Privacy Policy

The controller responsible for data processing is:
CHANGE Sportswear GmbH & Co. KG
Industriestraße 2a
93192 Wald/Rossbach
Germany
shopify@cambio.de
Email: shopify@cambio.de

We are pleased about the interest you are showing in our online shop. The protection of your privacy is very important to us. Below, we inform you in detail about the processing of your data.

Access data and hosting
You can visit our web pages without providing personal information. Each time an internet page is visited, the internet server automatically records only a server log file which contains, for example, the name of the requested file, your IP address, the date and time of the consultation, the quantity of data transferred and the requesting provider (access data), and which documents the consultation.

These access data are used solely and exclusively for the purpose of ensuring trouble-free operation of the site as well as improving our offer. In accordance with Art. 6, para. 1, f) GDPR, this serves to safeguard our legitimate interests in an adequate presentation of our offer, which prevail in the balancing of the respective interests of the parties. All access data are deleted at the latest one month after the end of your visit to the site.

1.1 Hosting
The services of hosting and display of the website are partly provided by our service providers within the framework of processing on our behalf. Unless otherwise provided in this data protection declaration, all access data as well as all data collected in the forms provided for this purpose on this website are processed on their servers. For any question relating to our service providers and the basis of our cooperation with them, please contact the contact person indicated in this personal data protection declaration.

Our service providers have their registered office and/or use servers located in the following countries, for which the European Commission has established by decision an adequate level of data protection: Canada, New Zealand, Japan, United Kingdom, United States.

The adequacy decision for the United States serves as a basis for transfers to third countries, insofar as the service provider concerned is certified. Pending the certification of our service providers, the transfer of data continues to be based on the following basis: standard data protection clauses of the European Commission.

Our service providers have their registered office and/or use servers located in the following countries: Australia, India, Singapore.
The European Commission has not adopted an adequacy decision for these countries. Our cooperation with these service providers is based on the following guarantees: standard data protection clauses of the European Commission.

1.2 Content Delivery Network
In order to reduce loading time, we use a content delivery network ("CDN" - Content Delivery Network) for several of our offers. This service allows content, e.g. large multimedia files, to be distributed through regional servers of external CDN service providers. As a result, access data are processed on the servers of the service providers. Our service providers act for us within the framework of subcontracting of data processing.

Our service providers have their registered office and/or use servers located in third countries outside the EU and the EEA. The European Commission has not adopted an adequacy decision for these countries.

Our cooperation is based on the standard data protection clauses adopted by the European Commission. For any question relating to our service providers and the basis of our cooperation with them, please contact the contact person indicated in this personal data protection declaration.

Data processing for the purposes of performance of the contract and establishing contact
2.1 Data processing for the purposes of performance of the contract
We collect data for the purposes of performance of the contract (including requests and the processing of any claims under the warranty, the right to performance and the right of withdrawal, as well as any statutory updating obligations) in accordance with Art. 6, para. 1, b) GDPR, when you voluntarily provide them to us as part of your order. Mandatory fields are marked as such since, in this case, we absolutely need these data in order to perform the contract and in the absence thereof we cannot send the order. The respective input forms make it possible to know which data are collected.

You will find further information on the processing of your data, in particular on the transfer to our service providers for the purposes of execution of orders, payments and deliveries, in the following sections of this personal data protection declaration. After complete performance of the contract, we restrict the further processing of your data and delete them after expiry of the statutory retention periods provided for under tax and commercial law in accordance with Art. 6, para. 1, c) GDPR, unless you have expressly consented to a further use of your data in accordance with Art. 6, para. 1, a) GDPR or unless we reserve the right to a wider use of the data, authorised by law, and of which we inform you in this declaration.

Merchandise management system
We use an external service provider of a merchandise management system for the purposes of execution of orders and contracts. Our service providers act for us within the framework of subcontracting of data processing. For any question relating to our service providers and the basis of our cooperation with them, please contact the contact person indicated in this personal data protection declaration.

2.2 Customer account
Insofar as, by deciding to open a customer account, you have given your consent in accordance with Art. 6, para. 1, a) GDPR, we use your data in order to open this account and to store your data for other future orders on our website. The deletion of your customer account is possible at any time and can be done either by a message sent to the address indicated in this data protection declaration or via a function provided for this purpose in the customer account. After the deletion of your customer account, we delete your data unless you have expressly consented to a further use of your data in accordance with Art. 6, para. 1, a) GDPR or unless we reserve the right to a wider use of the data, authorised by law, and of which we inform you in this declaration.

