Privacy policy
1) Introduction and Contact Information of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data includes all data that can personally identify you.
1.2 The controller responsible for data processing on this website, as defined by the General Data Protection Regulation (GDPR), is Sarah Kuchenbuch, Introvertie, Krieglergasse 3, 1030 Vienna, Austria, Tel.: +49 152 015 76676, Email: support@introvertie-vienna.eu The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for informational purposes only (i.e., if you do not register or otherwise provide us with information), we collect only the data that your browser transmits to the server hosting the website (so-called "server log files"). When you access our website, the following data is collected, which is technically necessary for displaying the website to you:
- The website visited
- Date and time of access
- Amount of data transmitted in bytes
- Source/referrer from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: anonymized)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. However, we reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser’s address bar.
3) Hosting & Content Delivery Network
Shopify
For hosting our website and displaying content, we use the services of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").
Data is also transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized sharing with third parties.
For data transfers to Canada, an adequate level of data protection is ensured by a decision of adequacy from the European Commission.
4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies – small text files stored on your device. Some cookies are deleted automatically after the browser session ends ("session cookies"), while others remain on your device longer to store preferences ("persistent cookies"). You can find the storage duration in your browser’s cookie settings.
If personal data is processed using cookies, processing is carried out in accordance with:
- Art. 6(1)(b) GDPR for contract execution;
- Art. 6(1)(a) GDPR in the event of consent; or
- Art. 6(1)(f) GDPR to protect our legitimate interests in ensuring the best possible functionality and a user-friendly experience on our website.
You can configure your browser to notify you about cookies and decide whether to accept them individually, refuse cookies in certain cases, or disable them entirely.
Please note that disabling cookies may limit the functionality of our website.
5) Contacting Us
When contacting us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of responding to your inquiry and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your inquiry, in accordance with Art. 6(1)(f) GDPR. If your inquiry aims to conclude a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once the matter is fully resolved, provided there are no statutory retention requirements.
6) Use of Customer Data for Direct Advertising
6.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for receiving the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure to ensure that you only receive the newsletter after you have expressly confirmed your consent by clicking a verification link sent to the email address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We store your IP address, as entered by the Internet Service Provider (ISP), as well as the date and time of registration, to trace any potential misuse of your email address. The data collected during newsletter registration is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the contact details mentioned above. After unsubscribing, your email address will be promptly removed from our newsletter distribution list unless you have explicitly consented to further use of your data or we reserve the right to use your data in a manner permitted by law, as explained in this declaration.
6.2 Product Availability Notification via Email
For temporarily unavailable items, you can sign up to receive product availability notifications by email. We will send you a one-time notification about the availability of the selected item. The only required information for sending this notification is your email address. Providing additional data is voluntary and may be used to address you personally. We use the double opt-in procedure to ensure you only receive the notification after confirming your consent by clicking a verification link sent to the provided email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We store your IP address, as entered by the ISP, as well as the date and time of registration, to trace any potential misuse of your email address. The data collected for our email notification service is used strictly for the intended purpose.
You can unsubscribe from the availability notifications at any time by sending a corresponding message to the contact details mentioned above. After unsubscribing, your email address will be promptly removed from our distribution list unless you have explicitly consented to further use of your data or we reserve the right to use your data in a manner permitted by law, as explained in this declaration.
6.3 Cart Reminders via Email
If you abandon your shopping cart without completing the purchase, you have the option to receive a one-time reminder via email about the contents of your virtual cart.
The only required information for sending this reminder is your email address. Providing additional data is voluntary and may be used to address you personally. We use the double opt-in procedure to ensure you only receive the reminder after confirming your consent by clicking a verification link sent to the provided email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR to send you a cart reminder. We store your IP address, as entered by the ISP, as well as the date and time of registration, to trace any potential misuse of your email address. The data collected for this email notification service is used strictly for the intended purpose.
You can unsubscribe from cart reminders at any time by sending a corresponding message to the contact details mentioned above. After unsubscribing, your email address will be promptly removed from our distribution list unless you have explicitly consented to further use of your data or we reserve the right to use your data in a manner permitted by law, as explained in this declaration.
7) Data Processing for Order Fulfillment
7.1 To fulfill the contract, we will transfer personal data to the contracted shipping company and payment service provider as necessary for delivery and payment, in accordance with Art. 6(1)(b) GDPR.
