 Lage, Germany
Phone: +49 (0) 5232 9805350
Email: schuhmacher@houseofpetdesign.de

Data Protection Officer:
Tarox AG, Dirk Tscholitsch, Stellenbachstr. 49-51, 44536 Lünen, Germany
Tel.: 0231 - 98980-705
Email: dsgvo@tarox.de

Unsolicited Contact by the Customer via Email

If you contact us by email on your own initiative to establish a business relationship, we collect your personal data (name, email address, message text) only to the extent provided by you. Data processing serves the purpose of processing and responding to your inquiry.

If the contact serves the implementation of pre-contractual measures (e.g., advice in the event of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6(1)(b) GDPR.

If contact is made for other reasons, this data processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you that is based on Art. 6(1)(f) GDPR.

We use your email address only to process your inquiry. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Customer Account / Orders

Customer Account

When you create a customer account, we collect your personal data to the extent specified there. Data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Your customer account will then be deleted.

Collection, Processing and Disclosure of Personal Data When Placing Orders

When placing an order, we collect and process your personal data only insofar as this is necessary to fulfill and process your order and to handle your inquiries. The provision of the data is required for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. Processing is carried out on the basis of Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.

Your data may be disclosed, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly comply with legal requirements. The scope of data transmission is limited to a minimum.

Customer Service via Gorgias (Email, Chat & AI Features)

We use the helpdesk platform Gorgias provided by Gorgias Inc. (“Gorgias”) to handle customer inquiries and to organize our customer communications. We process inquiries via Gorgias primarily through email and live chat.

Which data do we process via Gorgias?

Depending on the contact channel and the matter, we process in particular:

Master and contact data (e.g., name, email address, if applicable phone number),
Communication data (content of your message, chat history, attachments, timestamps),
Technical/meta data (e.g., ticket ID, status, assignments and internal notes),
Order and case data, insofar as necessary (e.g., order number, delivery status, complaint information), in particular if we connect Gorgias with our shop/order system.

Purposes of processing

Processing, responding to and documenting inquiries (email & chat),
Customer service, support, quality control and internal process optimization,
Assignment of inquiries to orders/cases (if required),
Establishment, exercise or defense of legal claims (if necessary).

Legal bases

Depending on the context, processing is carried out on the basis of:

Art. 6(1)(b) GDPR (contract / pre-contractual measures, e.g., support regarding orders),
Art. 6(1)(f) GDPR (legitimate interest in efficient, traceable customer communication, quality assurance and process optimization).

AI features in Gorgias

We use AI-assisted features (“AI Features”) in Gorgias to support customer service, e.g., for suggested replies, summaries, classifications/tags or workflow automation (depending on the features we have enabled).

In doing so, the content of inquiries (emails/chats) and—if necessary—related case/order data may be processed to generate AI outputs (e.g., suggested replies). Where AI outputs are only suggested, the final decision on use and sending of a reply remains with our staff.

If we use the AI Agent (automated replies), responses may be created automatically and sent in the chat. Such automated chat messages may be marked as automated in the interface. In addition, depending on configuration, a notice regarding AI usage (e.g., via signature/notice text) may be provided.

Processing on our behalf

Gorgias processes personal data on our behalf as a processor. We have concluded a data processing agreement (DPA) with Gorgias pursuant to Art. 28 GDPR. Further information is provided by Gorgias here: Data Processing Agreement (DPA).

Sub-processors

Gorgias may use sub-processors (e.g., infrastructure/hosting providers). Gorgias provides a list here: List of sub-processors.

Transfers to third countries

Depending on usage and technical processing, transfers to third countries (outside the EEA) cannot be ruled out. Where personal data is transferred to third countries, this is carried out on the basis of appropriate safeguards (in particular Standard Contractual Clauses), where required.

Storage period

We generally store support tickets and the related communication only for as long as necessary for processing. In addition, we store data insofar as this is required to comply with statutory retention obligations or to assert/defend legal claims. (Guideline: [e.g., 24 months], unless statutory obligations require otherwise.)

Live chat: notice/consent

If you use our live chat, the content you enter will be processed in Gorgias to handle your inquiry. Depending on legal requirements, we may display a privacy notice in the chat and, if applicable, obtain consent.

Use of Growave (Loyalty, Reviews, Wishlist, UGC & Customer Engagement Features)

We use the Growave app provided by Growave (“Growave”) on our website and/or in our Shopify store to provide customer engagement and marketing/store optimization features (e.g., loyalty/rewards programs, reviews, wishlists, referral features and, where applicable, user-generated content/UGC—depending on the modules we have activated).

