Skip to content
About Pammys
Pammys Creators Club
Pammy's Affiliate Club
Career
Help & Contact
FAQ - Frequently Asked Questions
Privacy Policy
Protecting your privacy when processing personal data is our highest priority. Therefore, we only process personal data when it is necessary for the use of our services and economically reasonable. Of course, we always comply with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Below we inform you about which data is processed in what way and by which entities when you visit our online shop at www.pammys.com.
I. Controller for data processing is:
dieseo GmbH
Gaardener Ring 11
24143 Kiel
Germany
Email: hallo@pammys.com
II. Personal data
(1) Personal data are information relating to your person and by which you can be identified. This includes, among other things, your name, address, email address, location data, payment information, and other comparable details. In principle, it is possible to visit our website without providing personal data. However, in certain cases, we need such data to provide you with the desired services on our website. If you use one of our services that requires the provision of personal data, we only collect the information necessary for this purpose – and generally only with your consent.
III. Visiting our website
A. General use
(1) When you visit our website, our web servers automatically store the IP of your internet service provider, the website from which you visit us, the pages you visit on our site, as well as the date and duration of the visit. The processing of this information is essential for the technical transmission of the websites, the comfortable use of our services, and the secure operation of the server. Our legitimate interest arises from Art. 6 para. 1 lit. f) GDPR.
(2) An immediate conclusion about your identity is not possible based on the information and will not be drawn by us. The information is stored and automatically deleted after the aforementioned purposes have been achieved. The standard deletion periods are based on the criterion of necessity.
1. Automatically saved data (server log files)
(1) The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These are:
• date and time of the request
• name of the requested file
• page from which the file was requested
• access status (file transferred, file not found, etc.)
• used web browser and operating system
• full IP address of the requesting computer
• transferred data volume
(2) A merging of this data with other data sources does not take place. The processing is carried out according to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.
(3) For reasons of technical security, especially to defend against attack attempts on our web server, this data is stored by us temporarily. It is not possible for us to draw conclusions about individual persons based on this data. After a maximum of seven days, the data is anonymized by shortening the IP address to the domain level, so that it is no longer possible to establish a connection to the individual user. In anonymized form, the data is also processed for statistical purposes; no matching with other data sets or transfer to third parties, even in extracts, takes place.
2. Cookies, tracking pixels, and tools
(1) When you visit our websites, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified again via the unique cookie ID. An overview of the cookies we use can be found here.
(2) By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without setting cookies. Without consent, we only use technically necessary cookies based on the legitimate interest according to Art. 6 para. 1 lit. f GDPR.
(3) We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily agree to tracking or analysis via the displayed cookie banner. Your data may be passed on to partners or third parties if applicable. These cookies are only stored if you explicitly agree, with the legal basis then being your consent according to Art. 6 para. 1 lit. a GDPR. You can change your cookie usage settings here at any time.
3. Social plugins from Facebook, Pinterest, Instagram, and Youtube
(1) Social buttons from social networks are used on our website. These are only embedded as HTML links on the page, so that no connection to the servers of the respective provider is established when you visit our website. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can, for example, press the Like or Share button.
4. Consent Management
(1) When using cookies, a distinction is made between strictly necessary cookies and those for further purposes (measuring access numbers, advertising purposes). You basically have the choice via our consent manager to accept or reject all or some of the non-essential cookies. If you choose the latter option, it is possible that you may not be able to use our offer fully. You can control and revoke this consent via our consent management (also known as "cookie banner" or "cookie settings").
B. Online presence and service optimization
1. Shopify
(1) We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify"). Shopify is a tool for creating and hosting e-commerce websites. When you visit our website, Shopify collects your IP address as well as information about the device and browser you are using. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and creates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment data, and other data related to the purchase (e.g., phone number, amount of sales made, etc.). For the analyses, Shopify stores cookies in your browser. For details, please refer to Shopify's privacy policy: https://www.shopify.de/legal/datenschutz
(2) The use of Shopify is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If appropriate consent has been requested, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG, as far as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. We have concluded a data processing agreement (DPA) according to Art. 28 GDPR with the above-mentioned provider. This is a legally required contract that ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
2. Google reCAPTCHA
(1) On this website, we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). This function primarily serves to distinguish whether an input is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is based on Art. 6 para. 1 lit. a GDPR on the basis of your consent, provided you have given it to us via the consent banner. Since data protection is very important to us and we want to keep the intervention as minimal as possible for you, we do not use Google's service permanently but only in certain situations. In the context of using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the USA.
