Privacy Policy

General note and mandatory information
Name of the responsible office

The responsible body for data processing on this website is:

WhiteWall Media GmbH

Europaallee 59

50226 Frechen

Germany

The responsible body, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, contact details, etc.).

Withdrawal of your consent to data processing

Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For the revocation, an informal communication by e-mail to dataprotection@whitewall.com is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to appeal to the responsible supervisory authority

In accordance with Art. 77 EU-GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. The right of complaint may in particular be asserted before a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement.

Right to data portability

You have the right to have data that we process on the basis of your consent or automatically in fulfillment of a contract given to you or to third parties. The provision is made in a machine-readable format. If you require the direct transfer of the data to another person, this will only be done insofar as it is technically feasible.

Right to information, correction, blocking, deletion

You have the right at any time in the context of the applicable legal provisions to request free information about your stored personal data, the origin of the data, their recipients and the purpose of data processing and, if necessary, a right to correct, block or delete this data. In this regard and also to further questions on the subject of personal data, you can always contact us via the contact options listed in the legal information on our website. In this regard and also for further questions on the subject of personal data, you can contact us at any time (contact: see "Data protection officer" below).

Data Protection Officer

We have appointed a data protection officer.

Philipp Herold

Rudolf-Diesel-Straße 10

23617 Stockelsdorf

Germany

E-mail: dataprotection@whitewall.com

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.

Server Log Files

In server log files, the website provider automatically collects and stores information that your browser automatically sends to us. This information is:

Browser type and browser version

Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request

IP address

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the completion of a contract or precontractual measures.

Data processing and data transmission

Personal data is only transmitted to third parties if it is necessary for the processing of the contract. Third parties can be, for example, payment service providers or logistics companies. Further transmission of data does not take place or only if you have expressly consented to this.

For the processing of payments, we pass on the payment and order data required for this to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the payment service selected by you in the order process.

Image data that you have transmitted to us as part of an order or consultation will be automatically deleted with the following deadlines:

We store uploaded photos in your customer account for 90 days. This storage period applies from the time of uploading, adding to the shopping basket or from the last order of a photo. You can delete your photos prematurely yourself in your customer account under "My photos".

Coffee Table Books saved online remain stored for 30 days. You can extend this period by opening and re-saving for 30 days at a time. You can manually delete saved photo books prematurely in your customer account under "My photo books".

Photo calendar projects remain saved for 90 days after the last save or order. Here too, early deletion is possible in your customer account under "Photo calendars".

Personal data will only be transmitted to state authorities within the framework of mandatory legal provisions. Your data will not be disclosed to private third parties without your express consent.

Our employees are obliged by us to maintain confidentiality and to comply with the relevant data protection regulations.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Order

We use the data you provide to fulfil and process your order. The basis for the data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Ordering Coffee Table Books via the WhiteWall Desktop Software

The selection and compilation of your image files in preparation for the photo order is carried out exclusively on your computer with the help of the WhiteWall Desktop Software, without the need for a connection to a web server.

Only when you request a price update or product update via the Internet, or when you send us a photo order via the Internet, does your computer make contact with a web server and temporarily store access data by default, i.e. the IP address of your access, the date and time of the visit. This data is deleted after the end of use. In addition, personal data is only stored if you provide it voluntarily, e.g. as part of registration or an order and the associated order processing. You will be informed about the purpose of data collection in the respective input and contact forms.

After your order has been completed and delivered, the image data will be kept in production for up to 6 weeks in order to process any complaints or repeat orders. After that, this data is irretrievably deleted.

For the continuous improvement of the WhiteWall Desktop Software, the processing procedures are stored and, in the case of an order, transmitted via the Internet to the WhiteWall web servers. The collected data is evaluated anonymously.

Registration on this website

To use certain features, you can register on our website. The transmitted data is used exclusively for the purpose of using the respective offer or service. Required information requested during registration must be given in full. Otherwise we will reject the registration.

In case of important changes, for technical reasons for example, we will inform you by e-mail. The e-mail will be sent to the address provided when registering.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. A revocation of your already granted consent is possible at any time. For the revocation according to Art. 7 (3) GDPR, an informal communication by e-mail is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.

