0

Your cart is empty

Continue shopping

Privacy Policy

1) Information about the collection of personal data and contact details of the controller

1.1 We are pleased that you have visited our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is all data by which you can be personally identified.

1.2 The controller for the data processing on this website in the sense of the General Data Protection Regulation (GDPR) is Hennissy Aesthetics

The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller). You can detect an encrypted connection on the string "https://" and the lock icon in your browser bar.

2) Data collection when visiting our website

When using our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect such data that your browser sends to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website

Date and time at the time of access

The amount of data sent in bytes

Source/reference from which you came to the page

Browsers used

Operating system used

Used IP address

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. No transfer or other use of the data takes place. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

We use the shop system of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purposes of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on the servers of Shopify. Within the framework of the above-mentioned services of Shopify, data may also be transferred as part of further processing on behalf of the company Shopifys Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopifis Data Processing (USA) Inc., Shopifies Payments (USA). In the case of the transfer of data to Shopify Inc. in Canada, an adequacy decision of the European Commission guarantees an adequate level of data protection. For further information about Shopify’s privacy, please visit the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned by Shopify takes place only within the scope indicated below.

4) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files, which are stored on your terminal device. In some cases, these cookies are automatically deleted after closing the browser (so-called “session cookies”), in some cases these cookies remain on your device for a longer time and allow the saving of page settings (such as “persistent cookies”). In the latter case, you can find out the duration of storage of the overview of the cookie settings of your web browser.
If personal data are also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, according to Art. 6, para. 1, lit. a GDPR in the case of a given consent, or pursuant to Art.6 para. 1. lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective layout of the site visit.
You can configure your browser so that you are informed about the setting of cookies and decide whether to accept them individually or to exclude the acceptance of cookies for specific cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact

In the context of contacting us (e.g. via contact form or e-mail), personal data will be processed – exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it is clear from the circumstances that the facts concerned have been finally clarified and unless there are legal retention obligations.

6) Data processing when opening a customer account

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide them to us when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by a message to the address of the responsible person. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded thereon have been fully executed, no statutory retention periods are imposed and no legitimate interest in the further storage persists on our part.

7) Use of customer data for direct advertising

7.1 Subscribe to our e-mail newsletter

If you subscribe to our e-mail newsletter, we will send you information about our offers on a regular basis. The only requirement for sending the newsletter is your e-mail address. The provision of additional data is voluntary and is used to address you personally. For sending newsletters we use the so-called double opt-in procedure, which ensures that you will not receive the newsletter until you have expressly confirmed your consent to receiving the newsletter by clicking on a verification link sent to the given email address.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In this case, we store your IP address registered by the Internet Service Provider (ISP), as well as the date and time of the login, in order to be able to detect a possible misuse of your email address at a later time. The data collected by us when subscribing to the newsletter is used strictly for the purpose. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person mentioned at the beginning. Once you have unsubscribed, your e-mail address will be deleted immediately in our newsletter distributor, unless you have expressly consented to further use of your data or we reserve any further data use that is legally permitted and about which we inform you in this statement.

7.2 Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers for similar goods and services to those you have already purchased from our range by email. In accordance with § 7 para. 3 UWG, we do not have to obtain your separate consent for this. The data processing is carried out exclusively on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you have initially objected to the use of your e-mail address for this purpose, a mailing will not take place on our part. You are entitled to object to the use of your e-mail address for the aforementioned advertising purposes at any time with effect for the future by means of a communication to the responsible persons mentioned at the beginning. For this you will only be charged transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be discontinued immediately.