2.3 Establishing contact
Within the framework of communication with our customers, we collect personal data in order to process your requests in accordance with Art. 6, para. 1, b) GDPR when you voluntarily provide them to us within the framework of your contacting us (e.g. by contact form, live chat tool or email). Mandatory fields are marked as such, since in this case, we absolutely need these data in order to process your request for contact. The respective input forms make it possible to know which data are collected. After complete processing of your request, we delete your data, unless you have expressly consented to a further use of your data in accordance with Art. 6, para. 1, a) GDPR or unless we reserve the right to a wider use of the data, authorised by law, and of which we inform you in this declaration.

Data processing for the purposes of execution of deliveries
In order to perform the contract, in accordance with Art. 6, para. 1, b) GDPR, we transfer your data to the delivery service provider, insofar as this is necessary for the delivery of the ordered goods. For any question relating to our service providers and the basis of our cooperation with them, please contact the contact person indicated in this personal data protection declaration.

Transfer of data to delivery service providers for the purpose of announcement of the delivery
Insofar as you have given us your express consent during or after your order, we transmit your email address and telephone number to the selected delivery service provider in accordance with Art. 6, para. 1, a) GDPR, so that it can contact you before delivery for the purpose of announcing or coordinating it.
Consent may be withdrawn at any time by sending a message to the contact person indicated in this data protection declaration.
Following withdrawal of consent, we delete the data that you have provided for this purpose, unless you have expressly consented to a further use of your data or unless we reserve the right to a wider use thereof, authorised by law, and of which we inform you in this declaration. For any question relating to our service providers and the basis of our cooperation with them, please contact the contact person indicated in this personal data protection declaration.

Data processing for the purposes of execution of payments
Within the framework of execution of payments in our online shop, we cooperate with the following partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for the purposes of execution of transactions
Depending on the chosen method of payment, we transmit the data necessary for processing the payment transaction to our payment service providers, to the credit institutions entrusted, or to the selected payment service provider, insofar as this is necessary for execution of the payment. This serves the execution of the contract in accordance with Art. 6, para. 1, b) GDPR. In certain cases, the payment service providers themselves collect the data necessary for processing the payment, for example on their own website or by technical integration in the ordering process. The data protection declaration of the payment service provider concerned applies.

Depending on the chosen method of payment, data may be transferred to third countries outside the EU/EEA for which the European Commission has found, by decision, an adequate level of data protection. Where a transfer of data takes place to third countries outside the EU/EEA for which the European Commission has not adopted a decision finding the adequacy of their level of data protection, the cooperation is based on standard data protection clauses of the European Commission.

For any question concerning our partners responsible for processing payments or the basis of our cooperation with them, please contact the contact person indicated in this data protection declaration.

4.2 Data processing for the purposes of fraud prevention and optimisation of our payment processes
Where applicable, we provide the aforementioned service providers with additional data which they use, together with the data necessary for execution of the payment, for the purposes of fraud prevention and optimisation of our payment processes (e.g. invoicing, processing of disputed payments, accounting support).

In accordance with Art. 6, para. 1, f) GDPR, this serves to safeguard our legitimate interests in protection against fraud and in efficient management of payments, which prevail in the balancing of the respective interests of the parties.

Advertising by email
5.1 Advertising by email with subscription to the newsletter and tracking of the newsletter
When you subscribe to our newsletter, we use the data necessary for this purpose or separately provided by you to send you our newsletter regularly by email on the basis of your consent in accordance with Art. 6, para. 1, a) GDPR.

You may unsubscribe from the newsletter at any time either by sending a message to the contact person designated in this data protection declaration, or via a link contained for this purpose in the newsletter.

After your unsubscribe, we delete your email address from the list of recipients of the Newsletter, unless you have expressly consented to a further use of your data, in accordance with Art. 6, para. 1, a) GDPR, or unless we reserve the right to a wider use of the data, authorised by law, and of which we inform you in this declaration.

We draw your attention to the fact that we evaluate your user behaviour when sending the newsletter. To do this, we also analyse your use of our newsletter by measuring, recording and evaluating opening rates and click rates for the purpose of configuring future newsletter campaigns ("newsletter tracking").

For this evaluation, the emails sent contain single-pixel technologies (e.g. web beacons, tracking pixels), which are stored on our website. For the evaluations, we in particular correlate the following "newsletter data":

the page from which the current page was requested ("refferer"),
the date and time of the consultation,
the description of the type of web browser used,
the IP address of the requesting terminal,
the email address,
the date and time of subscription and confirmation
and the single-pixel technologies with your email address or your IP address and, where applicable, an individual identifier. The links contained in the newsletter may also contain this identifier.