(2) In case of transmission of personal data to Google LLC, based in the USA, Google LLC has certified itself under the US-European data protection agreement "Privacy Shield," which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
(3) Further information about Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/
C. Tools and services for analysis, statistics collection, and marketing
1. Google Tag Manager
(1) We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
(2) Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It only serves to manage and deliver the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.
(3) The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in quick and uncomplicated integration and management of various tools on their website. If corresponding consent has been obtained, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, as far as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
2. Google Analytics (4)
(1) This website uses features of the web analytics service Google Analytics. Provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
(2) Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of stay, operating systems used, and the user's origin. This data is combined into a user ID and assigned to the respective end device of the website visitor.
(3) Furthermore, with Google Analytics, we can record your mouse and scroll movements and clicks, among other things. Additionally, Google Analytics uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis. Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
(4) Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/
3. Browser Plugin
(1) You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. More information on handling user data with Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
4. Google Signals
(1) We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). This data can be used with the help of Google Signals for personalized advertising. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on user behavior of our users.
5. Google Analytics E-Commerce Measurement
(1) This website uses the "E-Commerce Measurement" feature of Google Analytics. With the help of E-Commerce Measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product is recorded. This data can be aggregated by Google under a transaction ID assigned to the respective user or their device.
6. Google Ads
(1) The website operator uses Google Ads. Google Ads is an online advertising program by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
(2) Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available at Google (e.g., location data and interests) (audience targeting). As the website operator, we can quantitatively evaluate this data by analyzing, for example, which search terms triggered the display of our ads and how many ads led to corresponding clicks.
(3) The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/
7. Google AdSense
(1) This website uses Google AdSense, a service for embedding advertisements. Provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
(2) We use Google AdSense in "non-personalized" mode. Unlike the personalized mode, the ads are therefore not based on your previous user behavior and no user profile is created about you. Instead, so-called "contextual information" is used to select the ads. The selected ads are then based, for example, on your location, the content of the website you are on, or your current search terms. More about the differences between personalized and non-personalized targeting with Google AdSense can be found at: https://support.google.com/adsense/answer/9007336
(3) Please note that even when using Google Adsense in non-personalized mode, cookies or similar recognition technologies (e.g., device fingerprinting) may be used. According to Google, these are used to combat fraud and abuse.
(4) The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.
(5) The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details here: https://business.safety.google/adscontrollerterms/sccs/
(6) You can adjust your advertising settings independently in your user account. To do so, click the following link and log in: https://accounts.google.com/InteractiveLogin/signinchooser
(7) More information about the advertising technologies here: https://policies.google.com/technologies/ads and https://pammys.com/pages/datenschutz
8. Google Campaign Manager
(1) This website also uses the online marketing tool Campaign Manager from Google, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
(2) Campaign Manager uses cookies to display relevant ads to users, improve campaign performance reports, or prevent a user from seeing the same ads multiple times. Through a cookie ID, Google records which ads are shown in which browser and can thus prevent them from being displayed repeatedly. In addition, Campaign Manager can use cookie IDs to track so-called conversions related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and makes a purchase there.
(3) Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge: By integrating Campaign Manager, Google receives the information that you accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered or logged in to Google, it is possible that Google obtains and stores your IP address.
(4) In addition, the Campaign Manager cookies used (e.g., labeled as DoubleClick or Floodlight) allow us to understand whether you perform certain actions on our website after you have viewed or clicked one of our Display/Video ads on Google or another platform via Campaign Manager (conversion tracking). The Campaign Manager uses this cookie to understand the content you interacted with on our websites in order to send you targeted advertising later.
(5) The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time. For more information about Campaign Manager, please visit https://marketingplatform.google.com/about/enterprise/ and for general information about data protection at Google: https://www.google.de/intl/de/policies/privacy Google has committed to the Data Privacy Framework Program and is certified: https://www.dataprivacyframework.gov/s/
9. Google Display & Video 360
(1) On this website, we use the tool Display & Video 360 from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, which collects data for analysis, marketing, and optimization purposes and thus helps us improve our marketing measures and our website.
(2) The collected data is used by Display & Video 360 to link ad contacts and clicks on ads with resulting use of our website. This way, we can determine whether internet users who have seen our ads visit our website or which products they are interested in. This helps us use our advertising budget more efficiently. The collected data can also be used by us to deliver advertising based on your interests (e.g., viewed products).
(3) Pseudonymous online identification numbers (such as cookie IDs or IP addresses) are used for data collection. No unique user-related data such as name or address is stored. All IDs we use only allow the recognition of your device and your internet browser. The collected data is not used by us to personally identify you as a user of our website without your separate consent.