7.3 - Newsletter sending via Klaviyo Our e-mail newsletter is sent through the technical service provider »Klaviyo«, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we share your information provided when subscribing to the newsletter. This transfer is made in accordance with Art. 6 (1) lit. f GDPR and serves our legitimate interest in the use of a advertising effective, secure and user-friendly newsletter system. Please note that your data is generally transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter recipients to send them to us or to pass them on to third parties.
In order to protect your data in the USA, we have a data processing agreement with Klaviyo (“Data-Processing-Agreement”), in which we undertake to protect the data of our users, to process it on our behalf in accordance with its privacy regulations and, in particular, not to disclose it to third parties.
The privacy policy of Klaviyo can be viewed here: https://www.klaviyo.com/privacy - Newsletter send via Shopify Email
Our e-mail newsletters are sent by Shopify Email, a service of shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), to which we share your information provided when subscribing to the newsletter. This transfer is made in accordance with Art. 6 (1) lit. f GDPR and serves our legitimate interest in the use of a advertising effective, secure and user-friendly newsletter system. The data entered by you for the purpose of receiving newsletters (e.g. e-mail address) will be stored on the servers of Shopify in the EU.
Within the framework of the above-mentioned services of Shopify, data may also be transferred as part of further processing on behalf of the company Shopifys Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, the company shopify data processing (United States) Inc., the company shoppy payments (U.S.) Inc. or the company Shoppy shoppys (Units) Inc. In the case of the transfer of data to Shopify Inc. in Canada, an adequacy decision of the European Commission guarantees an adequate level of data protection.
Shopify uses this information for sending and statistical analysis of newsletters on our behalf. For analysis, the emails sent may contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This allows you to determine whether a newsletter message has been opened and which links have been clicked. Technical information is also collected (z.B. Zeitpunkt des Abrufs, IP-Adresse, Browsertyp und Betriebssystem). The data will be collected exclusively in a pseudonymized manner and will not be linked to your further personal data, direct personal identification is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of recipients. If you wish to object to data analysis for statistical analysis purposes, you must unsubscribe from the newsletter.
Furthermore, Shopify may use these data in accordance with Art. 6 para. 1 lit. f GDPR on the basis of its own legitimate interest in designing and optimizing the service according to needs and for market research purposes, for example, to determine from which countries the recipients come. However, Shopify does not use the data of our newsletter recipients to send them to us or to share the data with third parties.
We have entered into an order processing agreement with Shopify, under which we commit to protecting the data of our customers and not passing it on to third parties.
You can view Shopify's privacy policy here: https://www.shopify.de/legal/datenschutz

7.4 - GetResponse

You can sign up to receive our push notifications. To send our push notifications we use the delivery service “GetResponse”, which is operated by GetResponse Sp. z o.o., Arkonska 6, A3, Gdansk (80-387), Poland (“Get Response”). You will regularly receive information about our products through our push notifications.
To sign in, you need to confirm your browser's request to receive notifications. This process is documented and stored by GetResponse. This includes the storage of the login time as well as your browser ID or device ID. The collection of this data is necessary in order for us to understand the processes in the event of an abuse and therefore serves our legal safeguards. In order to be able to display push notifications to you, GetResponse collects and processes your browser ID on our behalf and, in the case of mobile access, your device ID.
By subscribing to our push notifications, you agree to receive them. The legal basis for processing your data after signing up for our push notifications is Art. 6 para. 1 lit. a GDPR.
GetResponse also evaluates our push notifications statistically. This allows GetResponse to recognize whether and when our push notifications have been viewed and clicked by you.
You may revoke your consent to the storage and use of your personal data for the purpose of receiving our push notifications and the statistical collection described above at any time with effect for the future. For the purposes of withdrawing consent, you can change the provision for receiving push notifications in your browser. If you are using our push notifications on a desktop PC with the operating system “Windows”, you can also unsubscribe from our Push notifications by right clicking on the respective push notification in the setting that appears there.
Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Your data will therefore be stored as long as the subscription to our push notifications is active. The following link explains the delivery process in detail: https://www.getresponse.com/en/help/web-push-notifications

7.5 Notification of availability of goods by e-mail

For items that are temporarily unavailable, you can sign up for e-mail availability notifications. In this case, we will send you a message once by e-mail about the availability of the item you have selected. The only requirement for sending this notification is your e-mail address. The provision of additional data is voluntary and will be used to address you personally. For mailing we use the so-called double opt-in procedure, which ensures that you receive a notification only after you have expressly confirmed your consent to this by clicking on a verification link sent to the given email address.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In this case, we store your IP address registered by the Internet Service Provider (ISP), as well as the date and time of the login, in order to be able to detect a possible misuse of your email address at a later time. The data collected by us when registering for our e-mail notification service on the availability of goods is used strictly for the purpose. You can unsubscribe from the availability notifications at any time by sending a corresponding message to the responsible person mentioned at the beginning. Upon unsubscribing, your e-mail address will be immediately deleted from our distributor set up for this purpose, unless you have explicitly consented to further use of your data or we reserve a further data use that is legally permitted and about which we inform you in this statement.