If you do not wish newsletter tracking, it is possible for you at any time - as described above - to unsubscribe from the newsletter.

The information is kept for as long as you are subscribed to the newsletter.

5.2 Advertising by email without subscription to the newsletter and your right to object
If we obtain your email address in the context of the sale of goods or a service and in the absence of objection on your part, we reserve the right, in accordance with art. 1, 1° of the Royal Decree of 4 April 2003 regulating the sending of advertising by electronic mail, to send you regularly by email offers concerning products from our range similar to those already purchased.
You may object to this use of your email address at any time either by sending a message to the contact person designated in this data protection declaration, or via a link contained for this purpose in the advertising email without incurring any costs other than communication costs according to the basic rates. After your unsubscribe, we delete your email address from the list of recipients of the Newsletter, unless you have expressly consented to a further use of your data, in accordance with Art. 6, para. 1, a) GDPR, or unless we reserve the right to a wider use of the data, authorised by law, and of which we inform you in this declaration.

5.3 Sending of the newsletter
Where applicable, the newsletter and the newsletter tracking described above are also sent by our service providers within the framework of processing carried out on our behalf. For any question relating to our service providers and the basis of our cooperation with them, please contact the contact person indicated in this personal data protection declaration.

5.4 Sending by email of invitations to submit a review
Insofar as you have given us your explicit consent for this purpose during or after your order, in accordance with Art. 6, para. 1, a) GDPR, we will use your email address in order to ask you to submit a review via the customer review system that we use. You may withdraw your consent at any time either by sending a message to the contact person designated in this data protection declaration, or via a link contained for this purpose in the invitation to submit a review. In the event of withdrawal of your consent, we delete your email address from the list of recipients, unless you have expressly consented to a further use of your data in accordance with Art. 6, para. 1, a) GDPR or unless we reserve the right to a wider use of the data, authorised by law, and of which we inform you in this declaration.

Where applicable, the invitations to submit reviews are also sent by our service provider Trusted Shops SE (hereinafter "Trustes Shops"), whose registered office is located at Subbelrather Str. 15C, 50823 Cologne, Germany.

Within the framework of the sending of invitations to submit a review, we receive information from Trusted Shops on the status of the invitation (for example, whether the invitation has been sent and whether it has been received). This takes place in accordance with Art. 6, para. 1, f) GDPR in order to realise our legitimate interest in receiving information on the invitations to submit a review, in order possibly to carry out optimisations on this basis, and in order to realise the legitimate interest of Trusted Shops in being able to offer this service.

We are jointly responsible with Trusted Shops for the sending of invitations to submit a review as well as the collection and display of information relating to the review or its status.

Please contact Trusted Shops preferably for any question relating to data protection or to exercise your rights within the framework of the joint responsibility existing between us and Trusted Shops. You will find the contact details of Trusted Shops here. You will find further information on data protection under this link. Independently of this, it is also always possible for you to contact us at the address indicated in this declaration under "Possibility of contact". Your request will then, if necessary, be transmitted for response to the other controller.

Cookies and other technologies
6.1 General information
In order to make the visit to our website attractive and to allow the use of certain functions, to present suitable products or to carry out market studies, we use technologies, including "cookies", on different pages. Cookies are small text files which are automatically stored on your terminal. Some of the cookies we use are deleted at the end of the browsing session, that is to say after closing your browser (session cookies). Other cookies remain on your terminal and allow us to recognise your browser on your next visit (persistent cookies). You may consult the duration of storage in the overview of your web browser's cookie settings.

Protection of privacy at the level of terminal equipment
When using our online offer, we resort to technologies that are absolutely necessary for the provision of the online public communication service, this being expressly desired by the user. To that extent, the storage of information on your terminal or access to information already stored therein do not require your consent.

In the case of functions that are not strictly necessary, the storage of information on your terminal or access to information already stored therein requires your consent. We draw your attention to the fact that, if you do not give your consent, certain parts of the website may not be fully usable. Where applicable, the consents you have given remain in force until you adapt or reset the corresponding settings on your terminal.

Possible downstream processing of data by cookies and other technologies
We use technologies that are absolutely necessary for the use of certain functions of our website (e.g. the shopping basket function). These technologies are used to collect and process the IP address, the time of the visit, information on devices and browsers as well as information on your use of our website (for example, information relating to the content of the shopping basket). This serves to safeguard our legitimate interests in an optimised presentation of our offer, which prevail in the balancing of the respective interests of the parties in accordance with Art. 6, para. 1, f) GDPR.

