Data protection

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER
1.1 WE ARE PLEASED THAT YOU ARE VISITING OUR WEBSITE AND THANK YOU FOR YOUR INTEREST. IN THE FOLLOWING, WE INFORM YOU ABOUT HOW WE HANDLE YOUR PERSONAL DATA WHEN YOU USE OUR WEBSITE.
PERSONAL DATA IS ALL DATA WITH WHICH YOU CAN BE PERSONALLY IDENTIFIED.
1.2 THE DATA PROCESSING CONTROLLER FOR THIS WEBSITE WITHIN THE MEANING OF THE GENERAL DATA PROTECTION REGULATION (GDPR) IS NOROO CLOTHING GMBH, KUTHSWEG 41, 40231 DÜSSELDORF, GERMANY, TEL: STILL OUTSTANDING, E-MAIL: [email protected]. THE CONTROLLER RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA IS THE NATURAL OR LEGAL PERSON WHO ALONE OR JOINTLY WITH OTHERS DETERMINES THE PURPOSES AND MEANS OF THE PROCESSING OF PERSONAL DATA. 1.3 THIS WEBSITE USES SSL OR TLS ENCRYPTION FOR SECURITY REASONS AND TO PROTECT THE TRANSMISSION OF PERSONAL DATA AND OTHER CONFIDENTIAL CONTENT (E.G. ORDERS OR INQUIRIES TO THE CONTROLLER). YOU CAN RECOGNIZE AN ENCRYPTED CONNECTION BY THE CHARACTER STRING "HTTPS://" AND THE LOCK SYMBOL IN YOUR BROWSER LINE.

2) data collection when you visit our website
when you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we will only collect such data that your browser transmits to our server (so-called "server log files"). WHEN YOU VISIT OUR WEBSITE, WE COLLECT THE FOLLOWING DATA, WHICH IS TECHNICALLY NECESSARY FOR US TO DISPLAY THE WEBSITE TO YOU:
- OUR VISITED WEBSITE
- DATE AND TIME AT THE TIME OF ACCESS
- AMOUNT OF DATA SENT IN BYTES

- SOURCE/LINK FROM WHICH YOU CAME TO THE SITE - BROWSER USED
- OPERATING SYSTEM USED
- IP ADDRESS USED (IF APPLICABLE: IN ANONYMIZED FORM)

the processing is carried out in accordance with art. 6 ABS. 1 LIT. F GDPR ON THE BASIS OF OUR LEGITIMATE INTEREST IN IMPROVING THE STABILITY AND FUNCTIONALITY OF OUR WEBSITE. THE DATA WILL NOT BE PASSED ON OR USED IN ANY OTHER WAY. HOWEVER, WE RESERVE THE RIGHT TO CHECK THE SERVER LOG FILES RETROSPECTIVELY IF THERE ARE CONCRETE INDICATIONS OF UNLAWFUL USE.

3) HOSTING
HOSTING BY SHOPIFY
WE USE THE STORE SYSTEM OF THE SERVICE PROVIDER SHOPIFY INTERNATIONAL LIMITED, VICTORIA BUILDINGS, 2ND FLOOR, 1-2 HADDINGTON ROAD, DUBLIN 4, D04 XN32, IRELAND ("SHOPIFY"), FOR THE PURPOSE OF HOSTING AND DISPLAYING THE ONLINE STORE ON THE BASIS OF PROCESSING ON OUR BEHALF. ALL DATA COLLECTED ON OUR WEBSITE IS PROCESSED ON SHOPIFY'S SERVERS. AS PART OF SHOPIFY'S AFOREMENTIONED SERVICES, DATA MAY ALSO BE TRANSMITTED TO SHOPIFY INC, 150 ELGIN ST, OTTAWA, ON K2P 1L4, CANADA, SHOPIFY DATA PROCESSING (USA) INC, SHOPIFY PAYMENTS (USA) INC OR SHOPIFY (USA) INC AS PART OF FURTHER PROCESSING ON OUR BEHALF. IN THE EVENT THAT DATA IS TRANSFERRED TO SHOPIFY INC. IN CANADA, THE APPROPRIATE LEVEL OF DATA PROTECTION IS GUARANTEED BY AN ADEQUACY DECISION OF THE EUROPEAN COMMISSION. FURTHER INFORMATION ON SHOPIFY'S DATA PROTECTION CAN BE FOUND ON THE FOLLOWING WEBSITE: HTTPS://WWW.SHOPIFY.DE/LEGAL/DATENSCHUTZ ANY FURTHER PROCESSING ON SERVERS OTHER THAN THE AFOREMENTIONED SHOPIFY SERVERS WILL ONLY TAKE PLACE WITHIN THE SCOPE SPECIFIED BELOW.

