Data protection information
Our data protection information is structured as follows:
Contents
3.... Disclosure of data to third parties
B... Supplementary information on data processing on our website
I.... Absolutely necessary data processing for the provision of the website
1.... Accessing our websites and server log files
3.... Cookies for the provision of the website
II... Additional data processing on the website after consent
2.... Cloudflare Web Analytics
III. Data processing when making contact, placing an order or using functions on the website
1.... Categories of recipients of personal data of our website visitors
C... Supplementary information on data processing on our company social media pages
1.... General information on company websites, legal basis
2.... Agreements according to Art. 26 GDPR
For reasons of better readability, the simultaneous use of male and female language forms is avoided. All designations apply to all genders.
A. General information
1. responsible person
Responsible for the processing of personal data is:
moll Funktionsmöbel GmbH
Rechbergstrasse 7
73344 Gruibingen
Phone: +49 7335 181140
E-mail: [email protected]
2. data protection officer
You can reach the data protection officer of moll Funktionsmöbel GmbH at:
DataCo gmbH
Dachauer Street 65
80335 Munich
Phone: +49 89 740045840
E-Mail: [email protected]
3. disclosure of data to third parties
Your personal data will only be passed on to third parties to the extent permitted by data protection law, in particular if you have consented to the transfer (Art. 6 para. 1 sentence 1 lit. a GDPR) or if the transfer is necessary for the purpose of contract processing (Art. 6 para. 1 sentence 1 lit. b GDPR).
The relevant recipients and categories of recipients are listed in the relevant supplementary information.
4. storage duration
The user account and all stored data will be deleted as soon as they are no longer required for the fulfillment or termination of the contract (Art. 6 para. 1 sentence 1 lit. b GDPR), but no later than six months after termination of the contract. This does not apply to data that we are legally obliged to retain (e.g. ten years for tax-relevant documents in accordance with the German Commercial Code and Tax Code or six years for other business letters; Art. 6 para. 1 sentence 1 lit. c GDPR) or for which we have a legitimate interest in retaining, for example to prevent re-registration after a justified blocking. Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or if the purpose of the data processing has not yet ceased to apply.
5. your rights
5.1 Deactivating and deleting cookies
Cookies may be stored on your device when you visit our website. You can deactivate the storage of cookies on your device in your browser settings. You can also delete cookies that have been saved in your browser settings at any time. However, in this case you may not be able to use all the functions of our website to their full extent.
5.2 Right of withdrawal
Some of the processing operations described in this data protection information are based on your consent. You can withdraw your consent to the performance of these processing operations at any time with effect for the future. You can withdraw your consent to data processing by services on our website via the Consent Management Tool ("CMT"). In this way, you can also consent to individual data processing operations again. You can open the CMT at any time using the fingerprint symbol. In all other cases, you can revoke your consent by sending a message to the contact details listed above.
5.3 Right of objection
You can object to the use of personal data for direct marketing purposes at any time; you can also object to the use of personal data on the basis of Art. 6 para. 1 lit. e or f GDPR at any time with effect for the future for reasons arising from your particular situation. The objection will only incur the transmission costs according to the basic rates.
5.4 Right of access, rectification, erasure or restriction and portability
Under the conditions of Art. 15 to 20 GDPR, you have the right to receive information free of charge about the personal data we have stored about you, to have incorrect data corrected and to request the deletion or restriction of processing and the portability of your personal data. In some cases, however, we are not allowed to delete user data completely due to statutory retention obligations.
5.5 Right of appeal
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of an alleged infringement.
B. Supplementary information on data processing on our website
In addition to our General Information (see A), we provide information here on how personal data is collected on our website and for what purposes it is processed and on what legal basis.
I. Absolutely necessary data processing for the provision of the website
In some cases, the processing of data is absolutely necessary in order to be able to provide our service without technical or functional restrictions and in accordance with the legal requirements. In these cases, data processing also takes place if you have rejected any additional data processing via the Consent Management Tool ("CMT").
1. access to our websites and server log files
Your browser automatically sends data requests to our servers in order to retrieve content from our website and display it correctly on your device. Each data request from your browser contains the following information, among other things: (dynamic) IP address, browser type and version, operating system and version, domain accessed, previously visited website and date and time of access. The data requests from your browser are automatically stored on our server in so-called "server log files".