In addition, we use technologies in order to fulfil the legal obligations to which we are subject (for example, in order to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing.
You will find further information in this respect, including the corresponding legal basis for data processing, in the following sections of this personal data protection declaration.

Cookie settings

You will find the cookie settings for your browser under the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

Insofar as you have consented to the use of technologies in accordance with Art. 6, para. 1, a) GDPR, you may withdraw your consent at any time by sending a message to the contact person designated in this data protection declaration.
You may also click on the “Data Protection” button. Refusal of cookies may limit the functionalities of our website.

6.2 Consent management platform
We use a consent management system on our website in order to inform you about the cookies and other technologies that we use on our site as well as to obtain, manage and document your consent, insofar as it is necessary, to the processing of your personal data by these technologies. In accordance with Art. 6, para. 1, c) GDPR, this is necessary for compliance with our legal obligation arising from Art. 7, para. 1 GDPR, by virtue of which we must be able to prove your consent to the processing of your personal data. The consent management platform used is an offer of Pandectes GDPR Compliance, Pudisoo küla, Männimäe/1, 74626, Kuusalu vald, Estonia, which processes your data on our behalf.

After you have submitted your declaration relating to cookies on our website, the ConsentManager web server records the following data: IP address, information relating to the terminal, information relating to the browser, selected language, website consulted or its URL, date and time of your declaration of consent as well as information relating to your behaviour regarding consent. In addition, the following technologies are used, which contain information on your behaviour regarding consent: cookies, log files

Your data will be deleted after three years unless you have expressly consented to a further use of your data in accordance with Art. 6, para. 1, a) GDPR or unless we reserve the right to a wider use of the data, authorised by law, and of which we inform you in this declaration.

Use of cookies and other technologies
We use the following cookies and other technologies from third-party providers on our website. Unless otherwise indicated for the different technologies, this processing takes place on the basis of your consent in accordance with Art. 6, para. 1, a) GDPR. The data collected in this context will be deleted once the intended purpose has been achieved and once we have ceased using the corresponding technology. You may withdraw your consent at any time with effect for the future. You will find further information on the possibilities of withdrawing consent in the section "Cookies and other technologies". You will find further information, in particular on the basis of our cooperation with the different providers, by consulting the different technologies. For any question relating to the providers and the basis of our cooperation with them, please contact the contact person indicated in this personal data protection declaration.

7.1 Use of Google services
Data (IP address, time of the visit, information on devices and browsers, as well as information on your use of our website), from which pseudonymised usage profiles are created, are automatically collected and stored for the purposes of web analysis with the aid of Google Analytics. Cookies may be used for this purpose. If you consult our website from the EU, your IP address is stored on a server situated in the EU in order to deduce location data from it, then it is immediately deleted before the traffic is transferred to other Google servers in order to be processed there. The data processing takes place on the basis of an agreement on subcontracting of personal data processing by Google.

We use the following technologies of Google Ireland Ltd, whose registered office is situated at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies regarding your use of our website is, as a rule, transferred to a server of Google LLC, whose registered office is situated at 1600 Amphitheatre Parkway Mountain View, CA 94043, United States, and is stored there. Unless otherwise indicated for the different technologies, the data processing is carried out on the basis of an agreement concluded for each technology between joint controllers in accordance with Art. 26 GDPR. You will find further information on the data processing by Google in Google's data protection declaration.

Our service providers have their registered office and/or use servers in countries situated outside the EU and the EEA, for which the European Commission has found by decision an adequate level of data protection.

Our service providers have their registered office and/or use servers situated in third countries outside the EU and the EEA. The European Commission has not adopted an adequacy decision for these countries. Our cooperation is based on the standard data protection clauses adopted by the European Commission.

Google Analytics
In order to optimise the marketing of our website, we have activated the data sharing settings for the "Google products and services". This enables Google to access the data collected and processed by Google Analytics and then use them for the improvement of Google's services. The sharing of data with Google within the framework of these data sharing settings is based on an additional agreement between controllers. We have no influence on the subsequent processing of data by Google.

In order to optimise the marketing of our website, we use the User-ID functionality. Thanks to this function, we can assign a unique and permanent identifier to your engagement data coming from one or more sessions on our online presences and thus analyse your user behaviour across different devices and sessions.

