Privacy Policy

1) Introduction and contact information for the data controller

1.1We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to any information that can be used to identify you personally.

1.2The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is True Organic Cosmetics KG, Schlösselgasse 17/2, 1080 Vienna, Austria, Tel.: +43 676 67 38 254, Email: office@trueorganiccosmetics.at. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when you visit our website

2.1When you use our website for informational purposes only—that is, if you do not register or otherwise provide us with information—we collect only the data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

The website we visited
Date and time of access
Amount of data sent in bytes
Source/link that brought you to this page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2For security reasons and to protect the transmission of personal data and other confidential information (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock icon in your browser address bar.

3) Hosting & Content Delivery Network

3.1Shopify

We use the system provided by the following provider to host our website and display its content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits its unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

3.2Cloudflare

We use a content delivery network provided by the following company: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA

This service enables us to deliver large media files, such as graphics, page content, or scripts, more quickly via a network of regionally distributed servers. This processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) of the GDPR. We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the United States, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

3.3imgix

We use a content delivery network provided by the following company: Zebrafish Labs Inc., 423 Tehama St., San Francisco, CA 94103, USA

4) Cookies

To make your visit to our website more enjoyable and to enable the use of certain features, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

If personal data is processed through individual cookies we use, such processing is carried out in accordance with Article 6(1)(b) of the GDPR for the purpose of performing the contract, pursuant to Article 6(1)(a) of the GDPR in the event that consent has been given, or pursuant to Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website as well as a user-friendly and effective design of the site visit.

You can configure your browser to notify you when cookies are set, allowing you to decide on a case-by-case basis whether to accept them, or to block cookies in specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Getting in touch

5.1Judge.me

We use the services of the following provider for review reminders: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom

We will only share your email address and, if applicable, other customer data with the provider—based solely on your explicit consent in accordance with Article 6(1)(a) of the GDPR—so that the provider can contact you via email with a reminder to leave a review.

You may withdraw your consent at any time, effective for the future, by notifying us or the provider.

We have entered into a data processing agreement with the service provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

5.2When you contact us (e.g., via the contact form or email), we process your personal data solely for the purpose of handling and responding to your inquiry, and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively resolved and provided that no statutory retention obligations preclude this.

6) Data processing when opening a customer account

In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account by referring to the input fields on the relevant form on our website.

You may delete your customer account at any time by sending a message to the contact address of the data controller listed above. Once your customer account has been deleted, your data will be deleted provided that all contracts concluded in connection with it have been fully fulfilled, there are no legal retention periods that prevent this, and we no longer have a legitimate interest in continuing to store the data.

7) Use of customer data for direct marketing

7.1Subscription to our email newsletter

When you subscribe to our email newsletter, we will send you regular updates about our offers. The only required information for receiving the newsletter is your email address. Providing additional information is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter, which ensures that you will only receive the newsletter once you have explicitly confirmed your consent to receive it by clicking on a verification link sent to the email address you provided.

By clicking the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) of the GDPR. In doing so, we store your IP address as provided by your Internet Service Provider (ISP), as well as the date and time of registration, so that we can trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time by clicking the link provided in the newsletter or by sending a message to the contact person listed at the beginning of this notice. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

7.2Omnisend

Our email newsletters are sent via this provider: Soundest Ltd., Unit a3, Gateway Tower, 32 Western Gateway, London E16 1YL, England

Based on our legitimate interest in effective and user-friendly newsletter marketing, we share the data you provide when subscribing to the newsletter with this provider in accordance with Article 6(1)(f) of the GDPR so that the provider can send out the newsletter on our behalf.

Subject to your express consent pursuant to Article 6(1)(a) of the GDPR, the provider also conducts a statistical analysis of the effectiveness of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the newsletter’s content. In doing so, device information (e.g., time of access, IP address, browser type, and operating system) is also collected and analyzed, but not combined with other data sets.
You may revoke your consent to newsletter tracking at any time with future effect.

We have entered into a data processing agreement with the provider that protects the data of our website visitors and prohibits the disclosure of such data to third parties.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

7.3Shopping Cart Reminders via Email

If you abandon your shopping session before completing your order, you have the option to request a one-time email reminder of the contents of your virtual shopping cart.

The only required information for sending this reminder is your email address. Providing additional information is voluntary and may be used to address you personally. For email communications, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have explicitly confirmed your consent by clicking on a verification link sent to the email address you provided.

