The protection of your personal data is very important to us, which is why we would like to list all the information about the processing and storage of your data when you visit our website and in our company.
In order to use all the functions and services of our website, it is necessary to collect your personal data. However, processing and storage only takes place in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR).
RESPONSIBLE BODY
Zunder ZMG GmbH
Minervastrasse 117, 8032 Zurich
Further information can be found in the imprint.
REPRESENTATIVE ACCORDING TO ART. 27 GDPR
Mag.a iur. Elisa Drescher
E-mail: [email protected]
COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE
Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organizational measures and use an encryption procedure on our website. Your data is transmitted from your computer to our computer and vice versa via the Internet using so-called TLS encryption. TLS stands for “Transport Layer Security” and is an encryption protocol for data transmission on the Internet. You can usually recognize “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.
1. COLLECTION OF ACCESS AND LOG DATA
This website automatically collects and stores server log file information that your browser transmits to us.
These are:
- IP address of the user
- Date and time of access
- Type of request
- Customer information, such as type and version
- Operating system of the user (device, OS version of the device)
- Referrer information (i.e. the source of the access)
The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website (e.g. defense against hacker attacks) and to ensure a smooth connection setup.
We have concluded an order processing contract with the provider of this website, Raidboxes GmbH, based in Germany, in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that Raidboxes GmbH processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. In addition, we have concluded a contract with Onlinemarketing Schmiede e. U. and stardustday e. U., both based in Austria, for order processing in accordance with Art. 28 GDPR.
The data collected is stored for 7 days in server log files, which your browser automatically transmits to us in encrypted form. We only store the server log files for longer than 7 days in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.
2. INQUIRIES VIA THE CONTACT FORM, E-MAIL AND TELEPHONE
Any personal information that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your request. The legal basis for data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to inquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfillment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.
All personal data that you send to us with your request will be deleted or anonymized by us no later than 2 years after the final answer has been given to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that after 2 years there are no more queries following our responses.
3. DISPATCH OF NEWSLETTERS
You can subscribe to various newsletters on our website.
Our newsletters contain offers or promotions. When you subscribe to the newsletter, we collect and store the data you enter in the input mask. You are only required to enter your e-mail address. After submitting the registration form, you will receive an e-mail from us with a confirmation link. As soon as you click on the link contained therein, you give us your consent to receive our newsletter and have successfully subscribed to it. You will be informed of this by another e-mail. Notifications and messages may contain links or pixels to track whether a message has been opened and which links have been clicked. These links and pixels may also collect personal data. We use these statistics to measure the success and reach of notifications and messages. This helps us to adapt these messages to the needs and reading habits of the recipients and to ensure that they are sent efficiently, user-friendly and reliably.
You also give us your consent to process your e-mail address and, if applicable, your other data. This ensures that no third party or unauthorized person registers for our newsletter (compliance with the double opt-in procedure).
You can unsubscribe from the newsletter at any time by clicking on the “Unsubscribe” link at the end of each newsletter. If you withdraw your consent, your data will be deleted immediately; we will store the proof of withdrawal for a further three years so that we can fulfill our accountability obligation pursuant to Art. 5 para. 1 lit. a GDPR. 2 GDPR can comply with. This storage is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. The legal basis for the confirmation e-mail is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is based on being able to prove that you have given your consent. The burden of proof for the controller is set out in Art. 5 para. 2DSGVO is defined.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. We do not pass on the data to third parties. The newsletter is sent by our processor MailChimp by the Data Privacy Framework certified company The Rocket Science Group LLC d/b/a Mailchimp based in the USA.
4. ORGANIZING COMPETITIONS
You can take part in competitions on our website, via our newsletter or via other online presences. Unless otherwise specified in the respective competition or unless you have given us further express consent, the personal data you provide to us as part of your participation in the competition will be used exclusively for the purpose of processing the competition (e.g. determining the winner, notifying the winner, sending the prize).
The legal basis for data processing in the context of competitions is the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR. In the case of the submission of a declaration of consent in the context of a competition, Art. 6 para. 1 lit. a) GDPR is the legal basis for data processing based on consent. If you have given your consent as part of a competition, you have the option of withdrawing this consent at any time with effect for the future.
Data will only be passed on to third parties if this is necessary for the processing of the competition (e.g. sending the prize via a logistics company).
