Privacy policy

1. Privacy Notice
We are delighted that you are visiting our website and thank you for your interest in our company and products. At this point, we would like to inform you about what data we collect, when, how we use and process it, and how we handle your personal data.

2. Data Collection and Use
Personal data is information that can help to identify a person. This includes, for example, your name, address, email address, or phone number.

(1) Collection of Personal Data During Website Use
When you simply use the website for informational purposes, meaning you neither register nor provide information in any other way, we collect only the personal data that your browser transmits to our server. If you view our website, we collect the following data necessary to display our website and ensure stability and security:

• IP address
• Date and time of request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Data volume transferred in each case
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software

The legal basis for storing this data is Article 6 (1) (f) GDPR.

(2) Collection of Personal Data Upon Registration
We offer you the option to register on our website by providing personal data to set up a customer account. Depending on the type of agreement, we store the following data:

• Name, first name
• Address
• Billing address
• Email address
• Phone number

The data entered in the input mask is transmitted to us and stored. No transfer of data to third parties takes place. During the registration process, the user’s consent to process this data is obtained, per Article 6 (1) (a) GDPR. Registration is also required to fulfill a contract for the purchase of goods in our online shop or to carry out pre-contractual measures per Article 6 (1) (b) GDPR. We use the collected data to process the purchase of goods in our online shop, particularly to enable the correct shipment of ordered goods.

Data is deleted as soon as it is no longer necessary for the purpose of its collection. This occurs if registration on our website is terminated or modified or if the data is no longer needed to fulfill the contract. After contract completion, a necessity to store personal data may still exist to comply with contractual or statutory obligations (e.g., for tax purposes). Users can terminate their registration at any time. You may also change the data stored about you at any time, as follows: If the data is necessary to fulfill a contract or carry out pre-contractual measures, early deletion of the data is only possible insofar as no contractual or legal obligations prevent deletion.

The legal basis for processing the data is your consent under Article 6 (1) (a) GDPR, and if registration serves to fulfill a contract or pre-contractual measures with you, additionally Article 6 (1) (b) GDPR. Nutzen Sie folgenden Link, wenn Sie ihre gespeicherten Daten berichtigen oder einen Antrag auf Löschung der Daten stellen möchten: https://marcalice.com/en/pages/gdpr-compliance

3. Name and Contact Information of the Controller
The controller responsible for managing personal data is:

Marc & Alice e.K. Owner: Markus Gloss
Effeltricher Str. 28
90411 Nürnberg
Email: privacy@marcalice.com

4. Purposes of Processing Personal Data
We store your data only for the following purposes:

• To process orders (including payment processing and possibly credit checks), to send you advertisements from us, and for customer service.

Your personal data is stored and processed at our central office location. Transfer of your personal data to third parties only occurs if it is necessary for contract execution or for billing or collection purposes (e.g., shipping companies or payment service providers) or if you have expressly consented.

The legal basis for transferring data to third parties for contract execution or billing purposes is Article 6 (1) (b) GDPR, and for sharing data in legally mandated cases, Article 6 (1) (c) GDPR.

5. Data Storage Duration
We retain your data for as long as required to fulfill its respective purpose, considering your legitimate interests. If a tax-related retention period applies to certain data processed for contract execution, the data will be stored for 6 or 10 years. During this time, data processing is limited after 2 years, meaning the data is only used to fulfill legal obligations. The retention period begins at the end of the calendar year in which the order was placed or the contract fulfilled.

6. Disclosure of Personal Data to Third Parties
We may disclose your personal data to the following companies or categories of individuals, in accordance with legal requirements:

• Tax authorities, auditors, and other regulatory bodies.
• External service providers and professional advisors, such as lawyers, accountants, credit agencies for credit checks, and debt collection agencies.
• Postal/shipping service providers and couriers, such as UPS, DHL, and Deutsche Post.
• Payment providers, such as:
  • PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg;
  • Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden;
  • (Amazon Pay) Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg;
  • (Apple Pay) Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland;
  • Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5;
  • Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

E-Commerce Platform Shopify
Our online shop operates through Shopify, a service provided by Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. Shopify hosts our e-commerce platform, where we offer our products for sale. The data provided as part of your order is stored on a Shopify server.

