Privacy Policy

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy, which is listed below this text.

Data Collection on Our Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the legal notice of this website.

How do we collect your data?

Your data is collected in two ways: firstly, when you provide it to us. This could include, for example, data that you enter into a contact form.

Other data is collected automatically by our IT systems when you visit the website. This includes primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access our website.

What do we use your data for?

Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction, blocking, or deletion of this data. For this purpose, as well as for any further questions regarding data protection, you can contact us at any time at the address provided in the legal notice. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Analytics tools and third-party tools

When you visit our website, your browsing behavior may be statistically analyzed.

This is done primarily using cookies and so-called analytics programs. The analysis of your browsing behavior is generally anonymous; your browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

 

You can object to this analysis. We will inform you about the options for objecting in this privacy policy.

Integration of the Trusted Shops Trustbadge / other widgets

Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g., seals of approval, collected reviews) and to offer Trusted Shops products to buyers after an order.

This serves to protect our legitimate interests, which outweigh your interests, in optimal marketing by enabling secure shopping in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible for data protection in accordance with Article 26 of the GDPR. In the following, we inform you about the essential contractual terms pursuant to Article 26(2) of the GDPR within the framework of this privacy notice. The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider as part of our joint controllership. An adequate level of data protection is ensured through standard contractual clauses and other contractual measures. Further information on data protection at Trusted Shops GmbH can be found in their Privacy Policy.

When the Trustbadge is accessed, the web server automatically saves a server log file, which also contains your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access. The IP address is anonymized immediately after collection, so that the stored data cannot be associated with you personally. The anonymized data is used in particular for statistical purposes and for error analysis.

After order completion, your email address, hashed using a cryptographic one-way function, is transmitted to Trusted Shops GmbH. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. This serves to verify whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in providing buyer protection and transactional review services linked to the specific order, in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. If this is the case, further processing will take place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will subsequently have the opportunity to do so for the first time. Further processing after successful registration is also governed by the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH, and personal identification will then no longer be possible. Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis for this is Art. 6 Para. 1 lit. f GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA through standard contractual clauses and other contractual measures, and in the case of Israel through an adequacy decision.

Within the framework of the joint controllership between us and Trusted Shops GmbH, please contact Trusted Shops GmbH preferably with any data protection questions and to assert your rights, using the contact options provided in the data protection information linked above. However, you can always contact the controller of your choice. Your inquiry will then be forwarded to the other controller for a response, if necessary.

2. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data that can be used to personally identify you.

This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmission over the Internet (e.g., when communicating by email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible. Information on the responsible party The responsible party for data processing on this website is: ELEO GmbH, Katrin Weinkaufe, Ziegeleistr. 14
96269 Großheirath

 

Phone: +49 9565 / 509170
Email: datenschutz@eleo-zaun.de
Data Protection Officer: Lisa Thonhauser-Walter

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. An informal notification by email to us is sufficient. The lawfulness of data processing carried out before the withdrawal of consent remains unaffected by the withdrawal. Right to lodge a complaint with the competent supervisory authority In the event of data protection violations, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the State Data Protection Commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to receive the data that we process automatically based on your consent or in fulfillment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format. If you request the direct transfer of your data to another controller, this will only be done if technically feasible. SSL/TLS Encryption This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from “http://” to “https://” and by the padlock icon in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on this Website

If, after concluding a paid contract, you are obligated to transmit your payment data to us (e.g., bank account number for direct debit), this data is required for payment processing.

Payment transactions using common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection.

You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser bar. With encrypted communication, your payment data that you transmit to us cannot be read by third parties. Information, Blocking, Deletion Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to rectification, blocking, or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the legal notice. 3. Data Collection on Our Website Cookies Our website uses so-called cookies in some areas. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit ends. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit. You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. Cookies that are necessary for carrying out the electronic communication process or for providing certain functions you have requested (e.g., shopping cart function) are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g., cookies for analyzing your browsing behavior) are stored, these are addressed separately in this privacy policy.

 

Adjust cookie settings

Server log files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

 

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of its website – for this purpose, the server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of the data entered into the contact form is therefore based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. An informal notification by email to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Newsletter

On our websites, you have the option of subscribing to the free ELEO GmbH newsletter. The newsletter informs you about current offers, new products, special promotions, and exclusive benefits.