The data processing described is absolutely necessary to ensure that our websites can be accessed and displayed correctly on your device. In addition, the log files can be used to identify cyberattacks and thus ensure the accessibility of our websites. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
2. consent management tool
We have integrated a Consent Management Tool ("CMT") to obtain and document your consent to data processing by various services.
When you open our website, you can use the CMT to submit declarations of consent for individual data processing operations that are stored by the CMT. For this purpose, the CMT assigns a so-called "Controller ID" and also stores information in the session storage and local storage of your browser:
In this way, when you reopen the website, it is possible to see which data processing by which services you have consented to or not consented to. This means that you do not have to make your settings for consenting to individual data processing operations each time you visit the website. For this purpose, it is absolutely necessary to store the listed information on your terminal device (§ 25 para. 2 no. 2 TTDSG).
Of course, you can open the CMT at any time using the fingerprint symbol. This allows you to easily revoke any consent you have given.
3. cookies for the provision of the website
II Additional data processing on the website after consent
We have integrated the services listed below into our website for various purposes. Data processing by these services only takes place if you have given your consent via the Consent Management Tool ("CMT"). You can revoke your consent at any time via the CMT; please also read section A.5.2.
1. amazon cloudfront
The Amazon Cloudfront service is integrated on our website. The provider of the service is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg ("AWS"). Data processing by the service only takes place after you have consented to this via the CMT.
The service collects this information about your end device and your visit to our website: Browser type and version, operating system and version, IP address, domain accessed and the previously visited website. The service also collects the date and time the page was accessed. The legal basis for access to stored information and the storage of information on your end device by the service is your consent (Section 25 (1) sentence 1 TTDSG).
The service is a content delivery network (CDN) that makes our websites faster and more secure. On our behalf, the service is used to make the content of our websites available for retrieval on different servers around the world, which improves performance. The service also activates firewalls and security mechanisms to protect against cyber attacks. Logs are also created about the use of our websites. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. We have agreed EU standard data protection clauses with the provider to safeguard the transfer to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use all the functions of the website.
Further information on data processing by the service can be found at:
- https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf
- https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
2. cloudflare web analytics
The Cloudflare Web Analytics service is integrated on our website. The provider of the service is Cloudflare Germany GmbH, Rosental 7, 80331 Munich ("Cloudflare"). Data processing by the service only takes place after you have consented to this via the CMT.
The service collects this information about your end device and your visit to our website: Browser type and version, operating system and version, IP address, domain accessed and the previously visited website. The service also collects the date and time the page was accessed. The legal basis for access to stored information and the storage of information on your end device by the service is your consent (Section 25 (1) sentence 1 TTDSG).
Based on the data collected, the service provides us with statistics on the use of our websites on our behalf, for example on visits to our websites and the countries from which our websites are accessed. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. We have agreed EU standard data protection clauses with the provider to safeguard the transfer to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use all the functions of the website.
Further information on data processing by the service can be found at:
3. facebook chatbot
A chatbot is integrated on our website. The provider of the service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Data processing by the service only takes place after you have consented to this via the CMT.
You can contact us via the chatbot. To process the information you enter, please read B.III.1.
To load and display the service, this information about your end device and your visit to our website is disclosed to the provider's servers: Browser type and version, operating system and version, IP address, domain accessed and the previously visited website. The service also collects the date and time of each page view. The legal basis for the disclosure of the data is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR)
It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. We have agreed EU standard data protection clauses with the provider to safeguard the transfer to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use all the functions of the website.
Further information on data processing by the service can be found at: https://www.facebook.com/about/privacy.
4. facebook pixel
The Facebook Pixel service is integrated on our website. The provider of the service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Data processing by the service only takes place after you have consented to this via the CMT.
When our websites are accessed, a 1×1 pixel image file is automatically loaded by the Facebook servers. The respective data request to load the image file discloses the following information to Facebook: (dynamic) IP address, browser type and version, operating system and version, domain accessed, previously visited website and date and time of access. The legal basis for access to information stored on your device by the service is your consent (Section 25 (1) sentence 1 TTDSG).
