Skip to content

Cart

Your cart is empty

Continue shopping

BUTTINALE 73 Newsletter

Subscribe to our newsletter here and receive regular updates and special offers by email

By entering your address, you confirm that you have read our privacy policy.

Privacy policy

Privacy Policy

Responsibility for Your Data

Our customers expect not only high-quality olive oil products and services from us, but also a high standard of care in the processing of their personal data. In this Privacy Policy, we inform our customers and visitors to our website about how we process their personal data. This Privacy Policy applies to all services and offerings that we provide to our customers throughout Europe – regardless of whether we provide them via our website, by telephone, at events, through social networks or via other communication channels. For ease of reading, all such offerings and services are referred to collectively below as “Services”.

We, BUTTINALE 73 GmbH, Neuhofstraße 52, 41063 Mönchengladbach, Germany (hereinafter “BUTTINALE 73”, “we”, “us”), are responsible for the processing of your data in accordance with the General Data Protection Regulation (GDPR). We process your personal data only where permitted by law or where you have expressly consented to such processing.


In addition to the postal address stated above, you can contact us by email at

vertrieb@buttinale73.com.

Personal Data

Personal data means any information relating to an identified or identifiable natural person (Article 4(1) GDPR, hereinafter referred to as “Data”). We offer various Services that you may use in different ways. Depending on whether you contact us online, by telephone or via other channels, and which Services you use, different Data from various sources may be processed.


Much of the Data we process is provided by you directly, for example when you use our Services or communicate with us – such as during registration, ordering or enquiries, when you provide your name, address or email address. In addition, we collect technical device and access data that is automatically generated when you interact with our Services. This includes, for example, information about the device or browser you use. We also carry out our own data analyses, for example as part of market research or to analyse customer behaviour in order to continuously improve our Services. Where necessary, we may also receive Data from third parties if required to provide our Services.

Mandatory Information

Where certain data fields are marked as mandatory or required and identified with an asterisk (*), the provision of such data is legally or contractually required. In such cases, the lawfulness of processing is based on Article 6(1)(e) GDPR. Where the provision of data is necessary for the conclusion of a contract, the requested service or the stated purpose, processing is based on Article 6(1)(b) GDPR.

Although the provision of data is at your discretion, failure to provide such data may result in us being unable to perform the contract, provide the requested Services or achieve the stated purpose.

General Enquiries and Communication

We process the data you provide to us in telephone calls, via contact forms, email or postal enquiries or correspondence primarily in order to respond to your enquiries. This is done to provide good customer service, to work reliably and to properly fulfil our contractual obligations (legal basis: Article 6(1)(b) and (f) GDPR). Mandatory and voluntary information (e.g. in data entry fields) is also required in order to contact you or communicate with you in connection with contract performance.

As a rule, we store data processed for this purpose for up to six months after responding to your general enquiry, in order to respond to any follow-up questions. Where documents are subject to statutory retention obligations, they are stored for longer in accordance with legal requirements (legal basis: Article 6(1)(c) GDPR). Longer storage may also occur where we are legally obliged or entitled to do so for other reasons (legal basis: Article 6(1)(c), (f) GDPR; legitimate interest: safeguarding and defending our rights).

We store your data only for as long as necessary to fulfil the purposes described in this Privacy Policy. Any storage beyond this occurs only where legally permitted or necessary for the assertion, exercise or defence of legal claims.

Customer Account

We process the registration data required, as well as any additional data you provide, to set up and use our password-protected online area and its functionalities (legal basis: Article 6(1)(b), (f) GDPR). Where processing is based on our legitimate interest, this serves to provide optimal functionality of our online offering.


You may delete your customer account at any time by sending us a brief message by email or post (see contact details above under section 1). Otherwise, your account will be deleted if you have not made a purchase with us for five years and have not been active in your account for 13 months. Deletion may be omitted in legally permitted cases where data is anonymised or pseudonymised and deletion would make processing for scientific research or statistical purposes impossible or seriously impair it.