If we are required by a relevant contract to provide updates for goods with digital elements or digital products, we will process the contact details you provided during the order (name, address, email address) to inform you personally about upcoming updates within the legally required period, in accordance with Art. 6(1)(c) GDPR. Your contact details will be used strictly for update notifications and processed only to the extent necessary for this purpose.
7.2 Use of Payment Service Providers (Payment Services)
Amazon Pay
This website offers one or more online payment methods provided by:
Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg
When selecting a payment method from this provider that requires prepayment (e.g., credit card payment), the payment details you provide during the order process (including name, address, bank and card information, currency, and transaction number) and information about your order are shared with the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data is solely for the purpose of payment processing and only to the extent necessary for this purpose.
Apple Pay
If you choose the "Apple Pay" payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your iOS, watchOS, or macOS device by debiting a payment card stored in "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you need to enter a code you have previously set or verify the payment using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, the information you provide during the order process and details about your order are transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider associated with the payment card stored in Apple Pay. This encryption ensures that only the website where the purchase was made can access the payment data. After the payment is completed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the payment.
If personal data is processed during these transmissions, the processing is solely for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Apple retains anonymized transaction data, including approximate purchase amounts, dates, and times, as well as whether the transaction was successfully completed. Anonymization ensures that the data cannot be linked to an individual. Apple uses anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on an iPhone or Apple Watch to complete a purchase made via Safari on a Mac, the Mac and the authorizing device communicate via an encrypted channel on Apple servers. Apple does not process or store any of this information in a form that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings by navigating to "Wallet & Apple Pay" and deactivating "Allow Payments on Mac."
For more information on Apple Pay's privacy policy, visit: https://support.apple.com/de-de/HT203027.
Klarna
This website offers one or more online payment methods provided by:
Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
When selecting a payment method from this provider that requires prepayment (e.g., credit card payment), the payment details you provide during the order process (including name, address, bank and card information, currency, and transaction number) and information about your order are shared with the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data is solely for the purpose of payment processing and only to the extent necessary for this purpose.
When selecting a payment method where the provider offers prepayment (e.g., invoice or installment purchase, direct debit), you will also be required to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and potentially data for an alternative payment method).
To protect our legitimate interest in assessing the payment ability of our customers, this data is forwarded to the provider for a credit check in accordance with Art. 6(1)(f) GDPR. Based on the personal data you provide, as well as other data (e.g., shopping cart, invoice amount, order history, payment experiences), the provider evaluates whether the payment option you selected can be offered with regard to payment and/or default risks.
For the credit check, identity and credit information from the following agencies may also be considered in addition to provider-internal criteria:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit check may include probability values (so-called score values). These scores are based on scientifically recognized mathematical-statistical procedures. The calculation of score values may include, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
PayPal
This website offers one or more online payment methods provided by:
PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
When selecting a payment method from this provider that requires prepayment, the payment details you provide during the order process (including name, address, bank and card information, currency, and transaction number) and information about your order are shared with the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data is solely for the purpose of payment processing and only to the extent necessary for this purpose.
When selecting a payment method where we offer prepayment, you may also be required to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and potentially data for an alternative payment method).
To protect our legitimate interest in assessing your payment ability, this data is forwarded to the provider for a credit check in accordance with Art. 6(1)(f) GDPR. Based on the personal data you provide, as well as other data (e.g., shopping cart, invoice amount, order history, payment experiences), the provider evaluates whether the payment option you selected can be offered with regard to payment and/or default risks.
The credit check may include probability values (so-called score values). These scores are based on scientifically recognized mathematical-statistical procedures. The calculation of score values may include, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
Shopify Payments
This website offers one or more online payment methods provided by:
Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
When selecting a payment method from this provider that requires prepayment (e.g., credit card payment), the payment details you provide during the order process (including name, address, bank and card information, currency, and transaction number) and information about your order are shared with the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data is solely for the purpose of payment processing and only to the extent necessary for this purpose.
SOFORT
This website offers one or more online payment options from the following provider:
SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany
If you select a payment method provided by this provider that requires advance payment (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be shared with the provider pursuant to Article 6(1)(b) GDPR. This data transfer is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
Stripe
This website offers one or more online payment options from the following provider:
Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
If you select a payment method provided by this provider that requires advance payment (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be shared with the provider pursuant to Article 6(1)(b) GDPR. This data transfer is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider assumes advance payment (e.g., purchase on account, installment purchase, or direct debit), you will also be required to provide certain personal data during the ordering process (e.g., first and last name, street address, house number, postal code, city, date of birth, email address, phone number, and, if applicable, information on an alternative payment method).
