Shopping cart

Shopping Cart is Empty.

DATA PRIVACY STATEMENT

PRIVACY POLICY

1. Data protection at a glance

General notes

The following notice gives a straight-forward overview of what happens with your personal data when you visit our website and/or our social media profiles.

This privacy policy applies to the website with its shop at

https://www.khujo.com

and to our social media pages at

https://www.facebook.com/KHUJO-68176924401/

https://www.instagram.com/khujo_official/

https://www.pinterest.de/khujoofficial/

Personal data is any data that can be used to personally identify you. You can find more detailed information on the topic of data protection in our privacy policy below this text.

Data collection on our website

Who is responsible for data collection on this website?

The website operator processes data on this website. The operator’s contact details can be found in this website’s legal notice.

How do we collect your data?

Your data is collected when you share it with us. This may, for example, include data that you provide us with in a contact form or an order form.

Other data is automatically collected by our IT systems when you visit our website. This mainly includes technical data (e.g. web browser, operating system or time of site visit). This data is collected automatically as soon as you visit our website.

What do we use your data for?

Part of the data is collected to ensure that we can provide our website without any errors. Other data is used to analyse user behaviour.

What rights do you have with respect to your data?

You have the right to receive information about the origin and recipients of your stored personal data and the purposes for which this stored data is used free of charge at any time. You also have the right to request that this data is rectified, suppressed or erased. You can contact us or our appointed company data protection officer about this and any other questions concerning data protection at any time by using the address in our legal notice. You also have a right to lodge a complaint with a competent supervisory authority.

In addition, you have the right to request that the processing of your personal data is restricted under certain circumstances. You can find details about this in the privacy policy under ‘Right to restriction of processing’.

Analysis tools and third-party provider tools

When visiting our website, your surfing behaviour may be evaluated for statistical purposes. This is mainly done using cookies and ‘analysis programmes’. The analysis of your surfing behaviour is generally anonymous; the surfing behaviour cannot be traced back to you.

You can object to this analysis or prevent it by not using certain tools. You can find detailed information about these tools and your options to object in the following privacy policy.

2. General notes and mandatory information

Data protection

The operator of this site takes the protection of your personal data very seriously. We treat your personal data confidentially, in compliance with legal data protection provisions and this privacy policy.

Various different personal data is collected when you use this website. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purposes this is carried out.

Please note that the security of data submission via the internet (e.g. e-mail communication) may be compromised. It is not possible to completely secure data against third-party access.

Controller

The controller for data processing on this website is:

HTS Textilvertriebs GmbH 
Osterfeldstrasse 32–34 
22529 Hamburg
Germany

Telephone: +49 40 5562 0350
E-mail: customerservice@khujo.com

Legally required data protection officer

We have appointed a data protection officer for our company.

HTS Textilvertriebs GmbH
FAO Datenschutzbeauftragter/Data protection officer
Osterfeldstrasse 32–34 
22529 Hamburg

Telephone: +49 40 5562 0350
E-mail: datenschutz@khujo.com

Withdrawing your consent to data processing

Many data processing processes may only be carried out with your explicit consent. You can withdraw your consent at any time. You can do so by simply sending us an informal message by e-mail. The legality of the data processing carried out until consent is withdrawn remains unaffected by the withdrawal.

Right to object to data collection in certain cases and to direct marketing (Article 21 of the GDPR)

If data processing is based on Article 6 (1) (e) or (f) of the GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, including profiling based on those provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process the concerned personal data unless we can prove that there are compelling legitimate grounds for processing which outweigh your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection under Article 21 [1] of the GDPR).

If your personal data is processed for direct marketing, you have the right to object to the processing of the personal data concerning you for such marketing at any time, which includes profiling to the extent it is related to such direct marketing. If you object, your personal data shall no longer be used for direct marketing (objection under Article 21 [2] of the GDPR).

