Privacy policy

This privacy notice informs you about the processing of personal data in relation to the services we offer on our web store at https://eustore.ifixit.com, https://store.ifixit.co.ukhttps://store.ifixit.de and https://store.ifixit.fr.

I. Definitions

'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

'Recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law will not be regarded as recipients; the processing of those data by those public authorities will be in compliance with the applicable data protection rules according to the purposes of the processing.

II. General Information

1. The data controller

iFixit GmbH
Tränkestr. 7
70597 Stuttgart
Deutschland
Telefon: +49 711 - 21724068-0
Telefax: +49 711 - 21724068-9
E-Mail: eustore@ifixit.com

2. Contact details of the Data Protection Officer

OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Deutschland
Telefon: +49 711 - 4605025-40
Telefax: +49 711 - 4605025-49
E-Mail: datenschutz@obsecom.de
Website: https://www.obsecom.eu

3. Information about processing operations

We will inform you about the legal basis of each processing operation. We will also inform you if we intend to transfer personal data in certain countries outside the European Union (EU) or the European Economic Area (EEA).

4. Rights of data subjects

As a data subject you have the following right:

• Pursuant to Art. 15 GDPR to request information about your personal data processed by us. You may also request information regarding the purposes of the processing the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, the data source (where personal data is not collected from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organization, and, if so, the appropriate safeguards relating to this transfer;

• Pursuant to Art. 16 GDPR to demand the immediate rectification of inaccurate personal data and to have incomplete personal data which is stored by us completed;

• Pursuant to Art. 17 GDPR to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of a legal claim.

• Pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is irregular, but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds override your interests;

• Pursuant to Art. 20 GDPR to receive your personal data, which you have provided for us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller;

• Pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for processing is our legitimate interests pursuant to Art. 6 (1)(f) GDPR;

• Pursuant to Art. 7 (3) GDPR to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue to process the data that was based on this consent in the future;

• Pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. A list of contact details of the data protection officers and supervisory authorities can be found on this website: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.

5. Erasure and restriction of personal data

Unless otherwise provided for in this privacy notice, personal data will be deleted, if this data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. We will erase personal data processed by us on your request in accordance with the conditions provided in Art. 17 GDPR. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR and the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 German Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 (1) No. 1, 4, 4a AO.

6. GDPR Legal Cookie

Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. A cookie stores information which is created in relation to the specific device. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure.

We are using the Shopify e-commerce platform for our website. We use the GDPR Legal Cookie plugin with this platform to provide a cookie banner and a listing of the cookies we are using for our website. You can view this listing by clicking on the button with the fingerprint symbol at the left side border of our website.

By clicking on the button with the fingerprint symbol at the left side border of our website, you can also see which kinds of cookies consented to for our website. This information is being retrieved from the cookie stored by GDPR Legal Cookie in your browser.

If necessary, we will also use GDPR Legal Cookie to ask you for your consent to use cookies and to the data processing related to such cookies. The name, the provider, the description, the domain and the period of time after which a cookie will be deleted, are listed for each cookie. Session cookies will be deleted when you stop using our website or close the browser session.

GDPR Legal Cookie stores the extent of your consent and the date and time when your consent was given. If you agree or refuse via the form offered by GDPR Legal Cookie on our website that additional cookies may be stored on your device beyond the essential cookies, GDPR Legal Cookie will store this consent or refusal for one year in a cookie on your device.

On future visits, our website can retrieve information from the cookies stored in your browser or device by GDPR Legal Cookie on which cookies we are allowed to store on your device. You can change or withdraw the consent given by you anytime by clicking on the button with the fingerprint symbol at the left side border of our website. Alternatively, you can also delete cookies stored by our website from your device or browser. In this case, you will be asked for your consent again at your next visit to our website.

Using GDPR Legal Cookie helps us to ask for the necessary consent in an appropriate manner to legitimately use cookies on our website. By clicking on the acceptance button, you agree that we process and store your personal data as described in this data privacy information. Without this consent, nonessential cookies cannot be used with our website. The legal basis is your voluntarily given consent according to Art. 6 (1)(a) GDPR.