7.6 In the event of cancellation of your purchase with us before completion of the order, you have the possibility to be reminded once by e-mail of the contents of your virtual shopping cart.
The only requirement for sending this reminder is your e-mail address. The provision of additional data is voluntary and will be used to address you personally. For mailing we use the so-called double opt-in procedure, which ensures that you receive a notification only after you have expressly confirmed your consent to this by clicking on a verification link sent to the given email address.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR for the sending of a cart reminder. In this case, we store your IP address registered by the Internet Service Provider (ISP), as well as the date and time of the login, in order to be able to detect a possible misuse of your email address at a later time. The data collected by us when registering for our e-mail notification service is used strictly for the purpose. You can unsubscribe from the shopping cart reminders at any time by sending a corresponding message to the responsible person mentioned at the beginning. Upon unsubscribing, your e-mail address will be immediately deleted from our distributor set up for this purpose, unless you have explicitly consented to further use of your data or we reserve a further data use that is legally permitted and about which we inform you in this statement.

8) Data processing for order processing

8.1 To the extent necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the carrier and the credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data provided by you at the time of ordering (name, address, e-mail address) in order to personally inform you of upcoming updates within the period provided by law, within the framework of our legal information obligations under Art. 6 para. 1 lit. c GDPR by appropriate communication means (e.g. by post or by mail). Your contact details are used strictly for the purpose of communications about updates due by us and for this purpose only processed by us to the extent necessary for the respective information.

In order to process your order, we also cooperate with the following service provider(s) who support us in full or in part in the execution of concluded contracts. Some personal data will be transmitted to these service providers in accordance with the following information.

8.2 To fulfil our contractual obligations towards our customers, we cooperate with external shipping partners. We will pass on your name and your delivery address and, if necessary for delivery, your telephone number exclusively for the purposes of the delivery of goods. Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.

8.3 Disclosure of personal data to shipping service providers

- Deutsche Post If the goods are delivered by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will provide your e-mail address in accordance with Art. 6 para. 1 lit. a DSGVO before the delivery of goods for the purpose of negotiating a delivery deadline or for delivery notice to Deutsche Post, provided that you have given your explicit consent to this during the ordering process. Otherwise, for the purposes of delivery pursuant to Art. 6 para. 1 lit. b GDPR, we will only pass on the name of the recipient and the delivery address to Deutsche Post. The transfer takes place only to the extent necessary for the delivery of the goods. In this case, a prior agreement of the delivery date with Deutsche Post or the delivery notice is not possible.
The consent may be revoked at any time with effect for the future with respect to the above-mentioned person responsible or with regard to Deutsche Post.
- DHL If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will provide your e-mail address in accordance with Art. 6 para. 1 lit. a DSGVO before the delivery of goods for the purpose of the agreement of a delivery date or for the notice of delivery to DHL, provided that you have given your explicit consent to this in the ordering process. Otherwise, for the purpose of delivery pursuant to Art. 6 para. 1 lit. b GDPR, we will only pass on to DHL the name of the recipient and the delivery address. The transfer takes place only to the extent necessary for the delivery of the goods. In this case, a prior agreement of the delivery date with DHL or the delivery notice is not possible.
The consent may be revoked at any time with effect for the future with respect to the above-mentioned controller or with regard to the transport service provider DHL.

8.4 Use of payment service providers (Zahlungsdiensten)

- Klarna When choosing a Klarna payment service, payment is processed by Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to facilitate the processing of the payment, your personal data (first and last name, street, house number, postal code, location, gender, e-mail address, telephone number and IP address, if applicable, in addition to the date of birth and your banking connection) as well as data related to the order (e.g. invoice amount, item, delivery type) will be passed on to Klarna for the purpose of identity and credit check, provided that you have expressly consented to this in accordance with Art. 6 para. 1 lit. a GDPR in the context of the ordering process. You can see to which information offices your data can be passed on here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (sog. Score-Werte). Score values are based on a scientifically recognised mathematical-statistical method insofar as they are included in the results of the credit rating report. The calculation of the score values includes, but is not limited to, address data. The information obtained on the statistical probability of default will be used by Klarna for a balanced decision on the establishment, execution or termination of the contractual relationship.
You can withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may remain entitled to process your personal data if this is necessary for the processing of payment in accordance with the contract.
Your personal data will be processed in accordance with the applicable data protection regulations and according to the information provided in Klarna's data protection policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy or for data subject based in Austria.

