Privacy policy

Below we inform you about the processing of your personal data by us. Personal data within the meaning of Article 4 GDPR refers to all information relating to an identified or identifiable natural person (such as name, address, telephone number, email address, invoices, bank details, etc., as well as your user behaviour).

Contact details
Lawfulness of the processing of personal data
Collection and storage of personal data and the nature and purpose of their use
Storage period and deletion of data
Disclosure of data to third parties
Hosting
Cookies
Payment service providers
Credit checks
Analytics services
Social media services
Other online services
Data subject rights
Right to object
Data security
Validity and amendments to this Privacy Policy

1. Contact details

This Privacy Policy applies to data processing by the following controller:

Controller:
TROIKA Onlineshop GmbH
Nisterfeld 11, 57629 Müschenbach, Germany
Email: service@troika.de
Telephone: +49 2662 95110

Statutory data protection officer
We have appointed a data protection officer for our company.

You can contact them at datenschutz@troika.de.

2. Lawfulness of the processing of personal data

We generally collect and use personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The collection and use of personal data usually takes place only with the user’s consent. An exception applies where obtaining prior consent is not possible for factual reasons or where the processing of the data is permitted by law.

Pursuant to Article 6 GDPR, the processing of personal data is lawful if one or more of the following conditions apply:

You have given your explicit consent pursuant to Art. 6(1)(a) GDPR;
Processing is necessary pursuant to Art. 6(1)(b) GDPR for the performance of a contract with you or to take steps at your request prior to entering into a contract;
Processing is necessary to comply with a legal obligation pursuant to Art. 6(1)(c) GDPR;
Processing is necessary to protect your vital interests or those of another natural person pursuant to Art. 6(1)(d) GDPR;
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority pursuant to Art. 6(1)(e) GDPR;
Processing is necessary for the purposes of our legitimate interests or those of a third party pursuant to Art. 6(1)(f) GDPR, unless your interests or fundamental rights and freedoms outweigh those interests.

3. Collection and storage of personal data and the nature and purpose of their use

When using our website, we may process personal data of users of our website (these may be customers, interested parties and visitors to our website), such as e.g. contact data, usage data and communication data.
This takes place, among other things, for the purpose of providing a functioning online offering, communicating with users of our website, processing contact enquiries and/or customer enquiries and for the purpose of fulfilling contracts. In addition, cookies are set when you visit our website (see section “Cookies” in this Privacy Policy). We may also use third-party online services in order, for example – provided you have given your consent – to collect and process data for marketing purposes. You will find further explanations in this Privacy Policy.

In the following, we inform you which data about you may be collected and processed and for what purpose.

When visiting the website

When accessing our website, information is automatically sent by the browser used on your device to the server of our website. This information is temporarily stored in a so-called log file. The following information may be recorded without any action on your part and – unless separate information is provided – stored until automated deletion after no later than 30 days:

IP address of the requesting computer
date and time of access
content of the request (specific page)
name and URL of the retrieved file
access status/HTTP status code
amount of data transferred in each case
website from which access is made (referrer URL)
browser used and, if applicable, the operating system of your computer and the name of your access provider
language and version of the browser software

The aforementioned data are processed by us – if they are collected – for the following purposes:

ensuring a smooth connection set-up of the website,
ensuring comfortable use of our website,
evaluation of system security and stability, and
further administrative purposes.

The legal basis for data processing is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
In addition, we may use cookies and online services when you visit our website. Further explanations are provided in this Privacy Policy.

Contract initiation / contract performance

We process such personal data as we receive within the scope of pre-contractual enquiries as well as within the scope of our business relationship. For example, the following personal data may be collected and processed by us: title, first name and surname, address, telephone number, email address, IBAN / credit card number including check digit (each only insofar as this is necessary for processing payments).
Furthermore, data may be disclosed to third parties (see section 5 “Disclosure of data to third parties” of this Privacy Policy).

The processing and storage of your transmitted data is carried out on the basis of Art. 6(1) sentence 1 lit. b GDPR for the purpose of fulfilling a contract or carrying out pre-contractual measures. In other cases, we process and store your data by means of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR as well as on the basis of our legitimate interest in handling the enquiry addressed to us pursuant to Art. 6(1) sentence 1 lit. f GDPR.
Provided that no statutory retention periods prevent this, the data collected and stored from you will be deleted as soon as the purpose of storage ceases to apply and storage is no longer necessary (e.g. your request has been processed or the business relationship has ended).

