Privacy policy

  1. Introduction and Contact Information of the Controller

    1. We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
    2. The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is kybun Joya Retail AG, Mühleweg 4, 9325 Roggwil, Switzerland, Tel.: +41 (0)58 329 40 00, Email: info@kybunjoya.swiss. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

  2. Data Collection When Visiting Our Website

    1. When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called ‘server log files’). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
      • Our visited website
      • Date and time at the time of access
      • Amount of data sent in bytes
      • Source/reference from which you came to the page
      • Used browser
      • Used operating system
      • Used IP address (if applicable: in anonymized form) The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
    2. This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the character string ‘https://’ and the lock symbol in your browser line.

  3. Hosting & Content Delivery Network

    1. Shopify We use the system of the following provider for hosting our website and displaying the page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (‘Shopify’) Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. For data transfers to Canada, an adequacy decision of the European Commission guarantees an adequate level of data protection.
    2. Cloudinary We use a content delivery network from the following provider: Cloudinary Ltd., 3400 Central Expressway, Suite 110, Santa Clara, CA 95051, USA This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
    3. KeyCDN We use a content delivery network from the following provider: Proinity GmbH, Rümikerstrasse 60, 8409 Winterthur, Switzerland This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. For data transfers to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

  4. Cookies

    To make our website appealing and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your end device. Some cookies are automatically deleted when you close the browser (so-called ‘session cookies’), while others remain on your end device for a longer period and enable storing of page settings (so-called ‘persistent cookies’). In the latter case, you can find the storage duration in the cookie settings of your web browser. If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, or in the case of an explicit consent under Art. 6(1)(a) GDPR, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in providing the most functional website and a customer-friendly and effective design of the page visit. You can set your browser to inform you about the setting of cookies and to decide individually whether to accept cookies for specific cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.

  5. Contact

    1. Gorgias This website uses a live chat system from the following provider: Gorgias Inc., 180 Sansome St, Suite 1800, San Francisco, CA 94014, USA The processing of personal data transmitted via the chat takes place either in accordance with Art. 6(1)(b) GDPR, because it is necessary for the initiation or performance of a contract, or according to Art. 6(1)(f) GDPR on the basis of our legitimate interest in the effective support of our site visitors. Your data transmitted via chat will be deleted, subject to statutory retention periods, once the matter is finally resolved.

      Additionally, for the purpose of creating pseudonymized usage profiles using cookies, further information may be collected and evaluated, which does not serve your personal identification and is not merged with other data sets. If these information contain a personal reference, the processing takes place on the basis of Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes. The setting of cookies can be prevented by appropriate browser settings. In this case, the functionality of our website may be limited. You may object to the collection and storage of data for the purpose of creating a pseudonymized usage profile at any time with effect for the future. We have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider relies on Standard Contractual Clauses of the European Commission to ensure an adequate level of data protection.

    2. Reminder for reviews Solely on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR, we use your email address for a one-time reminder to submit a review of your order. You may withdraw your consent at any time by sending a message to the controller responsible for data processing.

    3. Trusted Shops For review reminders, we use the services of the following provider: Trusted Shops AG, Subbelrather Str. 15c, 50823 Köln, Germany Solely on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR we transmit your email address and possibly other customer data to the provider so that they can contact you by email with a reminder to review. Your consent can be withdrawn at any time for the future toward us or toward the provider. We are jointly responsible with the provider for the above-described processing in accordance with Art. 26 GDPR. The contract on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO

    4. Gorgias To process customer inquiries we use the email ticketing system of the following provider: Gorgias Inc., 180 Sansome St, Suite 1800, San Francisco, CA 94014, USA If you submit a contact request via our website by email, it will be stored and organized in the ticketing system to enable a chronological processing and to improve the service experience. You can always view the current status of your request using the ticket number assigned to you. The processing of personal data provided for the purpose of organization and processing of requests includes, at least, name, first name and email address, which are transmitted to the provider, stored there and read out. The legal basis for the processing of these data is our legitimate interest in the efficient design of our customer service, in the fastest possible answering of your request and in the optimization of our service offering in accordance with Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider relies on Standard Contractual Clauses of the European Commission to ensure an adequate level of data protection.