We store the data collected during the registration throughout the period you are registered on our website. Should you cancel your registration, your data will be deleted. Legal retention periods remain unaffected.

Contact form

Data submitted via the contact form, including your contact details, will be stored to process your request or to be available for follow-up questions. No disclosure of this data will take place without your consent.

The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). Revocation in accordance with Art. 7 (3) GDPR of your consent already given is possible at any time. For the revocation, an informal message by e-mail will suffice. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data submitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or you no longer need to back up your data. Mandatory statutory provisions - especially retention periods - remain unaffected.

Customer Satisfaction Surveys

After shipping your order, you will receive a one-time invitation by e-mail to participate in a voluntary customer satisfaction survey.

The data collected as part of customer satisfaction surveys are used to improve our services and will not be submitted to third parties. If you send us a request to delete your data to dataprotection@whitewall.com, the data from the customer satisfaction surveys will be anonymized. We reserve the right to comply with legal deadlines for data storage.

Newsletter Data

To send our newsletter, we need an e-mail address from you. It is necessary to verify the given e-mail address and to accept the newsletter. Supplementary data is not collected or is voluntary. The use of the data takes place exclusively for sending of the newsletter.

The data provided in the newsletter registration is processed exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). Revocation in accordance with Art. 7 (3) GDPR of your consent already given is possible at any time. An informal message by e-mail will suffice for the revocation, or you can use the "unsubscribe" link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation. To send the newsletter, we use a service provided by Salesforce.com Germany GmbH, which processes your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not be passed on to other third parties.

Data entered to set up the subscription will be deleted in the event of cancellation. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

Product Recommendations via email

To make existing customers aware of products from their area of interest, we inform them of these products by email. Existing customers will also receive these individual product recommendations if they are subscribed to our newsletter. We make the selection of individual product recommendations based on data and information: a) you have entered while shopping, and b) that are legally allowed to be used.

Irrespective of your registration for the newsletter, you will receive product recommendations of our own, similar goods by e-mail following a purchase. We strictly comply with the legal requirements in this respect. (Advertising by e-mail in accordance with Section 7 (3) of the German Unfair Competition Act (UWG)) You naturally have the option to object to our product recommendations at any time and without giving reasons, without incurring any costs other than the transmission costs in accordance with the basic rates. Please send your objection either in writing to info@whitewall.com, by telephone on 030 22 38 14 62 or alternatively use the unsubscribe link in our e-mails.

Cookies

Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help us make our service more user-friendly, effective and secure.

Some cookies are "session cookies." Such cookies are automatically deleted after the end of your browser session. Other cookies remain on your device and enable us to recognize your browser during the next visit (persistent cookies). Further information as well as personalised cookie settings can be found in the footer of the page under the headline "Cookie Settings".

With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when the program is closed. The deactivation of cookies may result in limited functionality of our website.

When opening the pages, users will be informed about the use of cookies for analytical purposes and their consent to processing of the personal data used in this context will be requested. To comply with our legal obligation, we use the consent management solution from Usercentrics that saves your consent on the basis of Art. 6 para. 6 1 lit c) EU GDPR to fulfil the documentation requirement acc. to Art. 7 para. 1 EU GDPR.

As the operator of this website, we have a legitimate interest in the storage of cookies for the technically flawless and smooth provision of our services. If other cookies are set (e.g. for analysis functions), they are treated separately in this privacy policy.

Contentful CDN

We use Contentful CDN to properly deliver content to our website. Contentful CDN is a service provided by Contentful GmbH, which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content of our online offer, especially files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Contentful GmbH, Ritterstr. 12-14 10969 Berlin Germany, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Contentful CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. GDPR.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Contentful GmbH. Further information can be found in the privacy policy for Contentful CDN: https://www.contentful.com/legal/de/privacy/.

Payment service provider

Use of Paypal

Our website enables payment via PayPal. The payment service provider is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.

When you pay with PayPal, the payment data you enter is transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). A revocation of your already given consent is possible at any time. Previous data processing operations remain in place in the event of a revocation.

