Privacy policy

Data Controller: Melanie Hanf
Simrockstraße 5,
Rheinbreitbach / Rheinbreitbach

Email: MKHanf@gmx.de
Phone: 015787609990

We are pleased that you are interested in our online store. Protecting your privacy is very important to us. Below, we provide detailed information on how we handle your data.

Access Data and Hosting
You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which contains the name of the requested file, your IP address, the date and time of the request, the transferred data volume, and the requesting provider (access data) and documents the access. These access data are evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our offerings. This serves to safeguard our legitimate interests in the correct representation of our offerings, which predominate in the context of a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. All access data are processed only for as long as necessary for the purposes stated above.

The hosting and website display services are partly provided by our service providers within the scope of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and data collected in forms on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please refer to the contact information provided in this privacy policy.

Our service providers are located and/or use servers in countries for which the European Commission has determined an adequate level of data protection: Israel, the United Kingdom, the USA. The adequacy decision for the USA serves as the basis for the transfer to third countries, provided the respective service provider is certified. Certification exists.

Our service providers are located and/or use servers in the following countries: Brazil, Mexico, India, Ukraine. For these countries, there is no adequacy decision from the European Commission. Our cooperation with them is based on these guarantees: EU standard contractual clauses.

Data Processing for Contract Execution and Contact 2.1 Data Processing for Contract Execution
For the purpose of contract execution (including inquiries and processing of any warranty and performance claims, as well as any statutory update obligations) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as we need the data to process the contract, and without it, we cannot send the order. The data collected is evident from the respective input forms.

Further information on the processing of your data, in particular on the disclosure to our service providers for the purpose of order, payment, and shipping processing, can be found in the following sections of this privacy policy. After the contract has been fully executed, your data will be restricted for further processing and deleted after the tax and commercial retention periods have expired, in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and of which we inform you in this declaration.

2.2 Customer Account
If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by choosing to open a customer account, we use your data for the purpose of opening the account and storing your data for future orders on our website. Deleting your customer account is possible at any time and can be done by sending a message to the contact information provided in this privacy policy or through a dedicated function in the customer account. After the deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and of which we inform you in this declaration.

2.3 Contact
As part of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide it to us when contacting us (e.g., via contact form, live chat tool, or email). Mandatory fields are marked as such, as we need the data to process your inquiry. The data collected is evident from the respective input forms. After your inquiry is fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and of which we inform you in this declaration.

Live Chat Tool Ascend by Wix
For customer communication, we use the live chat tool Ascend by Wix, provided by Wix.com Ltd., 40 Nemal St., Tel Aviv 6350671, Israel (“Wix”). This serves our legitimate interest in improving customer communication in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Wix operates as our processor on our behalf.

Our service providers are located in countries for which the European Commission has determined an adequate level of data protection: Israel, the UK, the USA. The adequacy decision for the USA applies to third-country transfers where the respective service provider is certified. Certification is in place.

Our service providers are located and/or use servers in these countries: Brazil, Mexico, India, Ukraine. For these countries, there is no adequacy decision from the European Commission. Our cooperation is based on EU Standard Contractual Clauses.

3. Data Processing for Shipping Purposes
For the fulfillment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider responsible for the delivery, to the extent that this is necessary for the delivery of ordered goods. If you have questions about our service providers and the basis of our cooperation with them, please contact the point of contact described in this privacy policy.

4. Data Processing for Payment Purposes
When processing payments in our online store, we work with the following partners: technical service providers, credit institutions, and payment service providers.

4.1 Data Processing for Transaction Handling
Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who act as processors on our behalf, or to the credit institutions or the selected payment service provider, to the extent necessary for payment processing. This serves to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g., on their own website or through a technical integration in the order process. The privacy policy of the respective payment service provider applies in such cases.
If you have questions about our partners for payment processing and the basis of our cooperation with them, please contact the point of contact described in this privacy policy.

4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes
We may provide our service providers with additional data, which they use together with the data necessary for payment processing as our processors, for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, handling of disputed payments, support for accounting). This serves our legitimate interest in safeguarding against fraud or in efficient payment management, as determined through a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

5. Advertising via Email, Post

5.1 Email Newsletter with Subscription, Newsletter Tracking with Separate Consent
If you subscribe to our newsletter, we use the data required for this or separately provided by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time by sending a message to the contact details described below or by using a link provided in the newsletter. After unsubscribing, we delete your email address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use your data in a way that is legally permitted and of which we inform you in this declaration.

If you have also given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR to analyze our newsletter, we will analyze your interaction with our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of designing future newsletter campaigns ("Newsletter Tracking").

For this analysis, the emails we send contain one-pixel technologies (e.g., web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular:

the page from which the page was requested (so-called referrer URL),
the date and time of the request,
a description of the type of web browser used,
the IP address of the requesting computer,
the email address,
the date and time of the subscription and confirmation,
and the one-pixel technologies with your email address or IP address and possibly an individual ID. Links contained in the newsletter may also include this ID.