Right to lodge a complaint with a competent supervisory authority

If there is an infringement of the GDPR, the data subject has a right to lodge a complaint with a supervisory authority, particularly in the Member State of his or her habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

TLS encryption

This website uses TLS encryption for security reasons and in order to protect confidential content, such as orders or queries sent to us as the site operator. You can tell that the connection is encrypted if the browser address changes from ‘http://’ to ‘https://’ and a padlock symbol is shown in the browser’s address bar.

If TLS encryption is enabled, the data sent to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a fee-based contract, there is an obligation to transmit your payment details, this data is required for payment processing.

Payment transactions using usual payment methods (Visa/MasterCard or PayPal and Sofortüberweisung) are exclusively carried out via an encrypted SSL or TLS connection. You can tell that the connection is encrypted if the browser address changes from ‘http://’ to ‘https://’ and a padlock symbol is shown in the browser’s address bar.

With respect to encrypted communication, third parties cannot read your payment details, which you send to us.

Right of access, right to suppression, erasure and rectification

As part of the applicable statutory provisions, you have the right to request information (Article 15 of the GDPR) about the personal data stored about you, its origin and recipients and the purposes of data processing, as well as the right for this data to be rectified (Article 16 of the GDPR), erased (Article 17 of the GDPR) or for processing to be restricted (Article 18 of the GDPR) at any time, free of charge. You can contact us about this and any other questions about personal data at any time by using the address in our legal notice.

Right to restriction of processing

You have the right to request that the processing of your personal data is restricted (Article 18 of the GDPR). You can contact us about this at any time by using the address in our legal notice. There is a right to restrict processing where one of the following applies:

  • If you contest the accuracy of your personal data, which we store, we generally require time to verify this. In this period, you have the right to request that the processing of your personal data is restricted.
  • If the processing of your personal data was/is unlawful, you can request that data processing is restricted instead of erased.
  • If we no longer require your personal data but you require it to exercise, defend or establish legal claims, you have the right to request that the processing of your personal data is restricted instead of erased.
  • If you have lodged an objection under Article 21 (1) of the GDPR, your interests and our interests must be weighed. If it cannot be determined whose interests outweigh the others, you have the right to request that the processing of your personal data is restricted.

 

If you have restricted the processing of your personal data, we may, with the exception of storage, only use this data with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

Right to data portability

You have the right to receive or have a third party receive data that we process in an automated way on the basis of your consent or to fulfil a contract in a commonly used, machine-readable format (Article 20 of the GDPR). If you have requested that the data is directly transferred to another controller, this is only done if it is technically feasible.

3. Data collection on our website

Cookies

The website sometimes uses ‘cookies’. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and saved by your browser.

Most of the cookies we use are ‘session cookies’. These are automatically deleted at the end of your visit. Other cookies are stored on your end device until you delete them. These cookies allow us to recognise your browser when you visit us again.

You can change your browser settings so that you are notified about cookies being placed on your machine, and so that you only accept or reject cookies in certain cases or disable cookies in general, and enable the automatic deletion of cookies when you close your browser. Disabling cookies can restrict the functionality of this website.

Cookies that are required for electronic communication processes, or to provide specific functions requested by you (e.g. shopping cart function), are saved on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in saving cookies to provide its services in a way that is free from technical errors and functions at an optimal level. If other cookies (e.g. cookies used to analyse your surfing behaviour) are saved, these are detailed separately in this privacy policy.

Server log files

The website provider automatically collects and saves information in ‘server log files’ which are automatically sent to us by your browser. This includes:

  • the browser type and browser version;
  • the operating system used;
  • the referrer URL;
  • the host name for the accessing computer;
  • the time of the server request; and
  • the IP address.

This data is not merged with other data sources.

This data is collected on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in displaying and optimising its website in a way that is technically free from errors, and to do so involves recording server log files.

Contact form

If you send us a request via the contact form, we store your details [KL1] from the request form, including contact details provided by you in it, for the purposes of processing the request and in the event of any follow-up questions. We do not share this data without your consent.

The legal basis for processing data is our legitimate interest in responding to your request pursuant to Article 6 (1) (f) of the GDPR. If the aim of you contacting us is to conclude a contract, the legal basis for processing is also based on Article 6 (1) (b) of the GDPR. The data you send is erased after your request has ultimately been resolved. Data is particularly erased if it can be deduced from the circumstances that the facts have been clarified in a final way.