By clicking the confirmation link, you give us your consent to process your personal data in accordance with Article 6(1)(a) of the GDPR for the purpose of sending you a shopping cart reminder. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data we collect when you register for our email notification service is used strictly for the intended purpose.

You can unsubscribe from shopping cart reminders at any time by sending a message to the contact person listed above. Once you have unsubscribed, your email address will be immediately removed from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

8) Data processing for order fulfillment

8.1To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data we collect will be disclosed to the contracted shipping company and the contracted financial institution in accordance with Article 6(1)(b) of the GDPR.

If we are obligated to provide you with updates for goods containing digital elements or for digital products based on a relevant contract, we will process the contact information you provided when placing your order in order to personally notify you in accordance with our legal obligations under Article 6(1)(c) of the GDPR. Your contact details will be used strictly for the specific purpose of communicating updates we are obligated to provide and will be processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who assist us, either fully or partially, in fulfilling the contracts we have entered into. Certain personal data is shared with these service providers in accordance with the information provided below.

8.2Disclosure of Personal Data to Shipping Service Providers

- Austrian Post

As a shipping service provider, we use the following carrier: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria

We will share your email address and/or phone number with the provider prior to shipping the goods, in accordance with Article 6(1)(a) of the GDPR, for the purpose of scheduling a delivery date or notifying you of the delivery, provided that you have given your explicit consent to this during the ordering process. Otherwise, for the purpose of delivery in accordance with Article 6(1)(b) of the GDPR, we will only disclose the recipient’s name and the delivery address to the provider. This disclosure is made only to the extent necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider in advance or to provide a delivery notification.

Consent may be revoked at any time, with future effect, by notifying the data controller named above or the provider.

8.3Use of Payment Service Providers (Payment Services)

- Apple Pay

If you choose the “Apple Pay” payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” feature on your iOS, watchOS, or macOS device by charging a payment card stored in “Apple Pay.” Apple Pay uses security features built into your device’s hardware and software to protect your transactions. To authorize a payment, you must enter a code you have previously set and verify your identity using your device’s “Face ID” or “Touch ID” feature.

For the purpose of processing your payment, the information you provide during the ordering process, along with details about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data using a developer-specific key before transmitting it to the payment service provider associated with the payment card stored in Apple Pay to complete the transaction. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the successful payment.

If personal data is processed in connection with the transfers described above, such processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was completed successfully. This anonymization process completely eliminates any link to an individual. Apple uses this anonymized data to improve “Apple Pay” and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you initiated in Safari on your Mac, your Mac and the authorizing device communicate via an encrypted channel through Apple’s servers. Apple does not process or store any of this information in a format that could be used to identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone’s Settings. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac."

For more information about Apple Pay's privacy policy, please visit the following website: https://support.apple.com/de-de/HT203027
- Google Pay

If you choose the “Google Pay” payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing will take place via the “Google Pay” application on your mobile device—which must be running at least Android 4.4 (“KitKat”) and have NFC functionality—by charging a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, you must first unlock your mobile device using the verification method set up on your device (such as facial recognition, password, fingerprint, or pattern).

For the purpose of processing payments, the information you provide during the ordering process, along with details about your order, is shared with Google. Google then transmits your payment information stored in Google Pay to the originating website in the form of a one-time transaction number, which is used to verify that the payment has been made. This transaction number contains no information regarding the actual payment details of the payment method stored in Google Pay; rather, it is generated and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google acts solely as an intermediary for processing the payment transaction. The transaction is executed exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

Google reserves the right to collect, store, and analyze certain transaction-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction; the merchant’s location and description; a description of the goods or services purchased provided by the merchant; photos you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) of the GDPR, based on the legitimate interest in proper accounting, the verification of transaction data, and the optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the transaction data it processes with additional information that Google collects and stores when you use other Google services.

You can find the Google Pay Terms of Service here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
For more information about Google Pay's privacy policy, please visit the following website:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna

This website offers one or more online payment methods from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method offered by the provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be shared with the provider in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method that requires the seller to pay in advance (such as purchase on account, installment plan, or direct debit), you will also be asked during the ordering process to provide certain personal information (first and last name, street, house number, ZIP code, city, date of birth, email address, phone number, and, if applicable, details for an alternative payment method).

To safeguard our legitimate interest in assessing our customers’ creditworthiness, we will forward this data to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of conducting a credit check. Based on the personal data you have provided, as well as additional data (such as shopping cart contents, invoice amount, order history, and payment history), the provider assesses whether the payment method you have selected can be granted in light of payment and/or credit default risks.

