Privacy policy

1) Introduction and Contact Details of the Data Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data means all data by which you can be personally identified.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Omar Ghafur
ONIK Gentlemen
Berner Heerweg 348A
22159 Hamburg
Germany

Phone: +49 179 4168142
Email: omar-ghafur@hotmail.de

The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1

When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called “server log files”).

When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data transmitted in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (where applicable, in anonymized form)

Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

The data will not be passed on or otherwise used. However, we reserve the right to subsequently review the server log files if there are concrete indications of unlawful use.

2.2

For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries sent to the controller), this website uses SSL or TLS encryption.

You can recognize an encrypted connection by the character string “https://” and the padlock symbol in your browser's address bar.

3) Hosting & Content Delivery Network

3.1 Shopify

For the hosting of our website and the display of page content, we use the system of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland ("Shopify")

Data is also transferred to:

Shopify Inc.
150 Elgin Street
Ottawa, ON K2P 1L4
Canada

All data collected on our website is processed on the provider's servers. We have concluded a Data Processing Agreement (DPA) with the provider, ensuring the protection of our website visitors' data and prohibiting any unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a Content Delivery Network (CDN) provided by:

Cloudflare Inc.
101 Townsend Street
San Francisco, CA 94107
United States

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly through a network of regionally distributed servers.

The processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

We have concluded a Data Processing Agreement (DPA) with the provider, ensuring the protection of our website visitors' data and prohibiting any unauthorized disclosure to third parties.

For transfers of data to the United States, the provider has joined the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device.

Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.

If personal data is processed through individual cookies used by us, such processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of a contract, in accordance with Article 6(1)(a) GDPR where consent has been given, or in accordance with Article 6(1)(f) GDPR for the purposes of our legitimate interests in ensuring the best possible functionality of the website and a customer-friendly and effective website experience.

You may configure your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

When you contact us (e.g. via contact form or email), personal data will be processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) GDPR. If your inquiry is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

Your data will be deleted once the circumstances indicate that the matter in question has been conclusively resolved and provided that no statutory retention obligations prevent such deletion.

6) Data Processing When Opening a Customer Account

In accordance with Article 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide such data when opening a customer account.

The data required for account registration can be found in the input form of the respective registration form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the controller.

After deletion of your customer account, your data will be deleted, provided that all contracts concluded through the account have been fully performed, no statutory retention periods prevent deletion, and we have no legitimate interest in continuing to store the data.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers.

The only mandatory information required for receiving the newsletter is your email address. Providing additional information is voluntary and is used to address you personally.

For sending newsletters, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters after you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR.

The data collected by us when you register for the newsletter is used strictly for the intended purpose.

You may unsubscribe from the newsletter at any time using the designated link included in the newsletter or by sending a corresponding message to the controller named above.

After you unsubscribe, your email address will be removed from our newsletter mailing list without undue delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this scope where legally permitted and about which we inform you in this privacy policy.

7.2 Shopify Email

Our email newsletters are sent via the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data is also transferred to:

Shopify Inc.
150 Elgin Street
Ottawa, ON K2P 1L4
Canada

Based on our legitimate interest in effective and user-friendly newsletter marketing pursuant to Article 6(1)(f) GDPR, we transfer the data you provide when subscribing to the newsletter to this provider so that it can send the newsletter on our behalf.

Subject to your express consent pursuant to Article 6(1)(a) GDPR, the provider also performs statistical analyses of newsletter campaigns using web beacons or tracking pixels embedded in the emails sent. These technologies may measure open rates and specific interactions with newsletter content.

In this context, device information (such as the time of access, IP address, browser type, and operating system) may also be collected and analyzed but will not be combined with other datasets.

You may withdraw your consent to newsletter tracking at any time with effect for the future.

We have concluded a Data Processing Agreement (DPA) with the provider, which protects the data of our website visitors and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

7.3 SMS Marketing

On our website, you have the option to subscribe to SMS notifications regarding current offers, promotions, and information about orders you have placed.