Orders

Processed Data

We process your order, address, communication and payment data to process orders, deliver goods and handle payments (legal basis: Article 6(1)(b), (f) GDPR). Where data is marked as mandatory (see section 3), it is required for contract processing and invoicing. Orders can also be placed as a guest without creating a customer account (section 5).

When placing an order, our payment service providers receive the data required for payment processing. These providers act as independent controllers (see section 14(b)):

 

  • PayPal: https://www.paypal.com/de/legalhub/paypal/privacy-full

  • Shopify Payments: https://www.shopify.de/legal/datenschutz

Order and payment data are generally subject to statutory retention obligations, for example under commercial and tax law. We are legally required to retain this data for up to ten years for tax and audit purposes. Only after this period may the data be permanently deleted.

Even where data is not subject to statutory retention, we may refrain from immediate deletion in legally permitted cases and instead restrict processing, particularly where data is required for further contract handling, legal enforcement or defence (e.g. complaints). The duration of restriction is based on statutory limitation periods, after which the data is permanently deleted.

Automated Internal Processing Using Shopify Flow

For internal organisation and order processing, we use the automation function “Shopify Flow” provided by Shopify. Shopify Flow enables automated execution of certain processes related to orders, such as status management, internal processing or organisational allocation.

Only personal data already collected as part of the order process is processed (see section 6(a)). No independent data collection or processing for analysis, tracking or marketing purposes takes place.

Processing is based on Article 6(1)(b) GDPR where necessary for contract performance or preparation, and on our legitimate interest pursuant to Article 6(1)(f) GDPR in efficient, error-free and traceable business processes.

Orders via Connected Sales Channels

In addition to our online shop, we offer our products via connected external sales channels and social commerce platforms, in particular sales functions and shop integrations on TikTok, Facebook and Instagram (Meta), as well as Google and YouTube services.

Where you interact with our products or initiate or place an order via such a channel, we process the necessary personal data for contract initiation, performance and order and payment processing. This may include name, contact details, delivery and billing addresses, order data and payment information.

Depending on the channel, order processing is carried out either by redirection to our online shop or by technical transmission of order information to our shop system (e.g. Shopify). Processing is based on Article 6(1)(b) GDPR.

Platform operators may process personal data independently or jointly with us as controllers within the meaning of Article 26 GDPR. Further information can be found in the respective privacy policies of the platform providers.

Retention and deletion of data processed in connection with such orders is governed by the statutory retention periods and deletion principles described in section 6(a).

 

Newsletter and Advertising

Customer Analysis and Postal Advertising

We process the personal data that you provide to us in connection with your orders for the purpose of conducting basket and target group analyses. These analyses are used to improve our offerings and to provide you with interest-based information and offers relating to our online shop.

In addition, we use your postal address to send you advertising material by post relating to our products and offers.

The legal basis for the above processing activities is Article 6(1)(f) GDPR. Our legitimate interest lies in advertising to existing customers and in designing our offerings to meet demand.

Personal data processed for these advertising purposes is stored for as long as a customer relationship exists and for a maximum period of three years after the last active customer interaction, unless you object to the processing of your data for advertising purposes earlier.

You may object to the processing of your personal data for direct marketing purposes at any time with effect for the future. Information on your right to object can be found below under section 7(c).

Email Advertising (Newsletter)

With your voluntary, express consent, which may be withdrawn at any time with effect for the future, we will inform you by email about offers within the scope of the consent you have given (legal basis: Article 6(1)(a) GDPR).

To obtain your consent to receive email advertising, we use the double opt-in procedure. You give your consent by actively ticking a separate checkbox that is not a prerequisite for placing an order or registering (first opt-in). After submitting your consent, we send you an email requesting confirmation (second opt-in). Only after this confirmation will you be added to our email distribution list.