In addition to the provider’s internal criteria under Article 6(1)(f) of the GDPR, identity and creditworthiness information from the following credit reporting agencies may also be taken into account when making a decision during the application review process:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). To the extent that score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values takes into account, among other things, but not exclusively, address data.

You may object to this processing of your data at any time by contacting us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
- PayPal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method offered by the provider that requires you to pay in advance, your payment details provided during the ordering process (including your name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be shared with the provider in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method that requires us to pay in advance, you will also be asked during the ordering process to provide certain personal information (first and last name, street, house number, ZIP code, city, date of birth, email address, phone number, and, if applicable, details for an alternative payment method).

In such cases, to safeguard our legitimate interest in assessing your creditworthiness, we will forward this data to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of conducting a credit check. Based on the personal data you have provided as well as additional data (such as shopping cart, invoice amount, order history, payment history), the provider will assess whether the payment method you have selected can be granted in light of payment and/or credit default risks.

This website offers one or more online payment methods from the following provider: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

9) Web analytics services

9.1Google Tag Manager

This website uses “Google Tag Manager,” a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

Google Tag Manager provides a technical framework for bundling various web applications—including tracking and analytics services—and for configuring, controlling, and conditioning them through a unified user interface. Google Tag Manager itself does not store any information on users’ devices or read such information. Nor does the service perform any independent data analysis. However, when a page is loaded, Google Tag Manager transmits your IP address to Google, where it may be stored. Transmission to servers operated by Google LLC in the United States is also possible.

This processing will only take place if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. Without this consent, Google Tag Manager will not be used during your visit to the site. You may revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service using the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the service provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

For more legal information about Google Tag Manager, visit https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de

9.2Shopify Analytics

This website uses the web analytics service provided by the following company: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used—such as the IP address and browser information—in order to analyze usage behavior on our website and create pseudonymized user profiles. Among other things, this enables the analysis of movement patterns (so-called heatmaps), which show the duration of page visits as well as interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally precludes direct personal identification. There is no merging with personally identifiable data collected in other ways.

All processing described above, in particular the reading or storage of information on the device you are using, will only take place if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider that protects the data of our website visitors and prohibits the disclosure of such data to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

9.3Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables us to analyze how you use our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are small text files stored on your device and used to collect certain information. This information includes your IP address, although Google truncates the last few digits to prevent direct identification of individuals.

The information is transmitted to Google's servers and processed there. This may also involve transfers to Google LLC, which is based in the United States.

Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics and truncated is not combined with other data from Google. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the placement of cookies on the device you are using, takes place only if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You may revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service using the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

For more legal information about Google Analytics 4, visit https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic Features
Google Analytics 4 uses the special “demographic features” function and can generate statistics that provide insights into the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be attributed to any specific individual and is deleted after being stored for a period of two months.

Google Signals
As an extension of Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google Account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyze your usage behavior across devices and create database models, including those related to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the "Personalized ads" feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de
For more information about Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension of Google Analytics 4, the "UserIDs" feature can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Article 6(1)(a) of the GDPR, have created an account on this website, and sign in to that account on different devices, your activities—including conversions—can be analyzed across devices.

10) Retargeting/Remarketing and Conversion Tracking

10.1Meta Pixel

Within our online platform, we use the "Meta Pixel" service provided by the following company: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")

When a user clicks on an ad we’ve posted on Facebook and/or Instagram, “Meta Pixel” adds a parameter to the URL of our linked page. After the user is redirected, this URL parameter is then stored in the user’s browser via a cookie set by our linked page itself.

This enables Meta to identify visitors to our website as a target audience for displaying ads. Accordingly, we use the service to display the Facebook and/or Instagram ads we place only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites they have visited), which we transmit to Meta (so-called “Custom Audiences”).

On the other hand, the “Meta Pixel” allows us to track whether users were redirected to our website after clicking on an advertisement and what actions they took there (so-called “conversion tracking”).

The data we collect is anonymous to us, meaning we cannot identify individual users. However, Meta stores and processes this data, which allows it to link the data to specific user profiles and use it for its own advertising purposes.

All processing described above, in particular the setting of cookies to read information from the device you are using, will only be carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the service provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

The information generated by Meta is generally transmitted to and stored on a Meta server; in this context, it may also be transmitted to servers operated by Meta Platforms Inc. in the United States.