To protect our legitimate interest in assessing the creditworthiness of our customers, this data will be forwarded to the provider pursuant to Article 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data provided by you and other data (e.g., shopping cart, invoice amount, order history, payment experiences), the provider will assess whether the payment option you selected can be granted in light of potential payment and/or default risks.
The credit check may include probability values (so-called score values). These score values are calculated based on a scientifically recognized mathematical-statistical process. The calculation of score values includes, but is not limited to, address data.
You may object to this data processing at any time by notifying us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
8) Web Analytics Services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables the analysis of your use of our website.
By default, Google Analytics 4 sets cookies during your website visit, which are small text files stored on your device and collect certain information. This information includes your IP address, which is truncated by Google to exclude direct personal identification.
The collected information is transmitted to Google servers and processed there. Transfers to Google LLC based in the USA may also occur.
Google uses this information on our behalf to evaluate your website usage, compile reports on website activities, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected through Google Analytics 4 is stored for two months and then deleted.
All described processing activities, especially the setting of cookies on your device, are carried out only with your express consent under Article 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You can withdraw your consent at any time with future effect. To exercise your withdrawal right, deactivate this service using the “cookie consent tool” provided on the website.
We have entered into a data processing agreement with Google to ensure the protection of our visitors' data and prevent unauthorized sharing with third parties.
Further legal information about Google Analytics 4 is available at:
Demographic Features
Google Analytics 4 includes the "demographic features" function, allowing for statistics on the age, gender, and interests of website visitors. This is based on advertising and information from third parties. These statistics help identify target groups for marketing activities. The collected data cannot be attributed to specific individuals and is deleted after two months.
Google Signals
As an extension of Google Analytics 4, this website may use Google Signals to create cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google may analyze your usage behavior across devices and generate database models for cross-device conversions, provided you consent to the use of Google Analytics under Article 6(1)(a) GDPR. We only receive statistics from Google, not personal data.
To stop cross-device analysis, disable the “Personalized Ads” function in your Google account settings by following these instructions:
https://support.google.com/ads/answer/2662922?hl=en
Further information about Google Signals is available at:
https://support.google.com/analytics/answer/7532985?hl=en
User IDs
As an extension of Google Analytics 4, this website may use the “User IDs” function. If you have agreed to the use of Google Analytics 4 under Article 6(1)(a) GDPR and created an account on this website, your activities (including conversions) can be analyzed across devices when you log in with this account.
For data transfers to the USA, the provider adheres to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
9) Retargeting/Remarketing and Conversion Tracking
Meta Pixel
Our online offering uses the "Meta Pixel" service provided by the following vendor:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").
When a user clicks on an advertisement we have placed on Facebook and/or Instagram, the URL of our linked page is extended with a parameter using "Meta Pixel." This URL parameter is then entered into the user's browser via a cookie set by our linked page after the redirection.
This enables Meta to identify visitors to our online offering as a target audience for displaying ads (so-called "Ads"). Accordingly, we use the service to show our Facebook and/or Instagram ads only to users who have shown interest in our online offering or who exhibit specific characteristics (e.g., interest in certain topics or products, determined by visited websites) that we transmit to Meta ("Custom Audiences").
Furthermore, "Meta Pixel" can track whether users have been redirected to our website after clicking on an ad and what actions they perform there ("Conversion Tracking").
The collected data is anonymous to us and does not allow us to deduce the identity of the users. However, Meta stores and processes the data, enabling a connection to the respective user profile, and Meta may use the data for its own advertising purposes.
All the processing described above, particularly the setting of cookies to read information from the device used, only occurs if you have explicitly consented to it under Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service via the "Cookie Consent Tool" provided on the website.
We have entered into a data processing agreement with the vendor to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties.
The information generated by Meta is typically transferred to a Meta server and stored there. In this context, data may also be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the vendor has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
10) Website Functionalities
10.1 Facebook Plugins
Our website uses plugins from the social network provided by:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
These plugins enable direct interaction with content on the social network.
To enhance the protection of your data during your visit to our website, the plugins are initially deactivated and integrated into the page using a "2-click" or "Shariff" solution.
This integration ensures that no connection to the vendor's servers is established when you access a page on our website that contains such plugins.
Only when you activate the plugins and thereby consent to data transmission under Art. 6 (1) lit. a GDPR does your browser establish a direct connection to the vendor's servers. During this process, regardless of whether you are logged into an existing user profile, certain information about your device (including your IP address), browser, and browsing history is transmitted to the vendor and possibly further processed there.