When registering for our newsletter

You have the option to subscribe to our newsletter. For this we require your email address and, as an optional detail for addressing you in the newsletter, your name.
We work with the so-called double opt-in procedure. Accordingly, after registration you will receive an email from us asking you to confirm your registration. By clicking the activation link contained in the email, you confirm that you are the owner of the email address and wish to receive the newsletter. If you have given your explicit consent, we use your email address on the basis of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR to send you our newsletter with information about our offers at regular intervals.
If you do not confirm the activation link within three weeks, we will delete the email address entered for the newsletter.

The collected data are used only to send the newsletter and to document your consent. When registering for the newsletter, we store your IP address and the date of registration. This storage serves solely as evidence in the event that a third party misuses an email address and registers for the newsletter without the knowledge of the authorised person.

For the dispatch of our newsletters, we work together with a mailing service provider. The data are usually transmitted directly to the servers of the mailing service provider, possibly to the USA, and stored there. The mailing service provider uses these data on our behalf for dispatch and statistical evaluation of the newsletters.

As part of performance measurement, our newsletters contain so-called web beacons (small invisible graphics) for collecting information. These are pixel-sized files that are retrieved from the mailing service provider’s servers when the emails are opened. This makes it possible, for example, to see whether the email has been opened. Technical data such as IP address, browser type or the time of retrieval are also recorded. The evaluation of these data is carried out solely to assess the reading behaviour of our newsletter recipients, so that the content can be adapted to the interests of the newsletter recipients. A separate withdrawal from performance measurement is not possible. If you do not wish performance measurement, please unsubscribe from the entire newsletter subscription.

The use of a mailing service provider for newsletter dispatch as well as performance measurement is carried out on the basis of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR as well as on the basis of our legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR in an efficient, user-friendly and secure newsletter system. A data processing agreement pursuant to Art. 28(3) sentence 1 GDPR has been concluded.

You can unsubscribe from the newsletter at any time and withdraw the consent you have given, with the result that the data stored for receiving the newsletter will be deleted by us and you will no longer receive a newsletter from us. You can withdraw your consent by clicking the unsubscribe link provided in every newsletter email or by sending a message to the contact details stated in the legal notice.

Mailing service provider:
Klaviyo
Our newsletters are sent by the mailing service provider Klaviyo, 225 Franklin St., Boston, Massachusetts 02110, USA. The controller for the European region is Klaviyo, United Kingdom, 49 Southwark Bridge Rd, London SE1 9HH, UK.
Klaviyo is certified under the EU-U.S. Data Privacy Framework.
You can view Klaviyo’s privacy policy here:
https://www.klaviyo.com/privacy/policy

When using our contact form

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. To do so, it is necessary to provide a first and last name as well as a valid email address, so that we know who the enquiry is from and can answer it. A telephone number can optionally be provided on a voluntary basis.
The processing and storage of your transmitted data is carried out on the basis of Art. 6(1) sentence 1 lit. b GDPR for the purpose of processing your enquiry. In addition, we process your data by means of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR as well as on the basis of our legitimate interest in processing the enquiry addressed to us pursuant to Art. 6(1) sentence 1 lit. f GDPR.
Provided that no statutory retention periods prevent this, the data collected and stored from you will be deleted as soon as the purpose of storage ceases to apply and storage is no longer necessary (e.g. your concern submitted via the contact form has been processed).

When creating a customer account

You have the option to register with us and create a customer account. The data required for this (such as name, address and email) are marked accordingly and can be found in the input form. In the customer account, your personal data are stored for the purpose that you do not have to enter these data again when you visit our website at a later time and place further orders, thereby simplifying the ordering process. The customer account is protected by the password you choose yourself.

You can delete your customer account at any time and withdraw the consent you have given, with the result that we irrevocably delete the data stored in the customer account, provided that no statutory retention periods prevent this. For this, it is sufficient to send a message to the contact details stored in the legal notice (email is also possible).
The processing and storage of your transmitted data is carried out on the basis of Art. 6(1) sentence 1 lit. a GDPR within the scope of the consent previously given by you as well as on the basis of Art. 6(1) sentence 1 lit. b GDPR within the scope of contract performance.