10.2Google Ads Remarketing

This website uses retargeting technology provided by the following company: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

To this end, Google places a cookie in your device’s browser that automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. Any further data processing only takes place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize the ads you see on the web. In this case, if you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, Google temporarily links your personal data with Google Analytics data to form audiences. As part of the use of Google Ads Remarketing, personal data may also be transferred to the servers of Google LLC in the United States.

All of the processing activities described above, in particular the use of cookies to collect information from the device you are using, will only be carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You may withdraw your consent at any time with future effect. To withdraw your consent, please disable this service using the “Cookie Consent Tool” provided on the website.

For details on the data processing initiated by Google and how Google handles data from websites, please visit: https://policies.google.com/technologies/partner-sites

For more information about Google's privacy policy, please visit: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

10.3Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers on external websites through advertising (so-called Google AdWords). Based on the data from the advertising campaigns, we can determine how successful the individual advertising measures are. Our goal is to show you advertisements that are of interest to you, to make our website more appealing to you, and to ensure a fair calculation of the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on a Google Ads ad. Cookies are small text files that are stored on your device. These cookies typically expire after 30 days and are not used to identify you personally. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted into conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC in the United States.

For details on the processing triggered by Google Ads conversion tracking and how Google handles data from websites, please visit: https://policies.google.com/technologies/partner-sites

You can also permanently opt out of Google Ads conversion tracking by downloading and installing the browser plugin available at the following link:
https://support.google.com/My-Ad-Center-Help/answer/12155656?hl=de

Please note that certain features of this website may not be available or may be limited if you have disabled cookies.
Google's privacy policies can be viewed here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

10.4Microsoft Advertising Universal Event Tracking

This website uses conversion tracking technology provided by the following company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

To use Universal Event Tracking, a tag is embedded on every page of our website that interacts with the conversion cookie set by Microsoft. This interaction tracks user behavior on our website and sends the collected information to Microsoft. The purpose of this is to statistically track and analyze certain predefined goals, such as purchases or leads, in order to tailor the focus and content of our offerings to better align with user interests. The tags are never used to personally identify users.

You may withdraw your consent at any time with future effect. To withdraw your consent, please disable this service using the “Cookie Consent Tool” provided on the website.

11) Site Features

11.1- Google reCAPTCHA

On this website, we use the CAPTCHA service provided by the following company: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC, USA.

The visual design of the CAPTCHA window uses “Google Fonts”—fonts downloaded from the internet via Google. No information other than that mentioned above, which is already transmitted to Google via the ReCAPTCHA functionality, is processed in this context.

The service checks whether an input is made by a human or is the result of abusive automated processing, and blocks spam, DDoS attacks, and similar automated malicious access attempts. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the end device used, identification data regarding the browser and operating system type used, as well as the date and duration of the visit, and transmits this information to the provider’s servers for evaluation. Cookies may be used for this purpose; these are small text files stored in the end device’s browser.

If the processing described above is based on cookies, these will only be set if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in establishing individual responsibility on the internet and preventing misuse and spam, in accordance with Article 6(1)(f) of the GDPR.

We have entered into a data processing agreement with the service provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

11.2Google Customer Reviews (formerly the Google Certified Retailer Program)

We partner with Google as part of the “Google Customer Reviews” program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program allows us to collect customer reviews from users of our website. After making a purchase on our website, you will be asked if you would like to participate in an email survey from Google.

If you provide your consent in accordance with Article 6(1)(a) of the GDPR, we will share your email address with Google. You will receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. The review you submit will then be aggregated with our other reviews and displayed in our Google Customer Reviews logo as well as in our Merchant Center dashboard. Your review will also be used for Google Merchant Reviews. In connection with the use of Google Customer Reviews, personal data may also be transferred to the servers of Google LLC in the United States.

You can withdraw your consent at any time by sending a message to the data controller or to Google.

For more information about Google's privacy policy, please visit: https://business.safety.google/intl/de/privacy/

11.3Applications for job postings via email

On our website, we post current job openings in a separate section; interested candidates can apply by emailing the contact address provided.

Applicants must provide all personal information necessary for a thorough evaluation, including general information such as name, address, and contact details, as well as evidence of qualifications and, if applicable, health-related information. Details regarding the application can be found in the job posting.

Once we receive your application via email, your data will be stored and reviewed solely for the purpose of processing your application. If we have any questions, we will contact the applicant via email or phone. Processing is based on Article 6(1)(b) of the GDPR (or Section 26(1) of the BDSG), under which the application process is considered a preliminary step toward an employment contract.