For some processing operations, we will also use GDPR Legal Cookie to ask for your consent to transfer your personal data in certain countries outside the EU or the EEA. For such consent, the following conditions will apply:

a. Your personal data may be transferred to a third country or an international organization that do not provide a level of protection that is adequate to European and/or German data protection law. Notwithstanding any permissions according to contract or to applicable law, personal data will be transferred in accordance with the conditions provided in Art. 44 et seq. GDPR. This means that for the respective third country either an adequacy decision by the EU commission according to article 45 GDPR is in place, or appropriate safeguards according to article 46 GDPR have been provided, or binding corporate rules according to article 47 GDPR are in place. Further information is provided in explanations of the respective processing operations in this data privacy information.

b. For some countries, especially the USA, an adequacy decision by the EU commission according to article 45 GDPR does not exist and it might not be possible to achieve a level of protection that is adequate to the data protection law in the European Union, neither by providing appropriate safeguards according to article 46 GDPR or by implementing binding corporate rules according to article 47 GDPR. There is a risk that such third countries do not offer an adequate level of protection. It is possible that no data protection authorities and/or principles relating to processing of personal data might exist in such third countries, and/or that the data subject might not be entitled to data protection rights in such third countries. It is possible that there might not be sufficient legal remedies available to you to defend against a violation of your rights in such countries.

III. Individual processing operations

1. Hosting

In order to make our website available, we use services provided by hosting companies, such as provision of web servers, disk space, database services, and security or maintenance services. Here we, and our hosting providers on our behalf, process personal data of website visitors based on our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 (1)(f) GDPR.

For hosting our website, we use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor. We entered into a data processing agreement with iFixit (USA) that includes the Standard Contractual Clauses as well as additional appropriate measures to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the standard contractual clauses is available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en.

2. Access data and log files

By visiting our website or its individual pages, your device’s internet browser automatically sends information to the server of our website. This information is stored in so-called log files by us or our hosting provider. 

The following information is stored: 

  • IP address of the requesting computer; 
  • Date and time of access; 
  • Name and URL of the requested file; 
  • Website from which our site was accessed (Referrer-URL); 
  • The browser used and your computer’s operating system; 
  • Status codes and the transferred amount of data; 
  • Name of your access providers. 

This data will be used for the following purposes: 

  • The provision of our website, including all of its features and contents; 
  • To ensure a smooth connection to our website; 
  • To ensure a more user-friendly experience on our website; 
  • To ensure system security and stability; 
  • For anonymized statistical evaluation of website access; 
  • To optimize our website; 
  • For disclosure to law enforcement authorities in the event of unlawful interference / attacks on our systems; 
  • For further administrative purposes. 

This data will be deleted at the latest after 6 months, except it is needed for other purposes, for example for the establishment, exercise or defense of legal claims. 

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above.

3. Contacting us

If you contact us using the contact details published on our website (for example, by email) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1)(b) GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1)(a) GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1)(f) GDPR. All personal data collected by us when you established contact with us will be deleted after completion of your request unless such data are still required for other purposes (for example performance of a contract or defense against legal claims risen against us) or need to remain stored with us for other reasons (for example to comply with statutory retention periods).

4. Email direct marketing to customers

If you are a customer and we have received your email address in connection with the sale of goods or services, we may use your email address for direct marketing purposes for of similar goods or services offered by us. This is only applicable if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the email address, and every time we use it for direct marketing purposes thereafter. For email direct marketing, we process your email address, your name, your company affiliation if you are interacting on behalf of a company, and the type of goods or services you purchase from us. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 (1)(f) GDPR. We will store the personal data until you object to the processing.

We use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor for our email direct marketing. We entered into a data processing agreement with iFixit (USA) that includes the Standard Contractual Clauses as well as additional appropriate measures to comply with the requirements of the GDPR and the jurisdiction of the European Court of Justice to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the standard contractual clauses is available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en.