All PayPal transactions are subject to the PayPal privacy policy. This can be found at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Use of the payment service provider Adyen

We use Adyen, a service for online payment processes, for our website. The service provider is the Dutch company Adyen N.V., PO Box 10095 1001 EB Amsterdam, The Netherlands.

To learn more about the data processed through the use of Adyen, please see the privacy policy at https://www.adyen.com/policies-and-disclaimer/privacy-policy.

YouTube

For the integration and display of video content, our website uses plugins from YouTube. The provider of the video portal is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit a page with an integrated YouTube plug-in, it will connect to YouTube's servers. YouTube will find out which of our pages you viewed.

YouTube may associate your browsing behavior directly with your personal profile should you be logged into your YouTube account. By logging out beforehand you have the option to prevent this.

The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For details on how to handle user information, please refer to the YouTube Privacy Policy at: www.google.com/intl/en/policies/privacy.

Google Analytics

Our website uses functions of the web analytics service Google Analytics. Web analytics service provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses "cookies." These are small text files that your web browser stores on your device and allow analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. Server location is usually in the USA.

Google Analytics cookies are set on the basis of Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the analysis of user behavior in order to optimize our website and possibly also advertising.

For details on how to handle user data on Google Analytics, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

You can prevent Google Analytics from collecting your data by deactivating it in our cookie settings.

IP Anonymization

We use Google Analytics in conjunction with the IP anonymization feature. It ensures that Google shortens your IP address within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. There may be exceptions where Google transmits and truncates the full IP address to a server in the United States. Google will use this information on our behalf to evaluate your use of the website, to report on website activity, and to provide us with other services related to website activity and internet usage. There is no merger of the Google Analytics transmitted IP address with other Google data.

Browser Plugin

The setting of cookies through your web browser can be prevented. However, some features of our website may be restricted. Likewise, you can prevent the collection of data regarding your website use, including your IP address and subsequent processing by Google. This is possible by downloading and installing the browser plug-in that can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Order Processing

To fully comply with legal data protection requirements, we have entered into an order processing agreement with Google.

Demographic features in Google Analytics

Our website uses the demographics feature of Google Analytics. It can be used to generate reports that contain statements on the age, gender and interests of the site visitors. This data is from interest-based advertising from Google and from third-party visitor data. Assignment of the data to a specific person is not possible. You can disable this feature at any time. This is possible through the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics by deactivating it in our cookie settings.

Google Ads and Conversion Tracking

Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation.

If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.

The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users.

Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available.The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks.

The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.

You will find more information as well as Google’s data privacy policy at: https://policies.google.com/privacy 

Google reCAPTCHA

To protect our web forms from abuse and against spam, we use the Google reCAPTCHA service on this website. Google reCAPTCHA is an offer from Google Ireland Limited, headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.com). By checking a manual entry, this service prevents automated software (so-called bots) from performing inappropriate activities on our website. According to Art. 6 para. 1 s. 1 lit. f GDPR, this is meant to protect our legitimate interests, which prevail after due consideration of interests, in protecting our website against misuse as well as in trouble-free display of our online presence.

By means of a code embedded in the website, a so-called JavaScript, Google reCAPTCHA uses methods as part of the check, that enable an analysis of the website use by you, such as cookies. The automatically collected information about your use of this website including your IP address will usually be transmitted to a server in the U.S. and stored there. In addition, other cookies saved in your browser by Google services will be analysed by Google reCAPTCHA. No personal data are read or saved from the input boxes of the relevant form.

To the extent that information is transmitted to Google servers in the U.S. and saved there, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield. An updated certificate can be read here.

You can avoid collection of the data created by the JavaScript and/or the cookie and related to your use of the website (including your IP address) by Google as well as processing of such data by Google by disabling the activation of JavaScripts or the placement of cookies in your browser set-tings. Please bear in mind that this may restrict the functionality of our web content for your use.

Further information on the privacy policy of Google can be found here.

Google Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offer. To obtain these fonts, you establish a connection to servers of Google Ireland Limited, whereby your IP address is transmitted.

The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision as well as the optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google Tag Manager

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website.

This allows us to integrate additional services flexibly in order to evaluate user access to our website.