Google Signals, the extension function of Google Analytics, makes possible "Cross-Device Tracking" for the purposes of web analysis. Insofar as your devices connected to the internet are associated with your Google account and you have activated the "ads personalisation" setting in your Google account, Google may generate reports on your usage behaviour (in particular on the number of multi-device users) even if you change terminal.
We do not process personal data in this context, we only receive statistics created on the basis of Google Signals.

The extension function of Google Analytics enables the so-called DoubleClick cookie to recognise, for advertising and web analysis purposes, your browser when you visit other websites. Google will use this information to produce reports on website activities and to provide other services related to the use of the website.

If you do not give us your consent in accordance with Art. 6, para. 1, a) GDPR for the use of Google Analytics, no cookie will be stored or read on your device. The data processing described in the previous paragraphs will not be carried out. In order to fill gaps in web analysis by modelling behaviour and conversions, Pings containing data (user agent, information on your consent behaviour, screen resolution, IP address) are sent to Google.

Google Ads
The Google Remarketing cookie is installed during your visit to our website for advertising purposes in Google search results as well as on third-party websites. It makes it possible automatically to carry out interest-based advertising by means of collecting and processing data (IP address, time of the visit, information on devices and browsers, as well as information on your use of our website) and by means of a pseudonymous cookie identifier as well as on the basis of the pages you visit.
Any other data processing is only carried out insofar as you have activated the "ads personalisation" setting in your Google account. In this case, if you are logged in to Google while you visit our website, Google uses your data as well as those of Google Analytics in order to create and define target group lists for cross-device remarketing.

We use the Google Ads Conversion Tracking tool for web analysis and event tracking in order to measure your usage behaviour when you arrive on our website via a Google Ads advertisement. It is possible that cookies are used for this and that data (IP address, time of the visit, information on your devices and your browsers, as well as information on your use of our website by means of events specified by us, such as a visit to a website or a subscription to a Newsletter) are collected, from which pseudonymised usage profiles are created.

If you do not give us your consent in accordance with Art. 6, para. 1, a) GDPR for the use of Google Ads, no cookie is stored or read on your device. The data processing described in the previous paragraphs does not take place. In order to fill gaps in web analysis by modelling behaviour and conversions, pings containing data (user agent, information on your consent behaviour, screen resolution, IP address, page URL, information on advertising clicks in URL parameters) are sent to Google. Your IP address is used to determine the country of your IP address.

Google Maps
Google Maps collects data on your use of its functions, in particular the IP address and location data, for the purposes of visual representation of geographical information, and transmits these data to Google, which then processes them. We have no influence on this subsequent data processing.

Google reCAPTCHA
Google reCAPTCHA collects data (IP address, time of the visit, information on the browser and on your use of the site) and analyses your use of our website by means of a JavaScript script and cookies for the purposes of protection against abusive use of our web forms and against spam by automated software (called "bots"). In addition, Google services evaluate other cookies stored in your browser. The data processing is carried out on the basis of an agreement relating to the subcontracting of personal data processing concluded with Google. Users of a customer who access websites protected by reCAPTCHA are no longer subject to Google's privacy policy and terms of use.

Google Tag Manager
Google Tag Manager allows us to manage different codes and services on our website. During the implementation of the different tags, Google also processes, where applicable, personal data (e.g. IP address, online identifiers (among others cookies)). The data processing is carried out on the basis of a contract on subcontracting of data processing by Google.

The use of Google Tag Manager makes it possible to integrate different services/technologies.

Insofar as you do not wish the use of certain tracking services and you have therefore deactivated them, this deactivation remains valid for all the tracking tags concerned which are integrated via Google Tag Manager.

7.2 Use of Meta services
Use of the Meta pixel
For this purpose, a cookie is automatically placed by the Meta pixel when you visit our website. This cookie allows your browser to be automatically recognised when you visit other websites thanks to a pseudonymous cookie identifier. Meta Platforms Ireland will combine this information with other data from your Facebook (by Meta) account and will use them in order to compile reports on website activities and to provide other services related to the use of the website, in particular personalised and group advertising.
The information automatically collected by Meta Platforms Ireland technologies concerning your use of our website is, as a rule, transferred to a server of Meta Platforms, Inc., whose registered office is situated at 1601 Willow Road, Menlo Park, California 94025, United States, and is stored there. You will find further information on the data processing by Meta Platforms Ireland in the Data Policy of Meta Platforms Ireland.

Our service providers have their registered office and/or use servers situated in the following countries, for which the European Commission has established by decision an adequate level of data protection: Brazil, United States, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the United States serves as a basis for transfers to third countries, insofar as the service provider concerned is certified. The provider is certified.