4) CONTENT-DELIVERY-NETWORK
4.1 AWS-CLOUDFRONT (AMAZON)
ON OUR WEBSITE WE USE THE CONTENT DELIVERY NETWORK ("CDN") "AWS CLOUDFRONT" OF THE SERVICE PROVIDER "AMAZON" (AMAZON EU S.A. R.L., 38 AVENUE JOHN F. KENNEDY, L-1855 LUXEMBOURG).
a content delivery network is an online service with the help of which particularly large companies can be

MEDIA FILES (SUCH AS GRAPHICS, PAGE CONTENT OR SCRIPTS) ARE DELIVERED THROUGH A NETWORK OF REGIONALLY DISTRIBUTED SERVERS CONNECTED VIA THE INTERNET. THE USE OF AMAZON'S CONTENT DELIVERY NETWORK HELPS US TO OPTIMIZE THE LOADING SPEED OF OUR WEBSITE.
processing is carried out in accordance with art. 6 ABS. 1 LIT. F GDPR ON THE BASIS OF OUR LEGITIMATE INTEREST IN THE SECURE AND EFFICIENT PROVISION AND IMPROVEMENT OF THE STABILITY AND FUNCTIONALITY OF OUR WEBSITE.
FURTHER INFORMATION CAN BE FOUND IN AMAZON'S PRIVACY POLICY AT HTTPS:// DOCS.AWS.AMAZON.COM/EN_EN/AMAZONCLOUDFRONT/LATEST/ DEVELOPERGUIDE/DATA-PROTECTION-SUMMARY.HTML
4.2 CLOUDFLARE
ON OUR WEBSITE WE USE A SO-CALLED CONTENT DELIVERY NETWORK ("CDN") OF THE TECHNOLOGY SERVICE PROVIDER CLOUDFLARE INC, 101 TOWNSEND ST. SAN FRANCISCO, CA 94107, USA ("CLOUDFLARE"). a content delivery network is an online service that is used to deliver large media files (such as graphics, site content or scripts) through a network of regionally distributed servers connected via the internet. THE USE OF CLOUDFLARE'S CONTENT DELIVERY NETWORK HELPS US TO OPTIMIZE THE LOADING SPEED OF OUR WEBSITE.
the processing is carried out in accordance with art. 6 ABS. 1 LIT. F GDPR ON THE BASIS OF OUR LEGITIMATE INTEREST IN THE SECURE AND EFFICIENT PROVISION AND IMPROVEMENT OF THE STABILITY AND FUNCTIONALITY OF OUR WEBSITE.
WE HAVE CONCLUDED A DATA PROCESSING AGREEMENT WITH CLOUDFARE (DATA PROCESSING ADDENDUM, AVAILABLE AT HTTPS://WWW.CLOUDFLARE.COM/ MEDIA/PDF/CLOUDFLARE-CUSTOMER-DPA.PDF), WHICH OBLIGES CLOUDFARE TO PROTECT THE DATA OF OUR WEBSITE VISITORS AND NOT TO PASS IT ON TO THIRD PARTIES. FOR THE TRANSFER OF DATA FROM THE EU TO THE USA, CLOUDFARE RELIES ON SO-CALLED STANDARD DATA PROTECTION CLAUSES OF THE EUROPEAN COMMISSION, WHICH ARE INTENDED TO ENSURE COMPLIANCE WITH THE EUROPEAN LEVEL OF DATA PROTECTION IN THE USA. FURTHER INFORMATION CAN BE FOUND IN CLOUDFLARE'S PRIVACY POLICY AT: HTTPS:// WWW.CLOUDFLARE.COM/PRIVACYPOLICY/

5) COOKIES
TO MAKE YOUR VISIT TO OUR WEBSITE ATTRACTIVE AND TO ENABLE THE USE OF CERTAIN FUNCTIONS, WE USE SO-CALLED COOKIES ON VARIOUS PAGES. THESE ARE SMALL TEXT FILES THAT ARE STORED ON YOUR END DEVICE. some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). OTHER COOKIES REMAIN ON YOUR END DEVICE AND ENABLE YOUR BROWSER TO BE RECOGNIZED THE NEXT TIME YOU VISIT (SO-CALLED PERSISTENT COOKIES). IF COOKIES ARE SET, THEY COLLECT AND PROCESS CERTAIN USER INFORMATION SUCH AS BROWSER AND LOCATION DATA AND IP ADDRESS VALUES TO AN INDIVIDUAL EXTENT. PERSISTENT COOKIES ARE AUTOMATICALLY DELETED AFTER A SPECIFIED PERIOD, WHICH MAY VARY DEPENDING ON THE COOKIE. THE DURATION OF THE RESPECTIVE COOKIE STORAGE CAN BE FOUND IN THE OVERVIEW OF THE COOKIE SETTINGS OF YOUR WEB BROWSER. IN SOME CASES, COOKIES ARE USED TO SIMPLIFY THE ORDERING PROCESS BY SAVING SETTINGS (E.G. REMEMBERING THE CONTENTS OF A VIRTUAL SHOPPING CART FOR A LATER VISIT TO THE WEBSITE). if personal data is also processed by individual cookies set by us, the processing is carried out in accordance with art. 6 ABS. 1 LIT. B GDPR EITHER FOR THE EXECUTION OF THE CONTRACT, IN ACCORDANCE WITH ART. 6 ABS. 1 LIT. A GDPR IN THE CASE OF CONSENT GRANTED OR IN ACCORDANCE WITH ART. 6 ABS. 1 LIT. F GDPR TO SAFEGUARD OUR LEGITIMATE INTERESTS IN THE BEST POSSIBLE FUNCTIONALITY OF THE WEBSITE AND A CUSTOMER-FRIENDLY AND EFFECTIVE DESIGN OF THE SITE VISIT.
please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for specific cases or in general. EACH BROWSER DIFFERS IN THE WAY IT MANAGES COOKIE SETTINGS. THIS IS DESCRIBED IN THE HELP MENU OF EACH BROWSER, WHICH EXPLAINS HOW YOU CAN CHANGE YOUR COOKIE SETTINGS. THESE CAN BE FOUND FOR EACH BROWSER UNDER THE FOLLOWING LINKS: INTERNET EXPLORER: HTTPS://SUPPORT.MICROSOFT.COM/EN/ HELP/17442/WINDOWS-INTERNET-EXPLORER-DELETE-MANAGE- COOKIES

FIREFOX: HTTPS://SUPPORT.MOZILLA.ORG/EN/KB/COOKIES-ALLOW-AND-REJECT
CHROME: HTTPS://SUPPORT.GOOGLE.COM/CHROME/ANSWER/95647? HL=EN&HLRM=EN

SAFARI: HTTPS://SUPPORT.APPLE.COM/EN/GUIDE/SAFARI/ SFRI11471/MAC
OPERA: HTTPS://HELP.OPERA.COM/EN/LATEST/WEB-PREFERENCES/ #COOKIES

PLEASE NOTE THAT IF YOU DO NOT ACCEPT COOKIES, THE FUNCTIONALITY OF OUR WEBSITE MAY BE RESTRICTED.