If you are logged into an existing user profile on the vendor's social network, information about interactions performed via the plugins will also be published and shown to your contacts.
You can revoke your consent at any time by deactivating the activated plugin again. However, the revocation does not affect data already transmitted to the vendor.
Data may also be transferred to: Meta Platforms Inc., USA.
We have entered into a data processing agreement with the vendor to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties.
For data transfers to the USA, the vendor has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
10.2 Instagram Plugins
Our website uses plugins from the social network provided by:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
These plugins enable direct interaction with content on the social network.
To enhance the protection of your data during your visit to our website, the plugins are initially deactivated and integrated into the page using a "2-click" or "Shariff" solution.
This integration ensures that no connection to the vendor's servers is established when you access a page on our website that contains such plugins.
Only when you activate the plugins and thereby consent to data transmission under Art. 6 (1) lit. a GDPR does your browser establish a direct connection to the vendor's servers. During this process, regardless of whether you are logged into an existing user profile, certain information about your device (including your IP address), browser, and browsing history is transmitted to the vendor and possibly further processed there.
If you are logged into an existing user profile on the vendor's social network, information about interactions performed via the plugins will also be published and shown to your contacts.
You can revoke your consent at any time by deactivating the activated plugin again. However, the revocation does not affect data already transmitted to the vendor.
Data may also be transferred to: Meta Platforms Inc., USA.
We have entered into a data processing agreement with the vendor to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties.
For data transfers to the USA, the vendor has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
10.3 Pinterest Plugins
Our website uses plugins from the social network provided by:
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
These plugins enable direct interaction with content on the social network.
To enhance the protection of your data during your visit to our website, the plugins are initially deactivated and integrated into the page using a "2-click" or "Shariff" solution.
This integration ensures that no connection to the vendor's servers is established when you access a page on our website that contains such plugins.
Only when you activate the plugins and thereby consent to data transmission under Art. 6 (1) lit. a GDPR does your browser establish a direct connection to the vendor's servers. During this process, regardless of whether you are logged into an existing user profile, certain information about your device (including your IP address), browser, and browsing history is transmitted to the vendor and possibly further processed there.
If you are logged into an existing user profile on the vendor's social network, information about interactions performed via the plugins will also be published and shown to your contacts.
You can revoke your consent at any time by deactivating the activated plugin again. However, the revocation does not affect data already transmitted to the vendor.
Data may also be transferred to: Pinterest Inc., USA.
We have entered into a data processing agreement with the vendor to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties.
For data transfers to the USA, the vendor relies on Standard Contractual Clauses issued by the European Commission, ensuring compliance with European data protection standards.
10.4 Vimeo
This website uses plugins to display and play videos from the following provider:
Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. Certain information, including your IP address, is transmitted to the provider during this process.
If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior.
If you are logged into a user account with the provider during your visit to our site, your data will be directly linked to your account when you click on a video. If you do not wish for this linking to occur, you must log out before clicking the playback button.
All of the aforementioned processing, particularly the setting of cookies for retrieving information on the device used, is carried out only if you have expressly consented to this in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with future effect by deactivating this service via the "Cookie-Consent-Tool" provided on the website.
For data transfers to the USA, the provider is part of the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on a decision of adequacy by the European Commission.
10.5 Google Maps
This website uses the online mapping service provided by:
Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for displaying interactive maps to visually present geographical information. Using this service allows us to show you our location and facilitate directions to our premises.
When you access a page on our website that includes a Google Maps map, information about your use of our website (such as your IP address) is transmitted to Google's servers and stored there. This may also involve transmission to servers of Google LLC in the USA.
This occurs regardless of whether Google provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data is directly linked to your account. If you do not wish for this linking to occur, you must log out before activating the button. Google stores your data (even for users not logged in) as usage profiles and evaluates them for advertising, market research, and/or needs-based website design in accordance with Art. 6(1)(f) GDPR based on Google’s legitimate interest.
You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google during the use of Google Maps, you can disable the Google Maps web service entirely by turning off the JavaScript application in your browser. Google Maps and the map display on this website will then no longer be usable.
If legally required, your consent for the aforementioned processing of your data is obtained in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with future effect.
For data transfers to the USA, the provider is part of the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on a decision of adequacy by the European Commission.