4. Storage period and data deletion

In principle, we store personal data only for as long as the purpose for which you entrusted us with the data has been fulfilled. Afterwards, the data are permanently deleted. If, however, statutory retention periods exist for the storage of personal data, we store these for as long as we are legally obliged to do so. Such obligations regularly arise from legal obligations to provide evidence and retain records, which are regulated, among other things, in the German Commercial Code (Handelsgesetzbuch) and the Fiscal Code (Abgabenordnung), for tax purposes e.g. ten years. After expiry of the statutory retention period, the data are permanently deleted.

Any consent given to the processing and storage of your personal data pursuant to Art. 6(1) sentence 1 lit. a GDPR may be withdrawn at any time, with the result that the data – provided that no statutory retention periods prevent this – are permanently deleted.
Further rights by which we may be prohibited from processing your personal data arise from Art. 21(1) and (2) GDPR.
Information about the right to object resulting from this can be found in this Privacy Policy under the section “Right to object”.

5. Disclosure of data to third parties

We disclose your personal data to third parties only if:

you have given your explicit consent pursuant to Art. 6(1) sentence 1 lit. a GDPR,
disclosure is necessary pursuant to Art. 6(1) sentence 1 lit. f GDPR to protect our legitimate interests or those of a third party, such as for asserting, exercising or defending legal claims, provided that your interests or fundamental rights and freedoms which require the protection of personal data do not prevail,
there is a legal obligation for disclosure pursuant to Art. 6(1) sentence 1 lit. c GDPR,
pursuant to Art. 6(1) sentence 1 lit. b GDPR for the purpose of payment processing to the payment service provider commissioned with payment processing and pursuant to Art. 6(1) sentence 1 lit. f GDPR within the scope of our legitimate interests in being able to offer reliable and secure payment processes, and
this is legally permissible and required pursuant to Art. 6(1) sentence 1 lit. b GDPR for processing contractual relationships with you, for example disclosure of address data to a transport company. Data may likewise be disclosed to a drop shipper who then ships the goods to you on our behalf. If you order goods that are to be shipped to an address other than your own, this is carried out on the basis of our legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR in the proper performance of the contractual relationship.

Where required, a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR has been concluded with the service provider used.

If personal data of the customer are processed in a third country (outside the EU), this is carried out within the scope of the customer’s previously given consent, within the scope of contract performance or due to existing statutory obligations. Any disclosure takes place in compliance with statutory provisions. In particular, the provisions of Art. 44 to Art. 49 GDPR apply here.

A transfer is generally based on an adequacy decision of the EU Commission. If it is a third country for which no adequacy decision exists, data transfers are based, among other things, on the standard contractual clauses available under the link below as appropriate safeguards for the protection of personal data:
https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de

On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework – “DPF” for short (successor to the “Privacy Shield”). The DPF now serves as the basis for data transfers to certified organisations in the USA without additional transfer instruments or further measures being required. Within this Privacy Policy, corresponding notices are provided where an organisation is certified under the DPF.

6. Hosting

This website is hosted by an external service provider. Personal data collected on this website are stored on the host’s servers, possibly in the USA. This may include, in particular, IP addresses, contact enquiries, communication data, contract data, contact data, website access and other data generated via a website.

Our host will process your data only insofar as this is necessary to fulfil its performance obligations and will follow our instructions regarding these data. A data processing agreement pursuant to Art. 28(3) sentence 1 GDPR has been concluded with the host.

The use of the host is for the purpose of contract fulfilment towards our potential and existing customers pursuant to Art. 6(1) lit. b GDPR and in the interest of a secure, fast and efficient provision of our online offering pursuant to Art. 6(1) sentence 1 lit. f GDPR.

Host:
Shopify
We host our website with the following service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). Data may also be transferred as part of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc.
According to Shopify, log files are automatically deleted after no later than 30 days.
Further information on data protection and an addendum on Shopify’s data processing can be found at:
https://www.shopify.de/legal/datenschutz
https://www.shopify.com/de/legal/dpa
Further information on the cookie policy and the storage duration of cookies can be found at:
https://www.shopify.com/de/legal/cookies

7. Cookies

We use cookies on our website. These are small files which your browser automatically creates and which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojan horses or other malware. Information is stored in the cookie that results in each case in connection with the specific device used.

Cookies that are strictly necessary for the use of the website are used, which ensure the smooth functioning of the website and do not require consent. The use of these cookies serves to make the use of our offering more pleasant for you. For example, we use so-called session cookies. A session ID is generated which assigns the session to the user and is stored temporarily. This means that several windows of our website can be opened and assigned to the same user; log-in data or the contents of the shopping basket remain stored. Session cookies are deleted when the browser is closed.

