• 120.000 customers
  • Shipment next day for orders placed before 12 pm
  • Safely packed
  • Everything duty paid, taxed, without extra costs within DE.
Go to homepage
€0.00*

Privacy Policy

1) Introduction and contact details of the controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to all data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Oswald GmbH, Lung Wai 23, 27498 Helgoland, Germany, tel.: 04725 8007041, email: info@onlineshop-helgoland.de. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for longer and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage period in the overview of your web browser's cookie settings.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of the contract, pursuant to Art. 6 (1) (a) GDPR in the case of consent, or pursuant to Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contact

4.1 Trusted Shops

We use the services of the following provider for review reminders: Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany

Exclusively on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR, we will forward your email address and, if applicable, other customer data to the provider so that they can contact you with a review reminder by email.

You can revoke your consent at any time with future effect by contacting us or the provider.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

4.2 When you contact us (e.g., via the contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

5) Data processing when opening a customer account

In accordance with Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required to open an account can be found in the input mask of the corresponding form on our website.

Your customer account can be deleted at any time by sending a message to the above address of the controller. After your customer account has been deleted, your data will be deleted provided that all contracts concluded via this account have been fully processed, there are no legal retention periods that prevent this, and we have no legitimate interest in continuing to store the data.

6) Use of customer data for direct marketing

6.1 Registration for our email newsletter

If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information required to send you the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter, which ensures that you will only receive the newsletter once you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. In doing so, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when you register for the newsletter will be used strictly for the specified purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller mentioned above. After you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

6.2 Rapidmail

Our email newsletters are sent via this provider: rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when registering for the newsletter to this provider in accordance with Art. 6 (1) lit. f GDPR so that they can send the newsletter on our behalf.

Subject to your express consent in accordance with Art. 6 (1) (a) GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the content of the newsletter. In doing so, terminal device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with future effect.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits its disclosure to third parties.

6.3 Email notification of product availability

For items that are temporarily unavailable, you can sign up to receive email notifications of availability. We will send you a one-time email notification about the availability of the item you have selected. The only mandatory information required to send this notification is your email address. The provision of further data is voluntary and may be used to address you personally. We use the double opt-in procedure for sending emails, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. We store your IP address as entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for our email notification service for product availability is used strictly for this purpose.

You can unsubscribe from availability notifications at any time by sending a message to the controller mentioned above. After you unsubscribe, your email address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

7) Data processing for order processing

7.1 Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when placing your order (name, address, email address) to inform you personally about upcoming updates within the legally prescribed period via a suitable means of communication (e.g., by post or email) in accordance with our legal information obligations pursuant to Art. 6 (1) (c) GDPR. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transferred to these service providers in accordance with the following information.

7.2 In the case of orders for age-restricted goods, we ensure, in accordance with the applicable youth protection law, that you have reached the minimum age required by law for the goods in question. For this purpose, we use an age verification procedure that allows us to verify your personal identification (age check) and, if necessary, authentication. For this purpose, we use the age verification service provided by DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn.

For the purpose of verifying the required minimum age, some of your personal data will be transmitted to the above service provider. This data processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interests, which prevail in the context of a balancing of interests, in ensuring that our offerings comply with youth protection laws and, furthermore, in complying with the legal provisions on youth protection.

7.3 Transfer of personal data to shipping service providers

- DHL

We use the following provider as our transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) lit. a GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or to notify you of delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to notify you of the delivery.

Consent can be revoked at any time with future effect by contacting the controller or provider specified above.

7.4 Use of payment service providers (payment services)

- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method from the provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where the provider makes an advance payment (such as purchase on account, installment purchase, or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative means of payment) during the ordering process.

In order to protect our legitimate interest in determining the solvency of our customers, we forward this data to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. The provider uses the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment history) to check whether the payment option you have selected can be granted with regard to payment and/or default risks.

In addition to the provider's internal criteria in accordance with Art. 6 (1) lit. f GDPR, identity and creditworthiness information from the following credit agencies may also be included in the decision-making process:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). Insofar as score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Paydirekt

One or more online payment methods from the following provider are available on this website: paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany

If you select a payment method from the provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will only be passed on for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider that requires advance payment, your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will only be passed on for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method for which we make advance payments, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative means of payment) during the ordering process.