We also use the newsletter to inform you about upcoming surveys and competitions from time to time and to ask for your feedback on our services. To subscribe, you only need to provide your email address. For a more personalized approach, you can optionally provide us with your title, first and last name, and date of birth. After submitting the registration form, you will receive a confirmation email from us (double opt-in email). Your newsletter subscription will only become effective once you have clicked the link in the confirmation email. If you do not click the link in the confirmation email, the subscription will not be completed. As part of this service and based on your consent, we also collect and process usage data. Data processing for the implementation and optimization of the newsletter service is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent for the newsletter service at any time with effect for the future and unsubscribe from the newsletter. To do so, you can use the unsubscribe link provided at the end of each newsletter email or contact us using the email address you registered for the newsletter; please use the contact details provided. Your email address will then be deleted from the newsletter mailing list.

 

Sending surveys and offers

Use of your email address

If you have made a purchase from us, we will send you the following by email:

• Feedback surveys to improve our services and product quality
• Advertising for similar products from our range

Legal basis: Section 7 Paragraph 3 of the German Unfair Competition Act (UWG) and Article 6 Paragraph 1 Letter f of the GDPR (legitimate interest in customer retention and product improvement).

Your right to object

You can object free of charge

at any time:

 

• Email: datenschutz@eleo-zaun.de
• Mail: ELEO GmbH, Ziegeleistr. 14, 96269 Großheirath

Survey service provider: SurveyMonkey

Data processor: SurveyMonkey Inc. (USA) with a data processing agreement pursuant to Art. 28 GDPR. Third-country transfer: Based on the EU-US Data Privacy Framework and EU Standard Contractual Clauses. US authorities may have access to data under certain circumstances.

Processing of data (customer and contract data)

We collect, process, and use personal data only to the extent necessary for establishing, defining the content of, or amending the contractual relationship (master data). This is done on the basis of Article 6 Paragraph 1 Letter b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data relating to the use of our website (usage data) only to the extent necessary to enable the user to use the service or for billing purposes. The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected. Data transfer upon conclusion of a contract for online shops, retailers, and shipping We only transfer personal data to third parties if this is necessary for the execution of the contract, for example, to the companies entrusted with the delivery of the goods or the credit institution commissioned with processing the payment. Further transfer of data does not take place, or only if you have expressly consented to the transfer. Your data will not be passed on to third parties without your explicit consent, for example, for advertising purposes.

The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.

Application (Application by Email)

Purpose of data processing: Processing your application and conducting the application process; considering your application in future application processes, provided you have given your explicit consent.

Legal basis: Article 6(1)(a) GDPR, Article 6(1)(b) GDPR, Article 9(1) GDPR, Article 49(1)(a) GDPR

Data categories: Master data, contact data, content data, contract data, connection data (if applicable), usage data (if applicable), and special categories of personal data (if applicable). of Article 9 Paragraph 1 GDPR (depending on the specific job posting; only the data relating to your application that you provide to us and that we are permitted to process in the context of applications will be stored).

Information on external pages of ELEO GmbH

Meta

We have set up pages for our company at the addresses https://www.facebook.com/ELEOPavillon/ and https://www.facebook.com/ELEOZaunsysteme/. We are also represented on Facebook in Italy, France, and the Netherlands. When you visit these pages, Facebook processes your personal data. We receive statistics about the use of this page, which are derived from this data.

Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 49 para. 1 lit. a GDPR.

Data categories: Master data, contact data, content data, usage data, connection data, location data (if applicable).

Recipients of the data: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) (as joint controller, Art. 26 GDPR – the essentials of the agreement can be accessed at https://www.facebook.com/legal/terms/page_controller_addendum).

Data subject rights: Facebook is responsible for implementing your data subject rights. Facebook provides information about your data subject rights at https://www.facebook.com/legal/terms/information_about_page_insights_data.

Instagram

On the “Instagram” platform of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), we have the following addresses: https://www.instagram.com/eleo_de, https://www.instagram.com/eleo.fr,

Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 49 para. 1 lit. a GDPR.

Data categories: Master data, contact data, content data, usage data, connection data, location data (if applicable).

Recipients of the data: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) (as joint controller, Art. 26 GDPR – the essentials of the agreement can be accessed at https://www.facebook.com/legal/terms/page_controller_addendum).

Data subject rights: Meta is responsible for implementing your data subject rights. Meta provides information about your data subject rights at https://www.facebook.com/legal/terms/information_about_page_insights_data.

Pinterest

On the platform “Pinterest” we have at the following addresses: https://de.pinterest.com/eleo_de/, https://fr.pinterest.com/eleo_fr/, https://it.pinterest.com/eleo_it/, https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to Data Collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent the collection of your data on future visits to this website: Disable Google Analytics.

