1) Introduction and Contact Details of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified. 1.2 The data controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Andreas Bremerein, Goldensteelcycles, Seltsamplatz 18, 91301 Forchheim, Germany, Tel.: +491629229467, Email: info@goldensteelcycles.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 During merely informational use of our website, i.e., if you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to the page server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website

• Date and time at the moment of access

• Amount of data sent in bytes

• Source/reference from which you reached the page

• Browser used

• Operating system used

• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Shopify

For the hosting of our website and the display of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement (Auftragsverarbeitungsvertrag) with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties. In the case of data transmission to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a Content Delivery Network of the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA. This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) lit. f GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while some of these cookies remain on your end device longer and enable page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

Insofar as personal data is also processed by individual cookies implemented by us, the processing is carried out either in accordance with Art. 6 (1) lit. b GDPR for the performance of the contract, in accordance with Art. 6 (1) lit. a GDPR in the event that consent has been granted, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

When contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and answering your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Use of Customer Data for Direct Advertising

Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when registering for the newsletter will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the data controller named at the beginning. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7) Data Processing for Order Handling

7.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) lit. b GDPR. If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data transmitted by you when ordering in order to inform you personally within the scope of our statutory information obligations pursuant to Art. 6 (1) lit. c GDPR. Your contact data will be used strictly for the intended purpose for notifications about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information. To process your order, we also work together with the following service provider(s), who support us wholly or partially in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Transfer of personal data to shipping service providers

• Deutsche Post We use the following provider as a transport service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• DHL We use the following provider as a transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• DHL Express We use the following provider as a transport service provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• DPD We use the following provider as a transport service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• DPD Österreich We use the following provider as a transport service provider: DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, Leopoldsdorf 2333, Austria. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• FedEx We use the following provider as a transport service provider: FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• GLS We use the following provider as a transport service provider: General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• Hermes We use the following provider as a transport service provider: Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• Trans-o-flex We use the following provider as a transport service provider: trans-o-flex Express GmbH & Co. KGaA, Hertzstraße 10, 69469 Weinheim, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

• UPS We use the following provider as a transport service provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany. We will pass on your email address and/or telephone number to the provider prior to delivery of the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR, we will only pass on the name of the recipient and the delivery address to the provider. The data will only be passed on to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible. Consent can be revoked at any time with effect for the future towards the data controller designated above or towards the provider.

7.3 Use of payment service providers (payment services)

• Apple Pay If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment transaction will be processed via the "Apple Pay" function of your end device operated with iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to protect your transactions. To authorize a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your end device. For the purpose of payment processing, your information provided during the ordering process, together with information about your order, will be passed on to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment. Insofar as personal data is processed in the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR. Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was completed successfully. Anonymization completely rules out any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services. When you use Apple Pay on iPhone or Apple Watch to complete a purchase made via Safari on Mac, the Mac and the authorizing device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac". Further information on data protection for Apple Pay can be found at the following internet address: https://support.apple.com/en-us/HT203027

• bancontact One or more online payment methods of the following provider are available on this website: Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium. If you select a payment method of the provider where you make an advance payment (such as credit card payment), your payment data communicated during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

• giropay One or more online payment methods of the following provider are available on this website: paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany. If you select a payment method of the provider where you make an advance payment (such as credit card payment), your payment data communicated during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

• Google Pay If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment transaction is processed via the "Google Pay" application of your mobile device, which is operated with at least Android 4.4 ("KitKat") and has an NFC function, by charging a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). For the release of a payment via Google Pay in an amount of more than €25, the prior unlocking of your mobile device by the respective established verification measure (such as facial recognition, password, fingerprint, or pattern) is required. For the purpose of payment processing, your information provided during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the originating website, with which a completed payment is verified. This transaction number does not contain any information about the real payment data of your payment methods stored with Google Pay, but is created and transmitted as a unique, valid numerical token. For all transactions via Google Pay, Google merely acts as an intermediary for processing the payment transaction. The execution of the transaction takes place exclusively in the relationship between the user and the originating website by debiting the payment method stored with Google Pay. Insofar as personal data is processed in the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR. Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction. According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the functionality of the Google Pay service. Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when using other Google services. The terms of service of Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en Further information on data protection for Google Pay can be found at the following internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

• iDeal One or more online payment methods of the following provider are available on this website: Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands. If you select a payment method of the provider where you make an advance payment (such as credit card payment), your payment data communicated during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

• Klarna

  One or more online payment methods of the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

  If you select a payment method of the provider where you make an advance payment (such as credit card payment), your payment data communicated during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

  If you select a payment method where the provider makes an advance payment (such as purchase on account, installment purchase, or direct debit), you will also be requested during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data regarding an alternative method of payment).