After the end of the competition and the announcement of the winners, the personal data of the participants will be deleted. If non-cash prizes are offered, we store the personal data of the winners for the duration of the respective statutory warranty period in order to arrange for a repair or replacement in the event of a defect.
5. USE OF WEB ANALYSIS TOOLS AND COOKIES
We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone via the browser when you visit a website. This serves to recognize the website visitor. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website.
Cookies themselves do not contain any personal data about users, they are only used to uniquely identify what our customers find interesting and useful on our website. We also use the above. “Web beacons” (small graphic images, also known as “pixel tags” or “clear GIFs”) on our website. They are used together with cookies to track general user behavior on the website.
The legal basis for the processing of personal data using cookies and other technologies is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you give us via the so-called “consent banner” as soon as you visit our website for the first time.
We use cookies for the following purposes:
- Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use functions you have requested.
- Convenience: These techniques allow us to take into account your actual or presumed preferences for the comfortable use of our website. For example, we can use your settings to display our website in a language that suits you.
- Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This enables us, for example, to determine how we can adapt our website even better to the habits of our users.
- Marketing: This allows us to show you advertising content tailored to you based on an analysis of your usage behavior. Your usage behavior can also be tracked across different websites, browsers or end devices using a user ID (unique identifier).
The data processed by necessary cookies is required for the purposes listed below to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR is required.
Any use of cookies that is not absolutely technically necessary constitutes data processing that can only be carried out with your express and active consent in accordance with Art. 6 para. 1 lit. a GDPR. 1 lit. a) GDPR is permitted. You can use our so-called “Cookie Consent Tool” to set yourself which cookie categories you would like to consent to when visiting our website.
Once cookies have been saved, you can delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available.
Name | Kind | Provider | Period of validity | Category of the cookie | Purpose |
Borlabs-cookie | Cookie | Owner of the website | 3 months | Technically necessary | Saves the cookie preferences. |
Mailchimp_landing_site | Cookie | Owner of the website | 1 month | Statistics | Saves which page was visited first. |
wp-wpml_current_language | Cookie | Owner of the website | 1 day | Technically necessary | Saves the language settings |
elementor | Local Storage | Owner of the website | Session | Technically necessary | Local Storage elementor:”{“__expiration”:{}, “pageViews”:, “sessions”:}” Session Storage elementor:”{“__expiration”:{}, “activeSession”:true}” Used exclusively for display and no data is collected; this data is deleted after the session ends. |
wc_fragments* | Local Storage | Owner of the website | Session | Technically necessary | Save items in the shopping cart |
wc_cart_hash_* | Local Storage | Owner of the website | 1 day | Technically necessary | Necessary for the shopping cart functionality on the website to remember the selected products |
stripe.csrf | Cookie | .stripe.com | Session | Technically necessary | Security cookie: prevents attackers from making requests from other websites that change user data to Stripe |
__stripe_orig_props | Cookie | .stripe.com | 1 year | Analysis/statistics | Remembers how you arrived at our website, including the URL you came from, |
site-auth | Cookie | .stripe.com | 1 day | Technically necessary | Remembers the login status in the Stripe account. |
private_machine_identifier | Cookie | .stripe.com | 1 year | Technically necessary | Fraud prevention |
machine_identifier | Cookie | .stripe.com | 1 year | Technically necessary | Fraud prevention |
cookie-perms | Cookie | .stripe.com | 6 months | Technically necessary | Saves the cookie status |
m | Cookie | .stripe.com | 2 years | Technically necessary | Combating fraud |
_ab | Local Storage | Owner of the website | Session | Technically necessary | This cookie is necessary to carry out credit card transactions on the website. The service is provided by Stripe.com, which enables online transactions without storing credit card information. |
_mf | Local Storage | Owner of the website | Session | Technically necessary | This cookie is necessary to carry out credit card transactions on the website. The service is provided by Stripe.com, which enables online transactions without storing credit card information. |
id | Local Storage | Owner of the website | Session | Technically necessary | Used by Stripe to provide payment and security options. |
1P_JAR | Cookie | 1 month | Marketing | This cookie is used to support Google’s advertising services | |