5. Newsletter

If you would like to receive our newsletter we require your email address, name. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent by means of the so-called double-opt-in procedure. The email address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the email address given under Clause II.

We embed a so-called counting pixel into our newsletters. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow us an analysis of the reader's reading behavior. In this context, we gather information on whether, and at what time, a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to generate statistical evaluations of the success or failure of a marketing campaign to optimize the distribution of our newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.

We use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor to provide you with our newsletter. We entered into a data processing agreement with iFixit (USA) that includes the Standard Contractual Clauses as well as additional appropriate measures to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the standard contractual clauses is available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en.

6. User account, iFixit community and registration

We are using user accounts for the iFixit community to facilitate simplified access for users to the services offered by us. Using the iFixit community to access our services is voluntarily. You can place orders through our web store as a guest without using the functionality provided by the integration of the iFixit community.

If you activate that feature by clicking the link, you are being forwarded to the website of the iFixit community at de.ifixit.com. The iFixit community will collect your IP address, the time and date when you registered or logged in to our services, and any further data collected by the iFixit community as the case may be related to the connection with our services. The iFixit community will also record your use of our services in your user account with the iFixit community. The iFixit community will transfer to us the email address used to register with the iFixit community, your first and last name, your profile picture and the unique identifier assigned to you by the iFixit community.

The iFixit community is provided by iFixit (USA), 1330 Monterey Street; San Luis Obispo, California 93401, USA. It is not possible to register in the iFixit community without transferring data to the USA. When registering for the iFixit community, you will be redirected to the iFixit (USA) website. For more information on how iFixit (USA) handles your personal data, please see the privacy policy at: https://www.ifixit.com/Info/Privacy. Personal data is processed based on your consent according to Art. 6 (1)(a) GDPR to use the iFixit community.

The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR. For such consent, the following conditions will apply:

a. Your personal data may be transferred to a third country or an international organization that do not provide a level of protection that is adequate to European and/or German data protection law. Notwithstanding any permissions according to contract or to applicable law, personal data will be transferred in accordance with the conditions provided in Art. 44 et seq. GDPR. This means that for the respective third country either an adequacy decision by the EU commission according to article 45 GDPR is in place, or appropriate safeguards according to article 46 GDPR have been provided or binding corporate rules according to article 47 GDPR are in place. Further information is provided in explanations of the respective processing operations in this data privacy information.

b. For some countries, especially the USA, an adequacy decision by the EU commission according to article 45 GDPR does not exist and it might not be possible to achieve a level of protection that is adequate to the data protection law in the European Union, neither by providing appropriate safeguards according to article 46 GDPR nor by implementing binding corporate rules according to article 47 GDPR. There is a risk that such third countries do not offer an adequate level of protection. It is possible that no data protection authorities and/or principles relating to processing of personal data might exist in such third countries, and/or that the data subject might not be entitled to data protection rights in such third countries. It is possible that there might not be sufficient legal remedies available to you to defend against a violation of your rights in such countries.

Without your consent to use your user account with the iFixit community, you cannot open a user account with us.

The collected personal data will be used for the purposes of providing our services as well as contacting you in order to provide you with information about our offers and the services you registered for. Your user account with us and the personal data stored in connection with the user account will be used in particular to improve your shopping experience with us and to enable you to access your order history and to write user reviews and to leave ratings on the products offered in our web store. When logged in to your user account you can view your personal data and make changes to this data. We will not pass your personal data to third parties unless it is necessary for the fulfillment of contractual obligations in accordance with Art. 6 (1)(b) GDPR or for the pursuit of any claims to which we are entitled, or unless there is a legal obligation to do so in accordance with Art. 6 (1)(c) GDPR. Your data will be stored until you delete the user account or instruct us to delete your data. Insofar as we are obliged to retain your personal data on the basis of statutory retention periods, in particular tax and commercial law, the processing of your personal data will be restricted until the expiration of the relevant retention periods and then subsequently deleted.