Requests by e-mail or phone

If you contact us by e-mail, phone or fax, we store and process your request, including any resulting personal data (name, request), for the purpose of processing your request. We do not share this data without your consent.

This data is processed on the basis of Article 6 (1) (b) of the GDPR if your request relates to the performance of a contract or to implement pre-contractual measures. In all other cases, processing is based on your consent (Article 6 [1] [a] of the GDPR) and/or on our legitimate interests (Article 6 [1] [f] of the GDPR), as we have a legitimate interest in effectively processing the requests sent to us.

We keep the data you send to us via the contact form until you ask us to erase it, withdraw your consent to storage or until the purpose for data storage no longer applies (e.g. once your request has been completely processed). Mandatory legal provisions - with particular reference to legal retention periods - remain unaffected.

Registration on this website

You can register to use additional site functions on our website at any time. We only use the data provided in this process for the purpose of using the respective offering or service for which you have registered. Mandatory information requested on registration must be provided in full. Otherwise, we will reject your registration.

We use the e-mail address given on registration to notify you of any important changes, e.g. to the scope of our offering or if changes are required for technical reasons.

Data provided on registration is processed on the basis of your consent (Article 6 [1] [a] of the GDPR). You can withdraw your consent at any time. You can do so by simply sending us an informal message by e-mail. The legality of data processing already carried out remains unaffected by the withdrawal.

We store data collected on registration for as long as you are registered on our website. It is then erased. Legal retention periods remain unaffected.

Processing data (customer data and contractual data)

We only collect, process and use personal data if it is required to justify a legal relationship, or for the content-related design or changes to a legal relationship (inventory data). This takes place on the basis of Article 6 (1) (b) of the GDPR, which permits the processing of data to perform a contract or to implement pre-contractual measures. We only collect, process and use personal data relating to the use of our web pages (user data) if this is required to allow users to use the service or for billing.

The customer data collected is erased after the order is completed or the business relationship comes to an end. Legal retention periods remain unaffected.

Data transmission when concluding contracts in the online shop, using payment service providers for sending goods

We only share personal data with third parties if this is required as part of contract processing, for example sharing data with companies entrusted with the delivery of goods or the bank or payment service provider commissioned to process the payment (see 8. below for further details). Further transmission of data does not take place, or only takes place if you have explicitly agreed to the transmission. Your data is not shared with third parties without your explicit consent, for example for advertising purposes.

The basis for data processing is Article 6 (1) (f) of the GDPR, which permits the processing of data to fulfil a contract or to implement pre-contractual measures. 

4. Social media

Social media plugins are used on our website (Facebook, Twitter, Pinterest).

You can generally recognise plugins by their social media logo. To ensure data protection on our website, we use a script so data is only sent when the icon is clicked on. This script prevents the plugins embedded into our website from transmitting data to the respective provider when the page is first accessed.

A direct connection is only established with the provider’s server when you enable the respective plugin by clicking on the related button (consent). The respective provider is therefore notified that you visited our website with your IP address as soon as you enable the plugin. If you are signed into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to our website to your user account.

Enabling a plugin constitutes consent within the meaning of Article 6 (1) (a) of the GDPR. You can withdraw this consent with future effect at any time.

5. Analysis tools and advertising

Google Analytics

This website uses functions from the web analysis service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses ‘cookies’. These are text files that are saved on your computer that allow website use to be analysed. Information collected by the cookie about your use of this website is generally sent to a Google server in the USA and saved there.

Google Analytics cookies are saved and this analysis tool used on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour to optimise its web services and advertising.

IP anonymisation

We have enabled the IP anonymisation function on this website. This means that your IP address is truncated by Google within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before it is sent to the USA. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. By order of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports about website activities and to provide other services to the website operator that relate to website and internet use. The IP address sent from your browser as part of Google Analytics will not be merged with other Google data.