APISID | Cookie | 2 years | Marketing | Used for targeting purposes to create a profile of website visitors’ interests in order to display relevant and personalized Google advertising. | |
CONSENT | Cookie | 2 years | Marketing | This cookie is used to support Google’s advertising services | |
HSID | Cookie | 2 years | Functional cookie | Contains encrypted entries of your Google account and the last login time to protect against attacks and data theft from form entries. | |
NID | Cookie | 6 months | Marketing | This cookie is used by Google in the context of the use of Google Maps. The NID cookie contains a unique ID that Google uses to store your preferred settings and other information. | |
SAPISID | Cookie | 2 years | Marketing | Used for targeting purposes to create a profile of website visitors’ interests in order to display relevant and personalized Google advertising. | |
SID | Cookie | 2 years | Marketing | Google uses cookies such as the NID and SID cookies to customize advertising in Google products such as Google Search. Google uses such cookies to record, for example, your most recent search queries, your previous interactions with an advertiser’s ads or search results and your visits to an advertiser’s website. In this way, Google can display customized advertising on Google. Other Google products such as YouTube or Doubleclick also use these cookies to select more relevant advertising. | |
OGPC | Cookie | 2 months | Marketing | Google uses this cookie on pages for Google Translate or Google Maps activities. | |
__Secure-3PAPISID | Cookie | 2 years | Marketing | Used by for targeting purposes to create a profile of the website visitor’s interests and display relevant and personalized Google advertising. | |
__Secure-3PSID | Cookie | 2 years | Marketing | Used for targeting purposes to create a profile of website visitors’ interests in order to display relevant and personalized Google advertising. | |
__Secure-3PSIDTS | Cookie | 2 years | Marketing | The “__Secure-3PSIDTS” cookie from Google collects information about your interactions with Google services and ads. It is used to measure the effectiveness of advertising and deliver personalized content based on your interests. The cookie contains a unique identifier | |
__Secure-1PSIDTS | Cookie | 1 year | Marketing | Used for targeting purposes to create a profile of the website visitor’s interests so that relevant and personalized Google advertising can be displayed. | |
__Secure-1PSIDCC | Cookie | 1 year | Marketing | Used for targeting purposes to create a profile of the website visitor’s interests so that relevant and personalized Google advertising can be displayed. | |
SIDCC | Cookie | 1 year | Functional cookie | Security cookie to protect user data from unauthorized access. | |
__Secure-1PAPISID | Cookie | 2 years | Marketing | Used by Google for targeting purposes to create a profile of the website visitor’s interests so that relevant and personalized Google advertising can be displayed. | |
__Secure-1PSID | Cookie | 1 year | Marketing | Used by Google for targeting purposes to create a profile of the website visitor’s interests and display relevant and personalized Google advertising. | |
AEC | Cookie | 6 months | Marketing | Ensures that the requests within a browser session are made by the user and not by other websites. | |
SOCS | Cookie | 13 months | Marketing | Saves the status of the user in relation to their cookie choice. | |
__Secure-ENID | Cookie | 2 years | Marketing | Google allows you to customize the way ads are displayed outside of Google or to save information such as preferred language when displaying search results. | |
SSID | Cookie | 2 years | Marketing | Targeting cookie. Used by Google for targeting purposes to create a profile of the website visitor’s interests so that relevant and personalized Google advertising can be displayed. | |
__SECURE-3PSIDCC | Cookie | 2 years | Marketing | Used to create a user profile and display relevant and personalized Google Ads to the user. | |
_ga_* | Cookie | .play.google.com | 2 years | Marketing | Used by Google Analytics to collect data on the number of visits a user makes to the website and the dates of the first and last visit. |
_ga | Cookie | .play.google.com | 2 years | Marketing | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
__Secure-OSID | Cookie | .youtube.com | 2 years | Marketing | Advertising cookie from Google |
OSID | Cookie | .youtube.com | 2 years | Marketing | Advertising cookie from Google |
woocommerce_items_in_cart | Cookie | Owner of the website | For the duration of the session. | Technically necessary | Saves items in the shopping cart. |
wp_woocommerce_session_* | Cookie | Owner of the website | 1 day | Technically necessary | Saves actions performed on the website. |
Woocommerce_cart_hash | Cookie | Owner of the website | For the duration of the session. | Technically necessary | Saves items in the shopping cart. |
Within the scope of data processing (with the help of cookies and similar techniques for processing usage data), we may use specialized service providers, in particular from the online marketing sector. They process your data on our behalf as processors, are carefully selected and contractually bound in accordance with Article 28 GDPR. All of the above-mentioned providers work for us as processors.