The only mandatory information required for sending SMS notifications is your mobile phone number. Providing additional information is voluntary and may be used to address you personally.

For the sending of SMS messages, we use the so-called double opt-in procedure, which ensures that promotional SMS messages are only sent to you after you have expressly confirmed your consent to receive SMS communications by activating a verification link sent to the mobile phone number provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR.

When registering for SMS notifications, the date and time of registration are also stored in order to be able to trace any possible misuse of your mobile phone number at a later date. The data collected during registration is used exclusively for the purpose of promotional communication via SMS messages.

You may unsubscribe from SMS notifications at any time by sending a corresponding message to the controller named above, thereby withdrawing your consent with future effect.

Following unsubscription, your mobile phone number will be removed from the distribution list without undue delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this scope where legally permitted and about which we inform you in this privacy policy.

7.4 Product Availability Notifications by Email

For items that are temporarily unavailable, you may subscribe to email notifications regarding product availability.

In this case, we will send you a one-time email notification informing you of the availability of the specific item you selected.

The only mandatory information required for receiving this notification is your email address. Providing additional information is voluntary and may be used to address you personally.

For sending such notifications, we use the so-called double opt-in procedure, which ensures that you will only receive a notification after you have expressly confirmed your consent by activating a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR.

The data collected when subscribing to our product availability notification service is used strictly for the intended purpose.

You may unsubscribe from availability notifications at any time by sending a corresponding message to the controller named above.

Following unsubscription, your email address will be removed from the distribution list established for this purpose without undue delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this scope where legally permitted and about which we inform you in this privacy policy.

7.5 Shopping Cart Reminder Emails

If you abandon your purchase before completing your order, you have the option of receiving a one-time email reminder regarding the contents of your virtual shopping cart.

The only mandatory information required for sending this reminder is your email address. Providing additional information is voluntary and may be used to address you personally.

For sending such emails, we use the so-called double opt-in procedure, which ensures that you will only receive a notification after you have expressly confirmed your consent by activating a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR for the purpose of sending shopping cart reminder emails.

In this context, we store the IP address assigned by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected when registering for our email notification service is used strictly for the intended purpose.

You may unsubscribe from shopping cart reminder emails at any time by sending a corresponding message to the controller named above.

8) Data Processing for Order Fulfilment

8.1

To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned financial institution in accordance with Article 6(1)(b) GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact details you provided when placing your order in order to personally inform you, within the framework of our statutory information obligations pursuant to Article 6(1)(c) GDPR.

Your contact details are used strictly for the purpose of providing notifications regarding updates owed by us and are processed only to the extent necessary for the respective information.

For the processing of your order, we also work together with the following service provider(s), who support us wholly or partly in the performance of concluded contracts.

Certain personal data is transferred to these service providers in accordance with the following information.

8.2 Transfer of Personal Data to Shipping Service Providers

-DHL

We use the following provider as our shipping service provider:

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

Prior to the delivery of the goods, we will provide your email address and/or telephone number to the provider in accordance with Article 6(1)(a) GDPR for the purpose of coordinating a delivery date or announcing the delivery, provided that you have given your express consent during the ordering process.

Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Article 6(1)(b) GDPR.

The transfer of data is limited to what is necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification by the provider is not possible.

Consent may be revoked at any time with future effect by contacting either the controller identified above or the provider.

-DHL Express

We use the following provider as our shipping service provider:

DHL Express Germany GmbH
Heinrich-Brüning-Str. 5
53113 Bonn
Germany

Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Article 6(1)(b) GDPR.

The transfer of data is limited to what is necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification by the provider is not possible.

Consent may be revoked at any time with future effect by contacting either the controller identified above or the provider.

-DHL Austria

We use the following provider as our shipping service provider:

DHL Paket (Austria) GmbH
Campus 21
Liebermannstrasse F08/401
2345 Brunn am Gebirge
Austria

Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Article 6(1)(b) GDPR.