To document your consent, we store your IP address as well as the date and time of confirmation (legal basis: Article 7(1) in conjunction with Article 6(1)(c) GDPR).

For the dispatch and management of our newsletters, we use the service “Shopify Messaging” provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland. This may involve the transfer of data to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

As part of newsletter dispatch, statistical evaluations may be carried out, in particular relating to open rates, click-through rates, unsubscribes and spam complaints. This information is processed exclusively in aggregated and anonymised form and is not assigned to individual recipients. It is used solely for statistical analysis and optimisation of our newsletter campaigns.

Where data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

Personal data processed for the purpose of email advertising is stored until you withdraw your consent. Data stored to prove consent is retained for the duration of the statutory limitation periods.

You may withdraw your consent at any time with effect for the future in accordance with section 7(c).

Withdrawal of Consent and Objection

You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link contained in every email. If you wish to withdraw a consent given (Article 7(3) GDPR) or object to the processing of your data for advertising purposes or due to your particular situation (Article 21(2) GDPR), an informal notification to us is sufficient.

You may submit your withdrawal or objection, for example, via the link contained in each marketing email or by email to vertrieb@buttinale73.com.

Upon receipt of your withdrawal or objection, we will no longer process your personal data for the affected advertising purposes. The lawfulness of processing carried out up to the time of withdrawal or objection remains unaffected.

After an objection to the processing of your personal data for advertising purposes, we will add the contact data required for this purpose to an internal advertising suppression list. This data is stored permanently and exclusively for the purpose of observing your objection and is compared with future advertising data files.


Storage in the suppression list is carried out to fulfil our obligation to permanently observe your objection (legal basis: Article 6(1)(c) GDPR in conjunction with Article 21(3) and Article 17(3)(b) GDPR).

Shopify Messaging

We use the service “Shopify Messaging” provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland. Processing may also involve the transfer of data to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

Shopify Messaging enables us to analyse open rates, click-through rates, unsubscribes and spam complaints. This information is processed exclusively in aggregated and anonymised form and cannot be attributed to individual newsletter recipients. It is used solely for statistical analysis of newsletter campaigns

Where data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

The results of these analyses may be used to better tailor future newsletters to recipients’ interests.

If you do not wish such analysis to take place, you may withdraw from the newsletter in accordance with section 7(c).

Usage Data

Technically Necessary Usage Data (Server Log Files)

When you access our website, data is transmitted to our web server via your internet browser for technical reasons. During an active connection, the following data is processed to enable communication between your browser and our web server (legal basis: Article 6(1)(f) GDPR):

  • content of the request (e.g. page accessed, name of the requested file),

  • date and time of the request,

  • amount of data transferred,

  • access status (file transferred, file not found),

  • time zone difference to Greenwich Mean Time (GMT),

  • referrer URL (the website from which you accessed our website),

  • browser type and operating system,

  • IP address.

Temporary storage and processing of these server log files is necessary to ensure the functionality and technical security of our IT systems, in particular to detect, prevent and defend against attacks and malicious attempts (legitimate interest pursuant to Article 6(1)(f) GDPR).


The data is deleted or anonymised as soon as it is no longer required for the purpose for which it was collected. As a rule, this occurs no later than 30 days, unless security-relevant events require longer retention in individual cases. Further processing of server log data for other purposes, in particular for documenting consents or objections, does not take place

Use of Search and Filter Functions

To improve usability and the discoverability of our products, we use the “Search & Discovery” search and filter functions provided by the Shopify platform.

In the course of using these functions, search terms, filter selections and product-related interactions are processed in order to provide relevant search results, product recommendations and sorting within our online shop. Processing takes place exclusively within our shop and serves the efficient use of our offerings.

There is no consolidation of this data with other personal data, nor is it processed for analysis, tracking or marketing purposes.

Processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR in designing our online shop to be user-friendly, functional and economically efficient.