Browser plug-in

You can prevent cookies from being saved by changing your browser settings; please note that in this case, you may not be able to use all of this website’s functions properly. You can also prevent the data generated by the cookie relating to your use of the website (inc. your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Objection to data collection

You can prevent data from being collected by Google Analytics by clicking on the following link. This will place an opt-out cookie on your machine that will prevent your data from being collected when you visit this website in future: Disable Google Analytics.

You can find more information about how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Order processing

We have concluded a contract relating to order processing with Google and fully apply the requirements of German data protection authorities when using Google Analytics.

Demographics with Google Analytics

This website uses the Google Analytics ‘Demographics’ function. This means that reports can be compiled that contain statements relating to the age, gender and interests of site visitors. This data is based on Google’s interest-based advertising and on visitor data provided by third-party providers. This data can’t be assigned to a specific person. You can disable this function via your ad settings in your Google account, or generally disallow the collection of your data by Google Analytics, as shown in the point ‘Objection to data collection’, at any time.

Storage period

Data stored by Google on a user and event level, which is linked with cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising IDs) is anonymised or erased after 14 months. You can find further details about this by clicking on the following link: https://support.google.com/analytics/answer/7667196?hl=de

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyse your user behaviour on this website. We use Hotjar to, among other things, record your mouse and scrolling movements and clicks. In doing so, Hotjar can also determine how long you have left the mouse pointer in a specific place. Hotjar creates ‘heatmaps’ using this information, which can be used to determine which areas of the website visitors prefer to view.

In addition, we can determine how long you have stayed on one page and when you left it. We can also determine at what point you stopped inputting information into the contact form (‘conversion funnels’).

Hotjar can also used to obtain direct feedback from website visitors. This function is used to improve the website operator’s online offering.

Hotjar uses cookies. Cookies are small text files that are placed on your computer and saved by your browser. They are used to make our website more user-friendly, effective and secure. These cookies can be particularly used to determine whether our website has been searched for using a certain end device or whether Hotjar functions have been disabled for the browser concerned. Hotjar cookies stay on your end device until you delete them.

You can change your browser settings so that you are notified about cookies being placed on your machine, and so that you only accept or reject cookies in certain cases or disable cookies in general, and enable the automatic deletion of cookies when you close your browser. Disabling cookies can restrict the functionality of this website.

The use of Hotjar and the saving of Hotjar cookies is based on Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour to optimise its web services and advertising.

Disabling Hotjar

If you want to disable Hotjar from collecting data, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out

Please note that Hotjar will have to be disabled on each browser or each end device separately.

You can find more information about Hotjar and the data collected in Hotjar’s privacy policy via the following link: https://www.hotjar.com/privacy

Order processing contract

We have concluded an order processing contract with Hotjar to implement strict European data protection provisions.

Google Analytics remarketing

Our websites use Google Analytics remarketing functions together with cross-device Google AdWords and Google DoubleClick functions. The provider is Google Ireland Limited (hereinafter ‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

This function allows the advertising target groups created using Google Analytics remarketing to be linked with cross-device Google AdWords and Google DoubleClick functions. Interest-related personalised advertising messages that have been customised on one device (e.g. mobile phone) based on your previous user and surfing behaviour can be shown on another of your end devices (e.g. tablet or PC).

If you have given corresponding consent, Google links your web and app browser history with your Google account for this purpose. It is in this way that the same personalised advertising messages can appear on each device you sign into with your Google account.

To support this function, Google Analytics records Google-authenticated user IDs that are temporarily linked with our Google Analytics data to define and create target groups for cross-device advertising campaigns.

You can permanently object to cross-device remarketing/targeting by disabling personalised advertising in your Google account. To do so, click on the following link: https://www.google.com/settings/ads/onweb/.

Recorded data is exclusively summarised in your Google account based on your consent that you can give to or withdraw from Google (Article 6 [1] [a] of the GDPR). With respect to data collection processes that are not carried out in your Google account (e.g. because you do not have a Google account or have objected to merging), data collection is based on Article 6 (1) (f) of the GDPR. The legitimate interest is based on the website operator having an interest in the anonymised analysis of website visitors for advertising purposes.