6) CONTACTING
PERSONAL DATA IS COLLECTED WHEN YOU CONTACT US (E.G. BY CONTACT FORM OR E-MAIL). WHICH DATA IS COLLECTED WHEN A CONTACT FORM IS USED CAN BE SEEN FROM THE RESPECTIVE CONTACT FORM. this data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. the legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with art. 6 ABS. 1 LIT. F GDPR. IF YOUR CONTACT IS AIMED AT THE CONCLUSION OF A CONTRACT, THE ADDITIONAL LEGAL BASIS FOR THE PROCESSING IS ART. 6 ABS. 1 LIT. B GDPR. YOUR DATA WILL BE DELETED AFTER FINAL PROCESSING OF YOUR INQUIRY. THIS IS THE CASE WHEN IT CAN BE ASSUMED FROM THE CIRCUMSTANCES THAT THE SUBJECT Matter HAS BEEN FINALLY DECLARED AND THERE ARE NO LEGAL OBLIGATIONS TO RETAIN DATA.

7) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT DEVELOPMENT
in accordance with art. 6 ABS. 1 LIT. B GDPR, PERSONAL DATA WILL CONTINUE TO BE COLLECTED AND PROCESSED IF YOU PROVIDE IT TO US FOR THE EXECUTION OF A CONTRACT OR WHEN OPENING A CUSTOMER ACCOUNT. WHICH DATA IS COLLECTED CAN BE SEEN FROM THE RESPECTIVE ENTRY FORMS. DELETION OF YOUR CUSTOMER ACCOUNT IS POSSIBLE AT ANY TIME AND CAN BE DONE BY SENDING A MESSAGE TO THE ABOVE ADDRESS OF THE CONTROLLER. WE STORE AND USE THE DATA PROVIDED BY YOU TO PROCESS THE CONTRACT. AFTER COMPLETE PROCESSING OF THE CONTRACT OR DELETION

YOUR DATA WILL BE BLOCKED WITH REGARD TO RETENTION PERIODS UNDER TAX AND COMMERCIAL LAW AND DELETED AFTER THESE PERIODS HAVE EXPIRED, UNLESS YOU HAVE EXPRESSLY CONSENTED TO FURTHER USE OF YOUR DATA OR WE HAVE RESERVED THE RIGHT TO FURTHER USE OF YOUR DATA AS PERMITTED BY LAW.

8) USE OF CUSTOMER DATA FOR DIRECT ADVERTISING
8.1 SUBSCRIPTION TO OUR E-MAIL NEWSLETTER
IF YOU SUBSCRIBE TO OUR E-MAIL NEWSLETTER, WE WILL REGULARLY SEND YOU INFORMATION ABOUT OUR OFFERS. ONLY YOUR E-MAIL ADDRESS IS MANDATORY FOR SENDING THE NEWSLETTER. THE PROVISION OF FURTHER DATA IS VOLUNTARY AND WILL BE USED TO ADDRESS YOU PERSONALLY. FOR SENDING THE NEWSLETTER WE USE THE SO-CALLED DOUBLE OPT-IN PROCEDURE. THIS MEANS THAT WE WILL ONLY SEND YOU AN E-MAIL NEWSLETTER IF YOU HAVE EXPRESSLY CONFIRMED TO US THAT YOU AGREE TO RECEIVE THE NEWSLETTER. WE WILL THEN SEND YOU A CONFIRMATION E-MAIL ASKING YOU TO CLICK ON A LINK TO CONFIRM THAT YOU WISH TO RECEIVE THE NEWSLETTER IN FUTURE.
by activating the confirmation link, you give us your consent to the use of your personal data in accordance with art. 6 ABS. 1 LIT. A GDPR. WHEN YOU REGISTER FOR THE NEWSLETTER, WE STORE YOUR IP ADDRESS ENTERED BY THE INTERNET SERVICE PROVIDER (ISP) AS WELL AS THE DATE AND TIME OF REGISTRATION IN ORDER TO BE ABLE TO TRACE ANY POSSIBLE MISUSE OF YOUR E-MAIL ADDRESS AT A LATER DATE. the data collected by us when registering for the newsletter will only be used for the purposes of advertising via the newsletter. YOU CAN UNSUBSCRIBE FROM THE NEWSLETTER AT ANY TIME USING THE LINK PROVIDED IN THE NEWSLETTER OR BY SENDING A MESSAGE TO THE CONTROLLER NAMED AT THE BEGINNING. ONCE YOU HAVE UNSUBSCRIBED, YOUR E-MAIL ADDRESS WILL BE DELETED FROM OUR NEWSLETTER DISTRIBUTION LIST IMMEDIATELY, UNLESS YOU HAVE EXPRESSLY CONSENTED TO FURTHER USE OF YOUR DATA OR WE RESERVE THE RIGHT TO USE YOUR DATA BEYOND THIS, WHICH IS PERMITTED BY LAW AND ABOUT WHICH WE INFORM YOU IN THIS DECLARATION.
8.2 SENDING NEWSLETTERS VIA SHOPIFY EMAIL