CONSENT MANAGEMENT VIA BORLABS
We use the cookie consent technology of Borlabs Cookies to obtain your consent under data protection law to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein (“Borlabs”) based in Germany.
Borlabs uses a technically necessary cookie to store your data protection consent. The following information is stored in the Borlabs cookie:
- Cookie runtime
- Cookie version
- Domain and path of the website
- Consents
- UID (randomly generated ID which, according to Borlabs, is not personally identifiable)
Data is not transferred to Borlabs.
Borlabs is used to obtain the legally required consent for the use of cookies. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consents (Art. 6 para. 1 lit. c) GDPR), to fulfill our accountability obligation pursuant to Art. 5 para. 2 GDPR.
USE OF GOOGLE ANALYTICS
If you have given your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) Grant GDPR, Google Analytics. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) (“Google”).
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that enable an analysis of the use of the website by the user. The information acquired by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. An adequacy decision exists for the USA, so that data can be transferred without further measures. You can view Google’s certification here.
We have made the setting that your IP address will be anonymized. IP address anonymization is carried out by Google, but within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The anonymized IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you.
You can see the cookies that are set in connection with Google Analytics in the list above.
You can revoke your consent at any time by making the appropriate settings directly via our banner. The user and event data will be deleted after 14 months. The “Reset user data on new activity” function is activated. This means that if you visit our website again before the retention period expires, your data will not be deleted.
Google signals
This website uses the “Google Signals” function to expand the statistical reports created with Google Analytics to include a cross-device analysis of visitor flows. This is also known as cross-device tracking.
When are Google Signals collected?
Google Signals are only applied to users who are logged into a Google account during the sessions and have activated the “Personalized advertising” function in the Google account.
What information do we get from Google Signals?
Google Signals does not provide us with any in-depth knowledge about specific individuals or ways to uniquely identify you or the device you are using. We only receive general demographic information (gender, age group) and possible interests from Google, which we can use for our marketing measures.
How can I deactivate Google Signals?
If you wish to deactivate this function for yourself, you must do so proactively via the setting in your Google account. The link takes you to the change options in your Google account: https://support.google.com/ads/answer/2662856.
Further information on Google Signals can be found directly on the Google information page at https://support.google.com/analytics/answer/7532985?hl=de.
GOOGLE ADS
We use Google Ads with your consent in accordance with Art. 6 para. 1 lit. a) GDPR in order to be able to show you advertising on websites of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and other third-party providers.
Our purpose is to show you advertising that is of interest to you and to make our website more interesting for you. Conversion tracking allows us to determine how successful the individual advertising measures are. For this purpose, we use cookies that can be used to measure certain parameters for measuring reach, such as the display of ads or clicks by users. If users access our website via a Google ad, Google Ads stores a cookie on the corresponding end device. We only receive aggregated evaluations of user behavior, on the basis of which we can determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media.
You can find more information about cookies in the cookie list above.
You can find further information on data protection for Google services at: https://policies.google.com/privacy?hl=de
FACEBOOK PIXEL
As part of the use of the so-called Facebook pixel, cookies are set on our website with your consent (see cookies with provider or name “Facebook”). In addition to us, Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook), is jointly responsible for the data processing associated with the pixel in accordance with Article 26 GDPR. You can access the agreement on which the cooperation with Facebook is based here. The pixel collects data about your use of our website and compares it with Facebook’s data in order to show you customized advertising from us on Facebook’s websites. Facebook also uses the data for its own advertising purposes and for third-party advertising purposes in accordance with the Facebook Data Policy. In it, you will also find further information on how you can assert your data subject rights described below directly against Facebook with regard to your data processed by Facebook.
GOOGLE TAG MANAGER
We use the Google Tag Manager of the provider Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
The Google Tag Manager is used to manage website tags via an interface. This enables us as marketers to manage website tags via a single interface. Tags are small sections of code that record (track) your activities on our website, for example. The Google Tag Manager itself does not set any cookies, but ensures that other tags, such as Google Analytics, which may collect data, are activated. Google Analytics itself sets cookies. You can find more information on this in the chapter “Web tracking measures”.
By implementing the Google Tag Manager, your IP address is transmitted to Google in anonymized form. This may also result in data being transferred to Google servers in the USA. We have concluded an order processing contract with Google in accordance with Art. 28 GDPR. An adequacy decision exists for the USA, so that data can be transferred without further measures. You can view Google’s certification here.