- Paypal In the case of payment via PayPal, credit card through PayPal, debit via PayPal or – if offered – “Buy on invoice” or “Payment in advance” via PayPal we pass on your payment data as part of the payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer is carried out in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for the payment processing.
PayPal reserves the right to conduct a credit report for payment methods such as credit card via PayPal, debit via PayPal or – if offered – “Buy on invoice” or “Payment by rate” via PayPal. For this purpose, your payment data may be disclosed to information agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest of PayPal in determining your solvency. The result of the credit check in relation to the statistical probability of failure of payment is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (sog. Score-Werte). Score values are based on a scientifically recognised mathematical-statistical method insofar as they are included in the results of the credit rating report. The calculation of the score values includes, but is not limited to, address data. For more data protection information, including information about the services used, please refer to the privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data to the extent necessary to process the payment in accordance with the contract.
- Shopify Payments We use the payment service provider "Shopify payments", 3rd Floor, Europa House, Harcourt Building,Harcourt Street, Dublin 2. If you choose a payment method offered through the payment service provider Shopify Payments, the payment processing will be carried out through the technical services provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on your information provided in the context of the ordering process along with the information about your order (name, address, account number, bank number, credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be disclosed for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information about Shopify Payments privacy at https://www.shopify.com/legal/privacy.
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/en/privacy - SOFORT When choosing the payment method “SOFORT”, the payment processing process is carried out through the payment service provider SofORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SofORT”), to whom we pass on the information provided by you in the context of the ordering process in addition to the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data is exclusively for the purpose of processing the payment with the payment service provider SOFORT and only to the extent necessary for this purpose. You can find more information about SOFORT’s privacy policy at the following internet address: https://www.klarna.com/sofort/datenschutz.

9) Online marketing

Facebook Pixel for Creating Custom Audiences (mit Cookie Consent Tool)
Our online offer uses the so-called "Facebook pixel" of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").
If a user clicks on an advertisement placed by us, which is played on Facebook, the URL of our linked page is added by Facebook Pixel. If our site allows the sharing of data with Facebook via Pixel, this URL parameter is stored in the user's browser by means of a cookie set by our linked site itself. This cookie is then read by Facebook Pixel and allows the data to be forwarded to Facebook.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as the target group for the display of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we display only to such Facebook users who have also shown an interest in our online offer or have certain characteristics (e.g. interests in certain topics or products determined by the web pages visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear annoying. This allows us to further assess the effectiveness of Facebook ads for statistical and market research purposes by understanding whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The data collected is anonymous to us, so they do not give us any conclusions about the identity of the users. However, the data are stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook may use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to display advertisements on and outside Facebook.
The data processing associated with the use of the Facebook pixel is carried out only with your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the “Cookie Consent Tool” provided on the website.

10) Retargeting/ Remarketing/ Empfehlungswerbung

ikTok Pixel This website uses the “TikTok pixel”, a tracking technology of the social network “tikTok” of TikTek Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").
Through cookies (small text files stored on the device used) information about your browsing behaviour on our website is collected, transmitted, stored and evaluated in a pseudonymized form to TikTok to enable you to play interest-based and personalised product recommendations on TikToks. The object of the information thus collected and processed pseudonymically is basically the device ID, the device type, the timestamp, the operating system used and the IP address. The information can be assigned to the person of the user with the help of other information, which TikTok has stored about the user, e.g. due to the ownership of an account on the social network “TikTok”. TikTok may also combine the information collected via the pixel with other information that tikTok has collected through other websites and/or in connection with the use of the social network “TikTok” and thus create pseudonymized usage profiles. Under no circumstances can the information collected be used to personally identify visitors to this website.
The TikTok Pixel continues to enable us to understand the effectiveness of ads on TikTek. If you are redirected by an ad on TikTok on pages of this website and the cookies have not yet expired, the pixel records certain user actions that we have predefined and can track them. (z.B. abgeschlossene Transaktionen, Leads, Suchanfragen auf der Website, Aufrufe von Produktseiten). When such an action is performed, your browser sends a HTTP request (request) from the cookie to the TikTok server via the tikTok pixel, which transmits certain information about the action. Through this transmission, TikTok can generate statistics about the usage behaviour on our website following the forwarding of a TikToks ad, which serve us to optimize our offer.
All processing described above, in particular the setting of cookies for the reading of information on the device used, will only be carried out if you have given us your explicit consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the “Cookie Consent Tool” provided on the website. We have entered into an order processing agreement with TikTok for the use of the tikTok Pixel, under which TikTek is obliged to protect the data of our website visitors and not to pass it on to third parties. In principle, TikTok transfers the information collected outside the European Economic Area and relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