Shopify has explicitly designed its infrastructure to ensure that cross-border data transfers comply with GDPR. Personal data from individuals in Europe is first received and processed in Ireland, Shopify's EU base, and subsequently transferred to its parent company in Canada. If data is further transferred to processors in other countries, such as the United States, this is done in compliance with the Canadian data protection law, recognized by the European Commission for international data transfers.

Furthermore, personal data may be transferred within a corporate group (e.g., between Shopify Inc. in Canada and Shopify in the United States) if the companies adhere to internal data protection policies (so-called “Binding Corporate Rules, BCR”), approved by a European (Ireland-based) data protection authority (Article 47 GDPR).

Lastly, data transferred from Shopify Canada to the United States is encrypted during transmission and storage, preventing unauthorized decryption.

For more details, please refer to Shopify's Privacy Policy.

The legal basis for transferring data to third parties for contract execution or billing purposes is Article 6(1)(b) GDPR, and for disclosure in legally mandated cases, Article 6(1)(c) GDPR.

7. Your Rights
To exercise your rights, you may use the contact form at https://marcalice.com/pages/kontakt, reach out to the Data Protection Officer, or contact us via email at: privacy@marcalice.com.

You are entitled to the following rights:

7.1 Withdrawal of Consent
You may withdraw your consent to the processing of personal data at any time with future effect. You can use the contact options above for this purpose (https://marcalice.com/pages/kontakt).

7.2 Additional Rights
In addition, you have the following rights regarding your personal data:

• Right to access,
• Right to rectification,
• Right to erasure or restriction of processing,
• Right to object to processing,
• Right to data portability.

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The relevant supervisory authority for Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
P.O. Box 1349, 91504 Ansbach
Promenade 18, 91522 Ansbach, Germany
Tel.: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de/en/index.html

8. Contact Form
When you submit an inquiry via the contact form, we use your data solely to process your request. We do not use this data for advertising purposes or disclose it to third parties.

The legal basis for processing data transmitted via the contact form or email is Article 6(1)(f) GDPR. If the contact aims to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

Data you enter in the contact form will be stored until you request its deletion, revoke your consent for storage, or the purpose of the data storage no longer applies.

9. Cookies
To make our website more attractive and enable certain functions, we use cookies. These are small text files that your web browser accepts and stores on your device when you visit our site. Some cookies are deleted immediately after you close the browser, while others remain on your device to allow us to recognize you or your device on future visits.

This site uses the following types of cookies, whose scope and function are explained below:

• a) Transient cookies: These are automatically deleted when you close your browser. This category includes session cookies, which store a session ID that links various requests from your browser to the same session. This allows your device to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

• b) Persistent cookies: These are automatically deleted after a specified period, which can vary depending on the cookie. You can delete these cookies at any time in your browser's security settings.

You can influence the use of cookies by adjusting your browser settings. Most browsers have options to limit or prevent cookie storage. Each browser manages cookie settings differently. Please consult your browser’s help menu for specific instructions.

You can find information on adjusting settings for each browser at the following links:

• Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
• Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Please note that disabling cookies may limit the functionality of our website.

The legal basis for the use of cookies is Article 6(1)(f) GDPR. For cookies, we differentiate between those strictly necessary and those used for additional purposes (such as access measurement or advertising). Through our consent manager, you can generally choose to accept all or some non-essential cookies. Choosing the latter may limit your access to our offerings. This consent can be managed and withdrawn at any time through our consent management system (also known as “cookie banner” or “cookie settings”).

10. Analytics Tools

10.1 Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Alphabet"). Google Analytics uses "cookies," text files stored on your computer, which enable an analysis of your website usage. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA. If IP anonymization is activated on this website, Google will truncate your IP address within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet use to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

You can prevent the storage of cookies by adjusting your browser settings; however, please note that this may limit the full functionality of this website. Additionally, you can prevent Google from collecting data generated by the cookie about your website use (including your IP address) and from processing this data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension "_anonymizeIp()". This means IP addresses are further processed in truncated form, which prevents any direct association with a person. As such, any personal data collected about you is immediately excluded from association and deleted.