In such cases, in order to protect our legitimate interest in determining your solvency, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. The provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks on the basis of the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment history).

The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Wallee

One or more online payment methods from the following provider are available on this website: Wallee customweb GmbH, General-Guisan-Strasse 47 31, CH-8400 Zurich, Switzerland

If you select a payment method from the provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

8) Services

DooFinder

Description of the service

We use the DooFinder search function to make visiting our website more attractive and to present you with better search results more quickly. This serves to safeguard our legitimate interests in an optimized presentation of our offer in accordance with Art. 6 (1) (f) GDPR. 6 (1) (f) GDPR.

The operator of the pages is DooFinder S.L., Madrid 28037, Rufino González 23 bis, 1º 1, Spain.

For this purpose, the browser you are using must connect to the DooFinder servers. This allows DooFinder to know that our website has been accessed via your IP address. Further information on DooFinder Search can be found at https://www.doofinder.com/de/ and in DooFinder's privacy policy: https://www.doofinder.com/de/privacy-policy.

DooFinder Search

Description of the service

We use the DooFinder search function to make visiting our website more attractive and to present you with better search results more quickly. This serves to safeguard our legitimate interests in an optimized presentation of our offering in accordance with Art. 6 (1) (f) GDPR. 6 (1) (f) GDPR.

The operator of the pages is DooFinder S.L., Madrid 28037, Rufino González 23 bis, 1º 1, Spain.

For this purpose, the browser you are using must connect to the DooFinder servers. This allows DooFinder to know that our website has been accessed via your IP address. Further information on the DooFinder search can be found at https://www.doofinder.com/de/ and in DooFinder's privacy policy: https://www.doofinder.com/de/privacy-policy.

reCaptcha v3

Description of the service

This service protects websites from bots. This service collects and analyzes a user's interactions on the website and generates a score that indicates suspicious user behavior.

Processing company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

https://support.google.com/policies/troubleshooter/7575787?hl=en

Purpose of the data

This list outlines the purposes of data collection and processing.

  • Analysis
  • Bot protection

Technologies used

This list contains all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.

  • JavaScript
  • Cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Screen resolution
  • Date and time of visit
  • IP address
  • Browser language
  • Mouse movements
  • Visitor behavior
  • CSS
  • Responses to forms

Legal basis

The necessary legal basis for data processing is specified below

  • Art. 6 (1) (f) GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European

Retention period

The retention period is the length of time for which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data will be deleted as soon as it is no longer needed for processing purposes.

Transfer to third countries

When using this service, the collected data may be transferred to another country. Please note that as part of this service, data may be transferred to a country that does not have the required data protection standards. Below is a list of countries to which data is transferred. For more information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • United States
  • Singapore
  • Taiwan
  • Chile

Data recipients

The recipients of the collected data are listed below.

  • Google Ireland Limited
  • Google LLC
  • Alphabet Inc.

Click here to read the data processor's privacy policy

https://business.safety.google/privacy/?hl=en

Click here to read the data processor's cookie policy

https://policies.google.com/technologies/cookies?hl=en

Stored information

  • Name: _GRECAPTCHA; This cookie is used to assign an ID to the website visitor and collects statistical data about the website visitor's visits. Type: cookie; Duration: 365 days;

Usercentrics Consent Management Platform

Description of the service

This is a consent management service. Usercentrics GmbH is used as a processor on websites and apps to ensure consent management.

Processing company

Usercentrics GmbH

Sendlinger Str. 7, 80331 Munich, Germany

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

datenschutz@usercentrics.com

Purpose of the data

This list outlines the purposes of data collection and processing.

  • Compliance with legal obligations
  • Consent storage

Technologies used

This list contains all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.