Which data may be processed?

Depending on the feature used and your interaction, the following data may be processed in particular:

Master and contact data (e.g., name, email address, customer number),
Order and transaction data (e.g., order number, cart information, purchase history, status),
Account and program data (e.g., points/rewards status, loyalty program activities, wishlist contents),
Review and content data (e.g., reviews, comments, uploaded content such as photos/videos—if used),
Technical data (e.g., IP address, device/browser information, timestamps, usage data—depending on configuration).

Purposes of processing

Provision and administration of customer engagement and store features,
Evaluation/management of reviews and interactions (if activated),
Improving user experience, service and store processes,
Abuse/fraud prevention and ensuring operation.

Legal bases

Depending on the feature and context, processing is carried out on the basis of:

Art. 6(1)(b) GDPR (contract / pre-contractual measures, e.g., handling customer account/order functions),
Art. 6(1)(a) GDPR (consent, e.g., for optional features/uploads or where required),
Art. 6(1)(f) GDPR (legitimate interest in an efficient, user-friendly store and customer engagement measures).

Processing on our behalf

Where Growave processes personal data on our behalf, this is carried out as processing on our behalf. Growave provides information and compliance documents in its legal center: https://www.growave.io/legal.

Transfers to third countries

Depending on the technical setup, transfers of personal data to third countries (outside the EEA) cannot be ruled out. Where such transfers occur, they are carried out on the basis of appropriate safeguards (in particular Standard Contractual Clauses), where required. Further information can be found in the Growave legal center: https://www.growave.io/legal.

Further information

Further information on data protection at Growave can be found in Growave’s notices, e.g.: Privacy Notice (Website).

Reviews / Advertising

Data collection when posting a comment or a review

When commenting/reviewing an item or a post, we collect your personal data (name, email address, comment text) only to the extent you provide it. Processing serves the purpose of enabling and displaying comments/reviews.

By submitting the comment/review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Your personal data will then be deleted.

When your comment/review is published, only the name you provided will be published.

In addition, when submitting a comment/review, your IP address is stored for the purpose of preventing misuse of the comment/review function and ensuring the security of our information technology systems. By submitting the comment/review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Your IP address will then be deleted.

Use of Trustpilot

We use the “Trustpilot” review system provided by Trustpilot A/S (Pilestræde 58, 1112 Copenhagen, Denmark; “Trustpilot”).

Trustpilot enables us to collect customer reviews and display them on our website in order to give you an insight into the quality of our services.

After an order, you may receive an invitation from us and/or Trustpilot to submit a review and then submit a review. In doing so, the following data may be processed by us and/or Trustpilot, among others: email address, name, information about your device and location (IP address, browser settings, type of browser used, browser language, time zone), information about your Trustpilot user account (user name, photo, preferred language), information about the purchased product or service used (reference or order number, product details), the content of your review and the star rating you provided, your product photos or videos (if you attached these to your product review). This data may also be used to verify your review.

Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent, provided that you have expressly agreed to the disclosure of your data and to receiving the request for a review. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Further information on data protection when using Trustpilot can be found at: de.legal.trustpilot.com/for-reviewers/enduser-privacy-terms.

Use of the email address for sending newsletters

We use your email address to send information and offers via newsletter, provided that you have expressly consented to this. Data processing serves exclusively the purpose of promotional communication. For this purpose, we process your email address and, if applicable, other data that you voluntarily provided when subscribing to our newsletter.

Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address is then removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a so-called blacklist to prevent you from receiving newsletter emails from us in the future. This storage is carried out on the basis of Art. 6(1)(f) GDPR due to our and your legitimate interest in preventing the renewed use of your email address for sending our newsletter. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

Use of Klaviyo

We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; “Klaviyo”) for sending newsletters as part of processing on our behalf.

We pass on the information you provided when subscribing to the newsletter (email address, if applicable first and last name) to Klaviyo. Data processing serves the purpose of sending the newsletter and its statistical analysis.

In order to analyze newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device, and the time. From this data, usage profiles may be created under a pseudonym. The collected data is not used to identify you personally. The collected data is used solely for statistical evaluation to improve newsletter campaigns.

Your data is generally transferred to Klaviyo servers in the USA and stored there. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo has certified under the TADPF and has thus committed to complying with European data protection principles.