 

Multilingual Presentation of the Online Shop

For the multilingual presentation of our online shop, we use the “Translate & Adapt” function provided by Shopify.

In this context, information regarding the preferred language or language version of the accessed content is processed in order to display content in an appropriate language. Processing takes place solely for the purpose of delivering the selected or automatically determined language version of our online offering.

No processing for analysis, tracking or marketing purposes takes place. Language display is independent of profiling or consolidation with other personal data.

Processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR in providing a user-friendly, accessible and internationally oriented online shop.

Cookies and Other Technical Measures

Our website uses cookies. Acceptance of cookies is not required to visit our website; however, we point out that some functions of our website may be limited if cookies are not accepted.

Cookies

Cookies are small text files that are transmitted to your device (e.g. PC, tablet or smartphone) via your web browser or other programs. They are stored locally on your device and retained for later retrieval. Other technical measures include HTML storage, pixels or tags such as web beacons, iframes, images or scripts. The cookies and technical measures described below, collectively referred to as “cookies”, may be used on our website for the purposes described below. In doing so, data such as your IP address may be processed.

Use of cookies and other technical measures

The cookies used on this website collect and process data

that is absolutely necessary to enable the functions of our website and to offer them securely (necessary) (Art. 6 para. 1 lit. b GDPR, insofar as processing is necessary for the initiation or fulfilment of a contract, and Art. 6 para. 1 lit. f GDPR, for Germany: § 25 para. 2 no. 2 TDDDG),

to provide extended functionalities (functional) (Art. 6 para. 1 lit. f GDPR, for Germany: § 25 para. 1 TDDDG),

to evaluate visits to our website (performance), to make our website more user-friendly and better tailored to your needs, to measure the success of our external advertisements and to track referral sites (so-called referrers) (Art. 6(1)(a) GDPR, for Germany: Section 25(1) TDDDG)

to evaluate visits to our website in order to be able to display offers that are as interesting as possible to you on websites and in apps in affiliated advertising cooperations (advertising) (Art. 6 para. 1 lit. a GDPR, for Germany: § 25 para. 1 TDDDG),

to recognise objections to the use of certain cookies and technologies (‘opt-out’ cookies) and to store the granting or refusal of consent (Art. 6 (1) lit. f GDPR, for Germany: § 25 (2) No. 2 TDDDG) and to recognise the granting and refusal of consent (‘opt-in’ cookie) (Art. 6 (1) lit. f GDPR, for Germany: § 25 (2) No. 2 TDDDG).

Under certain conditions, cookies from third-party providers may also be used and read (legal basis: Art. 6(1)(a) GDPR). Third-party providers want to recognise your device, in particular on other websites, in order to offer you suitable advertisements.

The cookies and other technical measures may originate from us, our service providers and external third-party providers and, if necessary, may also be used by them for their own purposes within the scope of a consent granted (see the following sections for more information on this and on the corresponding data processing). In our consent management tool, you will find further details on the cookies used, such as their duration and purposes. You can also manage your cookie settings there.

Consent management toolWe use the consent management tool ‘GDPR/DSGVO Legal Cookie’ from Pandectes OÜ (Harju maakond, Kuusalu vald, Pudisoo küla, Männimäe/1, 74626, Estonia) on our website.

The GDPR/DSGVO Legal Cookie consent management tool is used to inform you about cookies and other technologies, to obtain your consent, and to manage and document it. After you have submitted your cookie declaration, the web server stores the following data: anonymised IP address, country, consent status, date and time of the declaration, and transmits this to Pandectes.

 The processing is carried out to fulfil our legal obligation to provide proof of consent (legal basis: Art. 6(1)(c) in conjunction with Art. 7(1) GDPR). Cookies may be used for this purpose.

For details, please refer to Pandectes' privacy policy at https://pandectes.io/privacy-policy/.

We have concluded a data processing agreement with our service provider Pandectes in accordance with Art. 28 GDPR

Insofar as data processing is carried out on the basis of a legitimate interest (Art. 6(1)(f) GDPR), this interest consists in providing a secure and functional website and in complying with data protection regulations.

