Thank you for visiting our online shop. Protection of your privacy is very important to us. Below you will find extensive information about how we handle your data.
You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request.
These access data are analysed exclusively for the purpose of ensuring the smooth operation of the website and improving our offer. This serves according to art. 6 (1) 1 lit f GDPR the protection of our legitimate interests in the proper presentation of our offer that are overriding in the process of balancing of interests. All access data are deleted no later than seven days after the end of your visit on our website.
Third-party hosting services
Data are also processed by a third-party provider that we have engaged to render hosting and website presentation services on our behalf. This provider processes on its servers all data that are collected in the manner specified below when you visit our website or fill in forms made available for this purpose in our online shop. Data are processed on other servers only in the scope described herein.
This service provider is based in an EU or EEA member state.
We collect personal data that you voluntarily submit to us when you place an order, contact us (e.g. via contact form or by email) or open a customer account with us. Mandatory fields are marked as such because we absolutely need those data to perform the contract or process your contact request or open your customer account, and you would otherwise not be able to complete your order and/or create your customer account or send the contact request. It is evident in each input form what data are collected. We use the data that you disclose to us to perform the contract and process your enquiries according to art. 6 (1) 1 lit b GDPR. Upon completion of the contract or deletion of your customer account, any further processing of your data will be restricted, and your data will be deleted upon expiry of the retention period applicable under relevant regulations, unless you expressly consent to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by law, of which we inform you in this notice. Your customer account can be deleted at any time. For this purpose you can either send a message to the contact option specified below or use the relevant function available in the customer account.
We disclose your data to the shipping company in the scope required for the delivery of the ordered goods according to art. 6 (1) 1 lit. b GDPR. Depending on the payment service provider you have selected during the ordering process, we disclose the payment details collected for order processing purposes to the bank commissioned to handle the payment and, as the case may be, to the payment service provider commissioned by us or to the selected payment service. Some of those data are collected by the selected payment service providers themselves if you open an account with them. In such a case, during the ordering process, you must register with your payment service provider using your access data. In this respect, the privacy notice of the relevant payment service provider applies.
Disclosure of data to a shipping provider
If, when or after placing your order, you have given your express consent to us doing so, we disclose your e-mail address and phone number to the selected shipping provider based on that consent according to art. 6 (1) 1 lit. a GDPR, in order to enable the shipping provider to contact you to advise you of the delivery or agree with you the delivery details.
You may revoke your consent at any time by sending a message to the contact option described below or by directly notifying the shipping provider at the contact address specified below. After you revoke your consent, we will delete the data disclosed for this purpose, unless you expressly consent to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this notice.
Our shipping providers are:
DHL Home Delivery GmbH
Wahl GmbH & Co. KG
DSV Road GmbH
Am Velper Mühlenbach 8
E-mail advertising if you subscribe to the newsletter
If you subscribe to our newsletter, we will regularly send you our e-mail newsletter based on your consent according to art. 6 (1) 1 lit a GDPR, using the data required or disclosed by you separately for this purpose.
You may unsubscribe from the newsletter service at any time. For this purpose you can either send a message to the contact option specified below or use the opt-out link in the newsletter. Upon unsubscription, we will delete your email address unless you have expressly consented to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this notice.
E-mail advertising if you do not subscribe to the newsletter and your right to opt out
If we receive your e-mail address in connection with the sale of a product or service and you have not opted out and you are not a consumer who has his habitual residence in Poland, we reserve the right to regularly email you offers for products from our product range that are similar to those you have already purchased. This serves the protection of our legitimate interests in promoting and advertising our products to customers that are overriding in the process of balancing of interests.
You can opt out of this use of your email address at any time by sending a message to the contact option specified below or by using the opt-out link in the advertising email, without incurring any costs beyond the cost of transfer calculated at the base rates.
The newsletter is sent to you by our service provider who processes data on our behalf and to whom we disclose your email address.
This service provider is based in an EU or EEA member state.
Postal advertising and your right to opt out
Unless you have not opted-out or you are a consumer who consumer has his habitual residence in Spain, we reserve the right to use your first and last name and your postal address for our advertising purposes, e.g. for sending interesting offers and information about our products by post. This serves the protection of our legitimate interests in promoting and advertising our products to customers according to art. 6 (1) 1 lit. f GDPR that are overriding in the process of balancing of interests.
5. Use of data for payment processing
In the area of card payment (direct debit / giro card / credit cards) we work together with Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn, represented by their managing directors Mark Freese, Jens Mahlke and Luca Zanotti.