Furthermore, we may use functional cookies. These cookies store the settings made during your last visit to the website, such as language selection or internal bookmarks, so that these do not have to be selected again. Future visits to our website can thereby be made more pleasant.

In addition, so-called performance cookies may be used. These contain information about the way our website is used. For example, we can recognise how often and for how long our website is visited and which subpages are visited. This allows us to see which areas of our website are of particular interest to the user. Performance cookies enable analysis of your browsing behaviour for the purpose of optimising our online offering. It is not possible to draw conclusions about you as a user.

Marketing cookies from third-party providers may be set on your device. The purpose is, within the scope of online marketing, to analyse user behaviour across several websites over a longer period of time in order to place personalised advertising accordingly.

You can configure your browser settings according to your wishes and refuse the acceptance of cookies. We point out that you may then not be able to use all functions of this website.

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Cookies are used either on the basis of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR or within the scope of our legitimate interests in a functional website pursuant to Art. 6(1) sentence 1 lit. f GDPR.

8. Payment service providers

The processing of personal data by a payment service provider is carried out on the basis of Article 6(1) sentence 1 lit. b GDPR for the purpose of contract processing and only to the extent necessary, and within the scope of our legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR in being able to offer you reliable and secure payment processes. Responsibility for handling the data collected and processed by the payment provider in compliance with data protection law lies with the respective payment provider. You can withdraw your consent to the processing of data at any time vis-à-vis the respective payment service provider.

PayPal

If you pay using a payment method provided by PayPal (direct debit, credit card, instalment payment or purchase on account), payment processing is carried out via the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).
If you choose a PayPal payment method, you will be redirected to PayPal’s website. For the use of this service, PayPal collects, processes and stores transaction data, such as registration/contact data, identification/signature data, payment information, the amount paid, technical usage data and location data. PayPal reserves the right, for the payment methods mentioned above, to carry out a credit check to the extent legally permissible. For this purpose, your payment data may be disclosed to credit reference agencies pursuant to Art. 6(1) sentence 1 lit. f GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay.
Further information on data protection can be found in PayPal’s privacy policy:
https://www.paypal.com/myaccount/privacy/privacyhub

Shopify Payments

If you pay using a payment option of Shopify Payments (“Shopify Payments”, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2), payment processing is carried out via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Stripe Payments Europe Ltd. processes and stores the relevant transaction data such as the payment method (e.g. payment by credit card), the amount and the date of payment. Depending on the payment method used, your name, email address, billing address or shipping address may also be processed and stored by Stripe Payments Europe Ltd.
Stripe Payments Europe Ltd.’s privacy policy is available at:
https://stripe.com/de/privacy#translation
Shopify Payments’ privacy policy is available at:
https://www.shopify.com/legal/privacy

9. Credit checks

No credit checks are carried out.

10. Analytics services

The tracking measures listed below and used by us are carried out on the basis of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimisation of our website. Secondly, we use the tracking measures to record the use of our website statistically and to evaluate it for the purpose of optimising our offering for you. Where required, a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR has been concluded with the service provider used.
You can prevent the storage of cookies by setting your browser software accordingly. However, we point out that in this case not all functions of this website may be fully usable. Unless otherwise stated regarding the storage period, the data are stored for a period of two years and then deleted.
General information on usage-based online advertising can be found at:
https://www.youronlinechoices.com/de/

Google Analytics

We use Google Analytics 4 on our website, a web analytics service of Google LLC. The responsible company is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
We use Google’s “Consent Mode” in the basic implementation. If you have not given your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR, the loading of Google tags is blocked and no data are sent to Google (not even the consent status).
If you have given your consent, Google tags are loaded for analysis and marketing purposes in order to track user behaviour on our website. With this analytics tool, cookies, scripts and pixels are evaluated algorithmically with the help of artificial intelligence and user behaviour is measured. This may include the processing and storage of the following data: time spent and pages visited on our website, the browser used, date and time of page access, language settings as well as, for example, scrolls to the end of the page or clicks on external links. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide further services associated with website and internet use to the website operator. Stored data are deleted after no later than 14 months.
Based on location data derived from and transmitted via the IP address, all data from devices located in the EU are collected via domains and servers in the EU. Data may also be forwarded in encrypted form to Analytics processing servers in the USA. IP addresses collected from users in the EU are, according to Google, deleted before being recorded via EU domains and servers. IP anonymisation takes place automatically; according to Google, IP addresses are neither logged nor stored. Google is certified under the EU-U.S. Data Privacy Framework. Legal frameworks for Google’s data transfers as well as the European Commission’s standard contractual clauses can be accessed at:
https://policies.google.com/privacy/frameworks
Further information on Google’s privacy policy and usage information can be found at: https://policies.google.com/privacy
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plug-in available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de
You can adjust settings for personalised advertising by Google at any time:
https://www.google.com/settings/ads/onweb

