Privacy Policy
1) Introduction and Contact Information of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data refers to all data that can be used to personally identify you.
1.2 The controller responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Ante Lukac, Chilla Shop, Föhrenweg 6, 91336 Heroldsbach, Germany, Tel .: 015150783978, Email: info@chillapparel.shop. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.
2) Data Collection When Visiting Our Website
When you use our website for purely informational purposes, i.e., when you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website:
– The website visited
– Date and time of access
– Amount of data sent in bytes
– Source/reference from which you accessed the page
– Browser used
– Operating system used
– IP address used (possibly in anonymized form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or use of the data. However, we reserve the right to subsequently check the server log files should concrete evidence point to unlawful use.
3) Hosting & Content Delivery Network
Jetpack
We use a content delivery network provided by the following provider: Automattic Inc., 60 29 th Street #343, San Francisco, CA 94110, USA. This service allows us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider to ensure the protection of our site visitors’ data and to prohibit unauthorized disclosure to third parties.
For the transmission of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
4) Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow you to save page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the cookie settings of your web browser.
If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the performance of a contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of granted consent, or in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a user-friendly and effective design of the website visit.
You can configure your browser settings to notify you about the setting of cookies and decide on their acceptance individually, or exclude the acceptance of cookies for specific cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contact
In the context of contacting us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of processing and responding to your request, and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been finally clarified and there are no legal retention obligations to the contrary.
6) Data Processing When Opening a Customer Account
In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed in the required scope when you provide it to us when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the address of the controller mentioned above. After the deletion of your customer account, your data will be deleted as long as all contracts concluded via it have been completely processed, there are no legal retention periods to the contrary, and there is no legitimate interest on our part in further storage.
7) Use of Customer Data for Direct Advertising
7.1 Registration for Our Email Newsletter
When you subscribe to our email newsletter, we regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the double opt-in procedure, which ensures that you will only receive the newsletter if you have explicitly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. In this process, we store the IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any misuse of your email address at a later date. The data collected by us during the newsletter registration process is used exclusively for the purpose specified. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the controller mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond that, which is permitted by law and about which we inform you in this statement.
7.2 – Newsletter Dispatch via MailChimp
The dispatch of our email newsletters is carried out via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on the data provided by you during the newsletter registration. This transfer is carried out in accordance with Art. 6 Para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information for sending and statistically evaluating the newsletters on our behalf. For the evaluation, the sent emails contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links may have been clicked. Using web beacons, MailChimp automatically generates general, non-personalized statistics about the response behavior to newsletter campaigns. Based on our legitimate interest in the statistical evaluation of newsletter campaigns for optimizing advertising communication and better alignment with recipient interests, web beacons according to Art. 6 Para. 1 lit. f GDPR also collect and process data of the respective newsletter recipient (email address, time of access, IP address, browser type, and operating system). These data allow individual conclusions to be drawn about the newsletter recipient and are processed by MailChimp to automatically create statistics that indicate whether a specific recipient has opened a newsletter message.
If you wish to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp may also use this data in accordance with Art. 6 Para. 1 lit. f GDPR for its own legitimate interests in designing and optimizing the service to meet specific needs and for market research purposes, for example, to determine the countries from which recipients originate. However, MailChimp does not use the data of our newsletter recipients to contact them directly or to share it with third parties.
To protect your data in the USA, we have concluded a data processing agreement (“Data Processing Addendum”) with MailChimp based on the standard contractual clauses of the European Commission to enable the transmission of your personal data to MailChimp. This data processing agreement can be viewed at the following internet address: https://mailchimp.com/legal/data-processing-addendum/
You can view MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy/
7.3 Email Product Availability Notification
For temporarily unavailable items, you can subscribe to receive email product availability notifications. In this case, we will send you a one-time email message about the availability of the item you have selected. The mandatory information for sending this notification is solely your email address. Providing additional data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending emails to ensure that you receive a notification only after confirming your consent by clicking on a verification link sent to the provided email address.