Processing of your personal data is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in a targeted, effective and user-friendly newsletter system. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

Further information on data protection at Klaviyo can be found at www.klaviyo.com/legal/privacy-notice and at www.klaviyo.com/legal/data-processing-agreement.

Use of the email address for availability notifications

We offer an availability notification service on our website. If an item is temporarily unavailable, you have the option to enter your email address for the respective item and to be informed by email when it becomes available, provided that you have consented. You will receive a one-time email notification about the availability of the respective item. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. You can unsubscribe from availability notifications at any time by notifying us. Your email address will then be removed from the mailing list.

Shipping Service Providers / Inventory Management

Disclosure of the email address to shipping companies to provide shipping status information

We pass on your email address to the transport company as part of contract processing, provided that you have expressly consented to this during the ordering process. Disclosure serves the purpose of informing you by email about the shipping status. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time by notifying us or the transport company, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Use of an external inventory management system

We use an inventory management system for contract processing as part of processing on our behalf. For this purpose, your personal data collected as part of the order is transmitted to Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32.

Processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6(1)(b) GDPR.

Payment Service Providers

Use of PayPal

We use the payment service PayPal provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). Data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

All PayPal transactions are subject to the PayPal privacy policy. You can find it at www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of PayPal Plus

We use the payment service PayPal Plus provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). Data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal or direct debit via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

For certain payment methods such as credit card via PayPal or direct debit via PayPal, PayPal reserves the right to obtain a credit check, if applicable, based on mathematical-statistical procedures and using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and that include address data, among other things. Your legitimate interests are taken into account in accordance with statutory provisions. Data processing serves the purpose of a credit check for contract initiation. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protecting against payment default where PayPal makes advance payments.

You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR by notifying PayPal. The provision of the data is required for the conclusion of the contract with the payment method you have chosen. Failure to provide the data means that the contract cannot be concluded with the payment method you have chosen.

Use of PayPal Express

We use the payment service PayPal Express provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). Data processing serves the purpose of offering you payment via the payment service PayPal Express.

In order to integrate this payment service, it is necessary for PayPal to collect, store and analyze data when the website is accessed (e.g., IP address, device type, operating system, browser type, location of your device). Cookies may also be used for this purpose. The cookies make it possible to recognize your browser.

The use of cookies or comparable technologies is carried out with your consent on the basis of § 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

By selecting and using PayPal Express, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

Further information on data processing when using the PayPal Express payment service can be found in the relevant privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of Amazon Payments

We use the payment service Amazon Payments provided by Amazon Payments Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg; “Amazon Payments”). Data processing serves the purpose of offering you payment via the Amazon Payments payment service.

In order to integrate this payment service, it is necessary for Amazon Payments to collect, store and analyze data when the website is accessed (e.g., IP address, device type, operating system, browser type, location of your device). Cookies may also be used for this purpose. The cookies make it possible to recognize your browser.

By selecting and using “Amazon Payments”, the data required for payment processing is transmitted to Amazon Payments in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.

Further information on data processing when using the Amazon Payments payment service can be found in the relevant privacy policy at: pay.amazon.com/de/help/201212490

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide on acceptance on a case-by-case basis, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that you may then not be able to use all functions of this website to their full extent.

You can find information on how to manage (including disable) cookies in the most common browsers at the following links:

Chrome: support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-löschen…
Mozilla Firefox: support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies

Unless otherwise stated below in the privacy policy, we only use these technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Cookies also enable our systems to recognize your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The use of cookies or comparable technologies is carried out on the basis of § 25(2) TDDDG. The processing of your personal data is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our offering.

You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you.

Use of Cookiebot

We use the consent management tool Cookiebot provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”) on our website.

The tool enables you to give consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent already given. Data processing serves the purpose of obtaining and documenting the necessary consents for data processing and thus complying with legal obligations.

Cookies may be used for this purpose. In doing so, the following information may be collected and transmitted to Cookiebot: anonymized IP address, date and time of consent, URL from which the consent was sent, anonymous, random, encrypted key, consent status. This data is not passed on to other third parties.

Data processing is carried out to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR.

Further information on data protection at Cookiebot can be found at: www.cookiebot.com/de/privacy-policy/

Analytics / Ad Tracking / AI Tools

Use of Google Analytics 4

We use the web analytics service Google Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

Data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide the website operator with other services related to website and internet usage.

The following information may be collected, among others: IP address, date and time of page view, click path, information about the browser and device you use, pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. Your data may be linked by Google with other data such as your search history, your personal accounts, your usage data from other devices and all other data Google has about you.

The IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

Google uses technologies such as cookies, browser web storage and tracking pixels that enable an analysis of your use of the website. The use of cookies or comparable technologies is carried out with your consent on the basis of § 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR.

The processing of your personal data is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

The information generated about your use of this website is generally transmitted to and stored on a Google server in the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified under the TADPF and thus committed to complying with European data protection principles. Both Google and U.S. government authorities have access to your data.

Further information on terms of use and data protection can be found at policies.google.com/technologies/partner-sites and at policies.google.com/privacy.

Use of Mouseflow

We use the analytics tool provided by Mouseflow ApS (Flaesketorvet 68, 1711 Copenhagen, Denmark; “Mouseflow”) on our website.

Data processing serves the purpose of personalization and analysis of this website and its visitors. Mouseflow uses technologies such as cookies, tracking pixels and scripts. Cookies enable recognition of the internet browser. The following information may be collected, among others: IP address, click path, information about the browser and operating system you use, pages visited, time spent on our website, content viewed, location data.

Usage profiles may be created under a pseudonym from this data. With the Mouseflow web tracking tool, randomly selected individual visits (only with anonymized IP address) are recorded. This creates a log of mouse movements and clicks with the intention of playing back individual website visits on a sample basis and deriving potential improvements for the website. The data collected with Mouseflow technologies is not used, without the separate consent of the data subject, to personally identify the visitor of this website and is not merged with personal data about the bearer of the pseudonym.

Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Mouseflow has certified under the TADPF and thus committed to complying with European data protection principles.

Further information on the collection and use of your data by Mouseflow can be found at: mouseflow.com/legal/visitor/

Use of HeatMap

We use the analytics tool provided by HeatMap Inc. (6724 Monroe Ave, Eldersburg, Maryland 21784, USA; “HeatMap”) on our website as part of processing on our behalf. Data processing serves the purpose of needs-based design, optimization and analysis of our website.

The tool records movements of website visitors on the website. This creates a log of mouse movements, scrolling behavior, dwell time and clicks on the website (so-called heatmap). For this purpose, HeatMap uses cookies, among other things. The following information may be collected, among others: information about the device you use (screen size, devices, unique device identifier), information about the browser you use, location data (country only).

Usage profiles may be created under a pseudonym from this data. The data is not used to personally identify the visitor of the website and is not merged with personal data of the bearer of the pseudonym.

Further information on the collection and use of your data by HeatMap can be found at: heatmap.com/privacy

Use of Shopify Analytics

We use the analytics and statistical functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website as part of processing on our behalf. Shopify is affiliated with Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).

Data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and made available in reports, analyses and statistics. The following device information is collected and processed, among other things: information about the web browser, the IP address, the time zone and some of the cookies installed on your device.

When you navigate on the website, information about the web pages or products accessed, the referrer URL (website from which you accessed our website) as well as information about how you interact with the website is also recorded. Technologies such as cookies as well as web beacons, tags and pixels (electronic files used to record information about how you navigate on the website) are used for this purpose.

Further information on data protection at Shopify can be found at www.shopify.com/de/legal/datenschutz, information on the data processing agreement at www.shopify.com/de/legal/dpa and information on the cookies used at www.shopify.com/de/legal/cookies.

Use of the Meta Pixel

We use the Meta Pixel provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”) on our website.

Meta and we are joint controllers for the collection of your data and the transfer of this data to Meta that takes place when the service is integrated. The basis for this is an agreement between us and Meta on the joint processing of personal data, in which the respective responsibilities are set out. The agreement can be accessed at dede.facebook.com/legal/terms/businesstools.

The application serves the purpose of addressing visitors of the website with interest-based advertising on the social networks Facebook and Instagram. For this purpose, the Meta remarketing tag was implemented on the website. This tag establishes a direct connection to Meta servers when you visit the website. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account.

When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads.

The application also serves the purpose of creating conversion statistics. In doing so, we learn the total number of users who clicked on one of our ads and were redirected to a page marked with a conversion tracking tag, and which actions were taken after the redirection to this website. However, we do not receive any information that could be used to personally identify users.

Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified under the TADPF and thus committed to complying with European data protection principles.

You can deactivate the “Custom Audiences” remarketing function here. Further information on the collection and use of data by Meta, your rights in this regard and options for protecting your privacy can be found in Meta’s privacy notices at www.facebook.com/about/privacy/.

Use of Google Ads Conversion Tracking

We use the online advertising program “Google Ads” and, in this context, conversion tracking (visit action evaluation). Google conversion tracking is an analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).