You can find more information and data protection provisions in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Google AdWords and Google conversion tracking

This website uses Google AdWords. AdWords is an online advertising programme from Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

We use ‘conversion tracking’ as part of Google AdWords. If you click on an ad shown by Google, a cookie is saved for conversion tracking. Cookies are small files that the web browser stores on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages on this website and the cookie has not yet expired, the fact that a user has clicked on the advert and has been directed to this site via an advert can be recognised by us and by Google.

Each Google AdWords customer receives a different cookie. Cookies can not be kept track of via the AdWords customer’s website. The information obtained by the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. The customers can find out the total number of users that have clicked on their adverts and have been directed to the page with a conversion tracking tag. However, they do not receive any information that can personally identify the user. If you do not want to take part in tracking, you can object to such use by easily disabling the Google Conversion tracking cookie via your web browser under user settings. You will then no longer be included in conversion tracking statistics.

Saving ‘conversion cookies’ and using this tracking tool is based on Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour to optimise its web services and advertising.

You can find more information about Google AdWords and Google conversion tracking in Google’s privacy policy at: https://policies.google.com/privacy?hl=de.

You can change your browser settings so that you are notified about cookies being placed on your machine, and so that you only accept or reject cookies in certain cases or disable cookies in general, and enable the automatic deletion of cookies when you close your browser. Disabling cookies can restrict the functionality of this website.

Facebook pixel

Our website uses the visitor behaviour pixel from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’) for conversion measurement.

Through Facebook’s certification under the EU-US data protection shield (‘EU-US Privacy Shield’ international agreement, https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active), the provider is obliged to ensure that the data protection level in the EU is also complied with when the data is processed in the USA.

This is how the behaviour of our site visitors can be tracked after they have been redirected to the provider’s website after clicking on a Facebook ad. As a result, the effectiveness of Facebook ads are evaluated for statistical and market research purposes and future advertising measures are optimised.

The data collected is anonymous for us as the operator of this website and we are unable to draw any conclusions about the identity of users. However, data is stored and processed by Facebook so it is possible for a connection to be made to the respective user profile and for Facebook to use the data for its own advertising purposes, in accordance with the Facebook data use policy. As a result, Facebook can enable ads on Facebook pages and outside of Facebook. As a site operator, we have no control over how data is used.

The use of Facebook pixel is based on Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in effective advertising measures, including social media.

You can find further notes on protecting your privacy in Facebook’s data protection notice: https://de-de.facebook.com/about/privacy/.

You can also disable the ‘Custom Audiences’ remarketing function in the settings area for ads at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You have to be signed into Facebook to do so.

If you don’t have a Facebook account, you can disable use-based advertising by Facebook on the European Interactive Digital Advertising Alliance’s website: http://www.youronlinechoices.com/de/praferenzmanagement/.

Bing Universal Event Tracking (UET)

On our website, data is collected and saved using the technologies of Bing Ads from which usage profiles are created using pseudonyms. This is a service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website if they accessed our website via advertisements from Bing Ads. If you access our website via an advertisement of this nature, a cookie is set on your computer. A Bing UET tag is integrated on our website. This is a code which, in combination with the cookie, saves some non-personal data about the usage of the website. This includes, among other things, the time spent on the website, which areas of the website were opened and via which advertisement the users accessed the website. No information about your identity is collected.

The information collected is transmitted to Microsoft servers in the USA and is there stored for a period of at most 180 days. You can prevent the collection of the data generated by the cookie with respect to your usage of the website as well as the processing of these data by deactivating the use of cookies. This could possibly lead to a restricted functionality of the website.

Furthermore, Microsoft can possibly track your usage behavior across several of your electronic devices using so-called Cross-Device Tracking and is thereby able to display personalized advertising on or in Microsoft web pages and apps. You can deactivate this behavior under http://choice.microsoft.com/de-de/opt-out.

Further information about the analysis services of Bing can be found on the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2 ). Further information about data protection at Microsoft and Bing can be found in Microsoft’s data protection provisions (https://privacy.microsoft.com/privacystatement).