  In order to safeguard our legitimate interest in determining the financial solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. On the basis of the personal data provided by you, as well as other data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment option selected by you can be granted with regard to payment and/or default risks.

  In addition to internal provider criteria, identity and credit information from the following credit bureaus may be included for the decision-making process within the framework of the application assessment in accordance with Art. 6 (1) lit. f GDPR: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

  The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is included in the calculation of the score values.

  You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

  
  

• PayPal

  One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

  If you select a payment method of the provider where you make an advance payment, your payment data communicated during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

  If you select a payment method where we make an advance payment, you will also be requested during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data regarding an alternative method of payment).

  In order to safeguard our legitimate interest in determining your financial solvency in such cases, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. On the basis of the personal data provided by you, as well as other data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment option selected by you can be granted with regard to payment and/or default risks.

  The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is included in the calculation of the score values.

  You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

  
  

• PayPal Checkout

  This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local third-party payment methods.

  When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal, we pass your payment data on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") within the scope of payment processing. The transfer takes place in accordance with Art. 6 (1) lit. b GDPR and only to the extent necessary for payment processing.

  PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal. For this purpose, your payment data may be passed on to credit bureaus in accordance with Art. 6 (1) lit. f GDPR on the basis of PayPal's legitimate interest in determining your financial solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

  If the PayPal payment method "Purchase on Account" is available and selected, your payment data will first be transmitted to PayPal to prepare the payment, whereupon PayPal forwards this to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to execute the payment. The legal basis in each case is Art. 6 (1) lit. b GDPR. In this case, Ratepay conducts an identity and credit check in its own name to determine solvency in accordance with the principle already mentioned above and passes your payment data on to credit bureaus based on the legitimate interest in determining financial solvency in accordance with Art. 6 (1) lit. f GDPR. A list of credit bureaus that Ratepay may rely on can be found here: https://www.ratepay.com/legal-payment-creditagencies/

  When using the payment method of a local third-party provider, your payment data will first be passed on to PayPal in accordance with Art. 6 (1) lit. b GDPR to prepare the payment. Depending on your choice of an available local payment method, PayPal will then transfer your payment data to the corresponding provider to execute the payment in accordance with Art. 6 (1) lit. b GDPR:

  • Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)

  • Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)

  • iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)

  • bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)

  • blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)

  • eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)

  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

  • Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

  For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full

  
  

• Shopify Payments

  One or more online payment methods of the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

  If you select a payment method of the provider where you make an advance payment (such as credit card payment), your payment data communicated during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

  7.4 Electronic Revocation Function for Distance Contracts

  Consumers who conclude contracts on this website in respect of which a statutory right of revocation exists have the option of declaring the revocation via an electronic revocation function in accordance with the applicable revocation regulations.

  To provide the electronic revocation function, we use a solution from the following provider: Martini & Radl OG, represented by: Andreas De Martini, Hans Radl, registered office: 1090 Vienna, Garnisongasse 4, Austria, VAT ID: ATU78306557, Email: office@ecombeat.com.

  When using the revocation function, in addition to information identifying the contract to be revoked, further personal information such as the first and last name as well as the email address of the consumer must be provided or confirmed.

  This information is initially collected by the provider on the basis of our legitimate interest in a user-friendly, stable, and process-optimized solution in accordance with Art. 6 (1) lit. f GDPR, then used to confirm receipt of the revocation declaration on our behalf by email, and finally transmitted to us. We subsequently process the transmitted information for the proper handling of the revocation in accordance with Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. c GDPR on the basis of our statutory obligation to provide an electronic revocation function for consumer distance contracts subject to payment.

  The information collected by the provider is routinely deleted after final processing of a revocation, provided that there are no statutory retention obligations to the contrary.

  We have concluded a data processing agreement with the provider, which protects data processed within the framework of the revocation function and prohibits unauthorized disclosure to third parties.