If you register on our website or use the user account, we will store your IP address and the time of usage. Processing is done based on our legitimate interests pursuant to Art. 6 (1)(f) GDPR in order to provide our services. Data is also processed in your interest to protect you from misuse and other unauthorized use of your data. The IP addresses will be anonymized or deleted after 7 days at the latest.

7. User reviews and ratings

If you leave reviews or ratings on the products offered in our web store, we will store your user account for the iFixit community, the time and date and the content of your review or rating and your IP address. The purpose of storing this information is 

  • to enable users of our services or users of the iFixit community to contact you regarding your reviews or ratings, 
  • to connect your reviews or ratings with your user account and use these reviews or ratings for the purposes of the iFixit community, and 
  • to forward any complaints about your reviews or ratings to you and, if necessary, ask you to comment. 

It is not possible to leave a review or rating on our web store without a user account for the iFixit community. The user account provided will be stored and published with the review. 

The legal basis for the processing of personal data to provide you with the functionality to leave ratings and reviews und to connect your user account for the iFixit community with these reviews and ratings is your consent in accordance with Art. 6 (1)(a) GDPR and our legitimate interest under Art. 6 (1)(f) GDPR. Our legitimate interest in requesting and storing the user account for the iFixit community and your IP address is based on security considerations, for example, in case someone posts unlawful content (for example, defamatory comments). In this case, we ourselves could be prosecuted for the comment or post and therefore have a legitimate interest in storing the publisher's IP address. We will pass the personal data collected on to law enforcement authorities in cases of criminal investigations. Beyond that, we will make other disclosures to third parties. 

The reviews and ratings you leave in our store will be connected internally with your user account for the iFixit community so you can review your usage history.

8. Job applications

If you use our application form or other means of communications to apply for a job, you will need to provide your name, contact information and further application documents so that we can review your application and contact you. The data processing for the purpose of processing your application is carried out in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. The purpose of the data processing is the participation in an application procedure advertised by us or in case of an unsolicited application the assessment of whether we may offer you a job. Without your consent you cannot participate in an application procedure. 

Typically, the following data are being processed for our application procedures: 

  • your cover letter for the application;
  • your personal data: name, address, email address, telephone number, mobile phone number, date of birth;
  • your curriculum vitae: present workplace, prior workplaces, employer, professional training, number of years of professional experience, continuing education hitherto, outstanding knowledge, hobbies;
  • documents such as certificates of educational institutions and/or prior workplaces, certificates of completed continuing education.

Based on our legitimate interest under Art. 6 (1)(f) GDPR to defend against legal claims risen against us, all personal data collected in connection with the application procedure will furthermore remain stored. If you decide on your own behalf to withdraw your application from the application procedure, we will delete your application documents. Your name and your contact data as well as the time and date when you filed and/or withdrew your application and the related correspondence will remain stored. If not required anymore for other purposes (for example subsequent employment or legal procedures), this data will be deleted 6 months after completion of the application procedure. 

We use a cloud-based HR management software which is hosted by a provider of such systems to manage our application procedures. Any personal data is processed by the cloud provider on our behalf as our data processor based on a data processing agreement. The legal basis is our legitimate interest in the efficient management and control of our HR processes in accordance with Art. 6 (1)(f) GDPR.

9. Contractual data

In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations initiated through our web store, which are carried out at the request of the data subject, we process personal data required for the fulfilment of a contract with the data subject. These include: 

  • data of the contracting party, such as name, address and contact details. If applicable, alternate delivery or billing address of recipients; 
  • if necessary, the date of birth; 
  • contractual documentation including subject matter, duration or customer category; 
  • payment data such as bank details, credit card details, and payment history. 

The legal basis for data processing is Art. 6 (1)(b) GDPR. 