We use Google Analytics to analyze website usage and improve our offerings, making them more appealing to users. In exceptional cases where personal data is transferred to the USA, Google complies with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, Privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy policy: http://www.google.de/intl/de/policies/privacy.

10.2 Use of Hotjar
Our website uses Hotjar, an analysis software provided by Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta (http://www.hotjar.com), which enables us to analyze your usage of the website. Hotjar uses cookies and a tracking code to transmit collected data to the Hotjar server. This data includes device-specific information, such as IP address, screen size, device type, and browser information (type and version), your geographic location, and your language settings. Additionally, your email address and first and last names are transmitted if you have provided this information to us. Regularly, user interactions, such as mouse movements, visited web pages, and usage timestamps, are transmitted to Hotjar. Your IP address is automatically anonymized by Hotjar and stored only in this form. Additionally, website users are assigned a "unique user identifier (UUID)," which allows Hotjar to track returning users of our website without linking to your personal data.

You can prevent Hotjar from collecting and using your data via the following link: https://www.hotjar.com/opt-out.

10.3 Use of Judge.me
We use the service Judge.me on our website to manage and display product reviews. Judge.me allows us to provide a platform where you can share your experiences with our products and view other customers' reviews. Product reviews help us continuously improve our product and service quality.

Data Collected
In the context of the review function, Judge.me processes the following personal data:

• Name or username (if provided)
• Email address (not published)
• Review text and any attached photos
• IP address
• Date and time of the review

Purpose of Data Processing
Your data is processed to provide the review function and to ensure an authentic and trustworthy review culture on our website. It also helps us use customer feedback to continuously improve our products.

Legal Basis
Data processing is based on Article 6(1)(f) GDPR, as we have a legitimate interest in offering a transparent review platform for our customers. If you consent to publishing a review, the processing of your data is based on Article 6(1)(a) GDPR.

Data Transfer to Third Countries
Judge.me is headquartered in Singapore and also operates servers in other countries. Therefore, data processing may take place outside the EU. Judge.me commits to taking all necessary measures to ensure the protection of your personal data in accordance with European data protection standards. More information can be found in Judge.me’s privacy policy.

Storage Duration
Personal data is stored as long as necessary to provide the review function or until you request the deletion of your review.

Further Information
More information on data protection at Judge.me can be found in their privacy policy: https://judge.me/privacy.

11. Social Media Links
On our website, we link to social media platforms Facebook, Instagram, and YouTube through their respective icons. These are hyperlinks that do not transmit any of your data. When you click on the link, you are directly taken to our respective social media profile. Data will only be transmitted to the social media platform if you are logged into your user account on that platform. In such cases, the respective social media platform may receive information about the content you viewed on our website.

The social media services we link to are solely managed by:

• For Facebook: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
• For Instagram: Instagram, LLC, 1601 Willow Rd., Menlo Park, CA 94025, USA.
• For YouTube: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

For more information about the purpose and scope of data collection and further processing and use of your data by each social media service, please refer to their respective privacy policies.

We use the Facebook Conversion API, a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to analyze user behavior and improve our advertising campaigns. Integration is performed through the Pixely Facebook Conversion API plugin.

The Facebook Conversion API collects data such as:

• Interactions on our website,
• Information about the use of our services (e.g., purchases, leads),
• Technical information such as IP address, browser, and device data.

This data is transmitted directly to Facebook and helps us measure the effectiveness of our advertising and create optimized target audiences.

Processing is based on your consent in accordance with Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by [revisiting the cookie banner] or disabling data collection in your Facebook settings.

For more information on Facebook’s data processing, please refer to the Meta Data Policy.

Both Microsoft and Meta may transfer data to the United States. There is a risk that authorities may access the data. We take appropriate safeguards, such as standard contractual clauses (SCCs), to ensure data protection.

You can disable data collection by Microsoft and Facebook by:

1. Adjusting your cookie settings,
2. Using a browser add-on (e.g., AdChoices),
3. Changing your privacy settings directly on the respective platforms.

12. Microsoft Adversiting
We use the Microsoft Advertising UET Tag, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to analyze user behavior on our website and display targeted advertising. Integration is performed through the uettool.westwin.com plugin.

The UET Tag collects information such as:

• Pages visited,
• Time spent on the website,
• Interactions on our website.