More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data Processing Agreement

We have concluded a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing in conjunction with Google's cross-device capabilities. AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This feature allows you to link advertising target groups created with Google Analytics Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages, tailored to you based on your previous usage and browsing behavior on one device (e.g., mobile phone), can also be displayed on another of your devices (e.g., tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. Auf diese Weise können auf jedem Endgerät auf dem Sie sich mit Ihrem Google-Konto anmelden, dieselben personalisierten Werbebotschaften geschaltet werden.

To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data in order to define and create audiences for cross-device advertising.

You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google Account; to do so, follow this link: https://www.google.com/settings/ads/onweb/.

The consolidation of the data collected in your Google Account is carried out solely on the basis of your consent, which you may give to or withdraw from Google (Article 6(1)(a) of the GDPR). In the case of data collection processes that are not consolidated in your Google Account (e.g. because you do not have a Google Account or have objected to the consolidation), the collection of data is based on Article 6(1)(f) of the GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.

Further information and the data protection provisions can be found in Google’s privacy policy at:  https://www.google.com/policies/technologies/ads/.

Google AdWords und Google Conversion-Tracking

This website uses Google AdWords. AdWords is an online advertising programme provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

As part of Google AdWords, we use what is known as conversion tracking. When you click on an advert displayed by Google, a conversion tracking cookie is set. Cookies are small text files that the web browser stores on the user’s computer. These cookies expire after 30 days and are not used to identify users personally. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the advert and was redirected to that page.

Each Google AdWords customer is assigned a different cookie. These cookies cannot be tracked via AdWords customers’ websites. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted in to conversion tracking. Customers are informed of the total number of users who clicked on their advert and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can opt out by easily disabling the Google conversion tracking cookie via your web browser’s user settings. You will then not be included in the conversion tracking statistics.

“Conversion cookies” are stored on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

You can find more information about Google AdWords and Google Conversion Tracking in Google’s Privacy Policy: https://www.google.de/policies/privacy/.

You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be restricted.

Consent Mode v2

We use Google Consent Mode v2 to control the behaviour of our Google tags in accordance with the consent you provide via the cookie banner. If consent is not given, our tag sends anonymised signals to Google, which are used exclusively for the modelled measurement of aggregated conversion data. Legal basis: Article 6(1)(a) of the GDPR.

Google Customer Match

Provided you have given your consent, we use hashed customer data (e.g. email address) to create target groups for personalised adverts in Google Ads (‘Customer Match’). The hash values are transferred to Google Ireland Limited, where they are matched against Google accounts. Legal basis: Article 6(1)(a) of the GDPR. Once the comparison has been carried out, the hash values are deleted. Processing in the USA by Google LLC is possible; this is safeguarded by the EU-US Data Privacy Framework (DPF) and, in addition, by Standard Contractual Clauses.

Enhanced Conversions

We use the “Enhanced Conversions” feature to attribute conversions more accurately. This allows hashed order data (e.g. email addresses) to be transmitted securely to Google. The data is used exclusively for performance measurement. Legal basis: Article 6(1)(a) of the GDPR.

Bing Universal Event Tracking (UET)

Our website uses Bing Ads technologies to collect and store data, from which usage profiles are created using pseudonyms. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track users’ activities on our website if they have arrived there via Bing Ads advertisements. If you access our website via such an advert, a cookie is placed on your computer. A Bing UET tag is integrated into our website. This is a piece of code which, in conjunction with the cookie, stores certain non-personal data regarding the use of the website. This includes, amongst other things, the length of time spent on the website, which sections of the website were accessed, and via which advert users arrived at the website. No information relating to your identity is collected.

The information collected is transferred to Microsoft’s servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and relating to your use of the website, as well as the processing of this data, by disabling cookies. This may, however, restrict the functionality of the website.

Furthermore, Microsoft may, under certain circumstances, use what is known as cross-device tracking to track your usage behaviour across several of your electronic devices, thereby enabling it to display personalised advertising on or within Microsoft websites and apps. You can disable this feature at: http://choice.microsoft.com/de-de/opt-out 

Further information on Bing’s analytics services can be found on the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). For further information on data protection at Microsoft and Bing, please see Microsoft’s privacy policy (https://privacy.microsoft.com/de-de/privacystatement).