If you click on a Google ad, a cookie for conversion tracking is stored on your computer. These cookies are valid for a limited time, do not contain personal data and therefore are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. Therefore, there is no possibility that cookies can be tracked via the websites of Ads customers.

The information collected using the conversion cookie is used to create conversion statistics. We learn the total number of users who clicked on one of our ads and were redirected to a page marked with a conversion tracking tag. However, we do not receive any information that could be used to personally identify users.

Your data may be transferred to servers of Google LLC in the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified under the TADPF and thus committed to complying with European data protection principles.

Further information and Google’s privacy policy can be found at: www.google.de/policies/privacy/

Use of the Remarketing or “Similar Audiences” Function

We use the remarketing or “similar audiences” function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.

The application serves the purpose of analyzing visitor behavior and interests. To carry out the analysis of website usage, which forms the basis for creating interest-based advertisements, Google uses cookies. Cookies record visits to the website and anonymized data about website usage. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are likely to take into account previously accessed product and information areas.

Further information on Google Remarketing and the associated privacy policy can be found at: www.google.com/privacy/ads/

Use of Microsoft Advertising

We use Microsoft Advertising provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft”) on our website.

Data processing serves marketing and advertising purposes and the purpose of measuring the success of advertising measures (conversion tracking). We learn the total number of users who clicked on one of our ads and were redirected to a page marked with a conversion tracking tag. However, personal identification of these users is not possible.

Microsoft Advertising uses technologies such as cookies and tracking pixels that enable an analysis of your use of the website. When you click on an ad placed by Microsoft Advertising, a cookie for conversion tracking is stored on your computer. This cookie is valid for a limited time and is not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognize that you clicked on the ad and were redirected to this page. The following information may be collected, among others: IP address, identifiers assigned by Microsoft (identifiers), information about the browser and device you use, referrer URL (website from which you accessed our website), URL of our website.

Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified under the TADPF and thus committed to complying with European data protection principles.

Further information on data protection and the cookies used by Microsoft can be found here.

Use of the Pinterest Tag

We use the Pinterest Tag provided by Pinterest Europe Limited (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; “Pinterest”) on our website.

The application serves the purpose of addressing website visitors with interest-based advertising on the Pinterest social network. For this purpose, the Pinterest conversion tag was implemented on the website. This tag establishes a direct connection to Pinterest servers when you visit the website. This transmits to the Pinterest server which of our pages you have visited. Pinterest assigns this information to your personal Pinterest user account if you are logged in to the social network.

When you visit Pinterest, you will then be shown personalized, interest-based Pinterest ads.

If you access our website via a pin on the Pinterest social network, a cookie for conversion tracking is stored on your computer. These cookies are valid for a limited time, do not contain personal data and therefore are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Pinterest and we can recognize that you clicked on the pin and were redirected to this page.

The information collected using the conversion cookie is used to create conversion statistics and thus to optimize our website. The following information may be processed, among others: total number of users who clicked on one of our pins and were redirected to our website, subpages visited on our website (e.g., category or product pages), search queries on our website, your cart contents, completed transactions.

Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF. The transfer of data is carried out, among other things, on the basis of Standard Contractual Clauses as appropriate safeguards for the protection of personal data, available at: commission.europa.eu/…/standard-contractual-clauses-scc_de

Further information on the collection and use of data by Pinterest, your rights in this regard and options for protecting your privacy can be found in Pinterest’s privacy notices at policy.pinterest.com/de/privacy-policy.

Use of the TikTok Pixel

We use the TikTok Pixel provided by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”). Both companies are the joint controllers responsible for data processing (hereinafter “TikTok”).

Data processing serves the purpose of identifying and analyzing customer website visits, improving customer targeting by placing targeted ads, and evaluating the effectiveness of ads on TikTok. TikTok uses technologies such as cookies and pixels that enable recognition of your browser.

The following information may be collected and transmitted to TikTok, among others: date and time of visit, information about the browser and device type you use, screen resolution, IP address. TikTok may assign this information to your personal TikTok user account. Usage profiles may be created from the data collected using pseudonyms. Personal identification of users is not possible.

Your data may be transferred to third countries such as the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. The transfer of data to the USA and to third countries without an adequacy decision is carried out, among other things, on the basis of Standard Contractual Clauses as appropriate safeguards for the protection of personal data, available at: commission.europa.eu/…/standard-contractual-clauses-scc_de

Further information on data protection can be found at www.tiktok.com/legal/page/eea/privacypolicy/de and ads.tiktok.com/i18n/official/policy/controller-to-controller.