Google Ads Conversion Tracking

Our website uses Google LLC’s advertising system “Google Ads”. The responsible company for the European region is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
As part of Google Ads, we use conversion tracking. A so-called “cookie” (see section 7 “Cookies”) is set by Google Ads on your computer if you have reached our website via a Google ad. The information generated by the cookies about the use of this website is transmitted directly to Google servers, possibly in the USA, and stored there. Google is certified under the EU-U.S. Data Privacy Framework. These cookies expire after 30 days and do not serve personal identification. If you visit certain pages of ours and the cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to that page.
Each Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Ads customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
If you do not agree with the placement of advertisements, you can deactivate it:
https://www.google.com/settings/ads/onweb
Further information on Google’s privacy policy and usage information can be found at:
https://policies.google.com/privacy
Further information on the legal frameworks for data transfers can be found at:
https://policies.google.com/privacy/frameworks?hl=de

Shopify Analytics

We use Shopify Analytics on our websites, an analytics tool of Shopify Inc. The responsible company for the European region is Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Shopify Analytics uses so-called “cookies” (see section 7 “Cookies”). The information generated by cookies about the use of these websites is sent to other Shopify locations and to service providers that may be located in other regions, including Canada and the United States. According to Shopify, this is done in compliance with European law. In Europe, personal data collected and sent to Canada are protected by Canadian law. When sending data from Canada to a country outside Canada, the data are, according to Shopify, protected by contractual obligations comparable to standard contractual clauses.
On behalf of the operator of this website, Shopify will use this information to evaluate the use of the websites, to compile reports on website activity and to provide further services associated with website and internet use to the website operator. For example, we can see which products sell within a certain period or the number of visitors to our websites.
Further information on Shopify’s data protection can be found at:
https://www.shopify.de/legal/datenschutz

11. Social media services

We use social media plugins of social networks on our website. This is done on the basis of our legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR to make our website better known. Responsibility for data protection-compliant operation must be ensured by the respective provider.
Normally, when websites are accessed, information is transmitted to the respective servers by the plugins, regardless of whether a button is clicked and regardless of whether the user is registered with the respective social network.

We work with the so-called Shariff solution (“Shariff wrapper”). The social media buttons are inactive, so that no connection to the servers of the respective providers is established when you visit our pages. Only by clicking on the respective social media button is it activated and a connection to the selected network established. In this process, a so-called “cookie” (see section “Cookies” of this Privacy Policy) is set on your computer. The information generated by the cookies about the use of this website, such as IP address, device and location data, is transmitted directly to the provider’s servers, possibly in the USA, and stored there. The provider can use this information for the purpose of advertising, market research and needs-based design of its pages.

If you click on a button and are logged into the corresponding social network, the respective operator can assign the visit to our website directly to your user account. The information is also displayed on your account and there to your contacts. The operator of the social network can use this information for the purpose of advertising, market research and needs-based design of its pages.

If you do not want the respective provider to directly assign the data collected via our website to your user account, you must log out of your respective account before clicking the button.
We point out that, as the operator of the pages, we have no knowledge of the content of the transmitted data or its use by the provider of the social network. You can object to processing by the provider at any time.
Further information on the Shariff solution developed by heise can be found at:
https://www.heise.de/hintergrund/Ein-Shariff-fuer-mehr-Datenschutz-2467514.html

Social networks:

Facebook

We use social media plugins of the social network Facebook, which is operated by Meta Platforms Inc., 1 Meta Way, Menlo Park, CA 94025, USA (“Facebook”), or – if you are based in the EU – Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Meta retains information for as long as it is needed to provide products, fulfil legal obligations or protect its own interests or the interests of others. Meta stores event data for a maximum of two years.
Meta is certified under the EU-U.S. Data Privacy Framework.
Further information on Facebook’s privacy policy can be found at:
https://www.facebook.com/about/privacy/