We also use a cloud-based enterprise resource planning system which is hosted by a provider of such systems to handle our business processes and manage our inventories. Any personal data is processed by the cloud provider on our behalf based on a data processing agreement. The legal basis is our legitimate interest in the efficient management and control of our business processes in accordance with Art. 6 (1)(f) GDPR. 

The data will be disclosed to third parties only to the extent necessary to fulfill pre-contractual and contractual obligations, e.g. banks, payment providers and credit card companies for processing the payment, shipping service providers for the shipment of goods.

10. Shopify

Our online shop uses the Shopify e-commerce platform. Shopify is provided by Shopify Inc, 150 Elgin Street, Suite 800, Ottawa, ON, K2P 1L4, Canada. The controller for the processing of personal data in the EU is Shopify International Ltd, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 Xn32, Ireland (hereinafter 'Shopify'). Your contractual data and other data you enter in our online shop is processed by Shopify as a data processor on our behalf and is being transferred to Shopify Inc. in Canada. The EU Commission has decided that Canada ensures an adequate level of protection. The adequacy decision for Canada can be retrieved at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32002D0002&from=en. According to Art. 45 GDPR, due to this decision a transfer of personal data to Canada does not require any specific authorization. 

In addition, we use external plugins to enhance the usability of our shop. The plugin providers process personal data of the shop uses as data processors on our behalf based on our legitimate interests in accordance with Art. 6 (1)(f) GDPR. Our legitimate interest is to provide a user-friendly online shop. 

When you choose to use Shopify Pay for payment, we will transfer your name, email address, mobile phone number, credit card and billing address, delivery address and the shipping method you selected on the checkout page, as well as related information about your order of goods and services you have purchased from us, to Shopify Pay in order to process the payment. The legal basis for the processing is Art. 6 (1)(b) GDPR.

11. Help Scout

This website uses Help Scout. Help scout is provided by Help Scout, 100 City Hall Plaza, 5th Floor, Boston, MA 02108, USA. hereinafter 'Help Scout'). Help Scout is a live chat software for customer support. You can use Help Scout to contact us directly by chat messages. When you use Help Scout, the following personal data is processed by Help Scout as a data processor on our behalf to provide the service: 

  • Name 
  • Email address 
  • IP address of the requesting computer
  • other data entered by you in Help Scout chats 
  • previous Help Scout chats 

The legal basis for the use of Help Scout is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR. 

Personal data collected by Help Scout may be transferred to servers in third countries outside the EU or the EEA. We use Help scout based on our and your legitimate interests pursuant to Art. 6 (1)(f) GDPR in order to provide a simple, fast and effective method to contact us. The data entered by you to use Help Scout is being processed in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. 

We use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor to provide you with our newsletter. 

We entered into a data processing agreement with iFixit (USA) that includes the Standard Contractual Clauses to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the standard contractual clauses is available at https://www.helpscout.com/company/legal/privacy/.

IV. Payment providers

If you object to the transfer of your personal data to one of our payment providers, or if you believe that your credit rating is not suitable to use one of our payment providers, you can make an advance payment via bank transfer.

1. PayPal

This website uses PayPal as a payment service. The provider is PayPal (Europe) S.à r.l. et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter 'PayPal'). PayPal acts as an online payment service provider and trustee offering buyers and sellers secure services for payments via PayPal, credit card via PayPal, direct debit via PayPal or, if offered, purchase on account. For processing the payment transaction, we will forward your name, email address, purchased products, invoice amount and billing and delivery address to PayPal. When using the payment methods credit card via PayPal, direct debit via PayPal or, if offered, purchase on account via PayPal, PayPal will make a decision as to whether your transaction request is accepted, and, if necessary, to minimize the default of payments, perform a check of your creditworthiness. Calculating the creditworthiness includes probability values (so-called score values) and address data. The calculation of this score is based on a scientifically recognized mathematical-statistical procedure. If the credit rating is insufficient, PayPal can reject the chosen method of payment. The legal basis of the processing is the establishment and performance of a contract of which the data subject is a contracting party under Art. 6 (1)(b) GDPR. If you object to the data transfer, or you believe that your credit rating is not suitable for the chosen method of payment, please use a different method of payment. For more information on how PayPal deals with your personal data, please refer to the privacy policy at: https://www.paypal.com/webapps/mpp/ua/privacy-full?locale.x=en_EN.