You can revoke your consent in whole or in part via our consent management tool (accessible via the ‘Cookies’ link in the footer).

If you have consented to a data agreement in third countries, this may also take place outside the European Economic Area (Art. 49(1)(a) GDPR), in particular in the USA, where there may not be a comparable level of data protection. We point this out separately in the consent management tool.

You can also set your web browser to inform you about the setting of cookies, to generally reject cookies or to delete them. However, restricting cookies may result in functional restrictions on the website.

By deleting cookies, you can revoke your previously given consent.

The following links provide information about the settings options for common browsers:

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: http://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer

Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Brave: https://support.brave.com/hc/en-us/articles/360048833872-How-Do-I-Clear-Cookies-And-Site-Data-In-Brave-

Opera: https://help.opera.com/de/latest/web-preferences/

 Hosting

 We host the content of our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter ‘Shopify’).

 Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser as part of its hosting services. This processing is carried out on our behalf.

In addition, depending on the activated functions and your consent, Shopify can be used to compile and analyse visitor numbers, visitor sources, customer behaviour and user statistics. When you make a purchase on our website, Shopify also processes your name, email address, delivery and billing addresses, payment details and other data related to the purchase (e.g. telephone number, sales amount).

For certain analysis and marketing functions, Shopify stores cookies or accesses information on your device.

 For details, please refer to Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.

 Insofar as Shopify uses cookies or similar technologies for analysis or marketing purposes, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG. Consent can be revoked at any time.

We have concluded a data processing agreement with Shopify in accordance with Art. 28 GDPR.

Performance and advertising technologies used

Depending on the service provider, data may be transferred to third countries. If no adequacy decision has been made by the EU Commission for these countries, we have concluded so-called standard contractual clauses in accordance with Art. 46 GDPR with the respective service provider as suitable safeguards.

 Performance through Shopify Analytics

 We use common tracking technologies in all our services to evaluate device and access data. This allows us to find out how our users generally use our services. Identification cookies and similar identifiers are used for this purpose. This allows us to find out, for example, which content and topics are particularly popular, at what times and from which regions (down to city level) our services are used most frequently, and which browsers and devices our users generally use.

 For this purpose, this website uses the web analytics service of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading terminal and browser information), the service collects and stores pseudonymised visitor data, including information about the terminal used, such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behaviour on our website and to create pseudonymised usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymisation fundamentally excludes direct personal references. There is no merging with clear data about your person that has been collected in other ways.

All processing described above, in particular the reading or storage of information on the end device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the ‘Cookie Consent Tool’ provided on the website.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

Advertising (retargeting)

Facebook Custom Audiences

The use of our website is evaluated on the basis of your consent, which you can revoke at any time in the future, in order to use the ‘Custom Audience’ function of our service provider Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Meta’) (Art. 6 para. 1 lit. a GDPR; for Germany: Section 25(1) TDDDG). For this purpose, a direct connection between your browser and Meta servers is established via the so-called Facebook pixel, and Meta thereby receives the information that you have visited our site with your IP address. This enables Meta to later assign your visit to our website to a Meta product.

Pixels are sections of code that are implemented on our website. Cookies can also be used for this purpose in the respective function. We do not actively transmit personal information (name, email address, etc.) to Meta. You can find more information on this in our cookie management tool (section 9.c)).

Facebook pixels are used to measure the effectiveness of our advertising on Meta platforms and to tailor our advertisements as closely as possible to users who have already shown interest in our offerings. Based on the information collected by the pixel, Meta can, for example, recognise which pages or products you have visited on our website and then display personalised advertising to you within Meta products (e.g. Facebook, Instagram).

This may also include interactions and purchases related to our sales functions connected via Facebook or Instagram (e.g. Facebook or Instagram shop), provided you have consented to this (see section 6.c)).