(4) We point out that Google may link the visit to this website with the registered data for users who have registered with Google. How exactly Google handles your data can be found on Google's privacy pages by clicking the following link: https://privacy.google.de/intl/de/take-control.html?categories_activeEl=sign-in
(5) The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time. Google has submitted to the Data Privacy Framework Program and is certified: https://www.dataprivacyframework.gov/s/
10. Microsoft Advertising
(1) We use the technologies of Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft") as shown below. Data processing is based on an agreement between joint controllers according to Art. 26 GDPR. The information automatically collected by the Microsoft technologies about your use of our website is usually transmitted to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.
(2) Further information about data processing by Microsoft can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
(3) For advertising purposes in Bing, Yahoo, and MSN search results as well as on third-party websites, the so-called Microsoft Advertising Remarketing Cookie is set when visiting our website. This cookie automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information, as well as information about your use of our website) using a pseudonymous cookie ID and based on the pages you visited.
(4) For website analysis and event tracking, we measure your subsequent usage behavior via Microsoft Advertising Universal Event Tracking (UET) if you have reached our website through a Microsoft Advertising ad, and create usage profiles using pseudonyms. Cookies may be used for this purpose, and data (IP address, time of visit, device and browser information, as well as information about your use of our website based on events specified by us, such as visiting a webpage or newsletter registration) are collected, from which usage profiles are created using pseudonyms.
(5) If the corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
11. Facebook Pixel
(1) This website uses Facebook visitor action pixels for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries. This allows the behavior of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook advertisement. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
(2) The data collected is anonymous to us as the operator of this website; we cannot draw conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy. This allows Facebook to display advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the page operator.
(3) The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. Consent can be revoked at any time. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381
(4) As far as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after the forwarding is not part of the joint responsibility. The obligations jointly incumbent on us have been recorded in a joint processing agreement. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. Data subject rights (e.g., requests for information) regarding the data processed by Facebook can be asserted directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook. You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/
(5) You can also deactivate the remarketing feature "Custom Audiences" in the ad settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. For this, you must be logged into Facebook.
D. Contact Form
(1) When contacting us (e.g., via contact form, email, phone, or social media), the data sent by the requesting person is processed as far as necessary to answer the contact inquiries and any requested measures and is stored on our servers as part of data backup. Your data will be used by us exclusively to handle your request. Your data will be treated strictly confidentially. No transfer to third parties will take place.
(2) The response to contact inquiries within the scope of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre-)contractual inquiries and otherwise based on legitimate interests in responding to inquiries.
(3) Types of data processed: Master data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms).
(4) Affected persons: Communication partners.
(5) Purposes of processing: Contact inquiries and communication
(6) Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR).
E. Customer Account
(1) Contract partners can create an account within our online offer (e.g., customer or user account, briefly "customer account"). If registration of a customer account is required, contract partners will be informed accordingly as well as about the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration as well as subsequent logins and use of the customer account, we store the customers' IP addresses along with access times to verify the registration and to prevent possible misuse of the customer account.
(2) When customers have canceled their customer account, the data related to the customer account will be deleted, unless its retention is required by law. It is the customers' responsibility to back up their data after the customer account has been canceled.
F. Shop and E-Commerce
(1) We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, especially postal, freight, and shipping companies, to carry out delivery or execution to our customers. For processing payment transactions, we use the services of banks and payment service providers. The required information is marked as such within the order or comparable acquisition process and includes the data needed for delivery, provision, and billing, as well as contact information to enable any necessary communication.
(2) Types of data processed: Master data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., contract subject, duration, customer category), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
(3) Data subjects: Prospects, business and contractual partners, customers.
(4) Purposes of processing: Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures, management and response to inquiries, security measures, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).
(5) Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
1. Purchase of goods
(1) If you are already a customer with us and need to interrupt the process during a new order or cannot complete your purchase, we will remind you by email or SMS after a certain time about the items you placed in your shopping cart so that you do not have to assemble them again ("Abandoned Cart") or send you a message with the viewed items ("Abandoned Browse"). For this, we use cookies. More information about the use of cookies can be found under section 3.1.2 ("Cookies, Tracking Pixels and Tools").
(2) The legal basis for sending the notifications is § 7 para. 3 UWG. You can object to the sending of notifications at any time by contacting us, for example via the corresponding link in the received email.
G. Direct advertising
1. Customer information
(1) Unless you have objected, we use the email address and mobile phone number you provided when purchasing goods or services to electronically send advertising for our own goods or services that are similar to those you have already purchased or used from us. For this purpose, we use your email address, mobile phone number, name, and order history to provide you with information about products that might interest you based on your recent orders. The legal bases for data processing are Art. 6 para. 1 lit. f GDPR and § 7 para. 3 UWG.