11) Page functionality

11.1 Facebook Plugins with 2-click solution
Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
In order to increase the protection of your data when visiting our website, the plugins are initially deactivated by means of the so-called “2-click” solution. Deactivated plugins recognize that they are gray deposited. This integration ensures that when a page of our website that contains such plugins is accessed, no connection is established to the servers of Facebook. Only if you activate the plugins and therefore give your consent to the data transmission in accordance with Art. 6 para. 1 lit. a GDPR will your browser establish a direct connection to the servers of Facebook. The content of the respective plugin is transmitted directly to your browser and incorporated into the page. The plugin then transmits data (including your IP address) to Facebook. We have no influence on the extent of the data that Facebook collects using the plugins. As far as we are aware, Facebook will receive information about which of our websites you have visited at the moment and in the past. Through the integration of the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website even if you do not have a Facebook profile or are not currently logged in. The information collected (including your IP address) is transmitted by your browser directly to a server of Meta Platforms Inc. in the USA and stored there. When you interact with the plugins, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also posted to Facebook and displayed to your contacts there.
You can revoke your consent at any time by deactivating the activated plugin by clicking again. However, the withdrawal does not affect the data already transmitted to Facebook.
The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and options to protect your privacy, can be found in the Facebook privacy notice: https://www.facebook.com/policy.php

11.2 Facebook plugins with Shariff solution
Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
In order to increase the protection of your data when visiting our website, these buttons are not entirely plug-ins, but are merely integrated into the page using a HTML link. This type of integration ensures that when a page of our website that contains such buttons is accessed, no connection is established to the servers of Facebook. If you click on the button, a new browser window will open and you will be able to access the Facebook page where you can interact with the plugins (if you have entered your login details).
The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and options to protect your privacy, can be found in the Facebook privacy policy: https://www.facebook.com/policy.php

11.3 Instagram plugin as Shariff solution
Our website uses so-called social plugins (“plugins”) of the online service Instagram, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”).
In order to increase the protection of your data when visiting our website, these buttons are not entirely plug-ins, but are merely integrated into the page using a HTML link. This type of integration ensures that when a page of our website that contains such buttons is accessed, no connection is established to the servers of Instagram. If you click on the button, a new browser window will open and you will find the Instagram page where you can interact with the plugins (if you have entered your login details).
The purpose and scope of data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and options to protect your privacy, please refer to the privacy notice of Instagram: https://help.instagram.com/155833707900388/

11.4 - Google Maps API On our website we use the "Google Maps API" service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google MapsAPI") to enable the verification of certain entries in the address form of the order process of our web shop for input errors in real time. This is to avoid problems in the delivery of the products ordered by you due to incorrect information. We would also like to ensure that your contact details are valid for sending information on your behalf or for any necessary inquiries.
The Google Maps API validates the address entered, verifies the spelling and complements any missing data. For non-unique addresses, correct alternative suggestions will be displayed. For this purpose, the address data you entered is transmitted to the Google Maps API, stored and evaluated there. This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the proper recording of the correct address data of the customer for the conscientious fulfilment of our contractual delivery obligations and for the prevention of contract performance problems.
The Google Maps API processes the data concerned separately and does not merge it with other databases. The Google Maps API automatically deletes the data concerned as soon as their status or correctness has been confirmed, but no later than after 30 days. For more information on the privacy of the Google Maps API, please visit https://policies.google.com/privacy?hl=de&fg=1

11.5 Shopsync for Shopify

This website uses the Shopify app “Shopsync” of ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the newsletter service “Mailchimp” is synchronized with our Shopify account in such a way that, on the one hand, updates to Mailchimp’s email lists (such as an opt-out of a newsletter recipient) are also automatically stored on Shopipy, and on the other hand, new contact data generated via contracts concluded on Shopiphy are automatically transmitted to the mailing lists of MailChimp.

In the first case, data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the effective and cross-system maintenance of advertising recipient cards and the effective observance of legally significant status changes.

In the second case, only on the basis of the express consent of the user in accordance with Art. 6 para. 1 lit. a DSGVO after a contract is concluded on Shopify for inclusion in the Mailchimp list, its pre- and copy, the address as well as the mail address together with transaction-related information (purchasing amount, time and date of purchase) will be transferred by ShopSync to MailChimp.

Transmitted data will not be saved or stored by ShopSync after synchronization. All information synchronized between Shopify and Mailchimp is transmitted via Secure Socket Layer (SSL) technology, and all information transmissed remains encrypted during the sync process.

The synchronization process requires the transfer of information via a secure connection to servers hosted by Amazon Web Services in the USA.

Additional privacy notices about ShopSync can be found here: https://shopsync.io/privacy-policy

12) Tools and Other

Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for consent-based cookies and cookie-based applications. The “Cookie Consent Tool” is displayed to users when visiting a page in the form of an interactive user interface, on which consent can be granted for certain cookies and/or cookie-based applications by checking. In this case, by using the tool, all consent required cookies/services will only be loaded if the respective user gives such consent by means of hashing. This ensures that such cookies are placed on the user's respective terminal device only if consent is given.
The tool sets technically necessary cookies to store your cookie preferences. In principle, personal user data will not be processed.
If, in individual cases, personal data (such as the IP address) are processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in a legal, user-specific and user-friendly consent management for cookies and thus a legal layout of our website.
Additional legal basis for the processing is Art. 6 para. 1 lit. c GDPR. We, as responsible persons, are legally obliged to make the use of technically unnecessary cookies dependent on the respective user's consent.
Further information about the operator and the configuration options of the cookie consent tool can be found directly in the corresponding user interface on our website.

13) Rights of the data subject

13.1 The applicable data protection law grants you with respect to the controller with regard to the processing of your personal data the following data subject rights (rights of information and intervention), with reference to the above legal basis for the respective conditions of performance:

Right to information in accordance with Art. 15 GDPR;

Right to rectification in accordance with Art. 16 GDPR;

Right to deletion in accordance with Art. 17 GDPR;

Right to restrict processing in accordance with Art. 18 GDPR;

Right to information in accordance with Art. 19 GDPR;

the right to data portability in accordance with Art. 20 GDPR;

Right to revoke consent granted in accordance with Art. 7 para. 3 GDPR;

Right to complaint pursuant to Art. 77 GDPR.

13.2 Right of objection

WHEN WE PROCESS YOUR PERSONAL DATA IN THE CONSEQUENCY OF AN INTERESSE-BARGE ON THE BASIS OF OUR SUPERIOR LEGITIMATED INTEREST, YOU HAVE THE RIGHT AT EVERY TIME, ON RIGHTS ARISING FROM YOUR SPECIFICAL SITUATION, TO CONVOCATE THIS PROCEDURE WITH EFFECT FOR THE FUTURE.
If you exercise your right of objection, we will discontinue the processing of the data in question. FURTHER PROCESSING IS RESERVED, BUT WITHOUT WE HAVE PROVISIONS OF OBJECTIVE PROTECTION RIGHTS Which override your interests, fundamental rights and freedoms, or where the processing is for the enforcement, exercise or defence of legal claims.

If your personal data is processed by us for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise the contradiction as described above.

WHEN you exercise your right of objection, we will cease to process the data in question for direct advertising purposes.

14) Duration of storage of personal data

The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and – if applicable – additionally on the grounds of the relevant statutory retention period (z.B. handels- und steuerrechtliche Aufbewahrungsfristen).

When processing personal data on the basis of explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject withdraws its consent.

If there are statutory retention periods for data processed within the framework of legal or business-like obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the expiry of the retention terms, provided that they are no longer necessary for the performance of the contract or the conclusion of a contract and/or there is no legitimate interest on our part in the continuation of storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, these data will be stored until the data subject exercises his right of objection under Art. 21 (1) GDPR, unless we can demonstrate compelling reasons worthy of protection for the processing that outweigh the interests, rights and freedoms of the person concerned, or the data processing is for the purpose of asserting, exercising or defending legal claims.

When processing personal data for direct advertising purposes on the basis of Art. 6 (1) lit. f GDPR, these data will be stored until the data subject exercises his right of objection under Art. 21 (2) GDPR.

Otherwise, unless otherwise stated in the information contained in this Statement on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.