Plugins and Miscellaneous

Use of Google Tag Manager

We use Google Tag Manager provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.

This application manages JavaScript tags and HTML tags used to implement, in particular, tracking and analytics tools. Data processing serves the purpose of needs-based design and optimization of our website.

Google Tag Manager itself neither stores cookies nor processes personal data. However, it enables the triggering of further tags that may collect and process personal data.

Further information on terms of use and data protection can be found here.

Use of Social Plugins

We use plugins of social networks on our website. The integration of social plugins and the data processing that takes place in this context serves the purpose of optimizing advertising for our products.

When social plugins are integrated, a connection is established between your computer and the servers of the providers of the social network and the plugin is displayed on the page by notifying your browser, provided you have expressly consented. In this process, both your IP address and the information about which of our pages you have visited are transmitted to the providers’ servers. This applies regardless of whether you are registered or logged in to the social network. A transmission also takes place for users who are not registered or not logged in.

If you are simultaneously connected to one or more of your social media accounts, the collected information may also be assigned to your corresponding profiles. When using the plugin functions (e.g., clicking the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.

The following social networks are integrated on our website via social plugins. Further information on the scope and purpose of data collection and use as well as your rights in this regard and options for protecting your privacy can be found in the linked privacy notices of the providers.

Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
Agreement (Controller Addendum): www.facebook.com/legal/controller_addendum
Privacy notices: www.facebook.com/about/privacy/
Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland):
help.instagram.com/155833707900388
Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA):
policy.pinterest.com/de/privacy-policy

Use of YouTube

We use the function for embedding YouTube videos provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”). YouTube is affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

This function displays videos stored on YouTube in an iFrame on the website. The “Enhanced Privacy Mode” option is enabled. As a result, YouTube does not store information about visitors to the website. Only when you watch a video is information transmitted to YouTube and stored there.

Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified under the TADPF and thus committed to complying with European data protection principles.

Further information on the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy can be found in YouTube’s privacy notices at www.youtube.com/t/privacy.

Use of Vimeo

We use plugins of Vimeo Inc. (555 West 18th Street, New York, NY 10011, USA; “Vimeo”) to embed videos from the “Vimeo” portal.

When you access pages of our website equipped with such a plugin, a connection is established to Vimeo’s servers and the plugin is displayed on the page by notifying your browser. This transmits to Vimeo’s servers both your IP address and the information about which of our pages you have visited.

If you are logged in to Vimeo, Vimeo assigns this information to your personal user account. When using plugin functions (e.g., starting a video by pressing the corresponding button), this information is also assigned to your Vimeo account.

Your data may be transferred to the USA. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo has certified under the TADPF and thus committed to complying with European data protection principles.

Further information on the purpose and scope of data collection and on further use and processing of data by Vimeo as well as your rights and options for protecting your privacy can be found in Vimeo’s privacy policy: vimeo.com/privacy

Use of Adobe Fonts

We use Adobe Fonts provided by Adobe Systems Software Ireland Limited (4-6 Riverwalk Citywest Business Campus, Dublin 24, Ireland; “Adobe”) on our website.

Data processing serves the purpose of uniform display of fonts on our website. To load the fonts, a connection to Adobe servers is established when the page is accessed. Cookies may be used for this purpose. In doing so, your IP address and information about the browser and operating system you use are processed and transmitted to Adobe.

Your data may be transferred to third countries such as the USA and India. There is no adequacy decision of the EU Commission for India. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Adobe has certified under the TADPF and thus committed to complying with European data protection principles.

Further information on data processing and data protection can be found at www.adobe.com/de/privacy/policy.html and at www.adobe.com/de/privacy/policies/adobe-fonts.html.

Data Subject Rights and Storage Period

Storage period

After complete contract processing, the data is stored initially for the duration of the warranty period and thereafter in consideration of statutory retention periods, in particular under tax and commercial law, and then deleted after expiry of the period, unless you have consented to further processing and use.

Rights of the data subject

If the legal requirements are met, you are entitled to the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.

In addition, you have the right to object under Art. 21(1) GDPR to processing based on Art. 6(1)(f) GDPR, as well as to processing for direct marketing purposes.

Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful.

Competent supervisory authority (contact):

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf, Germany
Tel.: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de

Right to object

Where the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to such processing with effect for the future.

After an objection, the processing of the data concerned will be stopped unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defense of legal claims.