You can revoke your consent given via our cookie management tool at any time in accordance with section 9c.

Further information, in particular on data processing by Meta, can be found in Meta's data policy at https://www.facebook.com/privacy/policy.

Information on adjusting your advertising settings on Facebook can be found at: https://de-de.facebook.com/help/1075880512458213/?helpref=hc_fnav.

Alternatively, you can also deactivate the technologies on the Digital Advertising Alliance website at the following link: http://www.aboutads.info/choices/.

TikTok

The use of our website is evaluated on the basis of your consent, which can be revoked at any time with future effect, in order to use the ‘Custom Audience’ function of our service provider TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (Art. 6 (1) (a) GDPR, for Germany: § 25 (1) TDDDG) and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both hereinafter collectively referred to as ‘TikTok’).

TikTok Pixel is a piece of code that is implemented on our website to understand and track the activities of visitors to our website. Cookies may also be used for these purposes in the respective function. We do not actively transmit personal information (name, email address, etc.) to TikTok. You can find more information on this in our cookie management tool.

The TikTok pixel is used to measure the effectiveness of our advertising on TikTok and to tailor our advertisements as closely as possible to users who have already shown interest in our offerings. Based on the information collected by the pixel, TikTok can, for example, recognise which pages or products you have visited on our website and then display personalised advertising to you within TikTok.

This also applies to interactions with our content or products within the scope of connected sales functions on the TikTok platform (e.g. TikTok Shop), provided you have given your consent for this (see section 6.c)).

You can revoke your consent given via our cookie management tool at any time in accordance with section 9.c).

Further information, in particular on data processing by TikTok, can be found in TikTok's data policy at https://www.tiktok.com/legal/page/eea/privacy-policy/de.

Information on your advertising settings can be found at: https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data.

Google Ads Customer Match

We use Google Ads Customer Match lists as part of our Google and YouTube advertising activities. Google Ads Customer Match is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Customer data collected by us is transmitted to Google in encrypted form (name, email address, address, customer-specific identifier). Google compares this data with existing Google customers to form target groups for advertising campaigns on the Google Search Network, YouTube or the Display Network. Once the comparison is complete, the uploaded data is deleted by Google.

The customer data used for this purpose may also originate from orders or interactions initiated via connected sales channels or marketing measures on Google and YouTube platforms, provided that the relevant consent has been obtained (see section 6.c)).

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It cannot be ruled out that Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and US authorities may also have access to the data.

The use of this service is based exclusively on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. You can revoke your consent at any time in accordance with section 9.c).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at https://policies.google.com/privacy/frameworks.

Further information, in particular on data processing by Google, can be found in Google's data policy at https://business.safety.google/privacy/.

The following link provides information on how to change your settings for personalised advertising on Google: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de#customize-your-ads-experience.

 

Alternatively, you can also deactivate the technologies on the Digital Advertising Alliance website at the following link: http://www.aboutads.info/choices/.

Social buttons

Our website uses social buttons from social networks. These are integrated as simple HTML links. When you visit our website, no connection is established to the servers of the respective provider. Only when you click on one of the buttons will the website of the respective social network open in a new window of your browser.

Online presence on social media

If you have given your consent for the respective platform in accordance with Art. 6 (1) (a) GDPR, your data will be automatically collected and stored by the respective platform provider for market research and advertising purposes when you visit our online presence on our social media channels, namely Instagram, TikTok and Facebook. This data can be used to create usage profiles using pseudonyms, which are used to display personalised content or advertisements to you within and outside the platforms. Cookies are generally used for this purpose, the use of which is subject to your consent.

Our online presences may also contain sales and interaction functions of the respective platforms (e.g. Instagram shop, Facebook shop, TikTok shop) (see section 6.c)). If you use these functions, personal data may also be processed in connection with the presentation of products, the initiation of purchase transactions or the forwarding to our online shop.