By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. We store your IP address as entered by the internet service provider (ISP), as well as the date and time of registration, to be able to track potential misuse of your email address at a later date. The data collected from you when registering for our email product availability notification service is used strictly for the intended purpose. You can unsubscribe from availability notifications at any time by sending a corresponding message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately removed from our distribution list created for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond that, as permitted by law and as described in this statement.
7.4 Email Shopping Cart Reminder
In the event that you abandon your purchase with us before completing the order, you have the option to be reminded of the contents of your virtual shopping cart via email. The mandatory information for sending this reminder is solely your email address. Providing additional data is voluntary and may be used to address you personally. For email delivery, we use the so-called double opt-in procedure to ensure that you receive a reminder only after confirming your consent by clicking on a verification link sent to the provided email address.
By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR for sending a shopping cart reminder. We store your IP address as entered by the internet service provider (ISP), as well as the date and time of registration, to be able to track potential misuse of your email address at a later date. The data collected from you when registering for our email shopping cart reminder service is used strictly for the intended purpose. You can unsubscribe from shopping cart reminders at any time by sending a corresponding message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately removed from our distribution list created for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond that, as permitted by law and as described in this statement.
8) Data Processing for Order Processing
8.1 To the extent necessary for the processing of contracts for delivery and payment purposes, the personal data collected by us will be forwarded to the contracted transportation company and the contracted financial institution in accordance with Art. 6 Para. 1 lit. b GDPR.
If, based on a corresponding contract, we owe you updates for products with digital elements or digital products, we will process the contact details provided by you during the order (name, address, email address) to inform you personally within the legally prescribed period via a suitable communication method (such as postal or email) as part of our legal notification obligations in accordance with Art. 6 Para. 1 lit. c GDPR about upcoming updates. Your contact details will be used strictly for notifications of updates owed by us and will only be processed by us to the extent necessary for the respective notification.
In order to process your order, we also work with the following service provider(s) who support us in whole or in part in the execution of closed contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We provide your name, delivery address, and, if necessary for delivery, your phone number exclusively for the purpose of shipping in accordance with Art. 6 Para. 1 lit. b GDPR to a selected shipping partner chosen by us.
8.4 Use of Payment Service Providers
Amazon Pay
If you choose the payment method “Amazon Pay,” the payment processing is carried out by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter “Amazon Payments”). We will share the information provided by you during the ordering process, as well as information about your order, in accordance with Art. 6 Para. 1 lit. b GDPR, solely for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this purpose. If cookies, small text files stored on your device, are set when using Amazon Pay, this will only be done with your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time using the “Cookie Consent Tool” implemented on the website. You can find further information about the data protection policies of Amazon Payments at [https://pay.amazon.de/help/82974](https://pay.amazon.de/help/82974).
Apple Pay
If you choose the payment method “Apple Pay,” payment processing is carried out through the “Apple Pay” function of your iOS, watchOS, or macOS device, which is operated by Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you need to enter a code you have set in advance and verify it using the “Face ID” or “Touch ID” function of your device.
For payment processing, your information provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider associated with the payment card stored in Apple Pay for payment execution. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is completed, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
If personal data is processed in the described transmissions, the processing is carried out solely for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR. Apple retains anonymized transaction data, including the approximate purchase amount, date, time, and whether the transaction was successfully completed. Anonymization ensures that personal identification is completely excluded. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services. You can disable the use of Apple Pay on your Mac in the settings of your iPhone under “Wallet & Apple Pay” by disabling “Allow Payments on Mac.” For more information on data protection with Apple Pay, please visit [https://support.apple.com/de-de/HT203027](https://support.apple.com/de-de/HT203027).
Google Pay
If you choose the payment method “Google Pay,” payment processing is carried out through the “Google Pay” application on your mobile device with at least Android 4.4 (“KitKat”) and NFC capability. Payment is made by charging a payment card stored in Google Pay or a verified payment system (e.g., PayPal). To authorize a payment via Google Pay for amounts exceeding €25, prior unlocking of your mobile device through the verification method you have set up (e.g., face recognition, password, fingerprint, or pattern) is required.