OUR EMAIL NEWSLETTERS ARE SENT VIA SHOPIFY EMAIL, A SERVICE PROVIDED BY SHOPIFY INTERNATIONAL LIMITED, VICTORIA BUILDINGS, 2ND FLOOR, 1-2 HADDINGTON ROAD, DUBLIN 4, D04 XN32, IRELAND ("SHOPIFY"), TO WHOM WE PASS ON THE DATA YOU PROVIDED WHEN REGISTERING FOR THE NEWSLETTER. this transfer takes place in accordance with art. 6 ABS. 1 LIT. F GDPR AND SERVES OUR LEGITIMATE INTEREST IN THE USE OF AN EFFECTIVE, SECURE AND USER-FRIENDLY NEWSLETTER SYSTEM. THE DATA YOU ENTER FOR THE PURPOSE OF SUBSCRIBING TO THE NEWSLETTER (E.G. E-MAIL ADDRESS) IS GENERALLY STORED ON SHOPIFY'S SERVERS IN THE EU.

AS PART OF SHOPIFY'S AFOREMENTIONED SERVICES, DATA MAY ALSO BE TRANSFERRED TO SHOPIFY INC, 150 ELGIN ST, OTTAWA, ON K2P 1L4, CANADA, SHOPIFY DATA PROCESSING (USA) INC, SHOPIFY PAYMENTS (USA) INC OR SHOPIFY (USA) INC AS PART OF FURTHER PROCESSING ON BEHALF OF SHOPIFY. IN THE EVENT THAT DATA IS TRANSFERRED TO SHOPIFY INC. IN CANADA, THE APPROPRIATE LEVEL OF DATA PROTECTION IS GUARANTEED BY AN ADEQUACY DECISION OF THE EUROPEAN COMMISSION.
SHOPIFY USES THIS INFORMATION TO SEND AND STATISTICALLY EVALUATE THE NEWSLETTER ON OUR BEHALF. FOR THE EVALUATION, THE E-MAILS SENT MAY CONTAIN SO-CALLED WEB BEACONS OR TRACKING PIXELS, WHICH ARE ONE-PIXEL IMAGE FILES THAT ARE STORED ON OUR WEBSITE. THIS MAKES IT POSSIBLE TO DETERMINE WHETHER A NEWSLETTER MESSAGE HAS BEEN OPENED AND WHICH LINKS, IF ANY HAVE BEEN CLICKED. in addition, technical information is collected (e.g. time of receipt, ip address, browser type and operating system). the data is collected on a strictly personal basis and will not be merged with your other personal data, a direct personal reference is excluded. these data are for statistical analysis of newsletter campaigns only. THE RESULTS OF THESE ANALYSES MAY BE USED TO BETTER TAILOR FUTURE NEWSLETTERS TO THE INTERESTS OF RECIPIENTS. IF YOU WISH TO OBJECT TO DATA ANALYSIS FOR STATISTICAL EVALUATION PURPOSES, YOU MUST UNSUBSCRIBE FROM THE NEWSLETTER. furthermore, shopify may process this data in accordance with art. 6 ABS. 1 LIT. F GDPR ITSELF ON THE BASIS OF ITS OWN LEGITIMATE INTEREST IN THE NEEDS-BASED DESIGN AND OPTIMIZATION OF THE SERVICE AND FOR

FOR MARKET RESEARCH PURPOSES, FOR EXAMPLE TO DETERMINE WHICH COUNTRIES THE RECIPIENTS COME FROM. HOWEVER, SHOPIFY DOES NOT USE THE DATA OF OUR NEWSLETTER RECIPIENTS TO WRITE TO THEM ITSELF OR TO PASS THE DATA ON TO THIRD PARTIES.

WE HAVE CONCLUDED AN ORDER PROCESSING AGREEMENT WITH SHOPIFY, IN WHICH WE OBLIGE SHOPIFY TO PROTECT THE DATA OF OUR CUSTOMERS AND NOT TO PASS IT ON TO THIRD PARTIES.
YOU CAN VIEW SHOPIFY'S PRIVACY POLICY HERE: HTTPS://WWW.SHOPIFY.COM/LEGAL/DATA-PROTECTION

9) DATA PROCESSING FOR ORDER PROCESSING
9.1 TO PROCESS YOUR ORDER, WE WORK TOGETHER WITH THE FOLLOWING SERVICE PROVIDER(S), WHO SUPPORT US IN WHOLE OR IN PART IN THE EXECUTION OF CONCLUDED CONTRACTS. personal data will be transferred to these service providers in accordance with the following information.
THE PERSONAL DATA COLLECTED BY US WILL BE PASSED ON TO THE TRANSPORT COMPANY COMMISSIONED WITH THE DELIVERY AS PART OF THE CONTRACT PROCESSING, INSOFAR AS THIS IS NECESSARY FOR THE DELIVERY OF THE GOODS. WE WILL PASS ON YOUR PAYMENT DATA TO THE COMMISSIONED CREDIT INSTITUTION WITHIN THE SCOPE OF PAYMENT PROCESSING, INSOFAR AS THIS IS NECESSARY FOR PAYMENT PROCESSING. IF PAYMENT SERVICE PROVIDERS ARE USED, WE WILL INFORM YOU EXPLICITLY ABOUT THIS BELOW. THE LEGAL BASIS FOR THE TRANSFER OF DATA IS ART. 6 ABS. 1 LIT. B GDPR.
9.2 USE OF PAYMENT SERVICE PROVIDERS (PAYMENT SERVICES)
- KLARNA
IF A KLARNA PAYMENT SERVICE IS SELECTED, PAYMENT PROCESSING IS CARRIED OUT VIA KLARNA BANK AB (PUBL) [HTTPS://WWW.KLARNA.COM/EN], SVEAVÄGEN 46, 111 34 STOCKHOLM, SWEDEN (HEREINAFTER "KLARNA"). to enable the processing of the payment, your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, telephone number and ip address) as well as data related to the order (e.g. billing address, e-mail address, telephone number and ip address) will be processed. invoice amount, article, type of delivery) are forwarded to klarna for the purpose of identity and credit checks if they are forwarded in accordance with art. 6 ABS. 1 LIT. A GDPR AS PART OF THE ORDERING PROCESS