(2) You can object to this processing at any time in accordance with Art. 21 para. 2 GDPR by contacting us, for example, via the corresponding link in the received email or by sending an email to hallo@pammys.com.
2. Newsletter
(1) On our website, we offer the option to sign up for our newsletter. After registration, we regularly inform you by email and SMS about news regarding our offers (e.g., promotions, new products, restocks, and contests).
(2) Furthermore, after a certain period, you will be reminded by email and SMS of the items you placed in your shopping cart and whose order you had to interrupt or whose purchase you could not complete.
(3) A valid email address or mobile phone number is required to register for the newsletter. To verify the email address, you will first receive a registration email that you must confirm via the link. To verify the mobile phone number, you will receive a registration SMS that you must confirm via the link (Double Opt-In). When you subscribe to the newsletter on our website, we process personal data such as your email address and mobile phone number based on your consent. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4) You can unsubscribe from our newsletter at any time by contacting us, for example, via the corresponding link in the received email or by writing an email to hallo@pammys.com.
3. Typeform
(1) We use Typeform from TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform) for our B2B newsletter registration and customer challenge. This allows us to provide you with an easy way to contact us. For this purpose, we share the following personal data with Typeform: email address
(2) Typeform is the recipient of your personal data and acts as a processor on our behalf. The processing of the data specified in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot provide you with a newsletter. The data is stored exclusively for the purpose of newsletter registration.
(3) Additionally, Typeform collects the following personal data using cookies: information about your device (IP address, device information, operating system, browser settings). Furthermore, usage data such as the date and time when you used the form is collected. Typeform needs this data to ensure the display and functionality. More information can be found at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data
(4) The legal basis for these processes is your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the contact options provided. Your data will be processed as long as the corresponding consent exists. The lawfulness of the processing carried out so far is not affected by the declaration of revocation.
4. Service Providers
(1) We use Klaviyo to send customer information and newsletters and integrate components on our website for this purpose. The provider is Klaviyo, Inc., 125 Summer St Floor 6, Boston, MA 02111, United States (hereinafter "Klaviyo"). Klaviyo offers marketing automation software for marketing services and products, including SEO and content creation, lead management, newsletters, email and SMS marketing, and web analytics.
(2) Klaviyo uses cookies and other browser technologies to analyze user behavior and identify users. This information is used, among other things, to compile reports on website activities and to send customers personalized communication (e.g., reminders of unfinished purchases, notifications about products customers have viewed, etc.). Additionally, Klaviyo is used to store and transmit data entered in forms using cookies, including your IP address. In this case, your data is passed on to Klaviyo.
(3) The data you enter for newsletter subscription (e.g., email address) is stored on Klaviyo's servers in the United States.
(4) The data you provide for the purpose of subscription with us is stored by us until you unsubscribe with us or the service provider and deleted after unsubscribing from the mailing list. Data stored with us for other purposes remains unaffected.
(5) When you open an email sent with Klaviyo, a file contained in the email (a so-called web beacon) connects to Klaviyo's servers in the USA. This allows it to be determined whether a newsletter message was opened and which links, if any, were clicked. Technical information is also collected (e.g., time of access, IP address, browser type, and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. More information about data analysis by Klaviyo can be found at: https://www.klaviyo.com/features/reporting Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.klaviyo.com/legal/dpa
(6) The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing carried out before the revocation remains unaffected.
(7) After you unsubscribe from the newsletter mailing list, your email address may be stored with us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data in the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to the privacy policy of Klaviyo at https://www.klaviyo.com/legal/privacy-notice
(8) We have concluded a data processing agreement (DPA) according to Art. 28 GDPR with the above-mentioned provider. This is a legally required contract that ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
(9) The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offering and its advertising. If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
5. Postal Advertising
(1) We use your address in compliance with all legal requirements for sending postal advertising (postal advertising).
(2) The legal basis for this is our legitimate interest in direct advertising according to Art. 6 para. 1 lit. f in conjunction with Recital 47 GDPR. If we have obtained your explicit consent, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; any given consent can be revoked at any time. If applicable, you may be informed of more specific provisions during data collection that take precedence over this regulation in case of doubt.
(3) Your address remains stored with us as long as the purpose of data processing continues. As soon as this ceases or you submit a legitimate deletion request or revoke your consent to postal advertising, your data will be deleted—unless there are other legally permissible reasons for further storage (e.g., tax or commercial retention obligations). In this case, deletion will occur after these reasons no longer apply.