In this context, in addition to the purchase amount and date, card data is also transmitted to the above-mentioned company.
All payment data and data on any chargebacks that may occur are only stored as long as they are needed for the processing of payments (including the processing of possible chargebacks and collection of receivables) and for the fight against abuse. As a rule, the data are deleted no later than 13 months after their collection.
In addition, further storage may take place if and as long as this is necessary to comply with a statutory retention period or to prosecute a specific case of abuse. The legal basis for data processing is Art. 6 para. 1 f) General Data Protection Regulation.
You may request information and, if necessary, rectification or deletion, as well as the limitation of the processing of your data and / or possibly object to the processing of your data. If you have any questions about data processing by Concardis or to assert your rights, you can contact the Data Protection Officer, who can be reached at the address given or by email at Datenschutzbeauftragter@concardis.com.
Furthermore, you have the right to complain to a supervisory authority (in Germany at the State Data Protection Commissioner). Please note that the provision of payment data is neither legally nor contractually required. If you do not want to provide your payment details, you can use a different payment method.
Information on data processing in the context of payment handling by BS PAYONE GmbH pursuant to the General Data Protection Regulation (GDPR) Art. 14
We utilise the services of BS PAYONE GmbH (hereinafter: BS PAYONE) as a service provider for processing cashless payment transactions. The informati- on required by law pursuant to GDPR Art. 14 on data processing by BS PAYONE is provided below.
Name and contact details of the person respon- sible for data processing and contact details of the company’s data protection officer
BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main/Germany, www.bspayone.com; Managing Directors: Niklaus Santschi, Jan Kanieß, Dr. Götz Möller, Carl Frederic Zitscher; Chairman of the Super- visory Board: Ottmar Bloching.
BS PAYONE’s data protection officer can be contacted at the aforementioned address, c/o the data protec- tion officer, or by e-mail to email@example.com.
BS PAYONE as a payment institution is licensed and supervised by the German Federal Financial Super- visory Authority, Graurheindorfer Straße 108, 53117 Bonn/Germany.
Purposes of data processing by BS PAYONE
The main reason for data processing is to process cashless payment transactions (transaction proces- sing) in stationary shops and online commerce.
The following purposes for data processing also exist:
- Fraud prevention, risk management: This includes various measures aimed at fraud prevention and defending against fraud to avoid payment de- fault (e.g. rule-based detection/evaluation of fraud patterns based on certain parameters related to card use);
Receivables management, debt collection: Collec- tion of outstanding receivables via commissioned debt collection service providers;
Credit assessment for dynamic payment method control: This takes place particularly by checking and validating account, card and address data as well as IP addresses with regard to their plausibility;
Invoicing: Generation and dispatch of invoices and credit vouchers;
Protection of internal IT infrastructure, the de- tection and tracking of cyber-attacks: This is performed, for example, by temporarily storing IP addresses for disruption and error detection and rectification;
Subscription processing: Processing recurring payments;
Aggregated micromanagement: Aggregation/ compilation of receivables in specific billing cycles to simplify payment processes and optimize costs.
Legal basis for data processing by BS PAYONE
Within the context of processing payment transac- tions, data processing is required to fulfil the purcha- se contract or other main contract (e.g. service or works contract) between the contractual partner/ merchant and cardholder/user and is thus justified for contract execution in accordance with GDPR Art. 6 (1) Sentence 1 b). In all other cases, data processing is based on the legitimate interests of BS PAYONE or its contractual partners, GDPR Art. 6 (1) Sentence 1 f). Legitimate interests particularly include the avoidance of payment default (protection against financial risk), the simplification of payment processes and cost optimization in the mutual interest of the parties (cardholder/user and contractual partner/merchant).
Categories of personal data processed by BS PAY- ONE
BS PAYONE retains and processes personal data only if necessary for the performance of the respective service. Depending on the payment procedure, the IBAN, card number, verification digits and other transaction data (e.g. date/time of the transaction, payment amount) are processed during payment processing. Fraud prevention is also primarily based on processed transaction data. For receivables ma- nagement/debt collection, information processed includes the invoice/payment amount, due date and invoice recipient. The credit check is carried out, for example, on the basis of address, account and card data, which are transmitted to the credit agencies commissioned for this purpose. Information on the invoice recipient, the bank details and the payment amount is also required to create invoices. In addi- tion to the invoice recipient and payment amount data, subscription processing also requires informa- tion on the contract term and agreed billing cycles. Aggregated micromanagement performs data pro- cessing, for example, as related to the billing period, the number of transactions, the invoice recipient and the bank details/card number.