HAVE EXPRESSLY CONSENTED TO THIS. YOU CAN FIND OUT WHICH CREDIT AGENCIES YOUR DATA MAY BE FORWARDED TO HERE: HTTPS://CDN.KLARNA.COM/1.0/SHARED/CONTENT/LEGAL/TERMS/0/EN_EN/CREDIT_RATING_AGENCIES

THE CREDIT REPORT MAY CONTAIN PROBABILITY VALUES (SO-CALLED SCORE VALUES). insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. the calculation of the score values includes, but is not limited to, character data. KLARNA USES THE INFORMATION OBTAINED ON THE STATISTICAL PROBABILITY OF NON-PAYMENT FOR A BALANCED DECISION ON THE ESTABLISHMENT, EXECUTION OR TERMINATION OF THE CONTRACTUAL RELATIONSHIP.

YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME BY SENDING A MESSAGE TO THE DATA CONTROLLER OR TO KLARNA. HOWEVER, KLARNA MAY REMAIN may still be entitled to process your personal data if this is necessary for the processing of payments in accordance with the contract. YOUR PERSONAL DATA WILL BE PROCESSED IN ACCORDANCE WITH THE APPLICABLE DATA PROTECTION REGULATIONS AND IN ACCORDANCE WITH THE INFORMATION IN KLARNA'S PRIVACY POLICY FOR DATA SUBJECTS BASED IN GERMANY HTTPS://CDN.KLARNA.COM/ 1.0/SHARED/CONTENT/LEGAL/TERMS/0/EN_EN/PRIVACY

OR FOR DATA SUBJECTS DOMICILED IN AUSTRIA HTTPS:// CDN.KLARNA.COM/1.0/SHARED/CONTENT/LEGAL/TERMS/0/EN_AT/ PRIVACY
.

- PAYPAL
WHEN PAYING VIA PAYPAL, CREDIT CARD VIA PAYPAL, DIRECT DEBIT VIA PAYPAL OR - IF OFFERED - "PURCHASE ON ACCOUNT" OR "PAYMENT BY INSTALLMENTS" VIA PAYPAL, WE WILL FORWARD YOUR PAYMENT DATA TO PAYPAL (EUROPE) S.A.R.L. ET CIE, S.C.A., 22-24 BOULEVARD ROYAL, L-2449 LUXEMBOURG (HEREINAFTER "PAYPAL"), AS PART OF THE PAYMENT PROCESSING. the forwarding takes place in accordance with art. 6 ABS. 1 LIT. B GDPR AND ONLY TO THE EXTENT NECESSARY FOR PAYMENT PROCESSING.
PAYPAL RESERVES THE RIGHT FOR THE PAYMENT METHODS CREDIT CARD VIA PAYPAL, DIRECT DEBIT VIA PAYPAL OR - IF OFFERED - "PURCHASE ON ACCOUNT" OR "PAYMENT BY INSTALLMENTS" VIA PAYPAL THE

EXECUTION OF A CREDIT REPORT. in this case your payment data will be used in accordance with art. 6 ABS. 1 LIT. F GDPR ON THE BASIS OF PAYPAL'S LEGITIMATE INTEREST IN DETERMINING YOUR SOLVENCY TO CREDIT AGENCIES. PAYPAL USES THE RESULT OF THE CREDIT CHECK WITH REGARD TO THE STATISTICAL PROBABILITY OF NON-PAYMENT FOR THE PURPOSE OF DECIDING ON THE PROVISION OF THE RESPECTIVE PAYMENT METHOD. THE CREDIT REPORT MAY CONTAIN PROBABILITY VALUES (SO-CALLED SCORE VALUES). insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. the calculation of the score values includes, but is not limited to, character data. FOR FURTHER INFORMATION ON DATA PROTECTION LAW, INCLUDING THE CREDIT AGENCIES USED, PLEASE REFER TO PAYPAL'S PRIVACY POLICY: HTTPS://WWW.PAYPAL.COM/EN/WEBAPPS/MPP/UA/PRIVACY-FULL
YOU CAN OBJECT TO THIS PROCESSING OF YOUR DATA AT ANY TIME BY SENDING A MESSAGE TO PAYPAL. HOWEVER, PAYPAL MAY REMAIN still entitled to process your personal data if this is necessary for the processing of payments in accordance with the contract.
- SHOPIFY PAYMENTS
WE USE THE PAYMENT SERVICE PROVIDER "SHOPIFY PAYMENTS", 3RD FLOOR, EUROPA HOUSE, HARCOURT BUILDING, HARCOURT STREET, DUBLIN 2. IF YOU CHOOSE A PAYMENT METHOD OFFERED VIA THE PAYMENT SERVICE PROVIDER SHOPIFY PAYMENTS, THE PAYMENT PROCESSING IS CARRIED OUT VIA THE TECHNICAL SERVICE PROVIDER STRIPE PAYMENTS EUROPE LTD, 1 GRAND CANAL STREET LOWER, GRAND CANAL DOCK, DUBLIN, IRELAND, TO WHOM WE SHALL PROVIDE YOUR INFORMATION PROVIDED DURING THE ORDER PROCESS IN ADDITION TO YOUR ORDER INFORMATION (NAME, ADDRESS, ACCOUNT NUMBER, BANK RETURN NUMBER, CREDIT CARD NUMBER, INVOICE AMOUNT, CURRENCY AND TRANSACTION NUMBER) IN ACCORDANCE WITH ART. 6 ABS. 1 LIT. B GDPR. the forwarding of your data takes place exclusively for the purpose of payment processing with stripe payments europe ltd. AND ONLY TO THE EXTENT THAT IT IS NECESSARY FOR THIS PURPOSE. YOU CAN FIND MORE INFORMATION ABOUT SHOPIFY PAYMENTS' DATA PROTECTION AT THE FOLLOWING INTERNET ADDRESS: HTTPS://WWW.SHOPIFY.COM/LEGAL/PRIVACY.