Clarity

When you visit this website, personal data is processed. The categories of data processed include: data used to compile usage statistics. The purpose of the processing is to anonymise data, compile statistics and analyse usage behaviour. The legal basis for the processing is your consent pursuant to Article 6(1)(a) of the GDPR. Data is transferred to: the independent data controller Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The legal basis for the transfer of data to Microsoft Ireland Operations Ltd. is your consent pursuant to Article 6(1)(a) of the GDPR. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is carried out on the basis of Article 45 of the GDPR in conjunction with the European Commission’s Adequacy Decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF). To contact the Data Protection Officer of Microsoft Ireland Operations Ltd. by email: https://www.microsoft.com/de-de/concern/privacy. The privacy policy of Microsoft Ireland Operations Ltd.: https://privacy.microsoft.com/de-de/privacystatement.

5. Plugins und Tools

Google Web Fonts

This site uses so-called web fonts, provided by Google, to ensure a consistent display of fonts. When you visit a page, your browser loads the required web fonts into its cache in order to display text and fonts correctly.

To do this, the browser you are using must establish a connection to Google’s servers. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interests of ensuring a consistent and attractive presentation of our online content. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

If your browser does not support web fonts, a standard font from your computer will be used.

For further information on Google Web Fonts, please visit https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

Google Maps

This website uses the Google Maps mapping service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transfer.

The use of Google Maps is in the interests of presenting our online services in an appealing manner and ensuring that the locations listed on our website can be easily found. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

Further information on the handling of user data can be found in Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

Zigpoll (customer surveys and feedback)

We use the Zigpoll service on our website to conduct customer surveys, collect feedback and analyse customer satisfaction.

The service is provided by Zigpoll Inc., USA.

When using Zigpoll, the following data in particular may be processed:

• Information you provide in surveys or feedback forms,
• order information (e.g. order number, products purchased),
• customer data linked to your Shopify account (e.g. email address, customer ID),
• technical information about your use of our website (e.g. time of participation, device type, browser information, IP address in truncated or technically necessary form) .

The data is processed for the purpose of improving our products and services, analysing customer satisfaction, optimising our offering, and carrying out market and customer analyses.

The legal basis for the processing is Article 6(1)(f) of the GDPR (legitimate interest in improving our offering and our customer communications). Where consent is required for certain processing operations, the processing is carried out on the basis of Article 6(1)(a) of the GDPR.

The data may be transferred to the provider’s servers in the USA and processed there. According to the provider, appropriate safeguards in accordance with Article 44 et seq. of the GDPR are in place for data transfers to third countries.

Further information on the processing of personal data by Zigpoll can be found in the provider’s privacy policy:

Zigpoll’s privacy policy

6. Payment Providers

PayPal

On our website, we offer, amongst other options, payment via PayPal. This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

If you select payment via PayPal, the payment details you enter will be transmitted to PayPal.

The transmission of your data to PayPal is based on Article 6(1)(a) of the GDPR (consent) and Article 6(1)(b) of the GDPR (processing for the performance of a contract). You have the option to withdraw your consent to data processing at any time. Withdrawal does not affect the lawfulness of data processing operations carried out prior to such withdrawal.

Klarna

On our website, we offer, amongst other things, payment via Klarna. This payment service is provided by Klarna Bank AB, German Branch, Chausseestraße 117, 10115 Berlin (hereinafter “Klarna”).

In order to be able to offer you Klarna’s payment options, we will transfer personal data, such as contact details and order details, to Klarna. This enables Klarna to assess whether you are eligible to use the payment options offered via Klarna and to tailor these options to your needs. General information about Klarna is available here. Your personal data will be processed by Klarna in accordance with the applicable data protection regulations and as set out in Klarna’s privacy policy.

Stripe (TikTok Shop)

When making a purchase via the TikTok Shop, payment processing is handled by the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”). Stripe may process various categories of personal data necessary for the execution of the payment. These include, in particular: name, email address, billing and delivery addresses, payment details (e.g. credit card details or account number), transaction data and, where applicable, information required for identity verification.

Data processing is carried out for the purpose of payment processing and is necessary for the performance of the contract in accordance with Article 6(1)(b) of the GDPR. Furthermore, processing may take place to comply with legal obligations (e.g. in the context of anti-money laundering) pursuant to Article 6(1)(c) of the GDPR.

Stripe may also transfer data to affiliated companies and sub-processors located outside the European Union, in particular to the USA. In doing so, appropriate safeguards in accordance with Article 46 of the GDPR (in particular the EU Standard Contractual Clauses) are put in place to ensure an adequate level of data protection.

Further information on data protection at Stripe can be found at: https://stripe.com/privacy

 

The use of the aforementioned services may involve the transfer of personal data to the USA. This is based on the EU-US Data Privacy Framework (DPF) and, in addition, on EU Standard Contractual Clauses (Article 46 of the GDPR). Further information can be found in the privacy policies of the respective providers.