Insofar as the processing of personal data takes place within the framework of our social media presence, we are jointly responsible with the respective platform provider, or the platform provider acts as an independent controller within the meaning of the GDPR. The specific form of responsibility and the data processing itself are largely the responsibility of the respective platform operators.

For detailed information on the processing and use of data by the respective social media provider, as well as your settings and options for objection, please refer to the data protection information of the respective providers on their websites.

If you still require assistance in this regard, please contact us.

Tools and plugins

Content Delivery Network (CDN) Shopify CDN

We use the Content Delivery Network (CDN) Shopify CDN to properly deliver the content of our website. Shopify CDN is a service provided by Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (‘Shopify’).

When you access this content, you connect to Shopify International Limited's servers, whereby your IP address and possibly browser data, such as your user agent, are transmitted.

 The use of the CDN is based on our legitimate interests, i.e. our interest in the secure and efficient provision of our content and the optimisation of our online offering, in accordance with Art. 6(1)(f) GDPR.

The data will be deleted or anonymised as soon as the purpose of the collection has been fulfilled.

Further information can be found in Shopify's privacy policy: https://www.shopify.com/de/legal/datenschutz.

Accessibility

We use an accessibility widget from SEA Accessibility (ADA WCAG) on our website.

The widget serves to improve the accessibility of our online offering and to enable users to customise the display, for example by changing the font size, contrast or colour scheme.

 Only technically necessary information is processed when using the accessibility widget. This includes, in particular, the display and presentation settings selected by the user. This information is stored locally in the user's browser in order to retain the selected settings when further pages are called up.

Personal data is not processed for analysis, tracking or marketing purposes. The stored information is not passed on to third parties.

The use of the accessibility widget is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in ensuring the accessibility and user-friendliness of our online offering.

Social plugins

We maintain profile pages on various social networks and use so-called social plugins from social networks on our website. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook, Instagram.

The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the social network can collect your device and access data (including your IP address), transmit it to a server of the respective provider and, if applicable, assign it to your account with the respective social network.

If you have previously given your consent in the cookie management tool (Art. 6 (1) (a) GDPR; § 25 (1) TDDDG), an active plug-in will set a cookie with an ID each time you visit the website. The use of plug-ins by registered users can generate profile information; pseudonymous IDs are collected for non-registered users. Please refer to the providers' privacy policies for the purpose and scope of data collection and your rights:

https://www.facebook.com/privacy/policy 

https://help.instagram.com/155833707900388 

If you do not want social networks to directly associate the data collected via our website with your profile on the respective service, you must log out of the corresponding service before visiting our website. You can also completely prevent the plugins from loading by using add-ons or script blockers (e.g. NoScript, available at http://noscript.net/).

Transfer of data

Transfer of data to processors

In some cases, we use service providers in compliance with legal requirements by way of order processing, i.e. on the basis of a contract on our behalf, according to our instructions and under our control (cf. Art. 28 GDPR).

Processors are, in particular

technical service providers that we use to provide the website, e.g. service providers for software maintenance, data centre operation and hosting;

technical service providers that we use to provide functionalities, e.g. technically necessary cookies;

service providers for the operation of the online shop and for the practical implementation of advertising and marketing, e.g. service providers for email dispatch and analysis cookies, as well as service providers for the operation of the customer database.

In these cases, we remain responsible for data processing. The transfer of data to or by our processors is based on the legal basis that allows us to process the data in each case; a separate legal basis is not required.

This also includes technical service providers that we use to connect, manage and synchronise external sales channels and social commerce platforms (e.g. via our shop system), insofar as they act on our behalf and in accordance with our instructions.

Transfer of data to third parties

In some cases, we also transfer your data to third parties, i.e. partners with whom we collaborate outside of order processing. Such partners act as independent controllers (Art. 24 GDPR); the processing of your data by partners is governed exclusively by their privacy policies.