For payment processing, your information provided during the ordering process, along with information about your order, is transmitted to Google. Google then forwards your payment information stored in Google Pay to the originating website in the form of a one-time transaction number to verify a completed payment. This transaction number does not contain any information about the real payment data of your payment method stored in Google Pay but is created and transmitted as a one-time valid numerical token. Google merely acts as an intermediary for processing the payment process for all transactions via Google Pay. Transaction execution takes place exclusively between the user and the originating website through charging the payment method stored in Google Pay.
If personal data is processed in the described transmissions, the processing is carried out solely for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR. Google reserves the right to collect, store, and analyze specific transaction-specific information for each transaction made via Google Pay, including the date, time, transaction amount, merchant location and description, a description of the purchased goods or services provided by the merchant, photos attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason of the transaction, and any associated offers.
According to Google, this processing is carried out solely in accordance with Art. 6 Para.1 lit. f GDPR based on the legitimate interest in proper accounting, verification of transaction data, and the optimization and maintenance of the Google Pay service. Google also reserves the right to combine the processed transaction data with further information collected and stored by Google when using other Google services.
You can find Google Pay’s terms of use here: [https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de](https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de). For further information on data protection with Google Pay, please visit [https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de).
Mollie
If you choose a payment method provided by the payment service provider Mollie, payment processing is carried out by Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands. We will share the information provided by you during the ordering process, along with information about your order (name, address, IBAN, BIC, invoice amount, currency, and transaction number), in accordance with Art. 6 Para. 1 lit. b GDPR, solely for the purpose of payment processing with the payment service provider Mollie and only to the extent necessary for this purpose.
PayPal
When you choose PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, we will share your payment data during the payment processing with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). The disclosure is made in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent necessary for payment processing. For certain payment methods offered by PayPal, such as credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal’s own payment methods and local payment methods from third-party providers. When you choose PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, “later payment” via PayPal, we will share your payment data during payment processing with PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). The disclosure is made in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent necessary for payment processing. For certain payment methods offered by PayPal, such as credit card via PayPal, direct debit via PayPal, or, if offered, “later payment” via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. In the calculation of score values, address data is included, among other things. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
When selecting the PayPal payment method “purchase on account,” your payment data will be transmitted to PayPal to prepare for payment processing, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin, Germany (“Ratepay”). The legal basis is Art. 6 Para. 1 lit. b GDPR. In this case, RatePay conducts an identity and credit check according to the above-mentioned principle and shares your payment data with credit agencies based on PayPal’s legitimate interest in determining your ability to pay in accordance with Art. 6 Para. 1 lit. f GDPR. A list of credit agencies that Ratepay can consult can be found here: [https://www.ratepay.com/legal-payment-creditagencies/](https://www.ratepay.com/legal-payment-creditagencies/).
When using the payment method of a local third-party provider, your payment data will be shared with PayPal during payment processing according to Art. 6 Para. 1 lit. b GDPR. Depending on your selection of an available local payment method, PayPal will then forward your payment data to the respective provider:
– Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
– iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
– giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
– bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
– blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
– eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
– MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
– Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
Further data protection information can be found in PayPal’s privacy policy: [https://www.paypal.com/de/webapps/mpp/ua/privacy-full](https://www.paypal.com/de/webapps/mpp/ua/privacy-full).
Stripe
If you choose a payment method provided by the payment service provider Stripe, the payment processing will be carried out by Stripe Payments Europe Ltd., located at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We will share the information you provide during the order process, including details about your order (name, address, account number, bank code, if applicable, credit card number, invoice amount, currency, and transaction number), in accordance with Article 6(1)(b) of the GDPR. For more information on data protection by Stripe, please visit [https://stripe.com/de/privacy#translation](https://stripe.com/de/privacy#translation).
Stripe reserves the right to conduct a credit check based on mathematical-statistical methods to protect its legitimate interest in determining the user’s creditworthiness. Stripe may, if necessary for a credit check, transmit the personal data collected during the payment process to selected credit agencies, which Stripe may disclose to users upon request. The credit report may contain probability values (known as score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical method. This method takes into account various factors, including address data, among others. Stripe uses the results of the credit check in relation to the statistical probability of payment default to decide on the eligibility to use the selected payment method.