DATA PROTECTION INFORMATION ON STRIPE PAYMENTS EUROPE LTD. CAN BE FOUND HERE: HTTPS://STRIPE.COM/EN/PRIVACY

10) ONLINE MARKETING
FACEBOOK PIXEL FOR THE CREATION OF CUSTOM AUDIENCES (WITH COOKIE CONSENT TOOL)
WITHIN OUR ONLINE OFFER THE SO-CALLED. "FACEBOOK PIXEL" OF THE SOCIAL NETWORK FACEBOOK, WHICH IS OPERATED BY FACEBOOK IRELAND LIMITED, 4 GRAND CANAL QUARE, DUBLIN 2, IRELAND ("FACEBOOK").
IF A USER CLICKS ON AN ADVERTISEMENT PLACED BY US THAT IS DISPLAYED ON FACEBOOK, AN ADDITION IS ADDED TO THE URL OF OUR LINKED PAGE BY FACEBOOK PIXEL. IF OUR SITE ALLOWS THE SHARING OF DATA WITH FACEBOOK VIA PIXEL, THIS URL PARAMETER IS WRITTEN INTO THE USER'S BROWSER VIA A COOKIE, WHICH OUR LINKED SITE SETS ITSELF. THIS COOKIE IS THEN READ BY FACEBOOK PIXEL AND ENABLES THE DATA TO BE FORWARDED TO FACEBOOK.
WITH THE HELP OF THE FACEBOOK PIXEL, FACEBOOK IS ABLE TO DETERMINE THE VISITORS OF OUR ONLINE OFFER AS A TARGET GROUP FOR THE PRESENTATION OF ADVERTISEMENTS (SO-CALLED "FACEBOOK ADS"). ACCORDINGLY, WE USE THE FACEBOOK PIXEL TO DISPLAY THE FACEBOOK ADS PLACED BY US ONLY TO THOSE FACEBOOK USERS WHO HAVE ALSO SHOWN AN INTEREST IN OUR ONLINE OFFER OR WHO HAVE CERTAIN CHARACTERISTICS (E.G. INTERESTS IN CERTAIN TOPICS OR PRODUCTS DETERMINED ON THE BASIS OF THE WEBSITES VISITED), WHICH WE TRANSMIT TO FACEBOOK (SO-CALLED "CUSTOM AUDIENCES"). WITH THE HELP OF THE FACEBOOK PIXEL, WE ALSO WANT TO ENSURE THAT OUR FACEBOOK ADS CORRESPOND TO THE POTENTIAL INTEREST OF THE USERS AND DO NOT HAVE A HARASSING EFFECT. WE CAN ALSO EVALUATE THE EFFECTIVENESS OF FACEBOOK ADS FOR STATISTICAL AND MARKET RESEARCH PURPOSES BY TRACKING WHETHER USERS HAVE BEEN REDIRECTED TO OUR WEBSITE AFTER CLICKING ON A FACEBOOK AD (SO-CALLED "CONVERSION").
THE DATA COLLECTED IS ANONYMOUS TO US AND DOES NOT ALLOW US TO IDENTIFY USERS. HOWEVER, THE DATA IS STORED AND PROCESSED BY FACEBOOK SO THAT A CONNECTION TO THE RESPECTIVE USER PROFILE IS POSSIBLE AND FACEBOOK CAN USE THE DATA FOR

OWN ADVERTISING PURPOSES, IN ACCORDANCE WITH THE FACEBOOK PRIVACY POLICY (HTTPS://WWW.FACEBOOK.COM/ ABOUT/PRIVACY/). the data may enable facebook and its partners to place advertisements on and off facebook.

the data processing resulting from the use of the facebook pixel will only take place if you have given your express consent in accordance with art. 6 ABS. 1 LIT. A GDPR. YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME WITH EFFECT FOR THE FUTURE. TO EXERCISE YOUR REVOCATION, REMOVE THE CHECK MARK NEXT TO THE SETTING FOR THE "FACEBOOK PIXEL" IN THE "COOKIE CONSENT TOOL" INTEGRATED ON THE WEBSITE.