Payment service providers

In order to process your orders, we transfer payment information to payment service providers who handle the payment transactions, except in the case of payment in advance/bank transfer. You can see which of the above-mentioned payment services are offered to you on the shop page you are using.

PayPal: Payment information is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Legal basis: Performance of the contract, Art. 6(1)(b) GDPR. Privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full;

 Shopify Payment: The provider in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1–2 Haddington Road, Dublin 4, Ireland. Legal basis: Performance of the contract, Art. 6(1)(b) GDPR. Details: https://www.shopify.de/legal/datenschutz.

Logistics companies

For the purpose of transporting goods from us to you, we transfer your address and contact details to logistics companies (e.g. DPD, DHL), in particular your name, company name (if applicable), postal address/parcel station and additional address details. Where necessary, we also pass on your email address so that the logistics company can communicate with you (e.g. to clarify the address, agree delivery times, drop-off locations, etc.).

If you are contacted by the logistics company, this is either because you have subscribed to a corresponding service there or have given your consent there.

In some delivery countries, additional information may be required (e.g. telephone number); this will be displayed when you enter the delivery address.

Social media providers and distribution channels

When using connected distribution channels and social commerce functions via platforms such as TikTok, Facebook, Instagram, Google and YouTube services, personal data may be transferred to the respective platform operators. These providers generally act as independent controllers within the meaning of the GDPR or, depending on the design of the function, as joint controllers.

The transfer takes place in particular when you interact with our content or products on the respective platforms, use sales functions or initiate orders. The processing of personal data by the respective platform operators is governed exclusively by their privacy policies.

 Transfer to third countries

The transfer to third countries is based on:

 Art. 6 (1) (b) GDPR – performance of the contract with you;

 Art. 6 (1) (f) GDPR – our legitimate interest in smooth and convenient delivery.

This may also apply in particular to data transfers in connection with the use of social media platforms, connected sales channels and advertising and analysis services where providers or their group companies are based in third countries (e.g. the USA or the United Kingdom).

If the EU Commission has not determined that these countries have an adequate level of data protection, we ensure that sufficient safeguards are implemented (e.g. EU standard contractual clauses in accordance with Art. 46(2) GDPR) or that a legal exception applies.

 

Nevertheless, there is a residual risk that national authorities may access data without legal remedies being fully enforceable.

 

Additional protective measures are taken where possible.

In some cases, we obtain your express consent in accordance with Art. 49(1)(a) GDPR (e.g. when partners use cookies or similar technologies). By giving your consent, you accept the risks described (e.g. access by foreign authorities).

Data security

 We and our service providers take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable data protection regulations.

The measures taken are intended, among other things, to permanently ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of your data and to enable rapid recovery in the event of a physical or technical incident.

Our data processing and security measures are continuously improved in line with the latest technology.

Our employees are, of course, obliged to maintain confidentiality and comply with the data protection requirements of the GDPR 

Exercising data protection rights

If you have any questions about how we process your data, we will be happy to provide you with information about the data concerning you (Art. 15 GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and objection (Art. 21 GDPR). You also have the right to data portability (Art. 20 GDPR).

 Furthermore, you have the right to object at any time to the processing of your data for direct marketing purposes (Art. 21(2) and (3) GDPR) and to processing based on legitimate interests, in which case we may then explain our compelling reasons (Art. 21(1) GDPR). We have indicated above in which cases this right applies.

If you have given your consent to data processing, you can revoke this at any time with effect for the future. The lawfulness of data processing up to the point of revocation remains unaffected. After revoking your consent, it may be the case that some of our services can no longer be used.

In all such cases, please contact us in writing or by e-mail at the above-mentioned communication addresses (section 1, section 7.c)).

Finally, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

Amendments

From time to time, it is necessary to update the content of this Privacy Policy. We therefore reserve the right to amend it at any time. The amended version of the Privacy Policy will also be published at this location. When you revisit our website, you should therefore review the Privacy Policy again.


Last updated: January 2026