We can place advertisements on Facebook to draw attention to our offers. In doing so, we only want to place ads that are attractive to you. For this purpose, Facebook uses the information collected to analyze your surfing behavior on our website and provides us with the results. The legal basis for the further processing of the data collected is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
If an ad is placed for you by us on Facebook and you click on it, you may be redirected to our website. In this case, a 1×1 pixel image file is loaded again from the Facebook servers when our website is loaded. As a result, the above-mentioned information is again disclosed to Facebook. In this case, too, the legal basis for the service to access information stored on your device is your consent (Section 25 (1) sentence 1 of the GDPR).
Facebook can use the tracking pixel to understand that you have clicked on our ad and have been redirected to our website. In this way, Facebook can provide us with a statistical evaluation of the effectiveness of our advertising measures (so-called "conversion tracking"). The legal basis for conversion tracking is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
If you are logged in to Facebook with your profile, Facebook can add the collected data to your user profile. In addition, Facebook may use the data collected for its own advertising purposes in accordance with the Facebook Data Usage Policy. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. We have agreed EU standard data protection clauses with the provider to safeguard the transfer to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
Users who are logged in to Facebook can adjust their settings for advertisements at: www.facebook.com/ads/preferences.
Further information on data processing by the service can be found at:
5. google services
Services provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google") are integrated on our website.
5.1 General information on Google services, legal basis
In order to provide the services, Google accesses information that is stored on your device. In addition, Google may store information and in particular cookies on your device in order to provide the services. Details on this can be found below for the respective service. The legal basis for accessing information and storing information and cookies is your consent (Section 25 (1) sentence 1 TTDSG).
On the one hand, Google processes the information to provide the services. On the other hand, Google processes the information according to its own information in order to continuously improve and further develop its services. The legal basis for the processing of personal data for these purposes is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
It cannot be ruled out that data collected by Google services may also be transmitted to a Google server in a third country, in particular to a server of Google's parent company, Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA, and stored there. We have agreed EU standard data protection clauses with Google to safeguard the transfer to third countries. According to its own information, Google ensures compliance with data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by Google services therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
If you are logged into your Google account, Google may add processed information to your account depending on your account settings and treat it as personal data, see in particular https://www.google.de/policies/privacy/partners. We have no knowledge of the data collected in this way or how it is used.
Further information on data processing by Google can be found at:
- https://policies.google.com/privacy ("Google Privacy Policy")
- https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps")
- http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes")
5.2 Google Tag Manager
The Google Tag Manager (GTM) service is integrated on our website in order to load additional services. As a result of this technical implementation, when you access a website, Google learns that the website was accessed using the IP address of your end device. Google can also track which functions and tools are loaded via the GTM.
You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use all the functions of the website.
Further information on data processing by GTM can be found at: https://support.google.com/tagmanager/answer/6102821?hl=de.
5.3 Google Analytics
The Google Analytics service is integrated on our website. The service carries out a website-wide evaluation of your surfing behavior. For this purpose, the service stores cookies, i.e. small text files, on your end device:
These are the following cookies:
Google processes the data collected on our behalf in order to provide us with pseudonymous profiles of individual visitors and general statistics on the use of our website. We use this information to improve our offer and make it more interesting for you as a user.
We use the "Google Optimize" function of Google Analytics. Google Optimize analyses the use of different variants of our website (so-called "A/B tests") and thus helps us to improve the user-friendliness according to the behavior of our users on the website.
We use the "demographic characteristics" function of Google Analytics. By evaluating your surfing behavior, Google can make statistical statements about the demographic characteristics and interests (e.g. age, gender, affinity categories, segments with target groups ready to buy) of visitors to our website. However, we cannot assign this data to a specific person. We use the demographic information to improve our offer and make it more interesting for you as a user. For more information on data processing using "demographic characteristics" from Google Analytics, please visit
IP anonymization has been activated on this website so that your IP address is shortened by Google Analytics before it is saved. According to Google, the full IP address is only transmitted to a Google LLC server in the USA and shortened there in exceptional cases. According to Google, the shortened IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can download and install a plug-in for deactivating Google Analytics across websites for the browser you are using at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on data processing by Google Analytics can be found at: https://support.google.com/analytics/answer/6004245?hl=de%20.
5.4 Google Ads and Google Ads Remarketing
The Google Ads and Google Ads Remarketing services are integrated on our website in order to draw attention to our offers in Google search results and on third-party websites.