Instagram

We use social media plugins of the social network Instagram. Instagram services are a product of Meta Platforms Inc., 1 Meta Road, Menlo Park, CA 94025, USA. If you are based in the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is the data controller.
Meta retains information for as long as it is needed to provide products, fulfil legal obligations or protect its own interests or the interests of others. Meta stores event data for a maximum of two years.
Meta is certified under the EU-U.S. Data Privacy Framework.
Further information on Instagram’s privacy policy can be found at:
https://help.instagram.com/155833707900388

We use social media plugins of the social network LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The responsible company for the European region is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
LinkedIn stores data for as long as needed to fulfil the purposes described in the privacy policies.
Further information on LinkedIn’s privacy policy can be found at:
https://www.linkedin.com/legal/privacy-policy

We use social media plugins of the social network Pinterest. Pinterest services are a product of Pinterest Inc., 651 Brannan St., San Francisco, CA 94107, USA. If you are based in the EU, Pinterest Inc. and Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, are jointly responsible for the processing of personal data.
Pinterest stores data for as long as needed to fulfil the purposes described in the privacy policies.
Further information on Pinterest’s privacy policy can be found at:
https://pinterest.com/about/privacy/

XING

We use social media plugins of the social network. Xing services are a product of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Further information on XING’s privacy policy can be found at:
https://www.xing.com/privacy

12. Other online services

On our websites, on the basis of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR or within the scope of our legitimate interest in optimal marketing of our offering pursuant to Art. 6(1) sentence 1 lit. f GDPR, we use online services and advertising tools of the companies listed below. Where required, a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR has been concluded with the service provider used.
You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case not all functions of this website may be fully usable.

Analytics and tracking tool – Google Tag Manager:

Our website uses Google Tag Manager. The responsible company for the European region is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Tag Manager is a tag management system which makes it possible to update tracking codes and related code fragments (“tags”), such as HTML or JavaScript, on the website or mobile app without intervention in the source code. It controls when and which tags are executed on the website. This centrally controls and thereby simplifies the implementation of tracking and/or analytics tools. Google Tag Manager itself does not set cookies and does not store data, but forwards data to the corresponding analytics and/or marketing tool, such as time spent or scrolling behaviour on individual pages, the browser used, the operating system or user actions on individual pages. Cookies are set by the respective analytics tools that are integrated via Google Tag Manager. This may also involve the forwarding of the IP address (in anonymised form). The information is transmitted directly to Google servers, possibly in the USA, and stored there. Google is certified under the EU-U.S. Data Privacy Framework.
We have activated IP anonymisation on this website, so that Google shortens the IP address within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand.
The use of Google Tag Manager is carried out on the basis of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR. For the improvement and further development and to protect the service, Google collects information about which tags have been implemented and in what way. Without your consent, the data are not made accessible for use with other Google products. A data processing agreement with Google pursuant to Art. 28(3) sentence 1 GDPR has been concluded.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
Google stores collected data for different periods of time depending on what data they are, how Google uses them and how users’ settings are configured. Advertising data are anonymised in server logs by Google deleting part of the IP address after 9 months and cookie information after 18 months.
Further information on Google’s privacy policy and usage information can be found at:
https://policies.google.com/privacy
Further information on Google’s data protection can be found at:
https://policies.google.com/privacy/frameworks?hl=de
Further information on Google’s data retention can be found at:
https://policies.google.com/technologies/retention?hl=de