In the account settings of the Tag Manager, we have not allowed Google to receive anonymized data from us.
The storage duration of the integrated tracking tools, such as Google Analytics, depends on the tool used, which is loaded via the Google Tag Manager.
TIX TOK PIXEL
We use the so-called TikTok Pixel on our website. TikTok is a service of TikTok Technology Limited, based in Dublin, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (together “TikTok”).
The TikTok pixel enables us to identify you as a visitor to our website within the TikTok service. This enables us to display advertising only to users who are also interested in our offers and services. The TikTok Pixel also helps us to check the effectiveness of our advertisements on TikTok and to evaluate them for statistical and market research purposes. This allows us to see whether users have been redirected to our website after clicking on a TikTok ad.
For more information and details on how the TikTok pixel works, please refer to TikTok’s privacy policy, which can be found at the following link: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.
The use of the TikTok pixel and the storage of cookies are based on your consent in accordance with Article 6 (1) lit. a) GDPR.
We have also concluded a contract data processing agreement with TikTok to ensure that your data as a visitor to our website is protected by TikTok and not passed on to third parties.
6. ONLINESHOP
To place orders via the online store, you can either create a customer account or place an order as a guest.
Use of the WooCommerce store system: We use the WordPress plugins Woocommerce and Woocommerce Germansized to technically process the sale of our products. The plugins are local plugins that do not transfer any personal data to WooCommerce. The WooCommerce plugin adds the functionality of this online store to our content management system and WooCommerce Germanized extends WooCommerce and ensures technical adaptation to the specific legal requirements.
Registration and creation of a user account: To register and create your user account, we collect your e-mail address, title, first name and surname. You will receive an e-mail with a link to create a new password. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. Your data is therefore processed for the purpose of fulfilling contractual obligations.
Ordering as a “guest”: When ordering as a guest, we only collect the data required to carry out the delivery. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR, you provide this data as part of your contractual relationship.
Commissioned shipment of goods: If the delivery address differs from the billing address, personal data of persons who do not order directly in our store may also be processed. Experience has shown that these orders often serve as gifts. We received your address from a person who gave you our products as a gift. Your address data therefore does not originate from publicly accessible sources (Art. 14 para. 2 lit. f) GDPR). The legal basis for this data processing is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b) GDPR.
Processing your order: Before checkout (payment), you have the option of entering “Comments on the order” in a free text field. Please do not enter any personal data here. We collect your data for invoicing and for processing the shipment. The legal basis for this data processing is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b) GDPR. As part of the shipping process, we use the processor acut fullfilment GmbH, based in Berlin.
Payment options: You can process your payments via the payment service provider “Stripe” or by prepayment. This corresponds to our legitimate interest in offering an efficient and secure payment method and is based on the legal basis of Art. 6 para. 1 lit. f) GDPR. In this context, we pass on data to the payment service providers insofar as this is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR). Processing via payment providers is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via the payment provider. You then have the option of choosing a different payment method.
Further information about Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland can be found at https://stripe.com/de
The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.
Storage period: We store your data until your user account is deleted. This does not affect the fulfillment of retention obligations such as under the Federal Fiscal Code.
Data processing of business partners and customers
1. fulfillment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
The purposes of data processing arise from the implementation of pre-contractual measures and the fulfillment of obligations arising from the concluded contract.
- Processing our contracts with customers
To process the contract with you, we process master data such as your first and last name, your billing address and your billing and payment data. We use your e-mail address to carry out the communication.
2. for the fulfillment of legal obligations (Art. 6 para. 1 lit. c) GDPR)
In individual cases, the purposes of data processing result from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for tax control and reporting obligations and data processing in the context of inquiries from authorities. In this context, data may also be transferred to our contracted tax advisor.
3. to fulfill our legitimate interests (Art. 6 para. 1 lit. f GDPR)
We process the contact details of contact persons at customers, interested parties, suppliers and other business partners for communication by e-mail, telephone and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 para. 1 f) GDPR. The legitimate interest here arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners as well as personal contact with contact persons.
As a matter of principle, we do not pass on data to third parties.
Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data provided by you beyond the actual fulfillment of the contract with business partners. The legitimate interests here are in particular the selection of suitable business partners, the fulfillment of compliance measures, the assertion of legal claims, the defense against liability claims, the prevention of criminal offenses and the settlement of damages resulting from the business relationship.