    5. In the context of contacting us (e.g., via contact form or email) personal data is processed solely for the purpose of processing and answering your request and only to the extent necessary for this purpose. legal basis for processing these data is our legitimate interest in answering your request pursuant to Art. 6(1)(f) GDPR. If your contact relates to a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted as soon as it becomes clear from the circumstances that the matter at hand has been resolved and, if there are no legal retention obligations to the contrary.

  6. Data Processing When Opening a Customer Account

    Personal data will be collected and processed to the extent necessary when you provide it to us in the process of opening a customer account. Which data are required for account creation can be found in the input form on our website. A deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded with us have been fully executed, there are no statutory retention obligations, and we have no legitimate interest in storing the data further.

  7. Use of Customer Data for Direct Marketing

    1. Email Newsletter Registration If you register for our email newsletter, we regularly send you information about our offers. The mandatory field for sending the newsletter is only your email address. Providing additional data is optional and will be used to address you personally. For newsletter dispatch we use the so-called double opt-in process, which ensures that you only receive newsletters after you have explicitly confirmed your consent by clicking a verification link sent to the address you provided. By activating the confirmation link you give us your consent for the use of your personal data in accordance with Art. 6(1)(a) GDPR. We store the IP address and the date and time of registration, in order to be able to trace possible misuse of your email address at a later point in time. The data collected during newsletter signup is used strictly for this purpose. You can unsubscribe from the newsletter at any time via the dedicated link in the newsletter or by sending a message to the controller responsible for data processing. After deregistration your email address will be immediately removed from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use it in a manner that is legally permitted and which we inform you about in this statement.
    2. Klaviyo The sending of our email newsletters is carried out via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA On the basis of our legitimate interest in effective and user-friendly newsletter marketing we pass on the data you provided during newsletter registration to this provider so that they can process the newsletter dispatch on our behalf. Subject to your explicit consent per Art. 6(1)(a) GDPR, the provider additionally conducts a statistical evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the content of the newsletter. End device information (e.g., time of access, IP address, browser type and operating system) may also be collected and analyzed, but not merged with other data. You can withdraw your consent to newsletter tracking at any time for the future. We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits further disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level.
    3. SMS Marketing On our website you have the option to sign up for the delivery of SMS notifications about current offers, promotions and information about orders. The mandatory field for sending SMS notifications is your mobile number. Providing other data is optional and will be used to address you personally. For the sending of SMS messages, the so-called double opt-in procedure is used, which ensures that promotional SMS messages are only sent after you have confirmed your consent by clicking the verification link sent to the specified mobile number. By activating the confirmation link you give us your consent for the use of your personal data in accordance with Art. 6(1)(a) GDPR. The date and time of signup are stored to prevent misuse of your mobile number at a later time. The data collected during signup for the SMS service is used strictly for advertising purposes via SMS. You can unsubscribe from SMS delivery at any time by sending a message to the above-mentioned controller for data processing. After deregistration your mobile number will be removed from the distribution list, unless you expressly consent to further use of your data or we reserve the right to use it in a manner that is legally permitted and which we inform you about in this statement.
    4. Email Notifications for Product Availability For temporarily unavailable items you can sign up to receive email product availability notifications. We will send you a one-time email notification about the availability of the item you selected. The only mandatory field for sending this notification is your email address. Providing additional data is optional and will be used to address you personally if necessary. For the email dispatch we use the so-called Double Opt-in process, which ensures that you will only receive a notification after you have confirmed your consent by clicking a verification link sent to the specified email address. By activating the confirmation link you give us your consent for the use of your personal data in accordance with Art. 6(1)(a) GDPR. We store the IP address and the date and time of signup to prevent misuse of your email address at a later time. The data collected during signup for our email notification service for product availability is used strictly for this purpose. You can unsubscribe from product availability notifications at any time by sending a message to the above-mentioned controller. After deregistration your email address will be immediately removed from the distribution list, unless you expressly consent to further use of your data or we reserve the right to use it in a manner that is legally permitted and which we inform you about in this statement.
    5. Abandoned Cart Reminders by Email If you abandon your shopping on our site before completing the order, you have the option to be reminded by email once about the contents of your virtual shopping cart. The only mandatory field for sending this reminder is your email address. Providing additional data is voluntary and will be used to address you personally. For the email dispatch we use the so-called Double Opt-in procedure, which ensures that you receive a notification only if you have explicitly confirmed your consent by clicking a verification link sent to the specified email address. By activating the verification link you give us your consent for the use of your personal data in accordance with Art. 6(1)(a) GDPR for sending a cart reminder. We store the IP address and the date and time of signup to prevent misuse of your email address at a later time. The data collected during signup for our email notification service for cart reminders is used strictly for this purpose. You can unsubscribe from cart reminders at any time by sending a message to the above-mentioned controller. After deregistration your email address will be immediately removed from the distribution list, unless you expressly consent to further use of your data or we reserve the right to use it in a manner that is legally permitted and which we inform you about in this statement.