The use of Google Tag Manager is based on our legitimate interests, i.e. interest in optimising our services in accordance with Art. 6 para. 1 lit. f. GDPR.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google Customer Match

We use Google Ads Customer Match lists as part of our advertising activities only with your consent. For the use of Customer Match, lists with encrypted user data (e.g. names, email addresses, customer-specific identifiers) are uploaded to Google. Google then compares whether the transmitted user data matches existing Google customers. The use of Customer Match serves us to optimize our web offer and to individualize it to the respective users. Once the Customer Match lists have been created, the encrypted data records are automatically deleted again. The providers do not obtain new addresses as a result.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as an order processor. We have concluded an order processing agreement with Google for this purpose. Google LLC, based in California, USA, and possibly US authorities may access the data stored by Google.

You can object to this use by preventing the installation of cookies through a corresponding setting in your browser software (deactivation option). Likewise, you can adjust personal advertising in your Google user account in the Privacy tab according to your wishes. To do this, log in to Google and go to "Manage Google Account" in the "Data and Privacy" section.

For further information, please refer to Google's privacy policy at: https://policies.google.com/privacy.

Microsoft Advertising

We use Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft") on our website. The data processing serves marketing and advertising purposes and the purpose of measuring the success of the advertising measures (conversion tracking). We learn the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. However, this does not allow us to personally identify these users.

Microsoft Advertising uses technologies such as cookies and tracking pixels to help analyze how you use the Site. When you click on an ad placed by Microsoft Advertising, a cookie for conversion tracking is placed on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognize that you clicked on the ad and were redirected to that page. In doing so, the following information may be collected, among other things: IP address, identifiers (identifiers) assigned by Microsoft, information about the browser you are using and about the device you are using, referrer URL (web page from which you accessed our website), URL of our website.

Your data may be transferred to the USA. There is no EU Commission adequacy decision for the USA. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. You can find more information about data protection and the cookies used by Microsoft Bing here.

Criteo

Criteo Ads

We have integrated Criteo Ads on our website. Criteo Ads is a service provided by Criteo S.A. that displays targeted advertising to users. Criteo Ads uses cookies and other browser technologies to analyse user behaviour and recognise users. Criteo Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of the advertising. Furthermore, Criteo Ads delivers targeted advertising based on behavioural profiling and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider. In this case, your data is passed on to the operator of Criteo Ads, Criteo S.A., Paris, Ile-de-France, FR. Web tracking technologies are used to create pseudonymised user profiles. These profiles cannot be linked to you as a natural person, but are used, for example, for segmentation when displaying advertisements.

We process data with the help of Criteo Ads for the purpose of optimising our advertising campaigns and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Criteo S.A.. Further information can be found in the privacy policy for Criteo Ads: https://www.criteo.com/privacy/.

Criteo CDN

We use Criteo CDN to properly deliver the content of our website. Criteo CDN is a service of Criteo S.A., which acts as a content delivery network (CDN) on our website to ensure the functionality of other services of Criteo S.A.. For said services, you will find a separate section in this privacy policy. This section only deals with the use of the CDN.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Criteo S.A., Paris, Ile-de-France, FR, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Criteo CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Criteo S.A.. Further information can be found in the privacy policy for Criteo CDN: https://www.criteo.com/privacy/.

Awin

Our website uses features of the affiliate and advertising company AWIN AG (Landsberger Allee 104 BC, 10249 Berlin, Germany). Awin is a performance marketing network that provides an interface between affiliates and advertisers. Awin uses tracking tools to run its services in order to store and track a user action. As a result, data from you is sent to the company in pseudonomized form and stored there.

When you click on an ad on our website, this is documented by cookies. The cookies are set in your browser when you click on one of our ads on our website. The cookies store information such as when which ad was clicked on at what time on which website. All this data is only used to track a publisher's marketing efforts and sales.

Your data is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). Insofar as the information collected in this way has a personal reference, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in optimizing our online services and our marketing measures. The data stored within the scope of Awin will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. Further information can be found in the privacy policy for Awin: https://www.awin.com/gb/privacy.