We only want to display ads that are attractive to you. For this purpose, Google analyzes in particular device information, your location and your surfing behavior on our website. For this purpose, the service stores cookies, i.e. small text files, on your end device:
- ... (Designation/"name" of the cookie): ... (Function description: What is the cookie used for?), ... (Function duration: How long does it take until the cookie is automatically deleted?), Google receives access to the processed data.
If you click on an advertisement placed for us by Google in the Google search results or on a third-party website, cookies for conversion tracking (visit action evaluation) are stored on your end device. These cookies are valid for a limited period of time. If you subsequently visit certain pages of our website and the cookies have not yet expired, Google can recognize that you clicked on our ad and were redirected to our website. In this way, Google can provide us with a statistical evaluation of the effectiveness of our advertising measures. For this purpose, the service stores cookies, i.e. small text files, on your end device:
- ... (Designation/"name" of the cookie): ... (Function description: What is the cookie used for?), ... (Function duration: How long does it take until the cookie is automatically deleted?), Google receives access to the processed data.
Google assumes joint responsibility for the data processing described and has therefore provided us with a corresponding contract in accordance with Art. 26 GDPR, which we have agreed with Google as part of the ordering process.
You can enable or disable personalized advertising from Google via the advertising settings at this link: https://adssettings.google.com/anonymous?sig=ACi0TCjoT_RnPbIUe8IGa85dyA_5J4bol6TV5SM7jVOJycoeZaGP6BA8RWwSWmRUP0XRoURUu0XBV15kNZzQKE4cntIuJx15vg&hl=de. These settings are saved in your Google account (if you are logged in) or in your browser (if you are not logged in). Alternatively, you can install a plug-in for your browser at this link to deactivate personalized advertising: https://support.google.com/ads/answer/7395996?hl=de.
For more information on how Google Ads works and how it processes data, please visit:
- https://ads.google.com
- https://ads.google.com/intl/de_de/home/faq/gdpr
- https://policies.google.com/technologies/ads
6. jetpack CDN
The Jetpack CDN service is integrated on our website. The provider of the service is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA ("Automattic"). Data processing by the service only takes place after you have consented to this via the CMT.
The service collects this information about your end device and your visit to our website: Browser type and version, operating system and version, IP address, domain accessed and the previously visited website. The service also collects the date and time of the page view. The service stores cookies, i.e. small text files, on your end device:
- tk_l1: This cookie stores a unique identifier for the publisher so that Jetpack can collect data; the storage period is 1 year; Automattic receives access to the collected data.
The legal basis for access to stored information and the storage of information on your end device by the service is your consent (Section 25 (1) sentence 1 TTDSG).
The service is a content delivery network (CDN) that makes our websites faster and more secure. With the help of the service, the content of our websites is made available for retrieval on different servers around the world, which improves performance. The service also activates firewalls and security mechanisms to protect against cyber attacks. Logs are also created about the use of our websites. In addition, the service provides us with information on the use of our website and thus helps us to make it even more attractive. The legal basis for further processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. We have agreed EU standard data protection clauses with the provider to safeguard the transfer to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
Further information on data processing by the service can be found at:
- https://de.jetpack.com/support/website-beschleuniger/
- https://automattic.com/de/privacy/?utm_medium=automattic_referred&utm_source=jpcom_footer
- https://automattic.com/cookies/#analytics-and-performance
7. microsoft advertising
The Microsoft Advertising service is integrated on our website. The provider of the service is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Data processing by the service only takes place after you have consented to this via the CMT.
We have integrated some lines of code into our website that are provided by Microsoft, the so-called "Universal Event Tracking Tags" ("UET tag" for short). This means that the following information, among other things, is disclosed to Microsoft when you visit our website: (dynamic) IP address, browser type and version, operating system and version, domain accessed, previously visited website and date and time of access. The legal basis for access to information stored on your device by the service is your consent (Section 25 (1) sentence 1 TTDSG).