This data is processed by Microsoft to track conversion goals and display targeted ads. Cookies may be used, collecting information such as IP address and usage data.

The legal basis for processing is your consent in accordance with Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by [revisiting the cookie banner] or disabling the storage of cookies in your browser.

For more information on Microsoft Advertising’s data protection practices, please see the Microsoft Privacy Statement.

13. Google Tag Manager
We use Google Tag Manager on our website, a service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager allows marketers to manage website tags through an interface. A tag is a mark or label in a data record. The Tag Manager itself, which deploys the tags, works without cookies and does not collect any personal data. The tags implemented by the Google Tag Manager only facilitate the collection of data that is passed on to the target system. Since data is merely passed through, the system itself neither collects nor stores the data. The Tag Manager simply triggers other tags, which may themselves collect data. Further information on these third-party providers can be found in this privacy policy. Google Tag Manager does not use this data. If you have disabled cookies or made other adjustments, this setting will be respected for all tracking tags implemented with Google Tag Manager, meaning the tool will not alter your cookie preferences.

Google may request permission to share some product data (e.g., your account information) with other Google products to enable certain functions, such as adding new conversion tracking tags for AdWords. Additionally, Google developers may occasionally review product usage information to optimize the product. However, Google will not share such data with other Google products without your consent.

Further information can be found in Google's terms of service and privacy policy for this product.

14. Newsletter
(1) With your consent, you can subscribe to our newsletter to receive information about our current, interesting offers. The products and services advertised are specified in the consent declaration.

(2)We use a double opt-in process for newsletter registration. This means that after registering, we will send you an email to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be temporarily blocked and automatically deleted after one month. We also save your IP address and the times of registration and confirmation to be able to prove your registration and to clarify any potential misuse of your personal data.

(3)The only required information for sending the newsletter is your email address. Any additional information, marked separately, is voluntary and used to personalize your newsletter experience. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis for this is Article 6(1)(a) GDPR.

(4)You can revoke your consent to receive the newsletter at any time and unsubscribe. To withdraw, click on the link provided in each newsletter email, email us at (privacy@marcalice.com), or send a message to the contact details provided in our imprint.

We use the service Klaviyo from Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA, to send our newsletters. The data saved during newsletter registration (email address, name, IP address, date, and time of registration) may also be processed in the USA. According to the European Court of Justice, an adequate level of data protection in the USA cannot generally be assumed at this time.

Klaviyo uses standard contractual clauses according to Art. 46(2) and (3) GDPR (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de) as the basis for processing or transferring data to countries outside the EU. Through these clauses, Klaviyo commits to maintaining EU data protection standards even when processing or storing data in third countries, such as the USA. Further information is available at https://www.klaviyo.com/legal/data-processing-agreement and https://www.klaviyo.com/legal/privacy/privacy-notice.

Please note that we analyze your user behavior when sending the newsletter. For this analysis, the emails sent contain web beacons or tracking pixels, which are single-pixel image files stored on our website. We link the data mentioned in § 3 and the web beacons to your email address and an individual ID. With this data, we create a user profile to tailor the newsletter to your individual interests. We track when you read our newsletters, which links you click on, and infer your personal interests from this.

You can object to this tracking at any time by clicking the link provided in each email or by contacting us via another means, e.g., by emailing: privacy@marcalice.com. The information will be stored as long as you are subscribed to the newsletter. After unsubscribing, the data is saved purely for statistical purposes in an anonymous form. This tracking is also not possible if you have disabled the display of images by default in your email program. In this case, the newsletter will not display completely, and you may not be able to use all functions. If you manually enable the images, the tracking described above will take place. You can unsubscribe from all newsletters using the following link: http://manage.kmail-lists.com/subscriptions/unsubscribe?cy=Yet7VZ

15. Use of Social Media Plug-ins
We use social plugins (“plugins”) on our website from Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

We employ a two-click solution. This means that when you visit our site, no personal data is initially passed to Instagram. The plugin, in the form of images, is labeled "Follow us on Instagram." This allows you to connect directly to Instagram by clicking the button. Only when you click the marked field to activate it does Instagram receive the information that you have accessed our website. In addition, the data mentioned in § 1 of this policy will be transmitted. By activating the plugin, personal data is transmitted to Instagram and stored there (in the case of U.S.-based providers, in the USA).