  8) Web Analysis Services

  8.1 Google Analytics 4

  This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

  By default, when you visit the website, cookies are set by Google Analytics 4, which are stored as small text blocks on your end device and collect certain information. The scope of this information also includes your IP address, which is, however, shortened by Google by the last digits in order to rule out any direct personal reference.

  The information is transmitted to Google servers and processed further there. Transfers to Google LLC based in the USA are also possible.

  Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services associated with website use and internet use. The shortened IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data. The data collected within the scope of using Google Analytics 4 is stored for a duration of two months and then deleted.

  All processing operations described above, in particular the setting of cookies on the end device used, will only take place if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR.

  Without your consent, Google Analytics 4 will not be used during your website visit. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "cookie consent tool" provided on the website.

  We have concluded a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

  Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/en/privacy/, https://policies.google.com/privacy?hl=en&gl=en and at https://policies.google.com/technologies/partner-sites

  Demographic Characteristics

  Google Analytics 4 uses the special feature "demographic characteristics" and can use it to create statistics that make statements about the age, gender, and interests of site visitors. This is done through the analysis of advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.

  Google Signals

  As an extension to Google Analytics 4, Google Signals can be used on this website to have cross-device reports created. If you have activated personalized ads and have linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics pursuant to Art. 6 (1) lit. a GDPR, analyze your user behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the "Personalized Advertising" function in the settings of your Google account. To do this, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de

  Further information on Google Signals can be found under the following link: https://support.google.com/analytics/answer/7532985?hl=de

  UserIDs

  As an extension to Google Analytics 4, the "UserIDs" feature can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, have set up an account on this website, and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.

  For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.

  8.2 Shopify Analytics

  This website uses the web analytics service of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

  With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading end device and browser information), the service collects and stores pseudonymized visitor data, including information about the end device used, such as the IP address and browser information, in order to evaluate them for statistical analysis of user behavior on our website and to create pseudonymized user profiles. Among other things, this makes it possible to evaluate movement patterns (so-called heatmaps), which show the duration of page visits as well as interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization generally excludes a direct personal reference. A merging with clear data collected about your person in another way does not take place.

  All processing operations described above, in particular the reading or storing of information on the end device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

  We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.

  In the case of data transmission to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

  9) Tools and Miscellaneous

  Cookie Consent Tool

  This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users when they open the page in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be granted by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives corresponding consent by ticking the box. This ensures that such cookies are only set on the user's respective end device if consent has been granted.

  The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

  If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our internet presence.

  A further legal basis for processing is also Art. 6 (1) lit. c GDPR. As the data controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

  Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

  Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

  10) Rights of the Data Subject

  10.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, whereby reference is made to the cited legal basis for the respective requirements for exercise:

  • Right of access pursuant to Art. 15 GDPR;

  • Right to rectification pursuant to Art. 16 GDPR;

  • Right to erasure ("right to be forgotten") pursuant to Art. 17 GDPR;

  • Right to restriction of processing pursuant to Art. 18 GDPR;

  • Right to notification pursuant to Art. 19 GDPR;

  • Right to data portability pursuant to Art. 20 GDPR;

  • Right to withdraw consent given pursuant to Art. 7 (3) GDPR;

  • Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

  10.2 RIGHT TO OBJECT IF WE PROCESS YOUR PERSONAL DATA WITHIN THE SCOPE OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

  IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING LEGITIMATE REASONS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

  IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTED AS DESCRIBED ABOVE.

  IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

  11) Duration of Storage of Personal Data

  The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax retention periods).

  When personal data is processed on the basis of express consent pursuant to Art. 6 (1) lit. a GDPR, the data concerned is stored until you withdraw your consent.

  If statutory retention periods exist for data processed within the framework of contractual or quasi-contractual obligations on the basis of Art. 6 (1) lit. b GDPR, this data is routinely deleted after the expiry of the retention periods, provided it is no longer required for contract fulfillment or contract initiation and/or there is no longer a legitimate interest on our part in further storage.

  When personal data is processed on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

  When personal data is processed for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

  Unless otherwise resulted from the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

  Copyright notice: This privacy policy was created by the specialized lawyers of the IT-Recht Kanzlei and is protected by copyright (https://www.it-recht-kanzlei.de)