The transfer of data is limited to what is necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification by the provider is not possible.

Consent may be revoked at any time with future effect by contacting either the controller identified above or the provider.

-UPS

We use the following provider as our shipping service provider:

United Parcel Service Deutschland Inc. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to the provider in accordance with Article 6(1)(b) GDPR.

The transfer of data is limited to what is necessary for the delivery of the goods. In this case, prior coordination of the delivery date or delivery notification by the provider is not possible.

Consent may be revoked at any time with future effect by contacting either the controller identified above or the provider.

8.3 Use of Payment Service Providers (Payment Services)

-Apple Pay

If you choose the payment method "Apple Pay" provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the Apple Pay function of your device running iOS, watchOS, or macOS by charging a payment card stored in Apple Pay.

Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you are required to enter a code previously defined by you and verify your identity using the Face ID or Touch ID function of your device.

For the purpose of payment processing, the information you provide during the ordering process, together with information relating to your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data using a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay for payment execution.

This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been completed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website in order to confirm successful payment.

Where personal data is processed in connection with the transfers described above, such processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and information on whether the transaction was successfully completed. Due to anonymization, any personal reference is completely excluded. Apple uses anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that was initiated through Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel through Apple servers. Apple does not process or store any of this information in a format that can identify you personally.

You can disable the ability to use Apple Pay on your Mac through your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."

Further information about data protection in connection with Apple Pay can be found at the following website:

https://support.apple.com/en-us/HT203027

-Google Pay

If you choose the payment method "Google Pay" provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google"), payment processing will be carried out via the Google Pay application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality, by charging a payment card stored in Google Pay or a payment system verified therein (e.g. PayPal).

To authorize a payment via Google Pay exceeding EUR 25.00, your mobile device must first be unlocked using the verification method configured on your device (such as facial recognition, password, fingerprint, or pattern lock).

For the purpose of payment processing, the information provided during the ordering process, together with information about your order, will be transmitted to Google. Google then transmits the payment information stored in Google Pay to the originating website in the form of a unique transaction number, which is used to verify that a payment has been completed.

This transaction number contains no information about the actual payment data of the payment methods stored in Google Pay. Instead, it is created and transmitted as a one-time valid numerical token.

For all transactions made via Google Pay, Google acts solely as an intermediary for processing the payment transaction. The actual transaction is carried out exclusively between the user and the originating website through the charging of the payment method stored in Google Pay.

Where personal data is processed as part of the transfers described above, such processing is carried out exclusively for payment processing purposes in accordance with Article 6(1)(b) GDPR.

Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction carried out via Google Pay. This may include:

Date, time, and amount of the transaction
Merchant location and description
Description of purchased goods or services provided by the merchant
Photos attached to the transaction
Name and email address of the seller and buyer or sender and recipient
Payment method used
Your description of the reason for the transaction
Any offer associated with the transaction

According to Google, this processing is carried out exclusively pursuant to Article 6(1)(f) GDPR based on its legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google also reserves the right to combine processed transaction data with other information collected and stored when using other Google services.

The Google Pay Terms of Service can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en

Further information regarding data protection in connection with Google Pay can be found at:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

-Klarna

One or more online payment methods from the following provider are available on this website:

Klarna Bank AB
Sveavägen 46
111 34 Stockholm
Sweden

If you select a payment method offered by the provider under which you make advance payment (such as credit card payment), the payment data provided during the ordering process (including name, address, banking and payment card information, currency, and transaction number) as well as information regarding the contents of your order will be transferred to the provider in accordance with Article 6(1)(b) GDPR.

In this case, your data will be transferred exclusively for the purpose of payment processing and only to the extent necessary for this purpose.

If you select a payment method under which the provider extends credit (such as purchase on account, installment payments, or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, where applicable, information about an alternative payment method).

In order to safeguard our legitimate interest in assessing the creditworthiness of our customers, this data is transmitted to the provider for the purpose of a credit check in accordance with Article 6(1)(f) GDPR.