  8. Data Processing for Order Processing

    1. To the extent necessary for contractual processing for delivery and payment, the personal data collected by us will be disclosed to the commissioned transport company and the commissioned financial institution in accordance with Art. 6(1)(b) GDPR. If we owe you updates for goods with digital elements or for digital products pursuant to a corresponding contract, we process the contact data (name, address, email) you provided during the order to inform you about upcoming updates within the legally required period via an appropriate communication channel (e.g., by post or email). Your contact data will be used strictly for this purpose and will be processed only to the extent necessary for this information. For processing of your order we also work together with the service provider(s) listed below, to which certain personal data are transmitted according to the following information.
    2. Use of Payment Service Providers (Payments)
      • Adyen On this website there are one or more online payment methods of the following provider available: Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
      • Amazon Pay On this website there are one or more online payment methods of the following provider available: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxemburg When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
      • Apple Pay If you choose the payment method ‘Apple Pay’ of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the Apple Pay function of your device running iOS, watchOS or macOS by charging a payment card stored in Apple Pay. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To approve a payment, you must enter a previously configured code and verify via Face ID or Touch ID on your device. For the purpose of payment processing, your information provided during the order as well as information about your order will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data are transmitted to the payment service provider of the payment card stored in Apple Pay. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been completed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website for payment confirmation. If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR. Apple stores anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successful. The anonymization completely excludes a personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services. If you use Apple Pay on the iPhone or Apple Watch to complete a purchase made on Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel with Apple servers. Apple does not process or store any of this information in a way that can identify you. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to ‘Wallet & Apple Pay’ and disable ‘Allow payments on Mac’. Further information on data protection in Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
      • bancontact On this website there is one or more online payment methods of the following provider: Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
      • EPS-Überweisung On this website there are one or more online payment methods of the following provider available: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200 Wien, Österreich When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
      • Google Pay If you select the payment method ‘Google Pay’ of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’), the payment will be processed via the Google Pay application on your mobile device running at least Android 4.4 (‘KitKat’) with NFC functionality by charging a payment card stored in Google Pay or a verified payment system (e.g., PayPal). For the release of a payment via Google Pay in an amount greater than €25, prior to the payment you must unlock your mobile device using the chosen verification method (e.g., facial recognition, password, fingerprint or pattern). For the purposes of payment processing, your information communicated during the order as well as information about your order will be transmitted to Google. Google then transmits the payment card data stored in Google Pay to the originating website in the form of a one-time transactional number to verify the payment. The transaction number contains no information about your actual payment card data and is a one-time valid numeric token. In all Google Pay transactions, Google acts only as a processor for the payment on the merchant’s website. The payment is executed solely between the user and the originating website. If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR. Google may retain anonymized transaction data, including the approximate amount, date and time, merchant location and description, the description of the purchased goods or services provided by the merchant, photos you attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the used payment method, your description of the reason for the transaction, and possibly the offer linked to the transaction. Google uses anonymized data to improve Google Pay and other Google products and services. If you use Google Pay on the iPhone or Apple Watch to complete a purchase made on Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel with the Google servers. Google does not process or store any of this information in a way that identifies you. You can disable the ability to use Google Pay on your Mac in the settings of your iPhone. Go to ‘Wallet & Apple Pay’ and disable ‘Allow payments on Mac’. Further information on data protection in Google Pay can be found at: https://support.google.com/de-de/answer/9112614?hl=de