You have the right to object to the processing of your data at any time by sending a message to Stripe or the credit agencies involved. However, Stripe may still be entitled to process your personal data if it is necessary for the contractual processing of payments.
9) Online Marketing
– Google AdSense
This website uses Google AdSense, a web advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses cookies, which are text files stored on your computer, to analyze your use of the website. In addition, Google AdSense also uses “web beacons” (small invisible graphics) to record, collect, and evaluate simple actions, such as visitor traffic on the website. The information generated by the cookie and/or web beacon (including your IP address) about your use of this website is usually transmitted to a Google server and stored there. This may also involve the transfer of data to Google LLC’s servers in the United States.
Google uses the information obtained to analyze your usage behavior regarding AdSense ads. The IP address transmitted by your browser as part of Google AdSense is not merged with other Google data. The information collected by Google may be transferred to third parties if required by law and/or to the extent that third parties process this data on behalf of Google.
All the processing described above, especially the reading of information on the user’s device through cookies and/or web beacons, is only carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. Without this consent, Google AdSense will not be used during your visit to the website.
You can revoke your consent at any time with future effect by disabling this service using the “Cookie Consent Tool” provided on the website.
You can view Google’s privacy policy here: [https://www.google.com/policies/privacy/](https://www.google.com/policies/privacy/)
10) Web Analytics Services
10.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses “cookies,” which are text files stored on your device, to analyze your use of the website. The information generated by the cookie about your use of this website (including your shortened IP address) is usually transmitted to a Google server and stored there. This may also involve the transfer of data to Google LLC’s servers in the United States.
This website uses Google (Universal) Analytics exclusively with the “_anonymizeIp()” extension, which ensures the anonymization of the IP address by shortening it and excludes direct personal references. With the extension, your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with further services related to website usage and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.
Google Analytics also allows the creation of statistics with “demographic features” through a special function. This enables the generation of statistics about the age, gender, and interests of website visitors based on an analysis of interest-based advertising and the use of third-party information. However, data records collected via “demographic features” cannot be attributed to a specific individual.
Details about the processing initiated by Google Analytics and Google’s handling of website data can be found here: [https://policies.google.com/technologies/partner-sites](https://policies.google.com/technologies/partner-sites)
All the processing described above, especially the setting of Google Analytics cookies to read information on the user’s device, is only carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. Without this consent, Google Analytics will not be used during your visit to the website.
You can revoke your consent at any time with future effect. To exercise your revocation, please disable this service using the “Cookie Consent Tool” provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics, in which Google undertakes to protect the data of our website visitors and not to disclose it to third parties.
For the transfer of data from the EU to the USA, Google relies on the so-called Standard Contractual Clauses of the European Commission, which are intended to ensure compliance with European data protection standards in the USA.
For more information about Google (Universal) Analytics, please visit: [https://policies.google.com/privacy?hl=en&gl=en](https://policies.google.com/privacy?hl=en&gl=en)
10.2 – Jetpack
This offering uses the web analytics service Jetpack (formerly WordPress.com-Stats), which is operated by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA, using tracking technology from Quantcast Inc., 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA. Jetpack collects, analyzes, and stores pseudonymized visitor data. From these data, pseudonymized usage profiles can be created and evaluated for the same purpose. Jetpack uses so-called cookies, small text files that are stored locally in the internet browser cache of the site visitor. These cookies serve, among other things, to recognize the browser and thus enable a more precise determination of statistical data. The user’s IP address data is also collected but immediately pseudonymized after collection and before storage to exclude any personal references. The information generated by the cookie about your use of this website (including the pseudonymized IP address) is transmitted to a server in the USA and stored there to fulfill the aforementioned interests. All the processing described above, especially the setting of cookies to read information on the user’s device, is only carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You can revoke your consent at any time with future effect by disabling this service using the “Cookie Consent Tool” provided on the website.