6. Newsletters

Newsletter data

If you want to be included in the newsletters offered on the website, we require an e-mail address from you, and ideally your first name, surname, gender and date of birth, as well as information that allows us to verify that you are the owner of the e-mail address provided and that you consent to receiving the newsletter. Other data (first name, surname, date of birth) is not collected or only collected on a voluntary basis. We exclusively use this data to send the information required and do not share it with third parties. If you provide your salutation and name, we use this to personalise our communications.

The processing of data input into the newsletter registration form is exclusively based on your consent (Article 6 [1] [a] of the GDPR). You can withdraw the consent you have given to the storage of your data and the use of your e-mail address to send newsletters, at any time, for example by clicking on the ‘unsubscribe’ link in the newsletter. The legality of the data processing processes already carried out remains unaffected by the withdrawal.

We store data you provide us with for the purpose of including you in the newsletter until you unsubscribe from the newsletter, after which it is then erased. Data that we store for other purposes remains unaffected by this.

7. Plugins and tools

YouTube with extended data protection

Our website uses plugins from YouTube. The operator of this site is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube doesn’t store any information about website visitors before they view the video. In contrast, sharing data with YouTube partners is not absolutely excluded through extended data protection mode. As such, YouTube will establish a connection with the Google DoubleClick network regardless of whether or not you have viewed a video.

A connection is established with YouTube servers as soon as you start playing a YouTube video on our website. In doing so, the YouTube server is notified about which pages you have visited in our website. If you are signed into your YouTube account, you are allowing YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by signing out of your YouTube account first.

YouTube can also store various cookies on your end device after you start playing a video. Using these cookies, YouTube may receive information about visitors to our website. This information is in part used to compile video statistics, to improve user-friendliness and to prevent attempted fraud. The cookies stay on your end device until you delete them.

If applicable, other data processing processes may be triggered after you start playing a YouTube video, and we have no control over this.

We use YouTube in the interests of displaying our online offering. This is a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Web Fonts

This website uses ‘Web Fonts’ by Google to display fonts in a consistent way. When you access a page, your browser loads the required web fonts in your browser cache in order to correctly display text and fonts.

For these purposes, the browser you use must establish a connection with Google servers. To do so, Google must know that your IP address was used to access our website. We use Google Web Fonts in the interests of displaying our online offering in a consistent and appropriate way. This is a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.

If your browser does not support Web Fonts, your computer will use a standard font.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use ‘Google reCAPTCHA’ (hereinafter ‘reCAPTCHA’) on our websites. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether the data input into our websites (e.g. in a contact form) is done by a human or an automated programme. Here, reCAPTCHA analyses the behaviour of the website visitor using different features. This analysis starts automatically as soon as the website visitor accesses the website. reCAPTCHA evaluates various information for analysis (e.g. IP address, time the website operator spends on the website, or mouse movements made by the user). Data collected in the analysis process is sent to Google.

reCAPTCHA analyses run completely in the background. Website visitors are not notified of the fact that analysis is taking place.

Data processing is based on Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and spam.

You can find more information about Google reCAPTCHA and Google’s privacy policy by clicking on the following links: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html.

Google Tag Manager

Google Tag Manager is a solution that we use to manage ‘website tags’ via an interface (and embed Google Analytics and other Google marketing services into our website this way). The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager tool is a domain that does not have any cookies and does not collect any personal data. However, when visiting our website, your IP address is sent to Google as a technical condition.

With respect to the processing of users’ personal data, please refer to the following information concerning Google services: Google Tag Manager use policy: www.google.com/intl/de/tagmanager/use-policy.html 

The use of Google Tag Manager is based on Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the central embedding of website tags to optimise its website.