      • iDeal On this website there are one or more online payment methods of the following provider available: Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
      • Klarna On this website there are one or more online payment methods of the following provider available: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose. When selecting a payment method where the provider advances payment (e.g., invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data about an alternative payment method) during the order process. To safeguard our legitimate interest in assessing the creditworthiness of our customers, we disclose these data to the provider for the purpose of a credit check under Art. 6(1)(f) GDPR. The provider checks, based on the personal data provided by you as well as other data (such as cart contents, total order amount, order history, payment experiences) whether the payment option chosen by you can be granted with regard to payment and/or default risks. The provider may also include identity and credit information from the following credit bureaus in accordance with Art. 6(1)(f) GDPR: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies The credit report may contain probability values (so-called score values). If score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Data such as your address data may be included in the calculation of the score values. You may object to this processing of your data at any time to us or to the provider. However, the provider may continue to process your personal data if this is necessary for the contractual payment processing.
      • Mollie On this website there are one or more online payment methods of the following provider available: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
      • Paypal On this website there are one or more online payment methods of the following provider available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg When selecting a payment method of the provider by which you pay in advance, the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose. When selecting a payment method by which we pay in advance, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possible data about an alternative payment method) during the order process. To safeguard our legitimate interest in assessing your creditworthiness, these data are transmitted to the provider for the purpose of a credit check under Art. 6(1)(f) GDPR. The provider checks, based on the personal data provided by you as well as other data (such as cart contents, total order amount, order history, payment experiences) whether the payment option chosen by you can be granted with regard to payment and/or default risks. The credit report may contain probability values (so-called score values). If score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Data such as your address data may be included in the calculation of the score values. You may object to this processing of your data at any time to us or to the provider. However, the provider may continue to process your personal data if this is necessary for the contractual payment processing.
      • Six Payment If you choose a payment method of the payment service provider Six Payment Services AG (Hardturmstrasse 201, CH-8021 Zürich, hereinafter ‘Six Payment’), we disclose to them the information you provided during the order together with information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number).
      • SOFORT On this website there are one or more online payment methods of the following provider: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
      • TWINT On this website there are one or more online payment methods of the following provider: TWINT AG, Stauffacherstrasse 31, CH-8004 Zürich, Switzerland When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose. For data transfers to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
      • Wallee On this website there are one or more online payment methods of the following provider: Wallee customweb GmbH, General-Guisan-Strasse 47 31, CH-8400 Zürich, Switzerland When selecting a payment method of the provider by which you pay in advance (e.g., credit card), the payment data you communicated during the order together with information about your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose. For data transfers to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

  9. Online Marketing

    Profity For our voucher offers we use the services of the following provider: adfocus GmbH, Theilerstrasse 7, 6300 Zug, Switzerland The provider operates a voucher network through which participating partner shops can post vouchers and distribute them to their customers. To this end, your data necessary for issuing your voucher are transmitted to the provider in encrypted form. The data are only transmitted to the provider if you have completed your purchase and clicked on the voucher banner. The transmission of these data serves solely to pre-fill the fields for voucher issuance. The described data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in directed advertising by third parties whose benefits you can obtain by claiming the vouchers. In the case of a transfer of data to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

  10. Web Analytics Services

    1. Google (Universal) Analytics This website uses Google (Universal) Analytics, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’), which enables analysis of your use of our website. By default, cookies set by Google Analytics are stored on your device as small text blocks and collect certain information. This also includes your IP address, which Google shortens by the last digits to exclude direct personal identification. The information is transmitted to Google servers and processed there. This may also include transfers to Google LLC based in the USA. Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected by Google Analytics on this website is stored for two months and then deleted. All processing described above, in particular the setting of cookies on your device, only occurs with your explicit consent pursuant to Art. 6(1)(a) GDPR. Without your consent, Google Analytics is not used during your visit to the site. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service using the cookie-consent tool provided on the website. We have concluded a data processing agreement with Google that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For further legal notices on Google (Universal) Analytics, see: https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites Demographic features Google (Universal) Analytics uses the special feature ‘Demographic characteristics’ and can create statistics about age, gender and interests of website visitors. This is done by analyzing advertising and information from third parties. This may enable targeting of certain groups for marketing purposes. The collected data, however, cannot be attributed to a specific person and are deleted after a storage period of two months. Google Signals As an extension to Google (Universal) Analytics, Google Signals can be used on this site to create cross-device reports. If you have personalized ads enabled and have linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics per Art. 6(1)(a) GDPR, analyze your usage across devices and create data models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the feature ‘Personalized ads’ in your Google account settings. See: https://support.google.com/ads/answer/2662922?hl=de Further information on Google Signals is available here: https://support.google.com/analytics/answer/7532985?hl=de UserIDs As an extension to Google Analytics, on this website the feature ‘UserIDs’ can be used. If you consent to the use of Google (Universal) Analytics per Art. 6(1)(a) GDPR, have set up an account on this site and sign in on different devices with that account, your activities, including conversions, can be analyzed cross-device. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.
    2. Google Analytics 4 This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’), which enables analysis of your use of our website. By default, cookies set by Google Analytics 4 are stored on your device as small text blocks and collect certain information. This also includes your IP address, which Google shortens by the last digits to exclude direct personal identification. The information is transmitted to Google servers and processed there. This may also include transfers to Google LLC based in the USA. Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics 4 is not merged with other Google data. The data collected by Google Analytics 4 on this website is stored for two months and then deleted. All processing described above, in particular the setting of cookies on your device, only occurs with your explicit consent pursuant to Art. 6(1)(a) GDPR. Without your consent, Google Analytics 4 is not used during your visit to the site. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service using the cookie-consent tool provided on the website. We have concluded a data processing agreement with Google that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. Further legal notices on Google Analytics 4 can be found at: https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites Demographic features Google Analytics 4 uses the special feature ‘demographic characteristics’ and can create statistics about age, gender and interests of website visitors. This is done by analyzing advertising and information from third parties. This may enable targeting of certain groups for marketing purposes. The collected data, however, cannot be attributed to a specific person and are deleted after a storage period of two months. Google Signals As an extension to Google Analytics 4, Google Signals can be used on this site to create cross-device reports. If you have personalized ads enabled and have linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics per Art. 6(1)(a) GDPR, analyze your usage across devices and create data models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the feature ‘Personalized ads’ in your Google account settings. See: https://support.google.com/ads/answer/2662922?hl=de Further information on Google Signals is available here: https://support.google.com/analytics/answer/7532985?hl=de UserIDs As an extension to Google Analytics, on this site the feature ‘UserIDs’ can be used. If you consent to the use of Google Analytics per Art. 6(1)(a) GDPR, have set up an account on this site and sign in on different devices with that account, your activities, including conversions, can be analyzed cross-device. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.

  11. Retargeting/ Remarketing and Conversion-Tracking

    1. Meta Pixel Within our online offering we use the service ‘Meta Pixel’ from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (‘Meta’) If a user clicks on one of our ads on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using the ‘Meta Pixel’. This URL parameter is then recorded in the user’s browser after being redirected by a cookie that our linked page itself sets. This allows Meta to identify the visitors of our online offering as a target group for displaying ads (so-called ‘Ads’). Accordingly, we use the service to display our Facebook and/or Instagram ads only to those users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in certain topics or products as determined by the pages visited) which we pass to Meta (so-called ‘Custom Audiences’). On the other hand, with the ‘Meta Pixel’ we can track whether users were redirected to our website after clicking on an advert and what actions they take there (so-called ‘Conversion-Tracking’). The collected data is anonymous for us, i.e., it provides no conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta may use the data for its own advertising purposes. All the above-described processing, in particular the setting of cookies to read information from the device used, is only performed if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the cookie-consent tool provided on the website. We have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. The information generated by Meta is typically transmitted to a Meta server and stored there; in this context there may also be a transmission to Meta Platforms Inc. servers in the USA. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.
    2. Google Ads Remarketing This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland For this purpose Google sets a cookie in the browser of your device, which automatically enables interest-based advertising based on a pseudonymous cookie ID and the pages you visit. Additional data processing occurs only if you have consented to Google’s internet and app browser history being linked to your Google account and used by Google to personalize ads that you view on the web. If you are logged into Google while visiting our site, Google uses Google Analytics data combined with your Google Analytics data to create audiences that can be used across devices. The data transmitted by Google Ads is not personally identifiable. All processing described above, in particular the setting of cookies for reading information on the device used, only occurs if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time for the future by disabling this service in the cookie-consent tool on the website. You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plugin available here: https://www.google.com/settings/ads/plugin?hl=de To make customer matching for advertising more targeted, we transmit one or more files containing aggregated customer data (primarily email addresses and phone numbers) to Google in a secure manner. Google does not have access to plain data but encrypts the information in the customer data files during transmission. The encrypted information can only be matched to existing Google accounts created by the data subjects. This enables the display of personalized advertising across all Google services linked to the respective Google account. The transmission of customer data to Google occurs only if you have given us explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke this consent at any time for the future. Further information on Google’s data protection measures for customer matching can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182 Google’s Privacy Policy is available here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/ For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.
    3. Google Ads Conversion-Tracking This website uses the online advertising program “Google Ads” and, within Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). We use Google’s advertising services to measure how successful the individual advertising measures are in relation to data about the ads campaigns. This allows us to show you ads that are of interest to you and to achieve a fair calculation of advertising costs. The conversion-tracking cookie is set when a user clicks on a Google ad. Cookies are small text files stored on your device. These cookies typically expire after 30 days and are not used to identify individuals. If a user visits certain pages of this website and the cookie has not yet expired, Google and we can determine that the user clicked on the advertisement and was redirected to that page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked across the websites of Google Ads customers. The information collected by the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion-tracking tag. However, they do not receive any information that personally identifies users. As part of Google’s Ads, personal data may be transmitted to the servers of Google LLC in the USA. Details on the conversions triggered by Google Ads and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites All processing described above, in particular the setting of cookies to read information from the device used, only occurs if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time for the future by disabling this service in the cookie-consent tool on the website. You can also permanently object to the setting of cookies by Google Ads Conversion-Tracking by downloading and installing the browser plug-in available here: https://www.google.com/settings/ads/plugin?hl=de Please note that certain functions of this website may not be available or may be limited if you have disabled cookies. Google’s privacy policy is available here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/ For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.

  12. Page Functionalities

    1. Facebook Plugins The website uses plugins from the social network provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland These plugins enable direct interactions with content on the social network. To increase data protection when visiting our website, the plugins are initially deactivated by a so-called ‘2-click’ or ‘Shariff’ solution integrated into the page. This integration ensures that when a page of our website containing such plugins is accessed, there is no connection to the provider’s servers. Only when you activate the plugins and thereby give your consent in accordance with Art. 6(1)(a) GDPR to data transfer, your browser will establish a direct connection to the provider’s servers. In this case, information about your end device (including your IP address), your browser and your page history is transmitted to the provider and processed there, regardless of whether you are logged into a user profile with the provider. If you are logged into the social network on the provider’s site, information about your interactions with the plugins may also be linked to your profile on that network. You can withdraw your consent at any time by re-clicking the enabled plugin to deactivate it. The withdrawal does not affect data that has already been transmitted to the provider. Data can also be transmitted to: Meta Platforms Inc., USA We have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.

    2. Pinterest Plugins On our website we use plugins from the social network provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland These plugins enable direct interactions with content on the social network. To increase data protection when visiting our website, the plugins are initially deactivated via a ‘2-click’ or ‘Shariff’ solution embedded in the page. This integration ensures that when a page of our website containing such plugins is accessed, there is no connection to the provider’s servers yet. Only when you activate the plugins and thereby give your consent in accordance with Art. 6(1)(a) GDPR to data transfer, your browser will establish a direct connection to the provider’s servers. In this case, information about your end device (including your IP address), your browser and your page history is transmitted to the provider and processed there.

      If you are logged into a user profile on the provider’s social network, information about interactions through the plugins may also be published there and shown to your contacts. You can withdraw your consent at any time by re-clicking the enabled plugin to deactivate it. The withdrawal does not affect data that has already been transmitted to the provider. Data can also be transmitted to: Pinterest Inc., USA We have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.

    3. Youtube This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Data can also be transmitted to: Google LLC., USA If you visit a page of our website that contains such a plugin, your browser will establish a direct connection to the provider’s servers to load the plugin. In doing so, certain information, including your IP address, will be transmitted to the provider. When embedded videos are played via the plugin, the provider also uses cookies to collect information about user behavior, generate playback statistics and prevent misuse. If you are logged into the provider’s account during your visit, the data will be linked directly to your account when you click on a video. If you do not want it to be linked to your profile on the provider, you must log out before pressing the play button. All of the aforementioned processing, in particular the use of cookies to read information from the device used, only occurs if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time for the future by disabling this service in the cookie-consent tool on the website. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.

    4. Trusted Shops Trustbadge On our website, external customer reviews and/or an externally awarded quality seal are displayed using graphically elements from the provider: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany If you call up a page of our website that contains such graph elements, your browser establishes a direct connection to the provider’s servers to load the elements properly. In this process, certain browser information, including your IP address, is transmitted to the provider. If personal data is processed in this context, it is done in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the optimal marketing of our offer and the appealing design of our internet presence. In the case of an online order with us, further processing may occur. Depending on your explicit consent pursuant to Art. 6(1)(a) GDPR about the Trustbadge after completing an order, your order information (order total, order number, possibly purchased product) as well as your email address may be transmitted in encrypted form to the provider to verify an existing registration for the provider’s services (in particular the buyer protection) and possibly to enable re-registration. In the case of an existing registration or in the case of re-registration with the provider for its services (in particular the buyer protection), your order information (order total, order number, purchased product) as well as your email address will be transmitted to and processed by the provider on the basis of the contract governing the joint responsibility under Art. 26 GDPR to provide the services (in particular buyer protection). We are jointly responsible with the provider for the above-described processing under Art. 26 GDPR. The contract on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO

    5. Google Maps This website uses an online mapping service from the provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). Google Maps is a web service for presenting interactive (map) maps to visually display geographical information. On using this service, our location is shown to you and it may facilitate arrival. Even when you call up the subpages where the Google Maps map is embedded, information about your use of our website (e.g., your IP address) is transmitted to Google and stored on Google servers, which may also be located in the USA. If you are logged into Google during your visit, your data will be directly linked to your account. If you do not want it to be linked to your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of provision, evaluation and improvement of its services. The collection, storage, and evaluation are carried out in accordance with Art. 6(1)(f) GDPR based on Google’s legitimate interest in the display of personalized advertising, market research and/or the demand-oriented design of Google websites. You have the right to object to the creation of these user profiles, and you should contact Google to exercise that right. If you do not agree to the future transmission of your data to Google in the context of using Google Maps, you can also completely disable the Google Maps service by turning off JavaScript in your browser. Google Maps and the mapping display on this website can then no longer be used. If required by law, we have obtained your consent regarding the aforementioned data processing under Art. 6(1)(a) GDPR. You can withdraw your consent at any time for the future by following the steps described above. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards. Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

    6. Google Web Fonts This page uses so-called web fonts from the provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland When a page is opened, your browser loads the required web fonts into its browser cache to display the texts and fonts correctly and establishes a direct connection to the provider’s servers. This may involve the transmission of information such as your IP address to the provider. Data can also be transmitted to: Google LLC, USA The processing of personal data during the connection with the provider of the fonts is only performed if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time for the future by disabling this service via the cookie-consent tool provided on the website. If your browser does not support web fonts, a standard font will be used from your computer. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards. Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