To the extent that special categories of personal data within the meaning of Article 9(1) of the GDPR (e.g., health data such as information regarding severe disability status), processing is carried out in accordance with Article 9(2)(b) of the GDPR so that we may exercise the rights arising from labor law and the law on social security and social protection and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9(1)(h) of the GDPR if it is carried out for the purposes of preventive healthcare or occupational medicine, for the assessment of the applicant’s fitness for work, for medical diagnosis, care, or treatment in the health or social sector, or for the administration of systems and services in the health or social sector.

If the applicant is not selected or withdraws their application early, the data they submitted and all electronic correspondence—including the application email—will be deleted no later than six months after notification. This period is determined by our legitimate interest in answering any follow-up questions regarding the application and, if necessary, in fulfilling our obligations to provide evidence under the regulations on the equal treatment of applicants.

If your application is successful, the data you provide will be processed on the basis of Article 6(1)(b) of the GDPR (in the case of processing in Germany, in conjunction with Section 26(1) of the BDSG) for the purpose of carrying out the employment relationship.

12) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users when they visit the site in the form of an interactive user interface, where they can grant consent for specific cookies and/or cookie-based applications by checking the appropriate boxes. When using the tool, all cookies/services requiring consent are loaded only if the respective user grants the corresponding consent by checking the boxes. This ensures that such cookies are set on the user’s respective device only if consent has been granted.

The tool uses technically necessary cookies to save your cookie preferences. No personal user data is processed in this process.

If, in individual cases, the storage, assigning, or logging cookie settings, this processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

Another legal basis for the processing is Article 6(1)(c) of the GDPR. As the data controller, we are legally required to make the use of non-technically necessary cookies contingent upon the user’s consent.

Where necessary, we have entered into a data processing agreement with the service provider to ensure the protection of our website visitors’ data and to prohibit its unauthorized disclosure to third parties.

For more information about the operator and the settings options for the cookie consent tool, please refer directly to the relevant user interface on our website.

13) Rights of the Data Subject

13.1Under applicable data protection law, you have the following rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data; please refer to the cited legal basis for the respective conditions for exercising these rights:

Right of access pursuant to Article 15 of the GDPR;
Right to rectification pursuant to Article 16 of the GDPR;
Right to erasure pursuant to Article 17 of the GDPR;
Right to restriction of processing pursuant to Article 18 of the GDPR;
Right to information pursuant to Article 19 of the GDPR;
Right to data portability pursuant to Article 20 of the GDPR;
Right to withdraw consent pursuant to Article 7(3) of the GDPR;
Right to lodge a complaint under Article 77 of the GDPR.

13.2RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, fundamental rights and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

EXERCISE YOUR RIGHT TO OBJECT, AND WE WILL STOP PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

14) Retention period for personal data

The duration of the storage of personal data is determined by the applicable legal basis, the purpose of processing, and—where applicable—the relevant statutory retention period (e.g., retention periods under commercial and tax law).

When processing personal data based on explicit consent pursuant to Article 6(1)(a) of the GDPR, the data in question will be stored until you withdraw your consent.

If there are statutory retention periods for data processed in connection with contractual or quasi-contractual obligations pursuant to Article 6(1)(b) of the GDPR, such data will be routinely deleted upon the expiration of the retention periods, provided that it is no longer necessary for the performance or initiation of a contract and/or we no longer have a legitimate interest in continuing to store it.

When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing pursuant to Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information contained in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

As of: April 10, 2026, 7:16:24 PM

The item has been added to your cart

Privacy Policy

Privacy Policy

1) Introduction and contact information for the data controller

2) Data collection when you visit our website

3) Hosting & Content Delivery Network

4) Cookies

5) Getting in touch

6) Data processing when opening a customer account

7) Use of customer data for direct marketing

8) Data processing for order fulfillment

9) Web analytics services

10) Retargeting/Remarketing and Conversion Tracking

11) Site Features

12) Tools and Miscellaneous

13) Rights of the Data Subject

14) Retention period for personal data

Let our customers speak for us

Country/Region

Language

Privacy Policy

Privacy Policy

1) Introduction and contact information for the data controller

2) Data collection when you visit our website

3) Hosting & Content Delivery Network

4) Cookies

5) Getting in touch

6) Data processing when opening a customer account

7) Use of customer data for direct marketing

8) Data processing for order fulfillment

9) Web analytics services

10) Retargeting/Remarketing and Conversion Tracking

11) Site Features

12) Tools and Miscellaneous

13) Rights of the Data Subject

14) Retention period for personal data

Let our customers speak for us