Based on the personal data you provide and additional information (such as shopping cart contents, invoice amount, order history, and payment experience), the provider assesses whether the payment option selected by you can be granted with regard to payment and default risks.

In addition to provider-internal criteria, identity and creditworthiness information from the following credit agencies may also be included in the assessment process pursuant to Article 6(1)(f) GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit assessment, they are based on a scientifically recognized mathematical-statistical procedure. Address data may be included in the calculation of score values, among other factors.

You may object to this processing of your data at any time by notifying us or the provider. However, the provider may still be entitled to process your personal data where such processing is necessary for contractual payment processing.

-PayPal

One or more online payment methods from the following provider are available on this website:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg

If you select a payment method offered by the provider under which you make advance payment, the payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information regarding the contents of your order will be transferred to the provider in accordance with Article 6(1)(b) GDPR.

In this case, your data will be transferred exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method under which we extend credit, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, where applicable, information about an alternative payment method).

In order to safeguard our legitimate interest in assessing your creditworthiness in such cases, this data is transmitted to the provider for the purpose of a credit check in accordance with Article 6(1)(f) GDPR.

The credit assessment may contain probability values (so-called score values). Where score values are included in the result of the credit assessment, they are based on a scientifically recognized mathematical-statistical procedure. Address data may be included in the calculation of score values, among other factors.

-Shopify Payments

One or more online payment methods from the following provider are available on this website:

Shopify International Limited
Victoria Buildings
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

If you select a payment method offered by the provider under which you make advance payment (such as credit card payment), the payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information regarding the contents of your order will be transferred to the provider in accordance with Article 6(1)(b) GDPR.

The transfer of your data takes place exclusively for the purpose of payment processing and only to the extent necessary for this purpose.

-Sofortüberweisung

One or more online payment methods from the following provider are available on this website:

Klarna Bank AB (publ)
Sveavägen 46
111 34 Stockholm
Sweden

If you select a payment method offered by the provider under which you make advance payment (such as credit card payment), the payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information regarding the contents of your order will be transferred to the provider in accordance with Article 6(1)(b) GDPR.

The transfer of your data takes place exclusively for the purpose of payment processing and only to the extent necessary for this purpose.

9) Web Analytics Services

9.1 Microsoft Clarity

This website uses the web analytics service provided by:

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
United States

Using cookies and/or comparable technologies (tracking pixels, web beacons, and algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used, such as IP addresses and browser information. This data is used for statistical analyses of user behavior on our website and for the creation of pseudonymized user profiles.

Among other things, this enables the analysis of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks, and mouse-overs).

Pseudonymization generally prevents direct identification of individuals. No merging of this data with other personally identifiable information collected by other means takes place.

All processing activities described above, in particular the reading or storage of information on the device used, are only carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR.

You may withdraw your consent at any time with future effect by disabling this service via the cookie consent tool provided on the website.

We have concluded a Data Processing Agreement (DPA) with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

9.2 Shopify Analytics

This website uses the web analytics service provided by:

Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data is also transferred to:

Shopify Inc.
150 Elgin Street
Ottawa, ON K2P 1L4
Canada

Pseudonymization generally prevents direct identification of individuals. No merging of this data with other personally identifiable information collected by other means takes place.

You may withdraw your consent at any time with future effect by disabling this service via the cookie consent tool provided on the website.

We have concluded a Data Processing Agreement (DPA) with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

10) Retargeting / Remarketing and Conversion Tracking

Meta Pixel

Within our online offering, we use the "Meta Pixel" service provided by:

Meta Platforms Ireland Limited
4 Grand Canal Square
Dublin 2
Ireland ("Meta")

When a user clicks on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using Meta Pixel. Following the redirection, this URL parameter is stored in the user's browser by means of a cookie set by our linked website.