YouTube

We embed online offerings (usually videos) from the platform “YouTube”. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are based in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) is the data controller. The operator of the pages is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
We have activated YouTube’s “enhanced privacy mode”, so that the setting of YouTube cookies is blocked. When you access a page of ours on which a YouTube video is embedded, no connection to YouTube’s servers is yet established. Only with your prior consent pursuant to Art. 6(1) sentence 1 lit. a GDPR does data transfer to Google take place. This may also establish a connection to Google’s “Double Click” network, an advertising tool of Google.
In this context, Google may store cookies on your device, in particular the cookies YSC (session-related identification for creating video statistics), VISITOR_INFO1_LIVE (storage of user settings, term up to 6 months), VISITOR_PRIVACY_METADATA (storage of session and privacy settings) and __Secure-ROLLOUT_TOKEN (unique identifier for statistical evaluation of video views, term up to 180 days).
Data (including your IP address) are transmitted directly to Google servers, possibly in the USA, and stored there. Google can store so-called cookies (see section 7 “Cookies”) for evaluating your user behaviour on your device and assign these data to your user account if you are logged into a Google service. Even if you do not have a customer profile or are not currently logged in, Google may process the received data. If you do not want Google or YouTube to assign the data collected via our site to your user account, you must log out of Google services before visiting our pages.
Google and/or YouTube may use this information, among other things, for the purpose of collecting video statistics and improving user-friendliness. We point out that we have no knowledge of the content of the transmitted data or its use by Google and/or YouTube. You can object to processing by the provider at any time. You can change your privacy settings in YouTube at any time via your Google account. Assistance is available at:
https://support.google.com/youtube/answer/9315727?hl=de
Google LLC is certified under the EU-U.S. Data Privacy Framework.
Google stores collected data for different periods of time depending on what data they are, how Google uses them and how users’ settings are configured. Advertising data are anonymised in server logs by Google deleting part of the IP address after 9 months and cookie information after 18 months.
Further information about Google’s data protection can be found at:
https://policies.google.com/privacy
https://policies.google.com/technologies/retention?hl=de

Review tool

You have the option to submit a review about our service and the products purchased from us. After completion of the contract, you can rate the transaction and, if applicable, comment on it. For this we work with a third-party provider. This may involve the transmission of personal data such as name, email address, invoice number and the review. The IP address may also be disclosed. The use of a review system serves the purpose of optimising our service and gaining customer trust.
To inform you of this opportunity, you may be contacted by us or by the provider – subject to your prior consent – in the course of purchase processing in the interest of a reputable review.
Data received by the provider as part of a review invitation on our behalf are automatically deleted after no later than 90 days.

Provider:
Geprüfter Webshop
We use the review tool of Tisko Consulting GmbH, Hertzstr. 15, 53881 Euskirchen, Germany.
Further information about data protection at Tisko Consulting GmbH can be found at:
https://www.gepruefter-webshop.de/datenschutz/

Quality seal “Geprüfter Webshop”

The “Geprüfter Webshop” seal is integrated on our website. The seal and the services advertised with it are an offering of Tisko Consulting GmbH, Hertzstr. 15, 53881 Euskirchen. When calling up the seal, the web server automatically stores a so-called server log file which contains, for example, your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. These access data are not evaluated and are automatically deleted no later than 30 days after the end of your page visit.
Further information about data protection at Tisko Consulting GmbH can be found at:
https://www.gepruefter-webshop.de/datenschutz/

Cookie Consent Management Tool

We use a Cookie Consent Management Tool on our website to obtain, document, and manage user consent for the use of personal data for analytics and marketing purposes in compliance with applicable data protection laws. By using a Cookie Consent Management Tool, technically non-essential cookies are only set after the user has provided the appropriate active consent. Accordingly, personal data may only be processed for analytics and advertising purposes once consent has been granted. Consent may be refused and, if granted, may be withdrawn at any time with future effect.

Records of consent, refusal, or withdrawal may be stored for up to two years. For further information, please refer to the privacy policy of the respective provider.

Where the provider transfers data to servers located in third countries, such transfers are generally based on an adequacy decision of the European Commission. Where data is transferred to a third country for which no adequacy decision exists, such as the United States, the transfer is based, among other safeguards, on the Standard Contractual Clauses available at the following link, which serve as appropriate safeguards for the protection of personal data:

https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de

A data processing agreement pursuant to Art. 28 para. 3 sentence 1 GDPR has been concluded with the provider. The use of a Cookie Consent Management Tool and the associated data processing are carried out in fulfillment of a legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR.

Online chat

The customer has the option to contact us via the online chat offered on our website. An online chat can be carried out either within the framework of a chatbot – a virtual communication robot – or via communication with a support employee.
The use of an online chat enables us to process customer concerns quickly and in a service-oriented manner. The legal basis for the use of the online chat is Art. 6(1) lit. a GDPR. By using the online chat and/or using a chatbot, cookies may be set on the device, for example to recognise whether a user has already seen or closed a message. When using a chatbot, personal data may be transmitted to the provider of the chatbot, such as IP address, location data or access data. The provider may use these data to place targeted advertising. The content of the conversation with the user is stored for a maximum of 2 years. The user has the option at any time to permanently and completely delete the conversation.

Provider:
Molin AI
We use an AI-supported chat and communication system from Molin AI Ltd., 124 City Road, London, EC1V 2NX, England, on our website. The system is used for processing contact enquiries as well as pre-contractual and contractual communication with users.

