Privacy policy

Data protection declaration 1) Information on the collection of personal data and contact details of the controller 1. 1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified. 1. 2 Responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Cala Hookah UG (limited liability), Gerhart-Hauptmann-Str. 63, 38 239 Salzgitter, Germany, Tel. : 01 728 217 239, E-Mail: info@calahookah. de. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data. 1. 3. This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e. g. orders or requests to the controller). You can recognize an encrypted connection by the string “https://” and the lock icon in your browser line. 2) Data collection when visiting our website When you use our website for information purposes only, i. e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following information, which is technically necessary for us to display the website to you: Our visited website Date and time at the time of access Amount of data sent in bytes Source/reference from which you came to the page Browser used Operating system used IP address used (if applicable: in anonymised form) Processing is carried out in accordance with Art. 6 para. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files afterwards if there are concrete indications of unlawful use. 3) Hosting & Content-Delivery-Network Hosting by Shopify We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and presenting the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify’s servers. Within the scope of the aforementioned services of Shopify, data may also be processed on behalf of Shopify Inc. , 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc. , Shopify Payments (USA) Inc. or Shopify (USA) Inc. In the event of the transfer of data to Shopify Inc. in Canada, an adequacy decision of the European Commission ensures the appropriate level of data protection. Further information on the data protection of Shopify can be found on the following website: https://www. shopify. de/legal/datenschutz Further processing on servers other than those mentioned above by Shopify will only take place within the scope communicated below. 4) Cookies In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i. e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow your browser to be recognised on your next visit (so-called persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a predetermined period, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser. Some cookies are used to simplify the ordering process by storing settings (e. g. remembering the content of a virtual shopping basket for a later visit to the website). Insofar as individual cookies used by us also process personal data, the processing takes place in accordance with Art. 6 para. b GDPR either for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of a given consent or pursuant to Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the website visit. Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links: Internet Explore: https://support. microsoft. com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies Firefox: https://support. mozilla. org/de/kb/cookies-erlauben-und-ablehnen Chrome: https://support. google. com/chrome/answer/95647?hl=de&hlrm=en Safari: https://support. apple. com/de-de/guide/safari/sfri11471/mac Opera: https://help. opera. com/de/latest/web-preferences/#cookies Please note that if you do not accept cookies, the functionality of our website may be limited. 5) Contacting 5. 1 Shopify Chat This website uses the live chat system Shopify Chat, a service of Shopify Inc. , 150 Elgin St, Ottawa, ON K2P 1L4, Canada (“Shopify”) for customer support purposes. To answer live support requests, Shopify collects and stores anonymized data of users. This anonymized data can be used to create user profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor’s Internet browser. The cookies enable the recognition of the Internet browser. If the information collected in this way has a personal connection, the processing takes place in accordance with Art. 6 para. f GDPR based on our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes. The data collected with the Shopify technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately granted consent of the person concerned. In order to prevent the storage of Shopify cookies, you can set your Internet browser so that no cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, disabling all cookies may result in some functions on our website no longer being able to be performed. You may object to the collection and storage of data for the purpose of creating a pseudonymised user profile at any time with effect for the future by sending us your objection informally by e-mail to the e-mail address mentioned in the imprint. In the event of data transfers to Shopify Inc. in Canada, an adequacy decision of the European Commission ensures the appropriate level of data protection. 5. 2 Own review reminder (no dispatch by a customer review system) We use your e-mail address as a one-time reminder of the submission of an evaluation of your order for the evaluation system used by us, provided that you give us your express consent during or after your order in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by sending a message to the person responsible for data processing. 5. 3 Own function for online appointment We process your personal data within the scope of the online appointment arrangement provided. You can see which data we collect for the online appointment arrangement from the respective entry form or the appointment request. If certain data is necessary in order to be able to make an online appointment, we will indicate them accordingly in the input form or when requesting an appointment. If we provide you with a free text field in the input form, you can describe your request in more detail. You can then also control which data you want to add. Your provided data will be stored and used exclusively for the purpose of making an appointment. For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary to carry out pre-contractual measures), Art. 6 para. 1 lit. b GDPR as the legal basis. If you have given us your consent to the processing of your data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR . A given consent may be revoked at any time by sending a message to the responsible person named at the beginning of this declaration. 5. 4 When contacting us (e. g. via contact form or e-mail), personal data is collected. Which data is collected in the event of the use of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for making contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request pursuant to Art. 6 para. f GDPR . If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. b GDPR . Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and if there are no legal retention obligations to the contrary. 5. 