11) TOOLS AND OTHER
11.1 - DATEV
WE USE THE CLOUD-BASED ACCOUNTING SOFTWARE OF DATEV EG, PAUMGARTNERSTR. 6-14, 90429 NUREMBERG ("DATEV").
DATEV PROCESSES INCOMING AND OUTGOING INVOICES AND, WHERE APPLICABLE ALSO THE BANK TRANSACTIONS OF OUR COMPANY IN ORDER TO AUTOMATICALLY RECORD INVOICES, MATCH THEM TO THE TRANSACTIONS AND CREATE THE FINANCIAL ACCOUNTING IN A PARTIALLY AUTOMATED PROCESS.
if personal data is also processed in this process, the processing is carried out in accordance with art. 6 ABS. 1 LIT. F GDPR ON THE BASIS OF OUR LEGITIMATE INTEREST IN THE EFFICIENT ORGANIZATION AND DOCUMENTATION OF OUR BUSINESS PROCESSES.
FURTHER INFORMATION ON DATEV, THE AUTOMATED PROCESSING OF DATA AND THE DATA PROTECTION PROVISIONS CAN BE FOUND AT HTTPS:// WWW.DATEV.DE/WEB/EN/M/UEBER-DATEV/DATENSCHUTZ/
11.2 SHOPSYNC FOR SHOPIFY
THIS WEBSITE USES THE SHOPIFY APP "SHOPSYNC" FROM SHOPSYNC LLC, PO BOX 252, JEFFERSON CITY, TN 37760, USA. WITH THE HELP OF SHOPSYNC, THE NEWSLETTER SERVICE "MAILCHIMP" IS SYNCHRONIZED WITH OUR SHOPIFY ACCOUNT IN SUCH A WAY THAT, ON THE ONE HAND, UPDATES IN MAILCHIMP E-MAIL LISTS (E.G. AN OPT-OUT OF A NEWSLETTER RECIPIENT) ARE AUTOMATICALLY STORED ON SHOPIFY AND, ON THE OTHER HAND, NEW NEWSLETTER RECIPIENTS ARE AUTOMATICALLY INFORMED ABOUT NEW CONTRACTS.

CONTACT DATA GENERATED ON SHOPIFY IS AUTOMATICALLY TRANSFERRED TO THE EMAIL LISTS OF MAILCHIMP.
in the first case, data processing takes place in accordance with art. 6 ABS. 1 LIT. F GDPR ON THE BASIS OF OUR LEGITIMATE INTEREST IN THE EFFECTIVE AND CROSS-SYSTEM MAINTENANCE OF THE FILES OF ADVERTISING RECIPIENTS AND THE EFFICIENT OBSERVANCE OF LEGALLY SIGNIFICANT STATUS CHANGES.

in the second case, the data will be processed exclusively on the basis of the user's express consent in accordance with art. 6 ABS. 1 LIT. A GDPR AFTER THE CONCLUSION OF A CONTRACT ON SHOPIFY FOR INCLUSION IN THE MAILCHIMP LIST, THE USER'S FIRST AND LAST NAME, ADDRESS AND EMAIL ADDRESS TOGETHER WITH TRANSACTION-RELATED INFORMATION (PURCHASE AMOUNT, TIME AND DATE OF PURCHASE) ARE TRANSFERRED TO MAILCHIMP BY SHOPSYNC.
DATA TRANSFERRED IN THIS WAY IS NOT STORED OR RETAINED BY SHOPSYNC AFTER SYNCHRONIZATION. ALL INFORMATION SYNCHRONIZED BETWEEN SHOPIFY AND MAILCHIMP IS TRANSMITTED VIA SSL (SECURE SOCKET LAYER) TECHNOLOGY, AND ALL TRANSMITTED INFORMATION REMAINS ENCRYPTED DURING THE SYNCHRONIZATION PROCESS.
THE SYNCHRONIZATION PROCESS REQUIRES THE TRANSMISSION OF INFORMATION VIA A SECURE CONNECTION TO SERVERS HOSTED BY AMAZON WEB SERVICES IN THE USA.
YOU CAN FIND FURTHER DATA PROTECTION INFORMATION ABOUT SHOPSYNC HERE: HTTPS://SHOPSYNC.IO/PRIVACY-POLICY

12) RIGHTS OF THE DATA SUBJECT
12.1 the applicable data protection law grants you comprehensive data subject rights (rights of access and information) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:
- right of access pursuant to art. 15 GDPR: IN PARTICULAR, YOU HAVE A RIGHT TO INFORMATION ABOUT YOUR PERSONAL DATA PROCESSED BY US, THE PURPOSES OF PROCESSING, THE CATEGORIES OF PERSONAL DATA PROCESSED, THE RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM YOUR DATA HAS BEEN OR WILL BE DISCLOSED, THE PLANNED STORAGE PERIOD OR THE CRITERIA FOR DETERMINING THE STORAGE PERIOD, THE EXISTENCE OF A RIGHT TO RECTIFICATION, ERASURE,

restriction of processing, objection to processing, complaints to a supervisory authority, the origin of your data if not obtained by us from you, the existence of an automated decision making process including profiling and the possible use of a computerized system. meaningful information about the logic involved and the scope and impact of such processing, as well as your right to be informed of the warranties under art. 46 GDPR IF YOUR DATA IS TRANSFERRED TO THIRD COUNTRIES;

- right to rectification pursuant to art. 16 GDPR: YOU HAVE THE RIGHT TO OBTAIN WITHOUT UNDUE DELAY THE RECTIFICATION OF INACCURATE PERSONAL DATA CONCERNING YOU AND/OR THE COMPLETION OF INCOMPLETE PERSONAL DATA STORED BY US;