We have no influence over the data collected or the data processing operations, nor do we have full knowledge of the extent of data collection, the purposes of processing, or storage periods. We also have no information on Instagram’s deletion of collected data.

If you interact with the plugin, specifically by clicking on the plugin image, your browser establishes a direct connection to Instagram's servers. The plugin's content is transmitted directly to your browser by Instagram and integrated into the page. Through this integration, Instagram receives information that your browser has accessed our website, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can immediately associate your visit to our website with your Instagram account. The information is also published on your Instagram account and displayed to your contacts. We recommend that you log out of social networks regularly, particularly before activating the button, to avoid associating the visit with your profile on Instagram.

Instagram stores the data collected about you as user profiles and uses them for advertising, market research, and/or the needs-based design of its website. Such an evaluation occurs particularly (even for non-logged-in users) to display needs-based advertising and inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, but you must contact Instagram directly to exercise this right.

For more information on the purpose and scope of data collection, further processing, and use of data by Instagram, and your rights and settings options to protect your privacy, please refer to Instagram’s privacy policy: https://help.instagram.com/155833707900388/. If you do not want Instagram to directly associate data collected on our website with your Instagram account, you must log out of Instagram before visiting our website. You can also completely block the loading of Instagram plugins with add-ons for your browser, such as the script blocker "NoScript" (http://noscript.net/). The legal basis for the use of these plugins is Article 6(1)(f) GDPR.

16. Remarketing/Retargeting
(1) We use Facebook’s "Custom Audiences" retargeting service, provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), on our website for remarketing and retargeting purposes. This service uses tracking or remarketing pixels, which are pixel image files that allow for log file analysis. Using pixels enables the service provider to see when and how many users have viewed the pixel or when an email was opened or a website was visited.

(2) With this service, users of our website can be shown interest-based advertisements ("Facebook Ads") while visiting the social network Facebook or other websites that use the same process. We pursue the interest of displaying advertising that is relevant to you to make our website more engaging. When you visit our website, a direct connection to Facebook's servers is established through the pixel. This allows Facebook to identify you by your browser ID, which can be linked to your user account. We have no control over the extent and further use of the data that Facebook collects through this tool, but we inform you based on our knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding page of our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered or logged in to Facebook, it is possible for the provider to obtain and store your IP address and other identifiers.

(3) Logged-in users can disable the “Facebook Custom Audiences” function at https://www.facebook.com/settings/?tab=ads#.

(4) The legal basis for processing your data is Article 6(1)(f) GDPR. For more information on Facebook's data processing, please visit: https://www.facebook.com/about/privacy/.

If you do not want to be shown advertising generated by the respective targeting service, you can object to the use of the retargeting technology on our website by sending a message to privacy@marcalice.com.

17. Hubspot
We use "Hubspot," a service of HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland (“Hubspot”), on our website. Hubspot stores and processes information about your user behavior on our website. Hubspot uses cookies, which are small text files stored in your web browser's cache on your device, enabling analysis of your website usage.

We use Hubspot for marketing and optimization purposes, particularly to analyze website usage and continuously improve individual functions, offers, and the user experience. By statistically evaluating user behavior, we can enhance our offerings and make them more appealing to you as a user. This constitutes our legitimate interest in processing the aforementioned data by the third-party provider. The legal basis is Article 6(1)(f) GDPR.

You can prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in your web browser settings. Please note that in this case, you may not be able to use all functions of our website fully. You can also object to the collection and transmission of personal data or prevent its processing by disabling JavaScript in your browser. Additionally, you can block JavaScript entirely by installing a JavaScript blocker (e.g., https://noscript.net/ or https://www.ghostery.com). Please note that, in this case, you may not be able to use all functions of our website fully.

Hubspot has also committed to and certified under the EU-U.S. Privacy Shield framework, agreeing to comply with European data protection standards. More information is available here: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active.

Third-party information: HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland. For further privacy information, visit: https://legal.hubspot.com/privacy-policy.

If you generally do not want data to be collected by HubSpot, you can prevent the storage of cookies at any time by adjusting your browser settings.