We can place advertisements in the Bing, Yahoo and MSN search results to draw attention to our offers. We only want to place ads that are attractive to you. For this purpose, Microsoft uses the information collected to analyze your surfing behavior on our website, enriches it with your search results from the respective search engine and makes the results available to us. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
If an ad is placed for you by us in the Bing, Yahoo and MSN search results and you click on it, you may be redirected to our website. In this case, Microsoft can track that you clicked on our ad and were redirected to our website. In this way, Microsoft can provide us with a statistical evaluation of the effectiveness of our advertising measures on our behalf (so-called "conversion tracking"). Conversion tracking is also carried out using the UET tag. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. We have agreed EU standard data protection clauses with the provider to safeguard the transfer to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use all the functions of the website.
Further information on data processing by the service can be found at:
- https://ads.microsoft.com
- https://about.ads.microsoft.com/de-de/resources/training/universal-event-tracking
- https://privacy.microsoft.com/de-de/privacystatement
8 Microsoft Clarity
The Microsoft Advertising service is integrated on our website. The provider of the service is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Data processing by the service only takes place after you have consented to this via the CMT.
The service assigns you a unique visitor ID and collects this information about your end device and your visit to our website: Total number of your visits, page views per session, frequently visited pages, visit times, previously visited website (so-called referrer), category of end device (smartphone, tablet, desktop), country of origin, browser. A tracking script is integrated into our website for this purpose. The service also stores cookies, i.e. small text files, on your end device.
These are the following cookies:
The legal basis for access to stored information and the storage of information on your end device by the service is your consent (Section 25 (1) sentence 1 TTDSG).
Microsoft uses the information collected to create so-called "heat maps" (frequently clicked locations), "dead clicks" (clicks without function), "rage clicks" (multiple clicks on the same location), "excessive scrolling" (areas scrolled away) and "quick backs" (quick clicks back to the original page). In addition, a so-called "session playback" is created, which allows us to track how a visitor has moved their mouse/finger across our pages and navigated. According to its own information, Microsoft may also process the collected data for its own purposes, such as improving its own products and creating user profiles for advertising purposes. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. We have agreed EU standard data protection clauses with the provider to safeguard the transfer to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, the transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. Further information on third country transfers can be found in section IV.2.
You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use all the functions of the website.
Further information on data processing by the service can be found at:
- https://clarity.microsoft.com
- https://clarity.microsoft.com/terms
- https://privacy.microsoft.com/de-de/privacystatement
III Data processing when making contact, placing an order or using functions on the website
Read here which data is processed when you contact us or use functions of the website.
1. contact
We collect personal data when you provide it to us. This may, for example, be data that you transmit to us in the course of contacting us.
This data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as this is necessary to carry out a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 sentence 1 lit. f GDPR).
You can also contact us via our chatbot. For data processing by the service, please read B.II.3.
2. registration and login
You can register a password-protected account with us. As part of the registration process, the data marked as "mandatory information" is collected. With the "mandatory information" we collect the data required for the purpose of implementing the user relationship established by the registration (Art. 6 para. 1 sentence 1 lit. b GDPR). Of course, you can provide us with further data if you wish (Art. 6 para. 1 sentence 1 lit. a GDPR). You can delete your personal user account at any time.
In order to technically enable access to password-protected areas, it is absolutely necessary that these cookies are stored on your end device (§ 25 Para. 2 No. 2 TTDSG):
3. orders
You can place orders with us. As part of the ordering process, the data marked as "mandatory information" is collected. With the "mandatory information" we collect the data required to process the order (Art. 6 para. 1 sentence 1 lit. b GDPR). Of course, you can provide us with further data if you wish (Art. 6 para. 1 sentence 1 lit. a GDPR).
For more convenient shopping in our online store, you can also register or log in with us, please also refer to section B.III.2.
In order to technically enable the shopping cart function and the execution of the further order process, it is absolutely necessary that these cookies are stored on your end device (§ 25 para. 2 no. 2 TTDSG):
4. payment processing
Read here which payment processing options are available and which personal data is processed in each case.
4.1 Apple Pay
Payments can be processed via the Apple Pay service. The provider of the service is Apple Distribution International Limited, Hollyhill Industrial Estate, Cork, Ireland ("Apple").
Payment processing via the service is only possible if you have registered with Apple for this purpose. By selecting the Apple Pay payment option, you will be redirected to Apple's website. Data will be transmitted to Apple; in particular, Apple will receive information about your purchase. The data transfer is absolutely necessary in order to provide you with the payment option you have selected (Art. 6 para. 1 sentence 1 lit. b GDPR).