You can unsubscribe from newsletter tracking at any time by sending a message to the contact point described or via a link provided in the newsletter.

The information is stored as long as you are subscribed to the newsletter.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: Israel, United Kingdom, USA.

The adequacy decision for the USA serves as the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is present.

Our service providers are located and/or use servers in the following countries: Brazil, Mexico, India, Ukraine.
For these countries, no adequacy decision of the European Commission exists. Our cooperation with them is based on the following guarantees: Standard Data Protection Clauses of the European Union.

5.2 Sending Review Requests via Email
If you have given us your explicit consent during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to request a review of your order through the review system we use. This consent can be revoked at any time by sending a message to the contact details described in this privacy policy or via a link provided in the review request. After your consent is revoked, we will delete your email address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use your data in ways that are legally permitted and which we inform you of in this declaration.

Review requests may also be sent by our service provider Trusted Shops SE Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops").

As part of sending review requests, we receive information on the respective status from Trusted Shops (e.g., whether the review request was sent and whether it was received). This is done in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to fulfill our legitimate interest in receiving information about the review invitations, allowing us to make optimizations as necessary, and to fulfill Trusted Shops’ legitimate interest in providing this service.

We are jointly responsible with Trusted Shops for the sending of review requests and for the collection and display of review or status information.

As part of the joint responsibility between us and Trusted Shops, please contact Trusted Shops for privacy-related questions and to assert your rights, whose contact details can be found here. Additional information about data protection can be found via the following link here. Regardless, you can always contact us using the contact details described in this privacy policy. If necessary, your inquiry will be forwarded to the other responsible party for response.

5.3 Postal Advertising and Your Right to Object
In addition, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g., to send you interesting offers and information about our products by mail. This serves to safeguard our overriding legitimate interests in the promotion of our customers in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to the contact details described in this privacy policy.
After your consent is revoked, we will delete your address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use your data in ways that are legally permitted and which we inform you of in this declaration.

6. Cookies and Other Technologies

6.1 General Information
To make your visit to our website more attractive and to enable the use of certain functions, we use various technologies on different pages, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser upon your next visit (persistent cookies).

Protection of Privacy on Devices
When using our online services, we employ strictly necessary technologies to provide the expressly requested telemedia service. Storing information on your device or accessing information that is already stored on your device does not require consent in this regard.

For functions that are not strictly necessary, storing information on your device or accessing information already stored requires your consent. Please note that if you do not give your consent, some parts of the website may not be fully functional. Any consent you give remains in effect until you adjust or reset the respective settings on your device.

Subsequent Data Processing by Cookies and Other Technologies
We use technologies that are necessary for certain functions of our website (e.g., shopping cart functionality). These technologies collect and process IP addresses, visit times, device and browser information, and information about your use of our website (e.g., shopping cart content). This is done as part of a balancing of interests to optimize the presentation of our offer, according to Art. 6 (1) S. 1 lit. f GDPR.

We also use technologies to fulfill legal obligations (e.g., to provide proof of consent to the processing of your personal data) and for web analytics and online marketing. Further information, including the legal basis for data processing, can be found in the following sections of this Privacy Policy.

Cookie Settings
You can find the cookie settings for your browser at the following links:
Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of technologies according to Art. 6 (1) S. 1 lit. a GDPR, you can withdraw your consent at any time by sending a message to the contact information provided in this Privacy Policy. Alternatively, you can use the cookie settings button.

6.2 Use of the Wix Consent Manager Tool for Managing Consents
On our website, we use the Wix Consent Manager Tool to inform you about the cookies and other technologies we use and to obtain, manage, and document your consent for the processing of your personal data where required. This is necessary under Art. 6 (1) S. 1 lit. c GDPR to fulfill our legal obligation under Art. 7 (1) GDPR to provide proof of your consent to the processing of your personal data. The Wix Consent Manager Tool is offered by Wix.com Ltd., 40 Nemal St., Tel Aviv 6350671, Israel (“Wix”). After you submit your cookie consent on our website, Wix’s web server stores your IP address, the date and time of your consent, browser information, language, the URL from which the consent was sent, and information about your consent behavior. A cookie is also placed, which contains information about your consent behavior. Your data will be deleted after 365 days unless you explicitly consent to a further use of your data according to Art. 6 (1) S. 1 lit. a GDPR, or we reserve the right to use your data for further purposes as permitted by law, as outlined in this policy.

Our service providers are based in and/or use servers in countries for which the European Commission has established an adequate level of data protection by decision: Israel, United Kingdom, USA.

The adequacy decision for the USA applies as a basis for third-country transfers, provided the respective service provider is certified. Certification is in place.