On the one hand, this enables Meta to identify visitors to our online offering as a target audience for displaying advertisements ("Ads"). Accordingly, we use the service to display Facebook and/or Instagram advertisements only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products determined on the basis of websites visited) that we transmit to Meta (so-called "Custom Audiences").

On the other hand, Meta Pixel enables us to track whether users have been redirected to our website after clicking on an advertisement and which actions they perform on our website (so-called "conversion tracking").

The collected data is anonymous to us and therefore does not allow us to draw conclusions about the identity of users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta may use the data for its own advertising purposes.

All processing activities described above, in particular the setting of cookies for reading information on the device used, are only carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR.

You may withdraw your consent at any time with future effect by disabling this service via the cookie consent tool provided on the website.

We have concluded a Data Processing Agreement (DPA) with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is generally transmitted to and stored on Meta servers. In this context, data may also be transferred to servers of Meta Platforms Inc. in the United States.

11) Website Functionalities

Instagram Plugins

Our website uses plugins from the social network operated by:

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

These plugins enable direct interaction with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using the so-called "2-click" or "Shariff" solution.

This integration ensures that when a page of our website containing such plugins is accessed, no connection to the provider's servers is established initially.

Only when you activate the plugins and thereby provide your consent to the data transfer in accordance with Article 6(1)(a) GDPR will your browser establish a direct connection to the provider's servers.

In this process, regardless of whether you are logged into an existing user profile, certain information about your device (including your IP address), your browser, and your browsing history will be transmitted to the provider and may be further processed there.

If you are logged into an existing user profile on the provider's social network, information about interactions performed via the plugins will also be published there and displayed to your contacts.

You may withdraw your consent at any time by deactivating the activated plugin through another click. However, the withdrawal does not affect data that has already been transferred to the provider.

Data may also be transferred to:

Meta Platforms Inc.
United States

We have concluded a Data Processing Agreement (DPA) with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

12) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called "cookie consent tool" to obtain valid user consent for cookies and cookie-based applications that require consent.

The cookie consent tool is displayed to users upon visiting the website in the form of an interactive user interface, through which consent for specific cookies and/or cookie-based applications can be granted by selecting corresponding checkboxes.

By using this tool, all cookies and services requiring consent are only loaded if the respective user has granted the corresponding consent by selecting the appropriate checkbox. This ensures that such cookies are only set on the user's device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, such processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management and thus in a legally compliant design of our website.

An additional legal basis for processing is Article 6(1)(c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user's consent.

Where required, we have concluded a Data Processing Agreement (DPA) with the provider, ensuring the protection of our website visitors' data and prohibiting unauthorized disclosure to third parties.

Further information about the operator and the configuration options of the cookie consent tool can be found directly within the respective user interface on our website.

13) Rights of the Data Subject

13.1

Under applicable data protection law, you have the following rights as a data subject with regard to the processing of your personal data by the controller. The respective legal basis for exercising these rights is indicated below:

Right of access pursuant to Article 15 GDPR
Right to rectification pursuant to Article 16 GDPR
Right to erasure pursuant to Article 17 GDPR
Right to restriction of processing pursuant to Article 18 GDPR
Right to notification pursuant to Article 19 GDPR
Right to data portability pursuant to Article 20 GDPR
Right to withdraw consent pursuant to Article 7(3) GDPR
Right to lodge a complaint pursuant to Article 77 GDPR

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME WITH FUTURE EFFECT ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING.

YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

14) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – the relevant statutory retention period (e.g. retention periods under commercial and tax law).

Where personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) GDPR, such data will be stored until you withdraw your consent.

If statutory retention periods exist for data processed within the framework of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) GDPR, such data will be routinely deleted after the retention periods have expired, provided that the data is no longer required for the performance or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.

Where personal data is processed on the basis of Article 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

Where personal data is processed for direct marketing purposes on the basis of Article 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Article 21(2) GDPR.

Unless otherwise stated in the other provisions of this Privacy Policy regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Version dated: 03 June 2026, 12:38:15