Skip to main content

Privacy policy

We appreciate your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.

1. access data and hosting

You can visit our website without providing any personal data. Each time a website is accessed, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access.

This access data is analysed exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. Pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, this serves to safeguard our legitimate interests in the correct presentation of our website, which are overriding in the context of a balancing of interests. All access data will be deleted no later than seven days after the end of your visit to our website.

Hosting services by a third-party provider
In the context of processing on our behalf, a third-party provider provides us with the services for hosting and displaying the website. This serves to safeguard our legitimate interests in the correct presentation of our website, which outweigh our interests. All data that is collected as part of the use of this website or in the forms provided for this purpose in the online shop as described below is processed on its servers. Processing on other servers only takes place within the framework explained here.

This service provider is located within a country of the European Union or the European Economic Area.

2. data collection and use for contract processing and when opening a customer account

We collect personal data if you voluntarily provide it to us as part of your order, when contacting us (e.g. via contact form or email) or when opening a customer account. Mandatory fields are marked as such, as in these cases we need the data to process the contract or to process your contact or open the customer account and you cannot complete the order and/or open the account or send the contact without providing it. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for contract processing and processing your enquiries. After completion of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.

3. data transfer

For the fulfilment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we will pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. The privacy policy of the respective payment service provider applies in this respect.

4. e-mail newsletter

E-mail advertising with registration for the newsletter
If you register for our newsletter, we use the data required for this or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

The newsletter is sent as part of processing on our behalf by a service provider to whom we pass on your email address for this purpose.

This service provider is located within a country of the European Union or the European Economic Area.

5. use of data for payment processing

Identity and credit check when selecting Heidelpay payment methods
If you choose one of the payment options of our partner Heidelpay GmbH, you will be asked during the ordering process to consent to the transmission of the data required for the processing of the payment and an identity and credit check to Heidelpay in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. If you give your consent, your data (first and last name, street, house number, postcode, city, date of birth, telephone number and, when purchasing by direct debit, the specified account details) as well as the data in connection with your order will be transmitted to Heidelpay.
For the purpose of its own identity and credit check, Heidelpay or partner companies commissioned by Heidelpay transmit data to credit agencies (credit agencies) and receive information from them and, if necessary, creditworthiness information based on mathematical-statistical procedures, the calculation of which includes address data, among other things. Detailed information on this and on the credit agencies used can be found in Heidelpay GmbH's privacy policy. Heidelpay GmbH uses the information obtained on the statistical probability of a payment default to make a balanced decision on the establishment, execution or termination of the contractual relationship.
Furthermore, Heidelpay may use third-party tools to detect and prevent fraud. Data obtained with these tools may be stored by third parties in encrypted form so that they can only be read by Heidelpay. This data will only be used if you select a payment method from our cooperation partner Heidelpay, otherwise the data will automatically expire after 30 minutes.
You can revoke your consent to Heidelpay at any time. However, Heidelpay may still be authorised to process, use and transfer your personal data if this is necessary for contractual payment processing or required by law or ordered by a court or authority.

6. Cookies and web analytics

In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in an optimised presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari™: https://support.apple.com/kb/ph21411?locale=de_DE
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html

If cookies are not accepted, the functionality of our website may be limited.

Use of Google (Universal) Analytics for web analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google LLC (www.google.de), to analyse web pages. This serves to safeguard our legitimate interests, which predominate in the context of a weighing of interests, in an optimised presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. Google (Universal) Analytics uses methods that enable your use of the website to be analysed, such as cookies. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymised IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. After the end of the purpose and the end of the use of Google Analytics by us, the data collected in this context will be deleted.

Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google. You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de


As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie will be stored on your device. If you delete your cookies, you will need to click the link again.

7. Advertising via marketing networks

Google AdWords Remarketing
We use Google AdWords to advertise this website in Google search results and on third-party websites. For this purpose, the so-called remarketing cookie is set by Google when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. After the end of the purpose and the end of the use of Google AdWords Remarketing by us, the data collected in this context will be deleted.

Any further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalise ads you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form target groups.

Google AdWords Remarketing is an offer from Google LLC (www.google.de). Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.

You can deactivate the remarketing cookie via this link. You can also find out more about the setting of cookies and make settings for this at the Digital Advertising Alliance.

8. Social media plug-ins

Use of social plugins from Facebook
Social plugins ("plugins") from social networks are used on our website.
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider (possibly in the USA) and stored there. If you are logged in to one of the services, the providers can directly associate your visit to our website with your profile in the respective social network. If you interact with the plugins, for example by clicking the "Like" or "Share" button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network and displayed to your contacts there. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
The purpose and scope of the data collection and the further processing and use of the data by the providers as well as a contact option and your rights and setting options in this regard to protect your privacy can be found in the providers' data protection notices.
http://www.facebook.com/policy.php

If you do not want the social networks to assign the data collected via our website directly to your profile in the respective service, you must log out of the respective service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).

Youtube video plugins
Third-party content is integrated on this website. This content is provided by Google LLC ("provider").
YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").


The extended data protection setting is activated for videos from YouTube that are integrated on our site. This means that no information from website visitors is collected and stored by YouTube unless they play the video. The integration of the videos serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information http://www.google.com/intl/de/+/policy/+1button.html.

.
9. Sending review reminders by e-mail

If you have given us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address as a reminder to submit a review of your order via the review system we use.
This consent can be revoked at any time by sending a message to the contact option described below.

10. contact options and your rights

As the data subject, you have the following rights:

  • in accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
  • in accordance with Art. 16 GDPR, the right to request the rectification of inaccurate or completion of your personal data stored by us without undue delay;in accordance with Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing
    - is necessary for exercising the right of freedom of expression and information;
    - for compliance with a legal obligation;
    - for reasons of public interest or
    - for the establishment, exercise or defence of legal claims;
  • in accordance with Art. 18 GDPR, the right to request the restriction of the processing of your personal data if
    - the accuracy of the data is disputed by you;
    - the processing is unlawful, but you oppose its erasure;
    - we no longer need the data, but you need it for the establishment, exercise or defence of legal claims or
    - you have objected to processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
  • the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.


    If you have any questions regarding the collection, processing or use of your personal data, information, correction, blocking or deletion of data as well as revocation of consents granted or objection to a specific use of data, please contact us directly using the contact details in our legal notice.

    ********************************************************************
    Right to object
    If we process personal data as explained above in order to safeguard our legitimate interests, which outweigh your interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.

    After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

    This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose. ********************************************************************