You have the option to prevent the collection of your data by cookies at any time by managing, deactivating or deleting them in your browser.

Integration of the Trusted Shops Trustbadge

To display our Trusted Shops seal of quality and any reviews collected, as well as to offer the Trusted Shops products to buyers after placing an order, the Trusted Shops Trustbadge is integrated on this website.

This is to protect our legitimate interests in optimal marketing, which prevail after due consideration of all interests, by enabling secure shopping in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the services advertised through it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of an order processed by a content delivery network (CDN) provider. Trusted Shops GmbH also uses service providers from the U.S. An adequate level of data protection is ensured. Further information on data protection by Trusted Shops GmbH can be found here.

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the access, the amount of transmitted data and the requesting provider (access data), and documents the access. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after creation.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered for use. The contractual agreement between you and Trusted Shops shall apply. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, i.e. the email address hashed by a one-way cryptological function. Prior to submission, the e-mail address is converted into this hash value that cannot be decrypted by Trusted Shops. After checking for a match, the parameter is deleted automatically.

This is required to pursue our and Trusted Shops’ predominant legitimate interests in ensuring the buyer protection that is linked to each specific order and the transactional evaluation services in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Further details, also regarding objection, can be found in the Trusted Shops Privacy Policy linked above and in the Trustbadge.

Use of Zendesk Chat

On our website, you have the option to contact us using "Zendesk Chat". This software is operated via an external system by Zendesk Inc, 1019 Market Street, San Francisco, CA 94103, USA (www.zendesk.de). This is an optional option and you can also contact us by email or phone instead, for example. When using the chat, data is collected and stored for the purpose of web analytics and to operate the chat system to respond to live support requests. In doing so, Zendesk tracks which page of our website was accessed. Usage profiles can be created from this data. Cookies may be used for this purpose. Conducted chats are logged and stored.

If the information collected in this way has a personal reference, the processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes.

To avoid the storage of Zendesk cookies, you can set your internet browser to prevent cookies from being placed on your computer in the future or to delete cookies that have already been placed. However, switching off all cookies may mean that some functions on our Internet pages can no longer be executed.

SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

Salesforce

We use Salesforce on our website, a service for our customer relationship management (CRM). The service provider is the American company salesforce.com Inc, One Market Street, Suite 300, San Francisco, CA 94105, USA.

Salesforce also processes data from you in the USA, among other places. Salesforce uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Through these clauses, Salesforce undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Data Processing Addendum, which corresponds to the standard clauses, can be found at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.

To learn more about the data that is processed through the use of Salesforce, see the Privacy Policy at https://www.salesforce.com/uk/company/privacy/.

Meta Platforms Inc.

On our website we use the plug-in of the social network Facebook from Meta Platforms Ireland Limited.

Meta Platforms Ireland Limited

4 Grand Canal Square

Grand Canal Harbour

Dublin 2, Ireland

Meta Platforms Ireland has the responsibility to enable data subject rights under Art. 15 - 20 GDPR, to comply with the security requirements of Art. 32 GDPR with respect to the security of the Service, and to comply with the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects Meta Platforms Ireland's obligations under the Joint Processing Agreement.

"Facebook" Social plug-in

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this under the following link: https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality. We only collect your data via our fan page in order to make it available for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide "publicly".

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f) GDPR. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a), Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to fully access your data. Because of this, only the provider can directly take and implement appropriate measures to fulfil your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be asserted with Facebook Ireland as well as with us.

The primary responsibility for the processing of Insights data lies with Facebook under the GDPR and Facebook complies with all obligations under the GDPR with regard to the processing of Insights data, Facebook Ireland provides the essence of the Page Insights Supplement to data subjects.

We do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, including legal basis, identity of the controller and storage period of cookies on user terminals.

Further information can be found directly at Facebook (Supplementary Agreement with Facebook): https://www.facebook.com/legal/terms/pagecontrolleraddendum.

Hotjar

On our website we use Hotjar. This is a web analysis service of Hotjar Ltd, Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe, hereafter referred to simply as "Hotjar".