Type of data processed
When using the chat system, personal data are processed which users themselves enter in the chat (e.g. name, email address, message content). In addition, technical metadata are processed, in particular session information, time of enquiry as well as device- and browser-related information.

Legal basis
Processing is carried out on the basis of Art. 6(1) lit. a GDPR (consent via the consent tool) as well as Art. 6(1) lit. b GDPR (carrying out pre-contractual measures and/or contract performance).

Processing on behalf
Molin AI processes personal data on our behalf as a processor. A data processing agreement (DPA) has been concluded for this purpose. Processing is carried out exclusively in accordance with our instructions within the meaning of Art. 28 GDPR.

Use of AI
The chat system may use AI-supported functions for generating suggested answers and for supporting communication. No exclusively automated decision-making with legal or similarly significant effect takes place.

Cookies and local storage technologies
As part of the use of the chat widget, Molin AI sets cookies as well as local storage technologies (local storage) in the users’ browsers. These serve in particular the technical provision of the chat system, session administration and – depending on configuration – analysis of user behaviour (e.g. pseudonymous identifiers, status of the chat window).
The use of these technologies is carried out exclusively on the basis of your consent via the consent tool.

Storage period / deletion
The communication content generated in the course of using the chat system is stored in accordance with the configuration. According to the provider, the standard storage period for this is up to 2 years; shorter storage periods can be configured on an account basis.
Technical log data (e.g. IP address, session and application logs) are stored for 30 days according to the provider. Database backups are retained for 90 days according to the provider and then automatically deleted.

Transfer of data to third countries
A transfer of personal data to server locations outside the European Union, in particular to the United Kingdom and the USA, cannot be ruled out in the context of using Molin AI and any sub-service providers used. Corresponding transfers take place on the basis of the data protection mechanisms provided by the provider (e.g. standard contractual clauses).
Further information on Molin AI’s privacy policy can be found at: https://docs.molin.ai/legal/privacy-policy

13. Data subject rights

You have the right:

pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data insofar as these were not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
pursuant to Art. 16 GDPR to request immediate rectification of inaccurate personal data or completion of your personal data stored by us;
pursuant to Art. 17 GDPR to request erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
pursuant to Art. 18 GDPR to request restriction of processing of your personal data, insofar as the accuracy of the data is disputed by you, processing is unlawful but you oppose erasure, we no longer need the data but you require them for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
pursuant to Art. 7(3) GDPR to withdraw your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future; and
pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data is unlawful. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office.

14. Right to object

IF YOUR PERSONAL DATA ARE PROCESSED ON THE BASIS OF OUR LEGITIMATE INTERESTS PURSUANT TO ART. 6(1) SENTENCE 1 LIT. F GDPR, YOU HAVE THE RIGHT PURSUANT TO ART. 21(1) GDPR TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA, INSOFAR AS THERE ARE GROUNDS FOR THIS ARISING FROM YOUR PARTICULAR SITUATION. AS A RESULT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
YOU MAY ALSO OBJECT PURSUANT TO ART. 21(2) GDPR TO THE PROCESSING OF PERSONAL DATA BY US WHICH ARE PROCESSED PURSUANT TO ART. 6(1) SENTENCE 1 LIT. F GDPR FOR THE PURPOSE OF DIRECT MARKETING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING.
IF YOU WISH TO EXERCISE YOUR RIGHT OF WITHDRAWAL OR OBJECTION, IT IS SUFFICIENT TO SEND AN EMAIL TO THE EMAIL ADDRESS STATED IN THE LEGAL NOTICE.

15. Data security

During your visit to the website, we use the widely used SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
In addition, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

16. Validity and amendment of this Privacy Policy

This Privacy Policy is currently valid.
Due to the further development of our website and offers or due to changed legal or official requirements, it may be necessary to amend this Privacy Policy. The current Privacy Policy can be accessed and printed at any time on this website.
This Privacy Policy was created by the contract lawyers of TISKO Consulting GmbH (www.Gepruefter-Webshop.de) and is protected by copyright. Any further use beyond the contractual agreement or copying and unauthorised use of the texts is not permitted and constitutes a copyright infringement which will be prosecuted by law.

Design from the Westerwald

Regionally rooted, in demand worldwide.

Useful gadgets & gifts

Practical, original, unmistakably TROIKA.

Personal service

Reliable, fast and always there for you.