10.6 Best Currency Converter
This website uses the service "Best Currency Converter" by:
Grizzly Apps SRL, Str. Muresului Nr. 7 Bloc E23, Scara B, Apartament 15, Brasov, Romania
Based on our legitimate interest in displaying prices in the local currency of your location, Best Currency Converter collects and evaluates your IP address in accordance with Art. 6(1)(f) GDPR to adapt price displays on the website to your location. The IP address is not stored permanently.
Additionally, Best Currency Converter sets a functional cookie in the browser of your device after the first currency adjustment to store the currency setting for the duration of the session. This cookie is automatically deleted after the session ends.
10.7 ShopSync for Shopify
This website uses the Shopify app "ShopSync" by:
ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA
ShopSync synchronizes the newsletter service "Mailchimp" with our Shopify account, ensuring that updates to email lists in Mailchimp (e.g., an opt-out by a newsletter recipient) are automatically reflected in Shopify, and that new contact data generated through contracts on Shopify are automatically added to Mailchimp's email lists.
- In the case of updates, data processing occurs in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in effective and system-wide management of advertising recipient records and legally relevant status changes.
- In the case of new data transmissions, processing is based solely on the user’s explicit consent in accordance with Art. 6(1)(a) GDPR. After a contract is concluded on Shopify, the user's first and last name, address, email address, and transaction-related information (e.g., purchase amount, time, and date) are transmitted to Mailchimp through ShopSync.
The transmitted data is not stored or retained by ShopSync after synchronization. All information is transmitted securely over SSL technology and remains encrypted during the synchronization process.
The synchronization requires the transfer of information via a secure connection to servers hosted by Amazon Web Services in the USA.
Further information on ShopSync's data protection policies can be found here: https://www.shop-sync.com/privacy-policy
11) Tools and Miscellaneous
11.1 sevDesk
For bookkeeping purposes, we use the cloud-based accounting software provided by:
sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany
The provider processes incoming and outgoing invoices as well as, if applicable, our company’s bank transactions to automatically record invoices, match them to transactions, and create financial accounting records through a semi-automated process.
If personal data is processed in this context, the processing is based on our legitimate interest in efficient organization and documentation of our business transactions.
11.2 Cookie-Consent-Tool
This website uses a "Cookie-Consent-Tool" to obtain valid user consent for cookies and cookie-based applications requiring consent. The tool is displayed as an interactive user interface when the site is accessed, allowing users to grant consent for specific cookies and/or cookie-based applications by checking the corresponding boxes.
Through the tool, cookies requiring consent are only loaded if the user has explicitly granted consent. This ensures that such cookies are set only when consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. In general, no personal user data is processed in this context.
If, in individual cases, personal data (such as an IP address) is processed for the purpose of storage, assignment, or logging of cookie settings, this processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in legally compliant and user-specific cookie management and the lawful design of our online presence.
Further legal basis for this processing is Art. 6(1)(c) GDPR, as we are legally obliged to make the use of non-essential cookies dependent on user consent.
Where necessary, we have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and prohibit unauthorized disclosure to third parties.
More information about the operator and setting options for the Cookie-Consent-Tool can be found directly in the relevant user interface on our website.
12) Rights of the Data Subject
12.1 The applicable data protection law grants you the following rights regarding the processing of your personal data by the controller (right to information and intervention), with reference to the respective legal basis for the exercise of these rights:
Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consents given pursuant to Art. 7(3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.
12.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE RELEVANT DATA. HOWEVER, FURTHER PROCESSING MAY BE PRESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING AT ANY TIME. YOU CAN EXERCISE THIS RIGHT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.
13) Duration of Storage of Personal Data
The duration of storage of personal data is determined by the respective legal basis, the processing purpose, and, where applicable, the respective statutory retention period (e.g., commercial and tax retention periods).
When processing personal data based on explicit consent pursuant to Art. 6(1)(a) GDPR, the data will be stored until you withdraw your consent.
If statutory retention periods exist for data processed as part of legal or legally comparable obligations under Art. 6(1)(b) GDPR, such data will be routinely deleted after the retention periods have expired, provided they are no longer necessary for contract fulfillment or contract initiation and/or we have no legitimate interest in retaining them.
When processing personal data based on Art. 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for direct marketing purposes based on Art. 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise specified in this declaration regarding specific processing situations, stored personal data will be deleted once they are no longer necessary for the purposes for which they were collected or otherwise processed.
© IT-Recht Law Firm | Updated: 15.01.2025, 16:41:28