18. Orders via Our Website
To place orders on our websites, certain personal data must be provided by the user, namely: name, address, and, if applicable, payment data (credit card information). We store this data solely for the purpose of order processing. Additionally, the following data is automatically stored: IP address, date, and time of registration.

Data is only transferred to third parties when necessary for properly processing an order and fulfilling the purchase agreement. To facilitate shipping, order-related data (contact and delivery information) may be transferred to shipping partners:

PayPal
Our online shop allows payment via PayPal. PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, is the payment service provider.

If you pay via PayPal, the payment data you provide will be transferred to PayPal. The legal basis for data transfer to PayPal is Article 6(1)(a) GDPR (consent) and Article 6(1)(b) GDPR (processing to fulfill a contract). You can revoke your consent at any time. Past data processing remains effective upon revocation.

Klarna
To enable payment through Klarna, your personal data (contact and delivery information) may be shared with Klarna. This is necessary for Klarna to assess your eligibility for the payment method. Personal data shared with Klarna is processed according to Klarna's privacy policy.

19. WhatsApp
For sending newsletters, we use the WhatsApp Business instant messaging service from WhatsApp LLC, 1601 Willow Road, Menlo Park, California 94025, USA, via the service provider Charles GmbH, Gartenstr. 86-87, 10115 Berlin.

Registration for the WhatsApp newsletter follows a double opt-in process. After signing up via a CTA or QR code, a message is sent to confirm your request to receive messages from us via WhatsApp. If you no longer wish to receive messages, you can revoke your consent at any time by unsubscribing from the newsletter using a designated keyword.

The only required information for sending the newsletter is your phone number. After your confirmation, your phone number will be forwarded to and processed by our service provider, Charles GmbH, solely for the purpose of sending the newsletter. The legal basis is Article 6(1)(a) GDPR.

If you communicate with us via WhatsApp, certain data you share within the app will be stored and processed by WhatsApp. This includes user-provided information such as messages, photos, videos, billing information, and profile pictures. WhatsApp states that it stores this data end-to-end encrypted. Some metadata, such as phone number, location, IP address, device information, type and frequency of app usage, location, and information on the time and recipient of sent messages, are collected unencrypted. According to WhatsApp’s privacy policy, this information is sometimes shared with other Meta companies, such as Facebook and Instagram, based in the USA. In some cases, data is also shared with external companies, service providers, or partners.

Data processing may also take place in the USA. According to the European Court of Justice, the USA currently does not generally offer an adequate level of data protection.

WhatsApp uses standard contractual clauses according to Article 46(2) and (3) GDPR (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de) as the basis for processing or transferring data to countries outside the EU. Through these clauses, WhatsApp commits to maintaining EU data protection standards even when processing or storing data in third countries, such as the USA. More details can be found in WhatsApp's privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea/?locale=de_DE.

20. Emails
For sending emails, we use the service provider Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA. This includes transactional emails such as order confirmations, shipping confirmations, marketing emails, and newsletters.

Klaviyo has access to your data, and data processing may occur in the USA. According to the European Court of Justice, the USA currently does not generally provide an adequate level of data protection.

Klaviyo relies on standard contractual clauses under Article 46(2) and (3) GDPR (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de) as the basis for processing or transferring data to countries outside the EU. Through these clauses, Klaviyo commits to maintaining EU data protection standards when processing your data, even if the data is transferred to and processed or stored in third countries like the USA. More information is available at https://www.klaviyo.com/legal/data-processing-agreement and https://www.klaviyo.com/legal/privacy/privacy-notice.

21. Data Security
We have implemented various security measures to protect your personal data. Our servers and databases are protected by physical and technical safeguards.

When collecting and transmitting data on our website, we use standardized SSL encryption technology. Personal data transmitted during the order process is protected by SSL encryption, recognizable by the lock symbol in the browser and the “https://” prefix in the address bar.

With encrypted communication, your payment data transmitted to us cannot be read by third parties. However, when communicating via email, 100% data security cannot be guaranteed.

Final Provisions
We reserve the right to amend this privacy policy at any time. Any changes to this privacy policy will be published on this website and automatically take effect 30 days after their publication. We will inform you by email of any significant changes to this privacy policy.