Our service providers are based in and/or use servers in these countries: Brazil, Mexico, India, Ukraine.
There is no adequacy decision by the European Commission for these countries. Our collaboration is based on these guarantees: standard data protection clauses of the European Union.

6.3 Information on Third-Country Transfers (Data Transfer to Third Countries)
We use technologies from service providers on our website, whose headquarters and/or server locations may be in third countries outside the EU or the EEA. If there is no adequacy decision from the EU Commission for these countries, an adequate level of data protection must be ensured through other appropriate safeguards.

Appropriate safeguards in the form of contractually agreed standard contractual clauses of the EU Commission or binding corporate rules are generally possible, but require prior review by the contracting parties to determine whether an adequate level of protection can be guaranteed. According to the ECJ's case law, additional safeguards may be required.

We have generally agreed with the technology providers we use that process personal data in third countries to apply the standard data protection clauses issued by the EU Commission. Where possible, we also agree on additional guarantees to ensure sufficient data protection in countries without an adequacy decision.

Despite all contractual and technical measures, it is possible that the level of data protection in the third country may not meet EU standards. In these cases, we ask for your consent, if necessary, under Art. 49 (1) lit. a GDPR, for the transfer of your personal data to a third country during cookie consent.

There is a particular risk that local authorities in the third country may have access rights to your personal data, which from a European data protection perspective may not be sufficiently restricted, and you as the data subject may not be informed of this, and you may not have adequate legal remedies to prevent or challenge such access.

Currently, the following countries are considered third countries without an adequacy decision from the EU Commission (example list):
China
Russia
Taiwan
You can find out which third countries data is transferred to in the data protection notices for the respective tool and/or service provider we use for consent management.

7. Social Media

7.1 Social Buttons from Instagram (by Meta)
Our website uses social buttons from social networks. These are embedded as HTML links on the page, so when you visit our website, no connection to the servers of the respective provider is established. If you click on one of the buttons, the website of the respective social network will open in a new window of your browser. There you can, for example, click the Like or Share button.

7.2 Our Online Presence on Facebook (by Meta), Instagram (by Meta), LinkedIn
If you have given your consent to the respective social media operator pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, when you visit our online presence on the aforementioned social media platforms, your data will be automatically collected and stored for market research and advertising purposes. Usage profiles are created from this data using pseudonyms. These profiles can be used, for example, to display advertisements inside and outside the platforms that are presumably aligned with your interests. Cookies are generally used for this purpose. Detailed information on the processing and use of your data by the respective social media operator, as well as a contact option and your rights and settings for protecting your privacy, can be found in the privacy policies of the providers linked below. If you need further assistance, you can contact us.

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information automatically collected by Meta Platforms Ireland about your use of our Facebook (by Meta) online presence is generally transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing as part of the visit to a Facebook (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (regarding Insights Data) can be found here.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for the transfer to third countries, provided the respective service provider is certified. Certification is in place.

Our service providers are based in and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.

Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information automatically collected by Meta Platforms Ireland about your use of our Instagram online presence is generally transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing as part of the visit to an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (regarding Insights Data) can be found here.

The adequacy decision for the USA serves as the basis for the transfer to third countries, provided the respective service provider is certified. Certification is in place.

LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Information automatically collected by LinkedIn about your use of our LinkedIn online presence is generally transmitted to and stored on a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Our service providers are based in and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA.

The adequacy decision for the USA serves as the basis for the transfer to third countries, provided the respective service provider is certified. Certification is in place.

8. Contact Options and Your Rights

8.1 Your Rights
As a data subject, you have the following rights:

In accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent described therein;
In accordance with Art. 16 GDPR, the right to request the immediate correction of inaccurate or completion of your personal data stored by us;
In accordance with Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is required:
- for exercising the right to freedom of expression and information;
- for fulfilling a legal obligation;
- for reasons of public interest; or
- for the establishment, exercise, or defense of legal claims;
In accordance with Art. 18 GDPR, the right to request the restriction of processing of your personal data where:
- you contest the accuracy of the data;
- the processing is unlawful, but you oppose the deletion of the data;
- we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
- you have objected to processing pursuant to Art. 21 GDPR;
In accordance with Art. 20 GDPR, the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transfer to another controller;
In accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority of your habitual residence or place of work or the supervisory authority at our company's headquarters.

Right to Object
Where we process personal data as explained above to safeguard our overriding legitimate interests as part of a balancing of interests, you can object to this processing with future effect. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is for other purposes, you have the right to object only on grounds relating to your particular situation.

After you exercise your right to object, we will not continue processing your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

8.2 Contact Options
If you have any questions regarding the collection, processing, or use of your personal data, or for information, correction, restriction, or deletion of data, as well as the withdrawal of consent or objection to a particular data use, please contact us directly using the contact details in our legal notice (Impressum).