Our service providers have their registered office and/or use servers situated in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico. The European Commission has not adopted an adequacy decision for these countries. Our cooperation with these providers is based on the following guarantees: standard data protection clauses of the European Commission.

We use the Meta pixel within the framework of the following technologies of Meta Platforms Ireland Ltd, whose registered office is situated at Block J, Serpentine Avenue, Dublin 4, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland").
The Meta pixel is used to automatically collect and store data (IP address, time of the visit, information on your devices and your browsers, as well as information on your use of our website by means of events specified by us, such as a visit to a website or a subscription to a Newsletter), from which pseudonymised usage profiles are created.

Information by means of which persons may be identified (for example, names, email addresses and telephone numbers) are moreover collected and stored in hashed form for the purposes of matching, within the framework of the said advanced data matching.

Meta Ads Manager
We use Meta Ads Manager in order to promote this site on Facebook (by Meta) and on other platforms. We determine the parameters of the corresponding advertising campaign. Meta Platforms Ireland is responsible for the exact implementation, in particular for the decision relating to the placement of advertisements with individual users. Unless otherwise indicated for the different technologies, data processing is carried out on the basis of an agreement concluded between joint controllers in accordance with Art. 26 GDPR. The joint responsibility is limited to the collection of the data and their transmission to Meta Platforms Ireland. The subsequent processing of data by Meta Platforms Ireland is not included therein.

On the basis of the statistics on the activity of visitors to our website, which are created via the Meta pixel, we use Custom Audiences in order to carry out group advertising on Facebook (by Meta) by determining the characteristics of the corresponding target group. Meta Platforms Ireland acts as our processor within the framework of the advanced matching of data taking place in order to determine the respective target group (see above).

We use Custom Audiences in order to carry out personalised advertising on the basis of the pseudonymous cookie identifier defined by the Meta pixel and of the data collected on your usage behaviour on our website.

We use Conversions (about Meta Pixel or Conversions API) for web analysis and event tracking in order to measure your subsequent usage behaviour when you arrive on our website via an advertising announcement of Meta Ads Manager. The data processing takes place on the basis of an agreement on subcontracting of personal data processing by Meta Platforms Ireland.

7.3 Other providers of web analysis and online marketing services
Use of the Pinterest Tag for advertising and web analysis purposes
Technologies of Pinterest Europe Ltd., whose registered office is situated at Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland ("Pinterest") are used during your visit to our website for advertising and web analysis purposes on Pinterest and third-party sites. They make it possible automatically to carry out interest-based advertising through the collection and processing of data (IP address, time of the visit, information on devices and browsers, as well as information on your use of our website) and by means of a pseudonymous cookie identifier as well as on the basis of the pages you visit. Pseudonymised usage profiles are created from the collected data.
Pinterest will combine this information with other data from your Pinterest account and use them in order to compile reports on website activities and to provide other services related to the use of the website.
We have no influence on the data processing by Pinterest, we only receive statistics created on the basis of the Pinterest Tag. This allows us to measure your subsequent usage behaviour for web analysis and event tracking purposes when you arrive on our website via a Pinterest advertisement.
The information automatically collected by Pinterest is, as a rule, transferred to a server of Pinterest, Inc., whose registered office is situated at 505 Brannan St, San Francisco, CA 94107, United States, and is stored there. The data processing is carried out on the basis of an agreement concluded between joint controllers in accordance with Art. 26 GDPR.

Use of the Vimeo video plugin for the purposes of integration of third-party content
In order to integrate third-party content, data (IP address, time of the visit, information on devices and browsers) are collected via the video plugin of Vimeo Inc., whose registered office is situated at 330 West 34th Street, 5th Floor, New York 10011, United States ("Vimeo"), transmitted to Vimeo, which then processes them. The data processing is carried out on the basis of an agreement concluded between joint controllers in accordance with Art. 26 GDPR.
Google Analytics is automatically integrated into the Vimeo video plugin. Data (IP address, time of the visit, information on devices and browsers, as well as information on your use of our website), from which pseudonymised usage profiles are created, are automatically collected and stored for the purposes of web analysis with the aid of Google Analytics. Cookies may be used for this purpose.
Google Analytics is an offer of Google Ireland Ltd, whose registered office is situated at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter, "Google").
The information automatically collected by Google relating to your use of our website is, as a rule, transferred to a server of Google LLC, whose registered office is situated at 1600 Amphitheatre Parkway Mountain View, CA 94043, United States, and is stored there. If you consult our website from the EU, your IP address is stored on a server situated in the EU in order to deduce location data from it, then it is immediately deleted before the traffic is transferred to other Google servers in order to be processed there. We have no influence and no access to the data processing by Vimeo, including the settings and the results of Google Analytics.