Origin of personal data processed by BS PAYONE
The cardholder/user’s personal data is collected by the contractual partner/merchant - depending on the method, via the POS terminal in the stationary shop or via online-shop/website - and transmitted by the latter to BS PAYONE for execution of the afore- mentioned services.
Categories of recipients of personal data
Depending on the service provided, BS PAYONE transfer personal data to the following recipients in order to fulfil their contractual and legal obligations:
Banks, card schemes (e.g. VISA Europe, Master- Card, American Express);
In the online sector: web crawling service provi- ders, hosting service providers, data centre opera- tors, tracking service providers;
E-commerce service providers (providers of pay- ment solutions for online shops);
Settlement agencies, service providers for clearing and settlement;
Other service providers: credit agencies for credit assessment, debt collection service providers, print service providers for invoicing;
Authorities (particularly investigative authorities such as the police and the public prosecutor‘s office) in the event of justified requests for infor- mation.
Transfer of personal data to third countries (outsi- de the EU or the EEA)
Some of the data recipients are located in third countries, i.e. countries not in the European Union (EU) or the European Economic Area (EEA), where the level of data protection may be lower than within the EU/EEA. BS PAYONE only transfers personal data to third countries if this is necessary to fulfil contrac- tual obligations, to safeguard legitimate interests or if otherwise required by law.
Depending on the service provided, personal data are transferred to the following third countries, among others:
China, Japan (headquarters of card schemes)
USA (locations of card schemes, tracking service providers, settlement agencies, clearing and sett- lement service providers)
To ensure an adequate level of data protection in third countries, there exists either a valid adequacy decision by the EU Commission or adequate and appropriate guarantees in the form of EU standard contractual clauses or privacy shield certifications, or a legal exception is applicable (GDPR Art. 49) which justifies data transfers without the existence of an adequacy decision or suitable guarantees.
Duration of data retention
BS PAYONE retains and processes personal data as long as it is necessary for the execution of the con- tract and for the fulfilment of its contractual and le- gal obligations. If the retention of data is no longer necessary for the fulfilment of contractual or specific legal obligations and the purpose of retention has ceased to apply, personal data will be erased, unless further processing is necessary for the following rea- sons:
Fulfilment of commercial, tax and other retention obligations (e.g. retention of accounting-relevant data for 10 years);
Preservation of evidence within the framework of the statutory limitation period.
BS PAYONE does not create profiles/profile/score for the purpose of evaluating creditworthiness and con- trolling payment methods, but it does utilise the fol- lowing service providers (credit agencies) to do so:
infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden/Germany, and
Creditreform Boniversum GmbH, Hellersbergstras- se 11, 41460 Neuss/Germany.
SCHUFA Holding AG, Kormoranweg 5, 65201 Wies- baden
If relevant, BS PAYONE receives probability and sco- ring values from credit agencies and BS PAYONE then uses these as a basis for making recommenda- tions on payment methods offered.
Information on the activities of infoscore Consu- mer Data GmbH as required by GDPR Art. 14 is available at: https://finance.arvato.com/icdinfoblatt. Information pursuant to GDPR Art. 14 on Creditre- form Boniversum GmbH is available at: https://www. boniversum.de/wp-content/uploads/2018/04/Boni- versum_information_sheet_on_issuance_to_custo- mers_bank_credit_institutions.pdf.
Rights of data subjects
Each data subject has the right of access according to GDPR Article 15, the right to rectification accor- ding to GDPR Article 16, the right to erasure accor- ding to GDPR Article 17, the right to restriction of processing according to GDPR Article 18, the right to object according to GDPR Article 21 and the right to data portability according to GDPR Article 20, each subject to the relevant legal conditions. In the case of the right of access and the right of erasure, the re- strictions pursuant to the new German Federal Data Protection Act (BDSG) §§ 34 and 35 also apply.
The data subject also has a right to lodge a comp- laint with a competent data protection supervisory authority (GDPR Art. 77 in conjunction with BDSG
§ 19). This right can be exercised, for example, at the supervisory authority responsible for BS PAYO- NE, i.e. the Hessian Data Protection Commissioner, Gustav-Stresemann-Ring 1, 65189 Wiesbaden/Ger- many, https://datenschutz.hessen.de/.
Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.
If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Our website accepts payments via Sofortüberweisung. The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.
Sofortüberweisung provides us with real-time payment confirmations, allowing us to begin fulfilling our end of our contract right away.