4. who receives the personal data you have provided?
As part of the contractual relationship, we may also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is ensured by contract.
5. storage period
The personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes.
6. data processing to document compliance with the GDPR
Insofar as your data is collected on the basis of consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, we process your data exclusively for a specific purpose and after separate information in order to fulfill our obligations under Art. 5 para. 2 GDPR to be able to prove that you have consented to the data processing in question.
If you assert data subject rights against us under the GDPR, we will also process and store your data in order to fulfill our accountability obligations pursuant to Art. 5 para. 2 GDPR to be able to prove that we have complied with the GDPR when processing your request.
If you assert your rights under the GDPR against us, your data may be transferred to our external data protection consultancy(SCALELINE Datenschutz).
Operation of social media presences
We maintain the following social media presences:
YouTube: https://www.youtube.com/@zundertoothpicks
TikTok: https://www.tiktok.com/@zundertoothpicks
Facebook: https://www.facebook.com/zundershop
Instagram: https://www.instagram.com/zundertoothpicks
YouTube Video is a streaming service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
TikTok is a product of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Instagram and Facebook are products of Meta Platforms Inc. (formerly Facebook Inc.): facebook.com/help/1561485474074139/?helpref=related
Data processing by us:
- Maintaining the above-mentioned social media pages and placing ads (“advertisements”)
The personal data entered on social media pages , such as comments, videos, images, likes, public messages etc. are published by the respective social media platform. We reserve the right to delete content should this be necessary. We may share content on our website and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place advertisements (“ads”) via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.
- Page Insights
The social media platforms provide anonymized statistics and insights that help us gain knowledge about the types of actions people take on our site (so-called “page insights”). These page insights are created on the basis of certain information about people who have visited our site.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors of our pages.
This processing of personal data is carried out by the social media platform and us as the controller. so-called joint controllers pursuant to Art. 26 GDPR. In the case of joint responsibility, a separate agreement must be concluded.
YouTube (Google): https://policies.google.com/privacy?hl=de
TikTok: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms
Instagram and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum
If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please contact us using the contact details given above.
Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing this information is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. Please use the above e-mail address to contact us.
Data processing by the operator of the social media platform:
In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, the latter is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we have only limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterization), we work within the scope of our possibilities to ensure that the operator of the social media platform handles the data in accordance with data protection regulations. In many cases, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data it processes. The respective operator will inform you about the processing of personal data in its own privacy policy:
YouTube: www.policies.google.com/privacy?hl=de
TikTok: https://ads.tiktok.com/i18n/official/policy/privacy?
Facebook: www.facebook.com/help/568137493302217
Instagram: help.instagram.com/519522125107875
In the context of platform use, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries are certified by the European Commission with a so-called adequacy decision. This means that the legal situation regarding the protection of privacy in these countries is comparable to that in the EU or EEA. Further information on the current countries with an adequacy decision can be found here. Meta Platforms Inc (Facebook, Instagram) and Google (YouTube) are certified in accordance with the adequacy decision for the USA, the Data Privacy Framework. In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.
Note on TikTok: TikTok belongs to the Chinese company ByteDance. Therefore, your data is subject to Chinese laws. Chinese authorities have access to data from Chinese companies, which makes compliance with European data protection standards uncertain.
Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform, for example, we cannot switch this off. Please be aware of this: It cannot be ruled out that the provider of the social media platform will use your profile and behavioral data, for example to evaluate your habits or personal relationships and preferences etc. We have no influence on the processing of your data by the provider of the social media platform.
Rights of data subjects
Your rights as a data subject
You have the right under Art. 15 para. 1 GDPR to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have a right to data portability in accordance with Art. 20 GDPR.
Insofar as the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject’s interest in objecting.
Insofar as data processing is based on consent pursuant to Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) and Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.
You also have the right to lodge a complaint with a data protection supervisory authority. The complaint may in particular be lodged with a supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
Contact details for the data protection authority:
FDPIC – Federal Data Protection and Information Commissioner, Feldeggweg 1, CH – 3003 Bern
No automated decision-making
We do not carry out automated decision-making or profiling.
Provision
Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we are unable to respond to your inquiries, for example.
This data protection information was created in cooperation with the consulting firm SCALELINE Datenschutz. The legal texts are subject to copyright.