Hotjar serves us to analyze the usage behavior of our website. Legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

Hotjar allows us to log and analyze your usage behavior on our website, such as your mouse movements or mouse clicks. Your visit to our website will be anonymous. In addition, Hotjar will evaluate and statistically process information about your operating system, Internet browser, incoming or outgoing links, geographic origin, and the type and location of the device you are using. Also, Hotjar can get some direct feedback from you. In addition, Hotjar offers more privacy information at https://www.hotjar.com/privacy.

In addition, you have the option of terminating the analysis of your usage behavior by opting out. By confirming the link https://www.hotjar.com/opt-out a cookie is stored on your device via your Internet browser, which prevents further analysis. Please note, however, that you will need to press the link above again if you delete the cookies stored on your device.

Kameleoon

This website uses the personalization and web analytics service Kameleoon. The program enables an analysis of user behavior based on (automated) user segmentations. We can determine how the individual user segments visit the website, which landing pages are visited and how an increase in click-through rates can be achieved by analyzing the log file data. The system analyzes your behavior and its context when using this website and assigns it to target groups anonymously.

For the analyses, as described above, cookies/local storage of the browser are used, which are linked to a pseudonymized ID. Your IP address is completely anonymized and not stored for this purpose. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymized form. The IP address transmitted by your browser within the framework of Kameleoon will not be merged with other data from Kameleoon.

The use of Kameleoon serves to evaluate your use of the website and to compile reports on website activities so that we can regularly improve our offer. The legal basis for the storage of the cookie is the consent given (Art. 6 para. 1 p. 1 lit. a GDPR). The further evaluation of the collected data takes place over a period of max. 365 days on the basis of Art. 6 para. 1 p. 1 lit. f GDPR.

You may refuse the use of cookies / local storage by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Sentry

We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors.

Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as device details or time of error, are collected anonymously and are not used in a personalized manner and are subsequently deleted.

For more information, please see Sentry's privacy policy: https://sentry.io/privacy/.

Noibu

Our website utilizes the error tracking service provided by Noibu Technologies Inc., located at 979 Bank St, Ottawa, ON K1S 5K5, Canada. The purpose of this service, referred to as Noibu, is to gather information about unidentified user interactions on our website for the purpose of identifying and correcting ecommerce errors that may impact user experience. Noibu only collects browser and device information for debugging purposes.

The processing of user data through Noibu is based on your consent as per Article 6(1)(a) of the General Data Protection Regulation (GDPR). Should you wish to opt out of this data processing, you may do so at any time by revoking your consent by sending an email to privacy@noibu.com.

Users of our website have the option to deactivate the data processing by Noibu at any time. We have entered into a data processing agreement with Noibu in accordance with the EU Standard Contractual Clauses."

Data subjects' rights

When processing your personal data, the EU General Data Protection Regulation grants you certain rights:

1. right of access (Art. 15 EU GDPR):

You have the right to request confirmation as to whether personal data concerning you are being processed. If this is the case, you have the right to be informed about this personal data and to receive the information listed in detail in Art. 15 EU-GDPR.

2. right to rectification (Art. 16 EU GDPR):

You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data.

3. right to erasure (Art. 17 EU GDPR):

You also have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 EU-GDPRapplies, e.g. if the data is no longer required for the purposes pursued.

4. right to information (Art. 19 EU-GDPR):

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

5. right to restriction of processing (Art. 18 EU-GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 EU GDPR applies, e.g. if you have objected to the processing, for the duration of any review.

6. right to data portability (Art. 20 EU-GDPR):

In certain cases, which are listed in detail in Art. 20 EU-GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

7. revocation of consent (Art. 7 para. 3 EU-GDPR):

You have the right to revoke your consent at any time. This means that we will no longer continue the data processing that we previously carried out on the basis of your consent. Your revocation does not affect the lawfulness of the processing of the data that has already taken place.

8. right to lodge a complaint with a supervisory authority (Art. 77 EU-GDPR):

According to Art. 77 EU-GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint may in particular be asserted before a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement.

9. right to object (Art. 21 EU-GDPR):

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or Article 6(1)(f) EU GDPR, in accordance with Article 21(2) EU GDPR.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

Status: February 2023