We have no influence on the data processing that subsequently takes place at Apple. Rather, this is governed by the provisions agreed between you and Apple. Apple is solely responsible for the protection and handling of the data collected by Apple. Further information on data processing by Apple can be found at: https://support.apple.com/de-de/HT203027 and https://support.apple.com/de-de/HT210665.
4.2 PayPal
Payments can be processed via the PayPal service. The provider of the service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
Payment processing via the service is only possible if you have registered with PayPal for this purpose. By selecting the PayPal payment option, you will be redirected to the PayPal website. Data will be transmitted to PayPal; in particular, PayPal will receive information about your purchase. The data transfer is absolutely necessary in order to provide you with the payment option you have selected (Art. 6 para. 1 sentence 1 lit. b GDPR).
We have no influence on the data processing that subsequently takes place at PayPal. Rather, this is based on the provisions agreed between you and PayPal. PayPal is solely responsible for the protection and handling of the data collected by PayPal. Further information on data processing by PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
4.3 Google Pay
Payments can be processed via the Google Pay service. The provider of the service is Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google").
Payment processing via the service is only possible if you have registered with Google for this purpose. By selecting the Google Pay payment option, you will be redirected to the Google website. Data will be transmitted to Google; in particular, Google will receive information about your purchase. The data transfer is absolutely necessary in order to provide you with the payment option you have selected (Art. 6 para. 1 sentence 1 lit. b GDPR).
We have no influence on the data processing that subsequently takes place at Google. Rather, this is based on the provisions agreed between you and Google. Google alone is responsible for the protection and handling of the data collected by Google. Further information on data processing by Google can be found at: https://policies.google.com/privacy.
4.4 Klarna
Payments can be processed via the Klarna service. The provider of the service is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden ("Klarna").
By selecting the Klarna payment option, you will be redirected to the Klarna website. Data will be transmitted to Klarna; in particular, Klarna will receive information about your purchase. The data transmission is absolutely necessary in order to provide you with the payment option you have selected (Art. 6 para. 1 sentence 1 lit. b GDPR).
We have no influence on the data processing that subsequently takes place at Klarna. Rather, this is based on the provisions agreed between you and Klarna. Klarna is solely responsible for the protection and handling of the data collected by Klarna. Further information on data processing by Klarna can be found at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
4.5 Further payment options
If you have selected the credit card payment method and this is necessary to process the payments, we will pass on your data required for this to the payment service provider you have selected (Art. 6 para. 1 sentence 1 lit. b GDPR).
5. advertising measures
We have a legitimate interest in the processing of your data for direct marketing purposes within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. This applies in particular to e-mail newsletters, for example with information about our products and services.
You can unsubscribe from an e-mail newsletter at any time with effect for the future via the link provided for this purpose in every e-mail newsletter or by sending a message to the contact details given above. In addition, you can object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone. The objection will only incur the transmission costs according to the basic rates. The legality of the data processing operations already carried out remains unaffected by this.
After you unsubscribe from the newsletter distribution list, we will store your e-mail address in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR in complying with the legal requirements when sending newsletters. Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. However, we would like to point out that if your data is deleted completely, it may be processed again for advertising purposes if your data is collected again.
IV. Categories of recipients of personal data of our website visitors and transfer to third countries
1. categories of recipients of personal data of our website visitors
Categories of recipients of personal data who are not bound by instructions are Providers of analysis services and providers for payment and shipping processing.
Categories of service providers bound by instructions and obligated in accordance with data protection regulations, who may not use the data for any other purpose, are Providers for the support and hosting of the website.
2. third country transfer
Services from providers based in the USA or with links to the USA are integrated on our website. If you consent to data processing by one of these providers, it cannot be ruled out that US authorities will have unrestricted access to the data processed about you. You have no legal recourse against this. These are the specific providers:
- Service: Amazon Cloudfront
Provider: Amazon Web Services EMEA SARL, Luxembourg
Parent company: Amazon Inc, USA - Service: Cloudflare Web Analytics
Provider: Cloudflare Germany GmbH, Germany
Parent company: Cloudflare Inc., USA - Service: Facebook Chatbot, Facebook Pixel
Provider: Meta Platforms Ireland Limited, Ireland
Parent company: Meta Inc, USA - Service: Google Analytics, Google Ads, Google Tag Manager
Provider: Google Ireland Limited, Ireland
Parent company: Google LLC, USA - Service: Jetpack CDN
Provider: Automattic Inc, USA - Service: Microsoft Advertising, Microsoft Clarity
Provider: Microsoft Corporation, USA
It cannot be ruled out that the companies or the respective parent companies and/or US authorities may have access to personal data that is processed for the provision of the services.
Standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR ("SCC") are currently regularly agreed as the legal basis for the transfer of personal data to the USA. However, a third country transfer on the basis of SCC is only permitted if the agreements can actually be complied with by the providers in the third country. In particular, this would require that unrestricted access to the data by US authorities can be ruled out, which is not the case according to current knowledge.
Although we conclude the standard data protection clauses with the companies, we therefore only use the aforementioned services with your prior express consent and expressly point out the following regarding the risks of data transmission to one of the aforementioned service providers:
Due to the powers of the US intelligence services and the legal situation in the USA, the state surveillance measures of the USA are disproportionate and, from the EU's perspective, there is no adequate level of state data protection for personal data. In particular, Section 702 of the US Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on the surveillance measures of the intelligence services and no guarantees for non-US citizens. Furthermore, Presidential Policy Directive 28 (PPD-28) does not provide data subjects with any effective legal remedies against measures taken by the US authorities and does not provide for any limits to ensure proportionate measures. In addition, US authorities can demand that a US company hand over all stored data on the basis of the US Cloud Act, even if this data is located on servers within the EU.
C. Supplementary information on data processing on our company social media pages
We operate a so-called "company page" on these social media platforms:
- Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
- Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
- YouTube: Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland
- Pinterest: Pinterest Europe Limited, Palmerston House, Fenian Street, Dublin 2, Ireland
In addition to our General Information (see A), we provide information here on data processing when you visit one of our company websites.
1. general information on company websites, legal basis
As the owner of an online presence on a social media platform, we process personal data when you write to us directly in a personal message or via the public comment function on the platform. Which data is collected depends on the information you provide and the contact details you provide or share.
When you visit a company page, the respective operator of the platform ("provider") collects information that enables it to recognize users and comprehensively analyse user behaviour. The provider of the social media platform can also use the data collected in this way to create user profiles. If you are logged in to your corresponding social media account when you visit a company page, the respective provider can also assign this visit to your account.
The respective provider merely provides us with an anonymized statistical evaluation of the use of our company website based on the information obtained. This enables us to make our contributions even more targeted in future. In this respect, we have a legitimate interest in collecting and processing this information. In addition, we have a legitimate interest in being able to use as many communication options as possible and thus reach as many interested parties as possible personally. In this respect, the legal basis for the data processing associated with the operation of a company website is Art. 6 para. 1 sentence 1 lit. f GDPR.
We ourselves do not pass on any personal data that we collect via our company pages to third parties. However, we can neither influence nor exclude the possibility that the providers mentioned may transfer the data collected to third parties - in particular to their partner companies, which may also be based in other EU countries. In many third countries outside the EU, there is currently no level of data protection equivalent to that in the EU.
In principle, you can assert your data subject rights (see also under A.5.) with regard to data processing by our company pages both against us and against the respective provider. However, we would like to point out that these can be asserted most effectively with the respective provider. This is because only the respective provider has access to the user's data and can take appropriate measures and provide information directly.
Further information on data processing by the respective provider can be found at:
Facebook: de-de.facebook.com/about/privacy
Instagram: https://help.instagram.com
YouTube: https://www.google.de/intl/de/policies/privacy
Pinterest: https://policy.pinterest.com/de/privacy-policy
2. agreements in accordance with Art. 26 GDPR
We have concluded an agreement with Facebook in accordance with Art. 26 GDPR, in which the data protection obligations arising from the operation of our company page are divided between us and the provider. The provider has assumed a large part of the obligations under data protection law, such as the fulfillment of the rights of data subjects pursuant to Art. 12 et seq. GDPR, the obligation to provide suitable technical and organizational measures to protect the security of personal data and the reporting and notification obligations in the event of a data breach. If you contact us regarding your rights as a data subject, we will forward your request to the provider immediately. We are obliged to do so under the agreement with the respective provider.
Further information on the agreement between us and the provider can be found at: