data protection
1. Notes on data protection
We are pleased that you are visiting our website and thank you for your interest in our company and our products. We would like to inform you about which data we collect, use and process and how we handle your personal data.
2. Data collection and use
Personal data is information that can be used to identify a person. This includes, for example, your name, address, email address or telephone number.
(1) Collection of personal data when using the website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address
- Date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- access status/HTTP status code
- amount of data transferred
- website from which the request comes
- browser
- operating system and its interface
- Language and version of the browser software.
- The legal basis for the storage of the data is Art. 6 Para. 1 lit. f GDPR.
(2) Collection of personal data upon registration
We offer you the opportunity to register on our website by providing personal data.
Depending on the type of contract concluded, we store the following data:
- names, first names
- Address
- billing address
- E-mail address
- phone number
The data is entered into an input mask and sent to us and stored. The data is not passed on to third parties. Users can access their user account to order goods via the app.
As part of the registration process, the user's consent to process this data was obtained, Article 6 Paragraph 1 a) GDPR. Registration is also required to fulfill a contract for the purchase of goods in our online shop or to carry out pre-contractual measures, Article 6 Paragraph 1 b) GDPR. The data collected is used by us to process the purchase of goods in our online shop, in particular to enable the correct shipping of ordered goods.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case if the registration on our website is cancelled or changed or if the data is no longer required to carry out the contract. Even after a contract has been concluded, it may be necessary to store the contractual partner's personal data in order to comply with contractual or legal obligations (e.g. for tax reasons).
Users have the option to cancel their registration at any time. You can have the data stored about you changed at any time, namely as follows:
To the extent that the data is required to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible if contractual or legal obligations do not prevent deletion.
The legal basis for the processing of the data is, in the case of your consent, Art. 6 (1) (a) GDPR and, if the registration serves to fulfill a contract or to carry out pre-contractual measures with you, additionally Art. 6 (1) (b) GDPR.
3. Name and contact details of the person responsible
The person responsible for the management of personal data is
drynkspilot GmbH
Gleimstr. 57
10437 Berlin
Germany
Email: s support.team@drynkspilot.com
contact details of the data protection officer
You can reach our data protection officer at:
E-mail: s upport.team@drynkspilot.com
4. Purposes of processing personal data
We only store your data for the following purposes:
To process orders (including payment processing and, if applicable, credit checks), to send advertising from us and for customer service.
We store and process your personal data at our central headquarters.
Your personal data will only be transferred to third parties if the transfer is necessary for the purpose of contract execution or for billing or debt collection purposes (e.g. shipping companies or payment service providers) or if you have expressly consented.
The legal basis for the transmission of data to third parties for the purpose of contract execution or for billing purposes is Art. 6 Para. 1 lit. b GDPR and for the transfer in the context of legally mandated cases Art. 6 Para. 1 lit. c GDPR.
5. Duration of data storage
We store your data for as long as the respective purpose requires, taking into account your legitimate interests. If there is a tax retention period for certain data that is processed for the execution of purchase contracts, the data will be stored for 6 or 10 years. During this time, the processing of the data is restricted after 2 years, i.e. the data will only be used to comply with legal obligations. The retention period begins at the end of the calendar year in which the order was placed by the customer or the contract was fulfilled.
6. Transfer of personal data to third parties
We may disclose your personal information to the following companies/categories of people in accordance with applicable law:
tax auditing and other authorities
External service providers and professional advisors such as lawyers, auditors, accountants, credit agencies, debt collection agencies,
Postal/shipping service providers, freight forwarders e.g. UPS, DHL, Deutsche Post
Payment providers such as PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, (Amazon Pay) Amazon Payments Europe sca, 5 Rue Plaetis, L-2338 Luxembourg; (Apple Pay) Apple Distribution International, Hollyhill Industrial Estate, Hollyhill Cork, Ireland; Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5; Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
e-commerce platform Shopify
To operate our online shop, we use Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. This service provides an e-commerce platform through which we offer our goods for sale. The data transmitted as part of your order is stored on a Shopify server.
Shopify has explicitly designed its infrastructure so that cross-border data transfer is GDPR compliant. Personal data from people in Europe is first received and processed in Ireland, Shopify's EU headquarters, and then transferred to the parent company in Canada. If data is forwarded from there to processors based in other countries, e.g. the USA, this is done in accordance with the export requirements of the Canadian data protection law recognized by the European Commission.
In addition, personal data may be transferred within a group of companies (e.g. between Shopify Inc. (Canada) and Shopify in the USA) if these companies have an internal data protection policy (so-called “Binding Corporate Rules, BCR) approved by a European data protection authority (based here in Ireland) (Article 47 GDPR).
Finally, data transferred from Shopify Canada to the United States is encrypted during transmission and storage, making it impossible to easily decrypt.
For more information, please visit http://www.shopify.com/legal/privacy.
The legal basis for the transmission of data to third parties for the purpose of contract execution or for billing purposes is Art. 6 Para. 1 lit. b GDPR and for the transfer in the context of legally mandated cases Art. 6 Para. 1 lit. c GDPR.
7. Your rights
To exercise your rights, you can use the contact form or contact the data protection officer or the person responsible or contact us by email: s upport.team@drynkspilot.com
You have the following rights:
7.1 Revocation of consent
You can revoke your consent to the processing of personal data at any time with effect for the future.
The contact options above are available for this purpose.
7.2 Further rights
You also have the following rights with regard to your personal data:
- right to information,
- right to rectification,
- Right to erasure or restriction of processing,
- Right to object to processing,
- right to data portability,
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
The responsible data protection supervisory authority for HAMBURG is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
Tel.: 040 428544040
Email: mailbox@datenschutz.hamburg.de
Internet: https://datenschutz-hamburg.de/
8. Contact form
If you send us inquiries via the contact form, we will use your data solely to process your request. This data will not be used for advertising purposes or passed on to third parties.
The legal basis for the processing of data transmitted via the contact form or when sending an email is Art. 6 (1) (f) GDPR. If the contact is also aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
The data you enter in the contact form will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies.
9. Cookies
We use cookies to make visiting our website more attractive and to enable the use of certain functions. These are small text files that your web browser receives when you visit our website and saves on your computer. Some of the cookies are deleted immediately after you close your browser. Other cookies remain permanently on your computer and enable us to recognize you or your computer the next time you visit our website.
This site uses the following types of cookies, the scope and functionality of which are explained below:
a) Transient cookies, these are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which the various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
b) Persistent cookies, these are automatically deleted after a specified period of time, which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
You can influence the use of cookies by changing the settings on your browser. Most browsers have an option that allows you to restrict or prevent cookies from being saved. Each browser is different in the way it manages cookie settings. This is described in the respective help menu of your browser.
You can find these for the respective browsers under the following links:
- Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Please note, however, that deactivating cookies may result in only limited functions of the website being available to you.
The legal basis for the use of cookies is Art. 6 Para. 1 lit. f GDPR.
When using cookies, a distinction must be made between cookies that are absolutely necessary and those that are used for more extensive purposes (measuring access numbers, advertising purposes). You generally have the choice of accepting or rejecting all or some of the non-essential cookies via our consent manager. If you choose the latter option, it is possible that you will not be able to fully use our services. You can control and revoke this consent via our consent management (also known as "cookie banner" or "cookie settings").
10. Analysis tools
10.1 Use of Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
You can prevent cookies from being saved by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, which means that they cannot be linked to a person. If the data collected about you is personally identifiable, this is immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyze the use of our website and to regularly improve it. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.
10.2 Use of Hotjar
Our website uses Hotjar, an analysis software from Hotjar Ltd. 3 Lyons Range- 20 Bisazza Street- Sliema SLM 1640, Malta (http://www.hotjar.com), which enables us to analyze your use of the website. Hotjar uses cookies and a tracking code through which the collected data is transmitted to the Hotjar server. This data is essentially device-related information such as the IP address, the screen size of your device, the device type and browser information such as type and version, your geographical location and your language settings. Your e-mail address with your first and last name is also transmitted if you have provided us with this information. User interaction such as mouse movement, websites visited and the date and time of use are also regularly transmitted to Hotjar. Your IP address is automatically anonymized by Hotjar and stored exclusively in this form. In addition, users of the website are assigned a unique user identifier (UUID), which Hotjar can use to identify returning users of our website without linking them to your personal data.
You can prevent Hotjar from collecting and using your data by clicking on the link https://www.hotjar.com/opt-out.
10.3 Use of Tidio
Our website uses Tidiochat, a service provided by Tidio Ltd. 220C Blythe Road, W14 0HH, London, United Kingdom (www.tidiochat.com). This service processes anonymized data for the purposes of web analysis and to operate a live chat. Cookies may be used for this purpose, which enable your browser to be recognized. Cookies are small text files stored on your hard disk and associated with the browser you use; they allow certain information to be sent to the location that placed the cookies. Data collected using the Tidiochat service will not be used to identify you without your consent. Nor will the data be merged with personal data about the bearer of the pseudonym used. You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.