- right to erasure pursuant to art. 17 GDPR: YOU HAVE THE RIGHT TO REQUEST THE ERASURE OF YOUR PERSONAL DATA IF THE REQUIREMENTS OF ART. 17 ABS. 1 GDPR. however, this right does not apply in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

- RIGHT TO RESTRICT PROCESSING IN ACCORDANCE WITH ART. 18 GDPR: YOU HAVE THE RIGHT TO REQUEST THE RESTRICTION OF THE PROCESSING OF YOUR PERSONAL DATA WHILE THE ACCURACY OF YOUR DATA, WHICH YOU DISPUTE, IS BEING VERIFIED, IF YOU REFUSE TO HAVE YOUR DATA DELETED DUE TO UNAUTHORIZED DATA PROCESSING AND INSTEAD REQUEST THE RESTRICTION OF THE PROCESSING OF YOUR DATA, IF YOU NEED YOUR DATA TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS AFTER WE NO LONGER NEED THIS DATA AFTER THE PURPOSE HAS BEEN ACHIEVED OR IF YOU HAVE LODGED AN OBJECTION FOR REASONS OF YOUR PARTICULAR SITUATION, AS LONG AS IT IS NOT YET CLEAR WHETHER OUR LEGITIMATE REASONS PREVAIL;

- RIGHT TO INFORMATION IN ACCORDANCE WITH ART. 19 GDPR: IF YOU HAVE ASSERTED THE RIGHT TO RECTIFICATION, ERASURE OR RESTRICTION OF PROCESSING AGAINST THE CONTROLLER, THE CONTROLLER IS OBLIGED TO INFORM ALL RECIPIENTS TO WHOM THE PERSONAL DATA CONCERNING YOU HAVE BEEN DISCLOSED OF THIS RECTIFICATION, ERASURE OR RESTRICTION OF PROCESSING.

do not allow the rectification or erasure of data or restriction of processing unless this proves impossible or involves disproportionate effort. YOU HAVE THE RIGHT TO BE INFORMED ABOUT THESE RECIPIENTS.
- right to data portability pursuant to art. 20 GDPR: YOU HAVE THE RIGHT TO RECEIVE THE PERSONAL DATA CONCERNING YOU, WHICH YOU HAVE PROVIDED TO US, IN A STRUCTURED, COMMONLY USED AND MACHINE-READABLE FORMAT OR TO REQUEST ITS TRANSMISSION TO ANOTHER CONTROLLER, WHERE TECHNICALLY FEASIBLE;
- right to withdraw consent granted pursuant to art. 7 ABS. 3 GDPR: YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF DATA AT ANY TIME WITH EFFECT FOR THE FUTURE. IN THE EVENT OF REVOCATION, WE WILL DELETE THE DATA CONCERNED IMMEDIATELY, UNLESS FURTHER PROCESSING CAN BE BASED ON A LEGAL BASIS FOR PROCESSING WITHOUT CONSENT. the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- right to lodge a complaint pursuant to art. 77 GDPR: if you consider that the processing of personal data relating to you infringes the gdpr, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement.
12.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF A WEIGHING UP OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE PURPOSES OF THE LEGITIMATE INTERESTS PURSUED BY US.

THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) DURATION OF STORAGE OF PERSONAL DATA
THE DURATION OF STORAGE OF PERSONAL DATA IS DETERMINED BY THE RESPECTIVE LEGAL BASIS, THE PURPOSE OF PROCESSING AND - IF APPLICABLE - ADDITIONALLY BY THE RESPECTIVE STATUTORY RETENTION PERIOD (E.G. RETENTION PERIODS UNDER COMMERCIAL AND TAX LAW).
in the processing of personal data on the basis of explicit consent in accordance with art. 6 ABS. 1 LIT. A GDPR, THIS DATA IS STORED UNTIL THE DATA SUBJECT WITHDRAWS THEIR CONSENT. ARE THERE STATUTORY RETENTION PERIODS FOR DATA THAT IS PROCESSED IN THE CONTEXT OF LEGAL OR QUASI-LEGAL OBLIGATIONS ON THE BASIS OF ART. 6 ABS. 1 LIT. b gdpr, this data will be routinely deleted after expiry of the retention periods if it is no longer required for the performance or execution of the contract and/or if we have no legitimate interest in continuing to store it.
WHEN PROCESSING PERSONAL DATA ON THE BASIS OF ART. 6 ABS. 1 LIT. F GDPR, THIS DATA IS STORED UNTIL THE DATA SUBJECT EXERCISES THEIR RIGHT TO OBJECT IN ACCORDANCE WITH ART. 21 ABS. 1 GDPR, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE THE INTERESTS, RIGHTS AND FREEDOMS OF THE DATA SUBJECT OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
WHEN PROCESSING PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING ON THE BASIS OF ART. 6 ABS. 1 LIT. F GDPR, THIS DATA IS STORED UNTIL

THE DATA SUBJECT'S RIGHT TO OBJECT UNDER ART. 21 ABS. 2 GDPR.
UNLESS OTHERWISE STATED IN THE OTHER INFORMATION IN THIS STATEMENT ON SPECIFIC PROCESSING SITUATIONS, STORED PERSONAL DATA WILL BE DELETED WHEN IT IS NO LONGER NECESSARY FOR THE PURPOSES FOR WHICH IT WAS COLLECTED OR OTHERWISE PROCESSED.

DATA PROTECTION

Newsletter