ADCELL/Firstlead GmbH

This website uses tracking cookies from Firstlead GmbH (Rosenfelder Str. 15-16, 10315 Berlin) under the brand ADCELL (www.adcell.de). A cookie is saved as soon as the visitor clicks on an ad with a partner link. Firstlead GmbH/ADCELL uses cookies to be able to trace the origin of orders. Firstlead GmbH/ADCELL also uses ‘tracking pixels’. These are used to evaluate information like visitor traffic on pages. The information collected by cookies and tracking pixels relating to the use of this website (including the IP address) and the delivery of ad formats is sent to a Firstlead GmbH/ADCELL server and saved there. Firstlead GmbH/ADCELL can recognise that the partner link on this website has been clicked on, in addition to other information. Under certain circumstances, Firstlead GmbH/ADCELL can share this (anonymised) information with contracting partners. However, data such as IP address is not merged with other stored data.

We have concluded an order processing contract with ADCELL in accordance with the GDPR.

More information and objection to data collection
https://www.adcell.de/datenschutz

The use of Firstlead GmbH/ADCELL is based on Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the placement of ads as well as the analysis of user behaviour to also optimise its web services and advertising.

Channel Pilot Solutions GmbH/cptrack.de

We use the ChannelPilot solution to link product search engines & Google Shopping. ChannelPilot is a service from Channel Pilot Solutions GmbH, Überseeallee 1, 20457 Hamburg (hereinafter ‘ChannelPilot’).

To be able to process orders on marketplaces, the following data is sent to ChannelPilot, if applicable: contact person, title, salutation, street, house number, post code, town/city, telephone number for the right billing and delivery address. If applicable, the following data is sent for performance measurement for online marketing channels: IP address, cookie IDs, addresses and other employee data: name, salutation, language, e-mail, IP address, cookie IDs.

We have concluded an order processing contract with ChannelPilot in accordance with the GDPR.

The use of ChannelPilot is based on Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the placement of its products in product search engines & Google Shopping as well as the analysis of user behaviour to also optimise its web services and advertising.

8. Payment providers and resellers

For certain payment methods, you will be redirected to the website of the respective payment service provider during the payment process. Data is then processed by the payment service provider. You can find out about how your personal data is handled on their website.

If the user wants to pay by credit card, he or she must provide his or her first name and surname, together with his or her address, where applicable. This data is stored on our servers and passed on to the respective credit card company.

If the operator is required to pass on your IP address, a referrer or your e-mail address to the respective payment service provider for execution by the respective payment service provider, the legal basis for transmitting data is Article 6 (1) (b) of the GDPR.

PayPal

We offer payment via PayPal on our website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter ‘PayPal’).

If you select PayPal as your payment method, the payment details you have provided will be sent to PayPal.

Your data is sent to PayPal on the basis of Article 6 (1) (a) of the GDPR (consent) and Article 6 (1) (b) of the GDPR (processing to perform a contract). You have the option of withdrawing your consent to data processing at any time. Withdrawal does not affect data processing processes carried out in the past.

‘Sofortüberweisung’ - the instant transfer service

As well as other options, we offer payment on our website via ‘Sofortüberweisung’, the instant transfer service. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter ‘Sofort GmbH’).

Using ‘instant transfer’, we receive payment confirmation from Sofort GmbH in real time and are able to immediately start meeting our obligations.

If you have decided to pay by ‘instant transfer’, you send your PIN and a valid TAN to Sofort GmbH for them to sign into your online banking account. Sofort GmbH automatically checks your bank account after signing in and makes the transfer to us using the TAN you sent. They then send us a transaction confirmation straight away. After signing in, your income, credit limit for your overdraft facility and the availability of other accounts, as well as their balances are automatically checked.

As well as the PIN and the TAN, the payment details you input, and details relating to you, are sent to Sofort GmbH. Data concerning you personally includes your first name and surname, address, telephone number(s), e-mail address, IP address and, if applicable, other data required for payment processing. The transmission of this data is required to verify your identity beyond doubt and to prevent attempted fraud.

Your data is sent to Sofort GmbH on the basis of Article 6 (1) (a) of the GDPR (consent) and Article 6 (1) (b) of the GDPR (processing to perform a contract). You have the option of withdrawing your consent to data processing at any time. Withdrawal does not affect data processing processes carried out in the past.