For more information, please see Tidio’s privacy policy: https://www.tidiochat.com/en/privacy-policy .
right of objection
You can object to the collection and storage of data for the purpose of usage analysis at any time with effect for the future by informing us of your objection: e.g. by e-mail: s upport.team@drynkspilot.com or phone: 0163 293 0694
The legal basis for the use of analysis tools is Art. 6 Para. 1 S. 1 lit. f GDPR.
11. Social Media Links
We link to the social media platforms Facebook, Instagram and YouTube on our website using the respective symbols. These are hyperlinks via which no data is transmitted. If you click on the link, you will be redirected directly to our respective social media presence. Your data will only be transmitted to the respective social media service if you are logged into your respective user account. In this case, the respective social media platform may obtain information about which content you have viewed on our site.
The following are solely responsible for the social media services linked to by us:
for Facebook and its website: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
for Instagram and its website: Instagram, LLC, 1601 Willow Rd. Menlo Park, CA 94025, USA;
for YouTube and its website: YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA;
For further information about the purpose and scope of data collection and the further processing and use of your data by the respective social media service, please refer to the data protection guidelines of the respective platform.
12. Facebook Connect
We use the “Facebook Connect” service provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) on our website. We offer you the option of logging into our website using Facebook Connect if you have a Facebook profile and give us your express consent to exchange data with Facebook. Additional registration is not required in this case. To log in, you will be redirected to the Facebook page, where you can log in with your usage data. This creates a direct connection between your browser and the Facebook servers, linking your Facebook profile and our service. Through this link, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. Through the link, we automatically receive the following information from Facebook Inc. (name, email address, date of birth, address, Facebook name, user ID, age, gender, and possibly profile picture, friends list and likes) depending on your data protection settings on Facebook. Of these data, we only use your name, email address, date of birth and address to create a user account if you have approved them on Facebook. This information is required to conclude the contract in order to be able to identify you.
For further information about Facebook Connect and privacy settings, please refer to the privacy policy and terms of use of Facebook Inc. http://www.facebook.com/policy.php
If you do not want Facebook to link the data obtained via our website with your Facebook profile, you must log out of Facebook before visiting our website. You can also exclude the Facebook Connect plugin using add-ons for your browser.
revocation
The consent given to the exchange of data via Facebook Connect can be revoked at any time for the future by sending a message to Tel: 0163 293 0694 or E-Mail: s upport.team@drynkspilot.com .
13. Google Tag Manager
We use the Google Tag Manager service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94.043 USA on our website. With the Google Tag Manager, marketers can manage website tags via an interface. A tag is a marking or labeling of a database. The Tag Manager itself, which uses the tags, works without cookies and does not collect any personal data. The tags set up via the Google Tag Manager only ensure that data is collected and passed on to the target system. Because the data is only passed on, the system does not collect or store the data collected itself. The Tag Manager therefore only triggers other tags, which in turn may collect data. Corresponding explanations for these third-party providers can be found in this data protection declaration. However, the Google Tag Manager does not use this data. If you have set or otherwise deactivated cookies, this will be observed for all tracking tags that were used with the Google Tag Manager, so the tool does not change your cookie settings.
Google may ask for your permission to share some product data (such as your account information) with other Google products to enable certain features, such as making it easier to add new conversion tracking tags to AdWords. In addition, Google developers may review product usage information from time to time to further optimize the product. However, Google will not share this type of data with other Google products without your consent.
For more information, see the Google Terms of Use and the Google Privacy Policy for this product.
14th Newsletter
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information required to send the newsletter is your email address. Providing additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 Clause 1 Letter a of GDPR.
(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter email or by sending an email to ( s upport.team@drynkspilot.com ) or by sending a message to the contact details provided in the imprint.
To send our newsletter, we use the Klaviyo service from Klaviyo Inc, 225 Franklin St, Floor 10, Boston, MA 02110, USA. The processing of your data stored when you register for the newsletter (email address, name if applicable, IP address, date and time of your registration) can also take place in the USA. According to the European Court of Justice, an adequate level of data protection cannot currently be assumed in the USA.