2. Klarna

Our website uses Klarna as a payment service. Provider is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter 'Klarna'). Klarna acts as an online payment service provider, trustee and credit reference agency. When making a payment via Klarna, we will forward your name, email address, date of birth, purchased products or services, invoice amount, invoice and delivery address, bank and credit card data, and, if applicable, your mobile phone number to Klarna. If you use the payment methods 'purchase on account' or 'payment by instalments', Klarna may check your credit rating in order to decide on the release of the payment transaction and to minimize payment defaults. In this context, your personal data may be shared with other credit reference agencies. In addition, score values are calculated for credit rating checks (so-called score values), which includes address data. The calculation of these score values is based on a scientifically recognized mathematical-statistical procedure. In the event of insufficient creditworthiness, Klarna may refuse the selected payment method.

The legal basis for the processing is Art. 6 (1)(b) GDPR. If you object to the data transfer or if you believe that your credit rating is not suitable for the selected payment method, please use a different payment method. For more information on how Klarna handles your personal data, please refer to the privacy policy at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en/privacy.

3. Mollie

Our website uses Mollie as a payment service provider. Provider is Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands (hereinafter 'Mollie'). Mollie assumes the function of an online payment service provider. When paying via Mollie, your payment data (for example bank account number or credit card number), IP address, browser and your device type, in some cases your first and last name, your address, information about purchased products or services, and further personal data provided directly by you, for example during correspondence or phone calls, are transferred on to Mollie as part of the payment process.

The legal basis for the processing is Art. 6 (1)(b) GDPR. If you object to the data transfer, or you believe that your credit rating is not suitable for the chosen method of payment, please use a different method of payment. For more information on how Mollie handles your personal data, please see refer to the privacy notice at: https://www.mollie.com/en/privacy.

V. Statistics and Analytics

1. Meta-Pixel

This website uses the so-called 'Meta Pixel'. Provider is Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Responsibility for the processing of personal data of data subjects in the EU is held by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (hereinafter 'Meta').

The use of the Meta Pixel-technology allows Facebook to recognize visitors of our website and to associate them to certain groups for the display of specific advertisements (for example, categories visitors to our website according to areas of interest which we have given to Meta, so-called 'Custom Audiences'). This ensures that the users are shown only interest-oriented ads thus avoiding annoyance by improper advertising. By using Meta Pixel, we can also track the effectiveness of our ads on Facebook and Instagram for statistical purposes and track whether and how users have used our offer after clicking on the advertisement. The use of the Meta Pixel helps us to promote our products and services in an appropriate manner without annoying users with inappropriate advertising.

Personal data collected by Meta may be transferred to servers in third countries outside the EU or the EEA. Meta entered into Standard Contractual Clauses to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). Information about the standard contractual clauses used by Facebook is available at https://www.facebook.com/help/566994660333381?ref=dp.

For more information about the Meta Pixel and how it works, please refer to: https://www.facebook.com/business/help/651294705016616. More information on how Meta processes the data obtained, and general details about Facebook advertisement is made available on the Meta data policy at: https://www.facebook.com/about/privacy/update. In your personal Facebook account under the heading 'Settings', you also have the option to object to the collection of your personal data via the Meta Pixel and its use for the display of specific advertisements. More information about these settings are available at: https://www.facebook.com/settings?tab=ads (login required).

The legal basis for the use of the Meta Pixel is your voluntarily given consent in accordance with Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR.

VI. Google Services

Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google').

The information and personal data collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA. Google entered into Standard Contractual Clauses to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the EU Standard Contractual Clauses can be found at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en.

For more information about how Google handles personal data, please refer to Google's Privacy Policy: https://policies.google.com/privacy?hl=en. For information on the use of data for advertising purposes by Google, settings and your right to object please refer to: https://policies.google.com/technologies/partner-sites, https://policies.google.com/technologies/ads, https://adssettings.google.com/authenticated

The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR.

1. Google Analytics

Our website uses Google Analytics. Google Analytics uses cookies. Google Analytics collects information about the visits of website users and analyses their behavior. This data serves the purpose of developing a user-friendly website design, the continuous optimization of our services and offers, to measure the success of marketing activities and to create statistical analysis. In this context, pseudonymized user profiles are created and cookies are used. Google Analytics collects information such as browser type / version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of server request. The information generated is transferred to the US and stored on servers owned by Google. The collected user data and event data will be deleted after 26 months. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data that is kept by Google. The IP address will be anonymized so that assignment is impossible.

1.1 Demographics and interests with Google Analytics

This website uses the feature 'demographics and interests' within the scope of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of our site visitors. This data comes from Google's interest-based advertising as well as visitor data from third-party providers. This data cannot be assigned to any specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as explained above.

1.2 Google Analytics Remarketing

Our website uses Google Analytics Remarketing. This service presents internet users advertisement related content of previously visited websites. Google uses cookies to recognize visitors who access web pages from the Google Advertising Network. This service collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for the provision of Analytics Remarketing. Your IP address will not be merged with other data provided by Google. The information gathered about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. You can prevent the local storage of cookies by configuring your browser software correspondingly. However, be advised that in this case you may not be able to use all the features of this website to the full extent possible. If you do not wish to use Google Remarketing, you can disable it by configuring your personal settings at: http://www.google.com/settings/ads.

1.3 Google Ads with Conversion-Tracking

Our website uses Google Ads and Google Ads with Conversion Tracking. Google Conversion Tracking is used to track and evaluate the clicks on ads, purchases, signups, phone calls, app downloads, and other actions on our website. In this context Google Ads collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for providing conversion tracking statistics. Under no circumstances will your IP address be merged with any other data that is kept by Google. This service also uses Cookies for analysis and evaluation purposes. You can prevent the storage of cookies by configuring your browser so that no cookies will be stored on your device. However, disabling cookies may mean that you may not be able to use all the features on our website. The information generated is transferred to the US and stored on servers owned by Google. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.

1.4 Google AdSense

This website uses Google AdSense to integrate advertisements on our website. Google AdSense uses cookies and web beacons to recognize and analyze page visits. Web beacons are small invisible graphics that analyze information such as clicks on advertisements or website traffic. This service collects your IP address, which of our web pages you have visited and, where applicable, other data required by Google for the provision of the advertisements. The IP address transmitted by your browser as part of Google AdSense will never be merged with other Google data. The information generated about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us or Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

2. Google Tag Manager

Our website uses Google Tag Manager in order to manage the website through a single tag management interface. Google Tool Manager only implements tags. This means no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager.

VII. Rating platforms

1. Trusted Shops

Our website uses the Trusted Shops trust badge. Provider is Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (hereinafter 'Trusted Shops'). The Trustbadge displays the Trusted Shops seal of approval and our ratings. When the Trustbadge is loaded, personal data such as your IP address, date and time of the request, the volume of data transferred and the website are automatically stored and processed. This data will not be evaluated and is automatically deleted after 7 days of your visit at the latest. The legal basis for the use of the Trusted Shops Trustbadge is our legitimate interest in optimizing our marketing activities in accordance with Art. 6 (1)(f) GDPR. Further personal data will only be transferred to Trusted Shops (e.g. for requesting feedback) if you have given your consent, you decided to use Trusted Shops’ services after having completed an order or you have already registered for its use. In this case the contractual agreement between you and Trusted Shops applies. For further information on how Trusted Shops handles your personal data please refer to the Trusted Shops privacy notice at: https://www.trustedshops.co.uk/imprint/.