11) Site Functionalities
11.1 Facebook Plugins with 2-Click Solution
Our website uses so-called social plugins (“plugins”) of the social network Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called “2-click” solution. You can recognize deactivated plugins because they are grayed out. This integration ensures that when you visit a page on our website that contains such plugins, no connection is established with Facebook’s servers. Only when you activate the plugins and thereby give your consent to data transmission in accordance with Art. 6(1)(a) GDPR, does your browser establish a direct connection to Facebook’s servers. The content of the respective plugin is transmitted directly to your browser and integrated into the page. The plugin then transmits data (including your IP address) to Facebook. We have no influence on the extent of data that Facebook collects using the plugins. To the best of our knowledge, Facebook receives information about which of our websites you have currently and previously visited. By integrating the plugins, Facebook also receives information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged in. The information collected (including your IP address) is transmitted directly from your browser to a server of Meta Platforms Inc. in the USA and stored there. When you interact with the plugins, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your contacts. You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation does not affect the data that has already been transmitted to Facebook. Please refer to Facebook’s privacy policy for the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and privacy settings: https://www.facebook.com/policy.php
11.3 Instagram Plugin as Shariff Solution
Our website uses so-called social plugins (“plugins”) from the online service Instagram, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”).
To increase the protection of your data when visiting our website, these buttons are not integrated as full-fledged plugins but only as HTML links on the page. This type of integration ensures that when you access a page on our website containing these buttons, no connection to Instagram’s servers is established. When you click on the button, a new browser window opens, accessing Instagram’s page where you can interact with their plugins (possibly after entering your login data).
For the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights and privacy settings, please refer to Instagram’s privacy policy: https://help.instagram.com/155833707900388/
11.4 Pinterest Plugin as Shariff Solution
The Seller’s pages use social plugins (“plugins”) from the social network Pinterest, operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”).
To increase the protection of your data when visiting our website, these buttons are not integrated as full-fledged plugins but only as HTML links on the page. This type of integration ensures that when you access a page on our website containing these buttons, no connection to Pinterest’s servers is established. When you click on the button, a new browser window opens, accessing Pinterest’s page where you can interact with their plugins (possibly after entering your login data).
For the purpose and scope of data collection and the further processing and use of data by Pinterest, as well as your rights and privacy settings, please refer to Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy/
11.5 Google Sign-In
On our website, you can register or create a customer account using the “Google Sign-In” service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), as part of the so-called Single Sign-On technique, if you have a Google profile. You can recognize the Google login function on our website by the buttons “Sign in with Google” or “Log in with Google.”
When you visit a page on our website that contains a Google login function, your browser establishes a direct connection to Google’s servers. The content of the login button is transmitted directly to your browser by Google and embedded in the page. Through this integration, Google receives information that your browser has accessed the corresponding page on our website, even if you do not have a Google profile or are not currently logged in to Google. This information, including your IP address, is transmitted directly to a Google server and stored there. This may also involve a transfer to servers of Google LLC in the USA. These data processing operations are carried out in accordance with Art. 6 para. 1 lit. f GDPR based on Google’s legitimate interest in displaying personalized advertising based on browsing behavior.
When using the Google button on our website, you also have the option to log in or register on our website using your Google user data. Only if, before the login process, you give your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, based on a corresponding notice regarding the exchange of data with Google, will we receive from Google, depending on your personally chosen privacy settings with Google, the general and publicly accessible information stored in your profile. This information includes user ID, name, profile picture, age, and gender.
We would like to point out that, following changes to Google’s privacy and terms of use, your consent may also lead to the transfer of your profile pictures, the user IDs of your friends, and your friends’ list if they have been marked as “public” in your privacy settings with Google. The data transmitted by Google will be stored and processed by us to create a user account with the necessary data (title, first name, last name, address data, country, email address, date of birth) if you have granted permission for this at Google. Conversely, based on your consent, data (e.g., information about your browsing or purchasing behavior) may be transferred from us to your Google profile.
The consent given can be revoked at any time by sending a message to the data controller mentioned at the beginning of this privacy policy.