5 WhatsApp Business We offer visitors to our website the opportunity to contact us via WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the so-called “business version” of WhatsApp for this purpose. If you contact us on the occasion of a specific transaction (for example, an order placed) via WhatsApp, we store and use the mobile phone number you used on WhatsApp and – if provided – your first and last name in accordance with Art. 6 para. 1 lit. b. GDPR for processing and answering your request. Based on the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address or e-mail address) in order to be able to assign your request to a specific process. Use our WhatsApp contact for general inquiries (such as about our range of services, availability or our website) and we will use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the efficient and timely provision of the requested information. Your data will only be used to answer your query via WhatsApp. A transfer to third parties does not take place. Please note that WhatsApp Business receives access to the address book of the mobile device we use for this purpose and automatically transmits the phone numbers stored in the address book to a server of the parent company Facebook Inc. in the USA. For the operation of our WhatsApp Business Account, we use a mobile device whose address book only stores the WhatsApp contact data of users who have also contacted us via WhatsApp. This ensures that every person whose WhatsApp contact data are stored in our address book already when using the app for the first time on their device by accepting the WhatsApp Terms of Use in the transmission of their WhatsApp telephone number from the address books of their chat contacts pursuant to Art. 6 para. 1 lit. a GDPR has consented. A transfer of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded. For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights in this regard and settings options to protect your privacy, please refer to the WhatsApp privacy policy: https://www. whatsapp. com/legal/?eea=1#privacy-policy 6) Data processing when opening a customer account and for contract processing Pursuant to Art. 6 (1) lit. b GDPR will continue to collect and process personal data if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data you provide to process the contract. After completion of the contract or deletion of your customer account, your data will be blocked with regard to retention periods under tax and commercial law and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a further use of data permitted by law has been reserved by our side. 7) Data processing for order processing 7.1  To process your order, we cooperate with the following service provider (s), who support us in whole or in part in the execution of concluded contracts. These service providers are provided with certain personal data in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR . 7.2 Use of payment service providers (payment services) - giropay When paying via “giropay”, payment is processed via giropay GmbH, An der Welle 4, 60 322 Frankfurt/Main, to which we will pass on the information you provided during the ordering process, together with the information about your order. The transfer of your data takes place in accordance with Art. 6 para. b GDPR exclusively for the purpose of payment processing and only to the extent necessary for this purpose. You can find further information about the privacy policy of giropay GmbH at the following website address: https://www.giropay.de/rechtliches/datenschutzerklaerung - Klarna If a Klarna payment service is selected, the payment is processed via Klarna Bank AB (publ) https://www.klarna.com/de, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable payment to be processed, your personal data (first and last name, street, house number, postcode, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, delivery type) will be forwarded to Klarna for the purpose of identity and creditworthiness verification, provided that: In this regard, pursuant to Art. 6 (1) lit. a have expressly consented to the GDPR in the context of the ordering process. You can see which credit agencies your data can be forwarded to here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies The credit information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit assessment, they are based on a scientifically recognised mathematical-statistical method. Address data are included in the calculation of the score values, among other things, but not exclusively. Klarna uses the information received on the statistical probability of a default to make a balanced decision on the establishment, implementation or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may continue to be entitled to process your personal data if this is necessary to process payment in accordance with the contract. Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy or for affected persons domiciled in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy treated. - Masterpayment If you choose the payment methods “Bank direct debit” and/or “Delivery on account” and/or “Installment purchase” via Masterpayment, you will be asked to provide your personal data (first and last name, street, house number, postcode, place, date of birth, e-mail address, telephone number and in case of direct debit the specified account (link). In order to safeguard our legitimate interest in determining the solvency of our customers, these data are stored by us in accordance with Art. 6 para. f GDPR for the purpose of a credit check to Masterpayment LTD, 483 Green Lanes, London, N13 4BS, Great Britain (“Masterpayment”). Based on the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experience), Masterpayment checks whether the payment option you have chosen can be granted with regard to payment and/or default risks. In addition to masterpayment internal criteria pursuant to Art. 6 para. f GDPR identity and creditworthiness information from the following credit agencies are also included: - CCreditreform Boniversum GmbH, Hammfelddamm 13, 41 460 Neuss, Tel.: +49 (0) 1 (0) 2131-109-501, Fax: -557 - CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22 763 Hamburg, Tel.: +49 (0) 40-89 803-0, Fax: -419 - SCHUFA Holding AG, Kormoranweg 5, D-65 201 Wiesbaden, Tel.: +49 ( 0) 611-9278-0, Fax: -109 The credit information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit assessment, they are based on a scientifically recognised mathematical-statistical method. Address data are included in the calculation of the score values, among other things, but not exclusively. You may object to this processing of your data at any time by sending a message to the data controller or to Masterpayment. However, Masterpayment may continue to be entitled to process your personal data if this is necessary for payment processing in accordance with the contract. - Paypal For payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by installment” via PayPal, we will provide your payment data to PayPal (Europe) as part of the payment processing. S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), further. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by installment” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 6 para. f GDPR on the basis of PayPal’s legitimate interest in determining your solvency to credit agencies. PayPal uses the result of the credit check regarding the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit assessment, they are based on a scientifically recognised mathematical-statistical method. Address data are included in the calculation of the score values, among other things, but not exclusively. For further information on data protection, including information on the credit agencies used, please refer to the data protection declaration of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data if this is necessary to process payment in accordance with the contract. - Paysafecard When paying via “Paysafecard”, the payment is processed via paysafecard.com Germany, branch of Prepaid Services Company Limited, Roßstr. 92, D-40 476 Düsseldorf, to which we pass on the information you provided during the ordering process, together with the information about your order. The transfer of your data takes place in accordance with Art. 6 para. 1 lit. b GDPR exclusively for the purpose of payment processing and only to the extent necessary for this purpose. For more information on the privacy policy of paysafecard.com Germany, a branch of Prepaid Services Company Limited, visit the following website: https://www.paysafecard.com/de-de/datenschutz/. - IMPROVED If the payment method “SOFORT” is selected, the payment processing takes place via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80 339 Munich, Germany (hereinafter referred to as “SOFORT”), to which we will receive your information provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b DSGVO pass on. Sofort GmbH is part of Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11 134 Stockholm, Sweden). The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider SOFORT and only insofar as it is necessary for this purpose. You can find more information about SOFORT’s privacy policy at the following website address: https://www.klarna.com/sofort/datenschutz. 8) Online marketing Facebook Pixel for creating custom audiences with advanced data matching (with Cookie Consent Tool) Within our online offer, the so-called “Facebook pixel” of the social network Facebook is used in the mode of extended data matching, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”). On the basis of their express consent, when a user clicks on an ad placed by us on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. After forwarding this URL parameter is then registered in the user’s browser via cookie, which sets our linked page itself. In addition, this cookie collects specific customer data, such as the email address, which we collect on our website linked to the Facebook ad during transactions such as purchases, account logins or registrations (extended data matching). The cookie is then read by Facebook Pixel and enables the data, including specific customer data, to be forwarded to Facebook. With the help of the Facebook pixel with extended data matching, it is possible on the one hand to precisely identify the visitors of our online offer as the target group for displaying ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel with extended data matching to display the Facebook ads we place only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom” “om Audiences”). With the help of the Facebook pixel with extended data matching, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). Compared to the standard version of Facebook Pixel, the advanced data matching feature helps us better measure the effectiveness of our advertising campaigns by capturing more associated conversions. All data transmitted is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to place advertisements on and outside of Facebook. These processing operations take place only with express consent in accordance with Art. 6 para. 1 lit. a GDPR . Consent to the use of the Facebook pixel may only be given by users who are over 16 years of age. If you are younger, please ask your guardian for permission. The information generated by Facebook is usually transmitted to a Facebook server and stored there, in which case it may also be transmitted to the servers of Facebook Inc. in the USA. You can revoke your consent at any time with effect for the future. To exercise your revocation, remove the checkmark set in the “Cookie Consent Tool” integrated on the website next to the setting for the “Facebook Pixel.” 9) Web analysis services Google (Universal) Analytics with Google Signals This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses so-called “cookies”, which are text files that are stored on your device and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transmitted to a Google server and stored there, in which case it may also be transmitted to the servers of Google LLC. in the United States. This website uses Google (Universal) Analytics exclusively with the extension “ _ anonymizeIp () “, which ensures an anonymisation of the IP address by shortening and excludes a direct link to a person. As a result of the extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of Google LLC. in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser within the scope of Google (Universal) Analytics is not merged with other Google data. Google Analytics uses a special function, the so-called “demographic characteristics”, to create statistics with statements about the age, gender and interests of site visitors based on an evaluation of interest-based advertising and with the addition of third-party information. This allows the definition and differentiation of user groups of the website for the purpose of target group optimization of marketing measures. However, data sets collected through the “demographic characteristics” cannot be assigned to any particular person. Details about the processing initiated by Google Analytics and Google’s handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites All the processing described above, in particular the setting of Google Analytics cookies for the reading of information on the device used, will only be carried out if you provide us with information pursuant to Art. 6 (1) lit. a GDPR have given your express consent. Without this consent, the use of Google Analytics will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website. We have entered into a contract processing agreement with Google for the use of Google Analytics, under which Google is obliged to protect the data of our website visitors and not to pass it on to third parties. For the transmission of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. More information about Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de This website also uses the Google Signals service as an extension of Google Analytics. With Google Signals, we can have Google create cross-device reports (so-called “cross-device tracking”). If you have activated the “personalized ads” in your settings in your Google Account and you have linked your internet-capable devices to your Google Account, Google may use the user behavior with the corresponding consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR (s.o.) Analyze cross-device and create database models based on this. The logins and device types of all site visitors who were logged in to a Google account and performed a conversion are taken into account. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the corresponding conversion took place. We do not receive any personal data from Google, but only statistics generated on the basis of Google Signals. You have the option to disable the “personalized ads” feature in your Google account settings and thus disable cross-device analysis. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=de 10) Page functionalities 10.1  Facebook plugins with 2-click solution Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook. Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). In order to increase the protection of your data when visiting our website, the plugins are initially deactivated by means of a so-called “2-click” solution integrated into the page. You can recognise deactivated plugins by their grey background. This integration ensures that no connection to the Facebook servers is established when a page of our website that contains such plugins is accessed. Only when you activate the plugins and thus in accordance with Art. 6 para. 1 lit. a DSGVO If you give your consent to the data transfer, your browser establishes a direct connection to the Facebook servers. The content of the respective plugin is transmitted directly to your browser and integrated into the page. The plugin then transmits data (including your IP address) to Facebook. We have no influence on the extent of the data that Facebook collects with the help of the plugins. To the best of our knowledge, Facebook will in any case receive information about which of our websites you have visited recently and previously. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website even if you do not have a Facebook profile or are not currently logged in. The information collected (including your IP address) is transmitted from your browser directly to a Facebook Inc. server in the USA and stored there. If you interact with the plugins, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your contacts there. You can revoke your consent at any time by deactivating the activated plugin by clicking again. However, the revocation does not affect the data that has already been transmitted to Facebook. For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights in this regard and settings options to protect your privacy, please refer to Facebook’s privacy policy: https://www.facebook.com/policy.php 10.2  Facebook plugins with Shariff solution Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook. Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only by using an HTML link. This type of integration ensures that when you access a page of our website that contains such buttons, you do not yet connect to the Facebook servers. When you click on the button, a new browser window opens and opens the Facebook page where you can interact (possibly after entering your login data) with the plugins there. For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights in this regard and settings options to protect your privacy, please refer to Facebook’s privacy policy: https://www.facebook.com/policy.php 10.3  Instagram plugin as a Shariff solution Our website uses so-called social plugins (“plugins”) of the online service Instagram, which is provided by Facebook. Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”). In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only by using an HTML link. This type of integration ensures that when you access a page of our website that contains such buttons, you do not yet connect to Instagram’s servers. When you click on the button, a new browser window opens and opens the page of Instagram where you can interact with the plugins there (possibly after entering your login data). The purpose and scope of data collection and the further processing and use of data by Instagram as well as your rights and settings options to protect your privacy can be found in the privacy policy of Instagram: https://help.instagram.com/155833707900388/ 10.4  Use of YouTube videos This website uses the YouTube embedding function to display and play videos of the provider “Youtube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The extended data protection mode is used, which, according to the provider, only starts storing user information when the video (s) is played. When the playback of embedded YouTube videos is started, the provider “Youtube” uses cookies to collect information about user behaviour. According to “Youtube”, they are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behaviour. If you are logged in to Google, your data is assigned directly to your account when you click on a video. If you do not want the assignment with your profile on YouTube, you must log out before activating the button. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. In the context of the use of Youtube, it may also lead to a transfer of personal data to the servers of Google LLC. in the United States. Regardless of the playback of the embedded videos, a connection to the Google network is established every time this website is accessed, which may trigger further data processing operations without our influence. All processing described above, in particular the reading of information on the used terminal device via the tracking pixel, will only be carried out if you provide us with information pursuant to Art. 6 para. 1 lit. a GDPR have given your express consent. Without this consent, you will not be able to use YouTube videos during your visit. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website via alternative options communicated to you on the website. Further information on data protection at “Youtube” can be found in the Youtube Terms of Use at https://www.youtube.com/static?template=terms and in Google’s privacy policy at https://www.google.de/intl/de/policies/privacy. 10.5  Use of Vimeo videos Our website includes plugins from the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10 011, USA. When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Vimeo. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted from your browser directly to a Vimeo server in the USA and stored there. If you are logged in to Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. When you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there. If you do not want Vimeo to associate the data collected via our website directly with your Vimeo account, you must log out of Vimeo before visiting our website. For the purpose and scope of data collection and further processing and use of data by Vimeo, as well as your rights and settings options to protect your privacy, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy The Google Analytics tracking tool of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated with Vimeo videos that are embedded on our site. This is our own tracking of Vimeo, to which we do not have access and which cannot be influenced by our side. Google Analytics uses so-called “cookies”, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there, in which case it may also be transmitted to the servers of Google LLC. in the United States. All processing described above, in particular the reading of information on the used terminal device via the tracking pixel, will only be carried out if you provide us with information pursuant to Art. 6 para. 1 lit. a GDPR have given your express consent. Without this consent, the use of Vimeo videos during your site visit will not be possible. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website via alternative options communicated to you on the website. 10.6 Spotify Plugins of the music service Spotify, an offer of Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden ("Spotify"), are integrated on this website for the playback of music tracks. You can recognize the Spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: https://developer.spotify.com. When visiting this page, a direct connection between your browser and Spotify's servers can be established via the plugin, even if you do not have a Spotify account or are not logged into one. Spotify thereby receives the information that you have visited our site. The information collected in this respect (including your IP address) is transmitted by your browser directly to a Spotify server and stored there. However, the information is not used to identify you personally and is not passed on to third parties. If you click the Spotify button while you are logged into your Spotify account, Spotify can associate your visit to our site with your user account. The data processing described above is carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in the appealing acoustic design of visits to our website. If you do not want Spotify to be able to associate your visit to our site with your Spotify user account, please log out of your Spotify user account. You can also object to the loading of the Spotify plugin and thus to the data processing operations described above for the future using add-ons for your browser, e.g. the script blocker "NoScript" (http://noscript.net/). For more information, please refer to Spotify's privacy policy at https://www.spotify.com/de/legal/privacy-policy/. 10.7 Shopsync for Shopify This website uses the Shopify app "Shopsync" from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA. With the help of ShopSync, the newsletter service "Mailchimp" is synchronized with our Shopify account in such a way that, on the one hand, updates in Mailchimp email lists (such as a newsletter recipient opting out) are also automatically stored on Shopify and, on the other hand, new contact data generated via contract conclusions on Shopify are automatically transferred to the Mailchimp email lists. In the former case, data processing is carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in the effective and cross-system maintenance of the files of advertising addressees and the efficient observance of legally significant status changes. In the second case, exclusively on the basis of the user's express consent pursuant to Art. 6 (1) a DSGVO, after a contract has been concluded on Shopify for inclusion in the Mailchimp list, the user's first and last name, address and mail address together with transaction-related information (purchase amount, time and date of purchase) are transferred by ShopSync to Mailchimp. Data transferred in this way is not stored or retained by ShopSync after synchronization. All information synced between Shopify and Mailchimp is transmitted using Secure Socket Layer (SSL) technology, and all transmitted information remains encrypted during the sync process. The synchronization process requires the transfer of information over a secure connection to servers hosted by Amazon Web Services in the United States. Further data protection information on ShopSync can be found here: https://shopsync.io/privacy-policy 11) Rights of the data subject 11.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below: Right to information pursuant to Art. 15 DSGVO: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period and/or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing that concern you, as well as your right to be informed about what guarantees exist in accordance with Art. 46 DSGVO when your data is transferred to third countries; Right to rectification pursuant to Art. 16 DSGVO: You have the right to have any inaccurate data relating to you corrected without delay and/or to have any incomplete data stored by us completed; Right to deletion pursuant to Art. 17 DSGVO: You have the right to request the deletion of your personal data if the conditions of Art. 17 (1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims; Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified; if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you require your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved; or if you have lodged an objection for reasons relating to your particular situation as long as it has not yet been determined whether our legitimate grounds prevail; Right to information in accordance with Art. 19 DSGVO: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients. Right to data portability pursuant to Art. 20 DSGVO: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible; Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation; Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data concerning you infringes the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement. 11.2 RIGHT OF OBJECTION IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES. 12) Duration of storage of personal data The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and - if relevant - additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, this data is stored until the data subject revokes his or her consent. If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment of the contract or the initiation of the contract and/or there is no legitimate interest on our part in continuing to store it. When processing personal data on the basis of Art. 6(1)(f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Article 6 (1) (f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Article 21 (2) DSGVO. Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.