  • Local storage
  • Pixels

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Opt-in and opt-out data
  • Referrer URL
  • User agent
  • User settings
  • Consent ID
  • Time of consent
  • Consent type
  • Template version
  • Banner language
  • IP address
  • Geographic location

Legal basis

The necessary legal basis for data processing is specified below

  • Art. 6 (1) (c) GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European

Retention period

The retention period is the length of time for which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Consent data (consent given and withdrawal of consent) is stored for one year. The data is then deleted immediately.

Data recipients

The recipients of the collected data are listed below.

  • Usercentrics GmbH

Click here to read the data processor's privacy policy

https://usercentrics.com/privacy-policy/

Stored information

  • Name: uc_settings and/or ucString; This contains the ControllerID and SettingsID, the language, the settings version, and the services with your consent history.; Type: web; Domain: usercentrics.com;
  • Name: ucData (optional); Information about Google Consent Mode is stored here.; Type: web;

Google Analytics 4

Description of the service

This is an analytics service. The service enables the measurement of traffic and engagement on websites and mobile apps across devices using customizable reports.

Processing company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Purpose of the data

This list outlines the purposes of data collection and processing.

  • Marketing
  • Analysis

Technologies used

This list contains all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.

  • Tracking code
  • Cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Device information
  • Geographic location
  • Browser information
  • Screen resolution
  • Referrer URL
  • Interaction data
  • Date and time of visit
  • User behavior
  • Pages visited
  • Online identifiers
  • Truncated IP address
  • User ID
  • Advertising ID
  • Purchase information
  • Device operating system

Legal basis

The legal basis required for data processing is specified below

  • Art. 6 (1) (a) GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European

Retention period

The retention period is the length of time for which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data will be stored for up to 50 months, depending on the choice of the controller.

Transfer to third countries

When using this service, the collected data may be transferred to another country. Please note that as part of this service, the data may be transferred to a country that does not have the required data protection standards. Below is a list of the countries to which the data is transferred. For more information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • Singapore
  • Taiwan
  • Chile
  • United States

Data recipients

The recipients of the collected data are listed below.

  • Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the data processor's privacy policy

https://business.safety.google/privacy/?hl=en

Click here to read the data processor's cookie policy

https://policies.google.com/technologies/cookies?hl=en

Click here to opt out on all domains of the processing company

https://tools.google.com/dlpage/gaoptout?hl=de

Storage information

  • Maximum storage period for cookies: 731 days

Stored information

  • Name: Google; Used to distinguish users; Type: cookie; Duration: 731 days;
  • Name: Google; Used to maintain session status; Type: cookie; Duration: 731 days;

Microsoft Clarity

Description of the service

This is an analytics tool. It is used to provide website usage statistics, session recordings, and heat maps, which are mainly created by tracking mouse movements.

Processing company

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

https://www.microsoft.com/en-GB/concern/privacy

Purpose of the data

This list outlines the purposes of data collection and processing.

  • Optimization
  • Analysis

Technologies used

This list contains all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.

  • Tracking code

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • IP address
  • Date and time of visit
  • Unique user ID
  • Session ID
  • User behavior
  • Interaction data
  • Mouse movements
  • Clicks
  • Scrolling activity

Legal basis

The necessary legal basis for data processing is specified below

  • Art. 6 (1) (a) GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

United States

Retention period

The retention period is the length of time for which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data will be stored for 13 month(s).

Transfer to third countries

When using this service, the collected data may be transferred to another country. Please note that as part of this service, the data may be transferred to a country that does not have the required data protection standards. Below is a list of the countries to which the data is transferred. For more information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • United States

Data recipients

The recipients of the collected data are listed below.