Integration of the Trusted Shops Trustbadge / other Widgets
Trusted Shops Widgets are integrated into this site in order to display the Trusted Shops services (e.g. the Trustmark, collected reviews).

This serves to safeguard our legitimate interests in an optimal marketing of our offer by enabling a secure purchase, which prevail in the balancing of the respective interests of the parties in accordance with Art. 6, para. 1, f) GDPR. The Trustbadge and the services of which it makes advertising are offered by Trusted Shops SE, whose registered office is situated at Subbelrather Straße 15C, 50823 Cologne, Germany (hereinafter, "Trusted Shops"), with which we are jointly responsible for data protection in accordance with Art. 26 GDPR. Within the framework of this data protection declaration, we inform you below of the broad outlines of the agreement in accordance with Art. 26, para. 2 GDPR.

Within the framework of the joint responsibility existing between us and Trusted Shops SE, please prefer to contact Trusted Shops SE for any question relating to data protection and to exercise your rights by using the contact details indicated in Trusted Shops' data protection declaration. Independently of this, it is also always possible for you to address yourself to the controller of your choice. Your request will then, if necessary, be transmitted for response to the other controller.

8.1 Data processing linked to the integration of the Trustbadge/other widgets
The Trustbadge is made available by an American CDN provider (Content-Delivery-Network). An adequate level of data protection is ensured by an adequacy decision of the European Commission, which may be consulted here for the United States. Service providers from the United States are generally certified under the EU-US Data Privacy Framework. Further information is available here. Where service providers are not certified under the data protection framework, standard contractual clauses have been concluded as an appropriate safeguard.

When the Trustbadge appears, the internet server automatically records a server log file which also contains your IP address, the date and time of the display, the quantity of data transferred and the requesting provider (log file data), and which documents the display. The IP address is anonymised immediately after collection, so that the stored data cannot be linked to your person. The anonymised data are used in particular for statistical purposes and error analysis.

8.2 Data processing at the end of the order
After the conclusion of the order, the information relating to the order (total amount of the order, order number, purchased product where applicable) as well as your email address hashed by a one-way cryptological function are transmitted to Trusted Shops. The legal basis is Art. 6, para. 1, f) GDPR. This serves to verify whether you are already registered for the Trusted Shops Services and is therefore necessary for the realisation of our prevailing legitimate interests and those of Trusted Shops in the provision of customer review services linked to the specific order, in accordance with Art. 6, para. 1, f) GDPR. If you are registered, further processing is carried out in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the Services, you will then have the possibility of doing so for the first time. Further processing after registration is also governed by the contractual agreement concluded with Trusted Shops. Insofar as you are not yet registered for the Services, you will then have the possibility of giving your consent for receiving invitations to submit a review. If you do not do so, all transmitted data will be automatically deleted by Trusted Shops and it will no longer be possible to establish any link with your person.

Trusted Shops uses service providers in the fields of hosting, monitoring and logging. The legal basis is Art. 6, para. 1, f) GDPR for the purpose of ensuring operation without incidents. In this context, processing may take place in third countries (United States, United Kingdom and Israel). An adequate level of data protection is guaranteed in each case by an adequacy decision of the European Commission, which may be consulted here for the United States, here for the United Kingdom and here for Israel. The American service providers used are in general certified under the EU-US data protection framework. You will find further information here. If the service providers used are not certified under the EU-US data protection framework, standard contractual clauses have been concluded as an appropriate safeguard.

Social networks
Our online presence on Facebook (by Meta), Instagram (by Meta), Youtube, LinkedIn
Insofar as you have given your consent to the operator of the corresponding social network, in accordance with Art. 6, para. 1, a) GDPR, your data are automatically collected and stored for market study and advertising purposes when you visit our online presences on the social networks mentioned above. Pseudonymised usage profiles are created from these data. These may be used, for example, to place, within and outside the platforms, advertising announcements presumed to correspond to your interests. As a rule, cookies are used for this purpose.
You will find further information on the processing and use of data by the operator of the social network concerned, as well as a possibility of contact and your rights and setting options for the protection of your privacy, in the data protection information of the operators whose internet addresses are integrated below. We remain at your disposal should you nevertheless need assistance in this regard.