    7. Google reCAPTCHA On this website we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Data can also be transmitted to: Google LLC, USA. For the visual design of the CAPTCHA window, the fonts provided by Google Fonts are used. There is no other processing beyond what is described above. The service checks whether the input is by a natural person or automated by machine and blocks spam, DDoS attacks and similar automated abuse. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of your device, recognition data of the browser and operating system, as well as the date and duration of the visit and transmits these to the provider’s servers for evaluation. Cookies may be used. If the aforementioned processing is based on cookies, these are only set if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time for the future by disabling this service via the cookie-consent tool on the website. If the processing is performed without cookies, the legal basis is our legitimate interest in determining individual responsibility on the internet and in preventing abuse and spam pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.

    8. Make We use the services of Celonis, Inc., One World Trade Center, 87th Floor, New York, NY, 10007, USA for integration and synchronization of databases and web applications. Our processing activities are automated to manage and execute various workflows within our processing system to optimize our internal organization. If personal data are processed in this context, this is done on the basis of Art. 6(1)(f) GDPR on the basis of our legitimate interest in optimizing our internal organization. We have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework to ensure compliance with European data protection standards.

  13. Tools and Other

    Cookie-Consent-Tool This website uses a so-called ‘Cookie-Consent-Tool’ to obtain effective user consent for consent-requiring cookies and cookie-based applications. The tool is displayed to users when a page is opened in the form of an interactive user interface, in which consent for certain cookies and/or cookie-based applications can be given by checking boxes. When using the tool, all cookies/services requiring consent are loaded only after the user has given the respective consent by checking the box. This ensures that consent is obtained before loading such cookies on the user’s device. The tool sets technically necessary cookies to store your cookie preferences. Personal user data is not processed in principle. If, in individual cases, personal data is processed for storage, assignment or logging of cookie settings (e.g., the IP address), this is done in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our online presence. Other data protection basis is Art. 6(1)(c) GDPR. We are responsible for ensuring that the use of technically non-necessary cookies is dependent on user consent. If necessary, we have concluded a data processing agreement with the provider that ensures protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For more information about the operator and the settings of the Cookie-Consent-Tool please refer to the corresponding user interface on our website.

  14. Rights of the Data Subject

    1. The applicable data protection law grants you, with regard to the processing of your personal data by the controller, the following data subject rights (rights of access and intervention), with reference to the legal basis for the respective exercise:
      • Right of access pursuant to Art. 15 GDPR;
      • Right to rectification pursuant to Art. 16 GDPR;
      • Right to erasure pursuant to Art. 17 GDPR;
      • Right to restriction of processing pursuant to Art. 18 GDPR;
      • Right to data portability pursuant to Art. 20 GDPR;
      • Right to withdraw consent pursuant to Art. 7(3) GDPR;
      • Right to lodge a complaint pursuant to Art. 77 GDPR.
    2. Right to object IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR INTERESTS FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE. IF YOUR DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, WE WILL STOP PROCESSING YOUR DATA FOR DIRECT MARKETING.

  15. Retention of Personal Data

    The duration of the storage of personal data depends on the respective legal basis, the processing purpose and – where applicable – additionally on the applicable statutory retention periods (e.g., commercial and tax retention periods). When personal data are processed on the basis of an explicit consent pursuant to Art. 6(1)(a) GDPR, the data are stored for as long as you do not withdraw your consent. If statutory retention periods exist for data processed on the basis of Art. 6(1)(b) GDPR in the context of business or analogous obligations, these data are routinely deleted after the retention periods expire, unless they are still required for contract performance or contract initiation and/or we have no legitimate interest in storing. When personal data are processed based on Art. 6(1)(f) GDPR, these data are stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims. When personal data are processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, these data are stored until you exercise your right to object under Art. 21(2) GDPR. Unless otherwise indicated in the rest of this notice regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or processed in any other way.