If you opt to pay using Sofortüberweisung, you will be submitting a PIN and a valid TAN to Sofort GmbH so that it can access your online banking account. Sofort GmbH will automatically check your account balance and perform the transfer to our account using the TAN you supply. It then sends an immediate transaction confirmation. After logging in, your income, the overdraft protection, and the availability of other accounts and their balances will be checked.
In addition to the PIN and TAN, the payment details you provide as well as personal information will be sent to Sofort GmbH. This personal information includes your name, address, telephone numbers, email address, IP address, and any other data required to process your payment. This data must be transferred to identify you securely and to prevent fraud.
Data is transmitted to Sofort GmbH based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
In cases where we make deliveries before payment, e.g. in the case of a purchase on invoice, we will have to obtain information about your identity and creditworthiness using the services of specialised service providers (credit reference agencies) for the purpose of contract formation according to art. 22 (2) lit a GDPR. To this end, we will transfer your personal data needed for the credit assessment to the following company(ies):
SCHUFA Holding AG
In this process, we will apply appropriate measures to respect your rights, freedoms and legitimate interests. You can contact us via the contact option specified below to present your position and contest the decision.
We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops products to customers after placing an order.
This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.
Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.
Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Opera™ : http://help.opera.com/Windows/10.20/en/cookies.html
Please note that disabling cookies may limit your access to some features of our website.
Using of Google (Universal) Analytics for web analytics
For the purpose of website analytics, this website uses Google (Universal) Analytics, a web analytics service provided by Google LLC (www.google.com). This serves the protection of our legitimate interests in the optimised presentation of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. Google (Universal) Analytics uses methods, like e.g. cookies, that enable an analysis of your use of the website. The information collected automatically by cookies about your use of this website are as a rule transmitted to and stored on a Google server in the United States. At the same time, as IP anonymisation is enabled on this website, the IP address will be shortened before being transmitted within the area of member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be sent to a Google server in the USA and shortened there. Generally, Google does not associate the anonymised IP address, transmitted from your browser through Google Analytics, with any other data held by Google.
Google LLC is headquartered in the USA and is certified to the EU-US-Privacy Shield. You will see the up-to-date certificate here. Based on this agreement between the USA and the European Commission, the latter has recognised entities certified to the Privacy Shield as those ensuring an adequate level of data protection.
You may prevent the data generated by cookies and related to your use of the website (incl. your IP address) from being recorded and processed by Google by downloading and installing the browser plugin available through the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Alternatively to the browser plugin, you may click this link, to prevent Google Analytics from recording your data on this website in the future. In this process, an opt-out cookie will be stored on your end-user device. If you clear your cookies, you will have to click the link again.
Using of social plugins of Facebook, Google, Twitter, Pinterest, Xing using the Shariff solution.
Our website uses social network buttons.
This serves the protection of our legitimate interests in the optimal marketing of our website according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests.
To increase the level of protection of your data during your visit to our website, those buttons are not wholly embedded in the website as plugins, but are integrated on the website using HTML links. This ensures that when you call a page of our website, which contains such buttons, no link to the servers of a social network provider is established yet.
If you click on a social network button, a new window will open in your browser which will call the page of the relevant service provider where you can use e.g. the 'Like' or 'Share' button (where applicable, after entering your login data).
To find out more about the purpose and scope of collection, further processing and use of the data by the providers on their websites, and to learn about the available contact options and your rights in this respect and how you can customise your browser to better protect your privacy, please see the data privacy policies of the providers.
If, when or after placing your order, you have given us your express consent to doing so according to art. 6 (1) 1 lit a GDPR, we will use your e-mail address to send you reminders about rating your order using the rating system applied by us.
You may revoke your consent at any time by sending a message to the contact option specified below.
Rating reminder by Trusted Shops
If, when or after placing your order, you have given us your express consent to doing so according to art. 6 (1) 1 lit a GDPR, we will disclose your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany (www.trustedshops.com), so that they can email you a rating reminder.
You may revoke your consent at any time by sending a message to the contact option specified below or directly to Trusted Shops.
You are entitled to obtain free-of-charge information concerning data stored about your person and, as the case may be, to correct, restrict the processing, enable the portability of, or delete those data.
If you have any questions about how we collect, process or use your personal data, want to enquire about, correct, block or delete your data, or withdraw any consents you have given, or opt-out of any particular data use, please contact our in-house data protection officer
by E-Mail firstname.lastname@example.org or telephone 0 52 61 / 94 61 - 0
You may also submit a complaint to the responsible data protection supervisory authority.