Facebook (by Meta) is an offer of Meta Platforms Ireland Ltd., whose registered office is situated at Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland relating to your use of our online presence on Facebook (by Meta) is, as a rule, transferred and stored on a server of Meta Platforms, Inc., whose registered office is situated at 1601 Willow Road, Menlo Park, California 94025, United States. Data processing within the framework of the visit of a Facebook (by Meta) fan page is carried out on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR.
You will find further information (information relating to Page Statistics data) here.

The adequacy decision for the United States serves as a basis for transfers to third countries, insofar as the service provider concerned is certified. The provider is certified.

Our service providers have their registered office and/or use servers situated in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
The European Commission has not adopted an adequacy decision for these countries. Our cooperation with these providers is based on the following guarantees: standard data protection clauses of the European Commission.

Instagram (by Meta) is an offer of Meta Platforms Ireland Ltd., whose registered office is situated at Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland relating to your use of our online presence on Instagram is, as a rule, transferred and stored on a server of Meta Platforms, Inc., whose registered office is situated at 1601 Willow Road, Menlo Park, California 94025, United States. Data processing within the framework of the visit of an Instagram fan page is carried out on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR.
You will find further information (information relating to Page Statistics data) here.

The adequacy decision for the United States serves as a basis for transfers to third countries, insofar as the service provider concerned is certified. The provider is certified.

Our service providers have their registered office and/or use servers situated in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
The European Commission has not adopted an adequacy decision for these countries. Our cooperation with these providers is based on the following guarantees: standard data protection clauses of the European Commission.

YouTube is an offer of Google Ireland Ltd., whose registered office is situated at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). The information automatically collected by Google relating to your use of our online presence on YouTube is, as a rule, transferred and stored on a server of Google LLC, whose registered office is situated at 1600 Amphitheatre Parkway Mountain View, CA 94043, United States.

LinkedIn is an offer of the company LinkedIn Ireland Unlimited, whose registered office is situated at Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn relating to your use of our online presence on LinkedIn is, as a rule, transferred and stored on a server of LinkedIn Corporation, whose registered office is situated at 1000 W. Maude Avenue, Sunnyvale, CA 94085, United States.

The adequacy decision for the United States serves as a basis for transfers to third countries, insofar as the service provider concerned is certified. The provider is certified.

Possibilities of contact and your rights
10.1 Your rights
As a person concerned by the processing of personal data you have the following rights:

Under Article 15 of the GDPR, you have a right of access to the personal data concerning you that we process.
Under Article 16 of the GDPR, you have the right to rectification, without delay, of your personal data which are inaccurate. You also have the right to request that these data be completed.
Under Article 17 of the GDPR, you have a right to erasure of your personal data insofar as the processing is not necessary for:
the exercise of the right to freedom of expression and information;
compliance with a legal obligation;
a reason of public interest;
the establishment, exercise or defence of legal claims.
Under Article 18 of the GDPR, you have a right to restriction of processing in the cases where:
you contest the accuracy of the data;
the processing of the data is unlawful but you oppose their erasure;
we no longer need your data but they are still necessary for you for the establishment, exercise or defence of your legal claims;
you have exercised your right to object to the processing of the data under Article 21 of the GDPR.
Under Article 20 of the GDPR you have a right to receive your data in a structured, commonly used and machine-readable format as well as to request the transmission of these data to another controller.
Under Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, for this purpose, you may address yourself to the supervisory authority of your habitual place of residence, of your place of work or of our registered office.
Right to object
Insofar as we process personal data as explained above in order to safeguard our legitimate interests which prevail in the balancing of the respective interests of the parties, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. If the processing is carried out for other purposes, you only have a right to object for reasons arising from your particular situation.

After having exercised your right to object, we will no longer process your personal data for these purposes, unless we can justify compelling legitimate grounds for this processing which override your interests, rights and freedoms, or if the processing contributes to the assertion, exercise or defence of legal rights.

This does not apply if the processing is carried out for direct marketing purposes. We will then no longer process your personal data for this purpose.

In addition, you have the right to lodge a complaint with the competent authority for data protection in Belgium: Data Protection Authority - Rue de la Presse 35 - 1000 Brussels - email: contact@apd-gba.be

10.2 Possibilities of contact
For any question relating to the collection, processing or use of your personal data, for any request for information, correction, restriction or erasure of data as well as for any withdrawal of the consents given or any objection to a particular use of the data, please contact our services directly by means of the contact details indicated in the Legal Notice.

Data Protection Officer:
Datenschutz Symbiose GmbH, Dr. Marion Herrmann
Hundingstr. 12
95445 Bayreuth
Germany

mh@datenschutz-symbiose.de

Privacy Policy

Data protection declaration