For the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights and privacy settings, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=en
You can view the terms of use for using “Google Sign-In” here: https://policies.google.com/terms
If you do not want Google to directly associate the data collected through our website with your Google profile, you must log out of Google before visiting our website. You can also completely prevent the loading of Google plugins with add-ons for your browser, such as “Adblock Plus” (https://adblockplus.org/de/).
11.6 – FontAwesome
This page uses web fonts from “FontAwesome,” a service provided by Fonticons, Inc., 710 Blackhorn Dr, Carl Junction, 64834, MO, USA (“FontAwesome”), for consistent font display. When you visit a page, your browser loads the required web fonts into its cache to correctly display texts and fonts.
For this purpose, the browser you use must establish a connection to FontAwesome’s servers. This may involve the transmission of personal data to FontAwesome’s servers in the USA. This way, FontAwesome becomes aware that our website was accessed via your IP address. The processing of personal data in the context of establishing a connection with the font provider is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service using the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a default font from your computer will be used.
For more information about FontAwesome, please visit: https://fontawesome.com/privacy
– Google Web Fonts
This page uses web fonts called “Google Web Fonts” provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), for consistent font display. When you visit a page, your browser loads the required web fonts into its cache to correctly display texts and fonts.
For this purpose, the browser you use must establish a connection to Google’s servers. This may involve the transmission of personal data to Google LLC’s servers in the USA. This way, Google becomes aware that our website was accessed via your IP address. The processing of personal data in the context of establishing a connection with the font provider is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service using the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a default font from your computer will be used.
For more information about Google Web Fonts, please visit: https://developers.google.com/fonts/faq and in Google’s Privacy Policy: https://www.google.com/policies/privacy/
11.7 – Google Translate
This page uses the “Google Translate” translation service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), via an API integration. To display automated translations based on your chosen language, the browser you are using connects to Google’s servers. Google uses “cookies” for this purpose, which are text files stored on your computer and enable an analysis of your usage of the website. The information generated by the cookie about your use of this website (including your truncated IP address) is usually transmitted to and stored on a Google server, and this may involve the transmission to servers of Google LLC. in the USA.
For more information about Google Translate and Google’s privacy policy, please visit: https://www.google.com/policies/privacy/
You can revoke your consent at any time with future effect. To exercise your revocation, deactivate this service using the “Cookie Consent Tool” provided on the website.
12) Rights of the Data Subject
12.1 The applicable data protection law grants you, as the data subject, the following rights regarding the processing of your personal data by the data controller, with reference to the respective legal basis for exercising these rights:
– Right to information in accordance with Art. 15 GDPR;
– Right to rectification in accordance with Art. 16 GDPR;
– Right to erasure in accordance with Art. 17 GDPR;
– Right to restriction of processing in accordance with Art. 18 GDPR;
– Right to notification in accordance with Art. 19 GDPR;
– Right to data portability in accordance with Art. 20 GDPR;
– Right to withdraw consent granted in accordance with Art. 7(3) GDPR;
– Right to lodge a complaint in accordance with Art. 77 GDPR.
12.2 Right to Object
If we process your personal data based on our overriding legitimate interests within the framework of a balance of interests, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.
If you exercise your right to object, we will cease processing the data concerned. However, further processing may still be permitted if we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, fundamental rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise your objection as described above.
If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
13) Duration of Personal Data Storage
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and, where applicable, the respective statutory retention periods (e.g., commercial and tax retention periods).
If personal data is processed based on explicit consent pursuant to Art. 6(1)(a) GDPR, this data is stored until the data subject revokes their consent.
If there are statutory retention periods for data that is processed within the framework of contractual or similar legal obligations based on Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for the performance or initiation of a contract and/or there is no longer a legitimate interest on our part in continuing to store it.
If personal data is processed based on Art. 6(1)(f) GDPR, it is stored until the data subject exercises their right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.
If personal data is processed for the purpose of direct marketing based on Art. 6(1)(f) GDPR, it is stored until the data subject exercises their right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.