H. Review Requests
(1) If you have ordered a product in our shop, we will ask you by email and SMS about your satisfaction with your order and the products, unless you have previously objected. To send you this request, we use the email address and mobile phone number you provided. We also process your name, your IP address, the IP geolocation used, and information about your order. The customer satisfaction survey and the described data processing are based on the legal basis of § 7 para. 3 UWG in conjunction with Art. 6 para. 1 lit. f) GDPR. This processing serves direct advertising.
(2) You can object to the processing and especially the use of your email address and mobile phone number for this purpose at any time in accordance with Art. 21 para. 2 GDPR by using the objection option in our emails or by email to the email address provided in our imprint, without incurring any costs other than the transmission costs according to the basic tariffs.
I. Payment Service Providers
(1) Within the framework of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the data subjects efficient and secure payment options and use, in addition to banks and credit institutions, other payment service providers (collectively "payment service providers").
(2) The data processed by the payment service providers include master data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related information. The information is necessary to carry out the transactions. However, the entered data is only processed and stored by the payment service providers. That means we do not receive any account or credit card-related information, but only information confirming or denying the payment. In some cases, the data may be transmitted by the payment service providers to credit agencies. This transmission serves the purpose of identity and creditworthiness verification. For this, we refer to the terms and conditions and privacy notices of the payment service providers.
(3) The terms and conditions and privacy notices of the respective payment service providers apply to payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and for asserting rights of withdrawal, information, and other data subject rights.
J. Transport service providers
(1) For the purpose of delivering ordered goods, we cooperate with logistics service providers/carriers and/or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for shipment notification: first name, last name, postal address, as well as, if applicable, the email address and, if applicable, the phone number. The legal basis for processing is Art. 6 paragraph 1 letter b) GDPR.
K. Security
(1) We have taken both technical and organizational measures to protect your personal data from loss, destruction, manipulation, or unauthorized access. All employees and service providers commissioned by us (processors) are obliged to comply with the applicable data protection regulations.
(2) As soon as we collect and process personal data, its transmission always takes place in encrypted form. This ensures that misuse of your data by third parties is excluded. Our security measures are continuously developed, and our privacy policies are regularly updated. Please therefore always make sure to use the current version.
IV. Online presence on Social Media
(1) If you have given your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when visiting our online presences on our social media channels, from which usage profiles are created using pseudonyms. These can be used, for example, to display advertisements within and outside the platforms that presumably match your interests. Cookies are usually used for this purpose. Detailed information on the processing and use of data by the respective social media operator, as well as contact options and your related rights and settings to protect your privacy, can be found in the linked privacy notices of the providers on their websites. If you still need assistance in this regard, you can contact us.
V. Data subject rights
(1) You have the right at any time to information, correction, deletion, or restriction of the processing of your stored data, the right to object to processing, as well as the right to data portability and to lodge a complaint under the conditions of data protection law.
• Right to information: You can request information from us about whether and to what extent we process your data.
• Right to correction: If we process your data that is incomplete or incorrect, you can request its correction or completion from us at any time.
• Right to deletion: You can request the deletion of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons preventing immediate deletion, e.g., in the case of legally regulated retention obligations. Regardless of exercising your right to deletion, we will promptly and completely delete your data unless there is a contractual or legal retention obligation to the contrary.
• Right to restriction of processing: You can request the restriction of processing your data if you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data; the processing of the data is unlawful, but you refuse deletion and instead request restriction of data use; we no longer need the data for the intended purpose, but you still need it to assert or defend legal claims; or you have objected to the processing of the data.
• Right to data portability: You can require us to provide you with your data that you have provided to us in a structured, common, and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided we process this data based on your given and revocable consent or to fulfill a contract between us, and this processing is carried out using automated procedures. If technically feasible, you can request a direct transfer of your data to another controller from us.
• Right to object: If we process your data based on legitimate interest, you can object to this data processing at any time; this also applies to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims. You can object to the processing of your data for direct marketing purposes at any time without giving reasons.
• Right to complain: If you believe that we are processing your data in violation of German or European data protection law, please contact us so that we can clarify any questions. You also have the right to contact the competent supervisory authority for you, the respective State Data Protection Authority.
(2) If you want to assert any of the rights mentioned against us, please contact our Data Protection Officer. In case of doubt, we may request additional information to confirm your identity.
VI. Changes to this Privacy Statement
(1) We reserve the right to adjust this privacy statement if required by the use of new technologies. Please make sure to always review the most current version. If significant changes are made to this privacy statement, we will inform you on our website.
(2) If you wish to exercise any of the rights mentioned in this statement against us, please contact our Data Protection Officer. In case of doubt, we reserve the right to request additional information to verify your identity.