Klaviyo uses so-called standard contractual clauses pursuant to Art. 46 Para. 2 and 3 GDPR ( https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de ) as the basis for processing or transferring data to countries outside the EU. Through these clauses, Klaviyo undertakes to comply with the EU data protection standard when processing your data, even if the data is transferred to third countries such as the USA and processed and stored there. You can find out more on the Klaviyo websites at https://www.klaviyo.com/legal/data-processing-agreement and https://www.klaviyo.com/legal/privacy/privacy-notice
(5) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in Section 3 and the web beacons with your email address and an individual ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and use this to deduce your personal interests.
right of objection
You can object to this tracking at any time by clicking on the separate link provided in each email or by contacting us via another contact method, e.g. by phone: 0163 293 0694 or email: s upport.team@drynkspilot.com . The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your email program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place.
15. Use of social media plug-ins
We use so-called social plugins (“plugins”) from Instagram on our website, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to Instagram. The plug-in in the form of images is provided with the heading "Follow us on Instagram". We give you the opportunity to communicate directly with Instagram via the button. Only if you click on the marked field and thereby activate it, will Instagram receive the information that you have accessed our website. In addition, the data mentioned under Section 1 of this declaration will be transmitted. By activating the plug-in, personal data from you will be transmitted to Instagram and stored there (for US providers in the USA).
We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, or the storage periods. We also have no information on the deletion of the data collected by Instagram.
If you interact with the plug-in, in particular if you click on the plug-in image, your browser establishes a direct connection to the Instagram servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed our website, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can immediately assign your visit to our website to your Instagram account. The information is also published on your Instagram account and displayed to your contacts there. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent your visit from being assigned to your Instagram profile.
Instagram stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Instagram to exercise this right.
For further information on the purpose and scope of data collection and the further processing and use of the data by Instagram as well as your rights and setting options to protect your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/.
If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. You can also completely block the loading of the Instagram plug-in using add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
The legal basis for the use of plug-ins is Art. 6 Para. 1 S. 1 lit. f GDPR.
16. Remarketing/Retargeting
(1) We use "Custom Audiences" from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on our websites for the purposes of retargeting or remarketing. This service uses so-called tracking or remarketing pixels. These are pixel image files that enable log file analysis. By using the pixels, the service provider can see when and how many users have accessed the pixel, or whether and when an email was opened or a website was visited.
(2) With the help of this service, website users can be shown interest-based advertisements ("Facebook Ads") when they visit the social network Facebook or other websites that also use the process. Our interest is to show you advertising that is of interest to you in order to make our website more interesting for you. When you visit our website, a direct connection to Facebook's servers is established via the pixel. This enables Facebook to identify you using the browser ID, as this can be linked to your user account. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page on our website or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identification features.
(3) Logged-in users can deactivate the “Facebook Custom Audiences” function at https://www.facebook.com/settings/?tab=ads#_.
(4) The legal basis for the processing of your data is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy/.
right of objection
If you do not want to see advertising generated by the respective targeting service, you can object to the use of retargeting technology on our websites by sending us a message to s upport.team@drynkspilot.com .
17. Orders via our website
In order to place orders via our websites, the user must enter certain personal data, namely the following data: name, address, and if applicable, payment details (credit card details). We store this data and use it exclusively for the purpose of processing the order. In addition, the following data is stored automatically: IP address, date and time of registration.
Data will only be passed on to third parties if and to the extent that this is necessary for the proper processing of an order and the concluded purchase contract. For shipping purposes, order-related data (contact and delivery details) may be transmitted to our shipping partner:
Shipping within Germany and Austria:
drynkspilot GmbH
Gleimstr. 57
10437 Berlin
Germany
Register Court: Hamburg District Court
Registration number: HRA 128157
VAT ID No.: DE354160992
The legal basis for data processing is Article 6 paragraph 1 b) GDPR.
We will delete the data collected as soon as it is no longer required to achieve the purpose for which it was collected, i.e. after the contract has been fully fulfilled.
The collection of data is essential for the proper processing of an order and fulfillment of the contract. Consequently, the user has no option to object.
Paypal
Our online shop allows payment via PayPal. The payment service provider is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.
If you pay with PayPal, the payment data you entered will be transmitted to PayPal.
Your data will be transmitted to PayPal on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing to fulfill a contract). You can revoke your consent at any time. Data processing operations that took place in the past remain effective if you revoke your consent.
Klarna
To enable you to pay via Klarna, your personal data (contact and delivery details) may be transmitted to Klarna. This is necessary so that Klarna can check your eligibility to use the payment method. Personal data transmitted to Klarna will be processed in accordance with Klarna's privacy policy .
18. WhatsApp
To send newsletters, we use the instant messaging service WhatsApp Business of WhatsApp LLC, 1601 Willow Road Menlo Park, California 94025, USA via the service provider Charles GmbH, Gartenstr. 86-87, 10115 Berlin.
Registration for the WhatsApp newsletter is done using the double opt-in process. After you register via a CTA or QR code, you will be sent a message asking you to confirm that you would like to receive messages from us via WhatsApp. If you no longer wish to receive messages, you can revoke your consent at any time and unsubscribe from the newsletter using a keyword specified by us.
The only mandatory information required to send the newsletter is your telephone number. After your confirmation, your telephone number will be forwarded to our service provider Charles GmbH for the purpose of sending the newsletter and will be processed and stored there. The legal basis is Art. 6 Paragraph 1 Clause 1 Letter a of GDPR.
If you communicate with us via WhatsApp, certain data that you share with the app will be stored and processed by WhatsApp. This includes information provided by the user such as messages, photos, videos, billing information and stored profile pictures. WhatsApp states that it only stores this data end-to-end encrypted. Some metadata is collected unencrypted by WhatsApp. This includes telephone number, location, IP address, information about your device, type and frequency of app use, location and information about the time and recipient of the messages you send. According to WhatsApp's privacy policy, this information is sometimes shared with other meta companies, which include Facebook and Instagram based in the USA. In some cases, such data is also shared with external companies, service providers or partners.
The data processing can also take place in the USA. According to the European Court of Justice, an adequate level of data protection cannot currently be assumed in the USA.
WhatsApp uses so-called standard contractual clauses pursuant to Art. 46 Para. 2 and 3 GDPR ( https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de ) as the basis for processing or transferring data to countries outside the EU. Through these clauses, WhatsApp undertakes to comply with the EU data protection standard when processing your data, even if the data is transferred to third countries such as the USA and processed and stored there. You can find out more in WhatsApp's privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea/?locale=de_DE ."
19. Emails
To send emails, we use the service provider Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA. This applies to transactional emails such as order confirmations, shipping confirmations, emails with advertising content and newsletters.
Klaviyo has access to your data. Data processing can also take place in the USA. According to the European Court of Justice, an adequate level of data protection cannot currently be assumed in the USA.
Klaviyo uses so-called standard contractual clauses pursuant to Art. 46 Para. 2 and 3 GDPR ( https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de ) as the basis for processing or transferring data to countries outside the EU. Through these clauses, Klaviyo undertakes to comply with the EU data protection standard when processing your data, even if the data is transferred to third countries such as the USA and processed and stored there. You can find out more on the Klaviyo website at https://www.klaviyo.com/legal/data-processing-agreement and https://www.klaviyo.com/legal/privacy/privacy-notice .
20th Loyalty Program
To run our loyalty program, we use the loyalty tool from LoyaltyLion Ltd., HubHub - LoyaltyLion, 20 Farringdon Street, London, EC4A 4EN, Great Britain. The data transmitted as part of your participation in the program is processed and stored by LoyaltyLion. This includes in particular your name, address, email address, telephone number (if applicable), date of birth (if applicable) and all purchase-related data.
The legal basis for the processing of the personal data that is collected on a mandatory basis is Art. 6 (1) (b) GDPR. In order to initiate and implement the contract to be concluded with you regarding participation in the loyalty program, the processing of this personal data is necessary in order to be able to assign your loyalty points and your points account. The processing of voluntarily provided personal data is based on our legitimate interest, Art. 6 (1) (f) GDPR. The data is used to improve our offer and to provide interest-based advertising. You can object to this processing of your data at any time or, alternatively, simply remove this data from your account.
21. Data security
We have implemented a variety of security measures to protect your personal information. Our servers and databases are protected by physical and technical measures, among others.
We use standardized SSL encryption technology when collecting and transmitting data via our website. Personal data is transmitted via SSL encryption as part of the ordering process, which can be identified by the lock symbol in the browser and the addition "https://" in the address bar.
With encrypted communication, your payment data that you send to us cannot be read by third parties. When communicating via email, 100% data security cannot be guaranteed.
22. Changes to this Privacy Policy
We may change this privacy policy at any time. All changes to this privacy policy will be published on this website and will automatically take effect 30 days after they are published. We will notify you of any significant changes to this privacy policy by email.