You can find details about paying with ‘instant transfer’ via the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

9. Our social media presence

Data processing by social networks

We have public profiles on social networks. You can find details about the specific social networks we use below.

Social networks such as Facebook, Twitter, etc. can comprehensively analyse your user behaviour if you visit their websites or a website that has embedded social media content (e.g. ‘Like’ buttons or advertising banners). Several processing activities that are relevant for data protection are triggered by visiting our social media pages. In detail:

If you are signed into your social media account and visit our social media page, the operator of the social media portal can associate this visit with your user account. However, in some cases, your personal data may be collected if you are not signed in or if you do not have an account with that social media portal. In this case, as an example, the data may be collected by cookies that are saved on your end device, or by your IP address being collected.

Using the collected data, the operators of the social media portals create user profiles which include your preferences and interests. This is how interest-related advertising can be shown to you on and outside of the respective social media pages. If you have an account with the respective social network, interest-based advertising can be shown on any devices that you are or were signed into.

Otherwise, please note that we are unable to track all processing activities. Depending on the provider, other processing activities can therefore be carried out by the operators of the social media portals. You can find details of this in the terms of use and privacy policies of the respective social media portals.

Legal basis

The intention of our social media pages is to ensure the widest possible web presence and to interact with our customers. This is a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR. The analysis processes initiated by social networks may be based on other legal foundations that must be disclosed by the operators of the social networks (e.g. consent within the meaning of Article 6 [1] [a] of the GDPR).

Controller and the establishment of rights

If you visit one of our social media pages (e.g. Facebook), we have joint responsibility with the operator of the social media platform for the data processing activities carried out when the visit is made. Generally, you can assert your rights (access, rectification, erasure, restriction of processing, data portability and complaints) both against us and against the operator of the social media portal (e.g. Facebook).

Please note that despite the joint responsibility with social media portal operators, we do not have comprehensive control over the data processing activities of social media portals. Our options are determined by the company policy of the respective provider.

Storage period

Data directly collected by us via the social media page is erased by our systems as soon as the storage purpose no longer applies, if you request that we erase it or if you withdraw your consent to storage. Saved cookies stay on your end device until you delete them. Mandatory legal provisions - with particular reference to retention periods - remain unaffected.

We have no control over the storage period for your data that is stored by social network operators for internal purposes. Please contact the social network operators directly for further details (e.g. in their privacy policies; see below).

Social networks in detail

Facebook and Instagram

We have a profile on Facebook and Instagram. Facebook and Instagram are web services provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, these services are operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.   Through Facebook’s certification under the EU-US data protection shield (‘EU-US Privacy Shield’ international agreement, https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active), the provider is obliged to ensure that the data protection level in the EU is also complied with when the data is processed in the USA.

We have concluded an agreement with Facebook relating to mutual processing (Controller Addendum). This agreement sets out the data processing processes for which either we are responsible or for which Facebook is responsible for when you visit our Facebook page. You can view this agreement by clicking on the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can of course change your ad settings in your user account yourself. Just click on the following link and sign in: https://www.facebook.com/settings?tab=ads.

You can find more details in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Pinterest

We have a profile on Pinterest. The social network Pinterest is a service from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street Dublin 2, Ireland (hereinafter referred to as ‘Pinterest’).

By clicking on the ‘Pin it’ button, Pinterest is notified that you have accessed the corresponding page on our website. If you are signed into Pinterest, Pinterest can directly associate your visit with your Pinterest account. By clicking on the ‘Pin it’ button, Pinterest can also store the data sent in the USA.

Through Pinterest’s certification under the EU-US data protection shield (‘EU-US Privacy Shield’ international agreement, https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active), the provider is obliged to ensure that the data protection level in the EU is also complied with when the data is processed in the USA.

 However, the operator of the Pinterest profile has no control over the data protection provisions of the platform and over the collection, analysis and use of user data.

You can find the scope and purpose of data collection and further processing and use of the data by Pinterest as well as your corresponding rights and settings options for protecting your privacy in Pinterest’s privacy policy at: https://policy.pinterest.com/de/privacy-policy