  • Microsoft Corporation

Click here to read the data processor's privacy policy

https://docs.microsoft.com/en-us/clarity/faq#privacy

Stored information

  • Name: _clck; This preserves the Clarity user ID and Clarity settings, which are unique to this site and are associated with the same user ID.; Type: cookie; Duration: Session;
  • Name: _clsk; Connects multiple page views by a user to a single Clarity session record.; Type: cookie; Duration: Session;
  • Name: CLID; Identifies the user that Clarity saw for the first time on a website that uses Clarity.; Type: cookie; Duration: Session;
  • Name: ANONCHK; Indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity does not use ANID and is therefore always set to 0.; Type: cookie; Duration: session;
  • Name: MR; Indicates whether MUID should be updated.; Type: cookie; Duration: session;
  • Name: MUID; Identifies unique web browsers visiting Microsoft websites. These cookies are used for advertising, website analytics, and other operational purposes.; Type: cookie; Duration: Session;
  • Name: SM; Used to synchronize MUID between Microsoft domains.; Type: cookie; Duration: Session;

Trusted Shops

Description of the service

This is a service that ensures online trust and security for online retailers and buyers.

Processing company

Trusted Shops AG

Subbelrather Straße 15c, 50823 Cologne, Germany

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

privacy@trustedshops.com

Purpose of the data

This list outlines the purposes of data collection and processing.

  • Recommendations

Technologies used

This list contains all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.

  • Cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Date and time of visit
  • Transferred data volume
  • Requesting provider
  • IP address

Legal basis

The necessary legal basis for the processing of data is specified below

  • Art. 6 (1) (a) GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

Germany, Israel, United States of America

Retention period

The retention period is the length of time for which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Log files are deleted no later than 90 days after creation.

Transfer to third countries

When using this service, the collected data may be transferred to another country. Please note that as part of this service, the data may be transferred to a country that does not have the required data protection standards. Below is a list of the countries to which the data is transferred. For more information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • Israel
  • United States

Data recipients

The recipients of the collected data are listed below.

  • Trusted Shops AG

Click here to read the data processor's privacy policy

https://business.trustedshops.de/impressum#datenschutz

Trusted Shops Trustbadge

Description of the service

This is a seal of approval. It offers Trusted Shops buyer protection and automatically collects the buyer's email address for sending review invitations.

After the order is completed, the Trustbadge accesses the order information stored on the user's device (order total, order number, product purchased, if applicable) and the user's email address. The email address is hashed using a cryptological one-way function. This is used to check whether the user is already registered for Trusted Shops services. If this is the case, further processing is carried out in accordance with the contractual agreement between the user and Trusted Shops. If the user is not yet registered for the services or does not give their consent to automatic recognition via the Trustbadge, they are then given the option of manually registering to use the services or taking out insurance under any existing user agreement.

Processing company

Trusted Shops SE

Subbelrather Str. 15c 50823 Cologne

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

privacy@trustedshops.com

Purpose of the data

This list outlines the purposes of data collection and processing.

  • Recommendations
  • Analysis
  • Buyer protection

Technologies used

This list contains all technologies used by this service to collect data. Typical technologies include cookies and pixels placed in the browser.

  • Widgets

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Date and time of visit
  • Transferred data volume
  • Requesting provider
  • IP address
  • Hash version of the email address
  • Internet service provider
  • Order number
  • Total cost of the order
  • Payment information
  • Purchase date
  • User agent
  • Order information
  • Interactions with the plug-in

Legal basis

The necessary legal basis for data processing is specified below

  • Art. 6 (1) (f) GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European

Retention period

The retention period is the length of time for which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is stored for 7 day(s)

Transfer to third countries

When using this service, the collected data may be transferred to another country. Please note that as part of this service, the data may be transferred to a country that does not have the required data protection standards. Below is a list of the countries to which the data is transferred. For more information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • Israel
  • United States

Data recipients

The recipients of the collected data are listed below.

  • Trusted Shops AG

Click here to read the data processor's privacy policy

https://www.trustedshops.de/impressum-datenschutz/

9) Rights of the data subject

9.1 The applicable data protection law grants you the following rights as a data subject (rights of access and intervention) with regard to the controller in relation to the processing of your personal data, whereby reference is made to the legal basis cited for the respective conditions for exercising these rights:

  • Right of access pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to notification pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent pursuant to Art. 7(3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

9.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, fundamental rights and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNING YOU FOR DIRECT MARKETING PURPOSES.

10) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and, if relevant, the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right of objection under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in the other information in this statement on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

 

Mit WordToHTML.net in HTML umgewandelt | Dokumentenkonverter für Windows