Privacy policy

1) Introduction and Contact Information of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information on the handling of your personal data when using our website. Personal data includes all information that can be used to identify you personally.

1.2 The responsible party for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Patrick Klimek e.U.
Owner: Patrick Klimek, Murfeldsiedlung 20, 8111 Gratwein, Austria, Tel.: +4368120421204, Email: service@iflight-rc.eu.
The responsible party for processing personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 During purely informational use of our website, meaning if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the server hosting the site (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you arrived at the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

Processing occurs in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. No sharing or further use of the data occurs. However, we reserve the right to retrospectively review server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock icon in your browser's address bar.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying its content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and to prevent unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser ("session cookies"), while others remain on your device for a longer period, allowing the storage of page settings ("persistent cookies"). For the latter, you can view the storage duration in your web browser's cookie settings overview.

If any of the cookies we use also process personal data, this processing occurs either under Article 6(1)(b) of the GDPR for the performance of the contract, under Article 6(1)(a) of the GDPR in the case of consent, or under Article 6(1)(f) of the GDPR to safeguard our legitimate interests in the optimal functionality of the website and a user-friendly, efficient site experience.

You can configure your browser to inform you when cookies are set and to decide individually on their acceptance, or to exclude the acceptance of cookies for certain cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

5.1 Shopify Inbox

This website uses the live chat system provided by the following company: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

The processing of personal data transmitted via the chat is carried out either under Article 6(1)(b) of the GDPR, as it is necessary for the initiation or performance of a contract, or under Article 6(1)(f) of the GDPR based on our legitimate interest in effectively assisting our website visitors. The data you transmit in this way will be deleted once the matter in question has been conclusively resolved, provided no legal retention periods apply.

Additionally, for the purpose of creating pseudonymized usage profiles, further information may be collected and evaluated using cookies. This information, however, does not serve to personally identify you and will not be combined with other data sets. If this information is personally identifiable, processing is carried out in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in statistically analyzing user behavior for optimization purposes.

Cookie settings in your browser can prevent the use of cookies, although this may limit our website’s functionality. You may object at any time to the collection and storage of data for the creation of a pseudonymized usage profile, effective for the future.

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

We have a data processing agreement with this provider to ensure the protection of our site visitors’ data and to prevent unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

5.2 Trusted Shops

For review reminders, we use the services of the following provider: Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany.

Only based on your explicit consent, as per Article 6(1)(a) of the GDPR, we transmit your email address and, if applicable, other customer data to this provider, enabling them to contact you with a review reminder via email.

You may withdraw your consent at any time, effective for the future, either with us or with the provider.

We share responsibility with this provider for the processing described above in accordance with Article 26 of the GDPR. The agreement on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO.

5.3 Gorgias

To manage customer inquiries, we use the email ticketing system from Gorgias Inc., 180 Sansome St, Suite 1800, San Francisco, CA 94014, USA.

When you contact us via email through our website, these requests are saved and organized within the ticketing system, allowing us to manage inquiries chronologically and improve service quality. You can check the status of your inquiry at any time using the unique ticket number provided.

For organizing and processing inquiries, personal data is collected to the extent provided, including at least your first name, last name, and email address. This data is transmitted to the provider, stored, and accessed there.

The legal basis for processing this data is our legitimate interest in providing efficient customer service, answering inquiries promptly, and optimizing our service offerings in accordance with Article 6(1)(f) of the GDPR.

We have entered into a data processing agreement with the provider, ensuring the protection of our visitors’ data and prohibiting unauthorized disclosure to third parties.

For data transfers to the USA, the provider relies on the European Commission’s standard contractual clauses to ensure compliance with European data protection standards.

5.4 WhatsApp Business

We offer visitors the option to contact us via the messaging service WhatsApp, provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the "Business Version" of WhatsApp for this purpose.

If you contact us on WhatsApp in connection with a specific transaction (e.g., an order), we store and use the mobile number you use on WhatsApp and—if provided—your first and last name in accordance with Article 6(1)(b) of the GDPR to process and respond to your inquiry. Under this same legal basis, we may request additional data (order number, customer number, address, or email address) via WhatsApp to associate your request with a specific transaction.

For general inquiries (e.g., regarding our services, availability, or website), we store and use the mobile number you use on WhatsApp and, if provided, your first and last name under Article 6(1)(f) of the GDPR, based on our legitimate interest in providing the requested information efficiently and promptly.

Your data is used exclusively to respond to your inquiries via WhatsApp. No data is disclosed to third parties.

Please note that WhatsApp Business accesses the address book of the mobile device we use for this purpose, automatically transmitting stored phone numbers to a server of the parent company, Meta Platforms Inc., in the USA. We ensure that the address book of the device used for our WhatsApp Business account only contains the WhatsApp contact information of users who have contacted us on WhatsApp.

This ensures that each person whose WhatsApp contact data is stored has, upon first use of the app on their device, agreed to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Article 6(1)(a) of the GDPR by accepting WhatsApp’s terms of use. Data transfer for users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For information on the scope and purpose of data collection, as well as data processing and usage by WhatsApp and your privacy rights and settings, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy.

We have signed a data processing agreement with the provider to protect the data of our website visitors and prevent disclosure to third parties.

In the course of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

5.5 When contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry, and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) of the GDPR. If your contact aims to establish a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted once it is clear that the matter has been fully resolved, provided no legal retention requirements prevent this.

6) Comment Function

When using the comment function on this website, your comment, along with details such as the time of comment creation and the commentator name you chose, will be stored and published on this website. Additionally, your IP address will be recorded and stored. This storage of the IP address is for security reasons and in case the person posting a comment infringes upon the rights of third parties or posts illegal content. We require your email address so we can contact you should a third party dispute your published content as unlawful.

The legal basis for storing your data is Article 6(1)(b) and (f) of the GDPR. We reserve the right to delete comments if they are reported as unlawful by third parties.

7) Data Processing When Opening a Customer Account

In accordance with Article 6(1)(b) of the GDPR, personal data will be collected and processed to the necessary extent if you provide it to us when opening a customer account. The specific data required for account creation can be found in the input fields of the respective form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the responsible party. After the deletion of your customer account, your data will be deleted provided all contracts concluded via the account have been fully executed, no statutory retention periods apply, and there is no legitimate interest on our part in further storage.

8) Use of Customer Data for Direct Marketing

8.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is optional and will be used to address you personally. For newsletter distribution, we use the so-called double opt-in procedure to ensure that you only receive newsletters after explicitly confirming your consent to receive them via a verification link sent to the email address provided.

By activating the confirmation link, you consent to our use of your personal data as per Article 6(1)(a) of the GDPR. We store the IP address entered by your Internet Service Provider (ISP) and the date and time of registration to track any possible misuse of your email address. The data collected during the newsletter subscription process will be used strictly for the purpose of sending the newsletter.

You may unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the responsible party mentioned above. Upon unsubscribing, your email address will be promptly removed from our newsletter distribution list unless you have expressly consented to the continued use of your data or we reserve the right to use your data beyond this, which is legally permissible and about which we inform you in this declaration.

8.2 Email Notification of Product Availability

For temporarily unavailable items, you may sign up to receive an email notification when the product becomes available. We will send you a one-time email notification about the availability of the item you selected. The only mandatory information for sending this notification is your email address. Providing additional data is optional and may be used to address you personally. For sending the email, we use the double opt-in procedure to ensure that you only receive a notification after explicitly confirming your consent via a verification link sent to the provided email address.

By activating the confirmation link, you consent to our use of your personal data as per Article 6(1)(a) of the GDPR. We store the IP address entered by your Internet Service Provider (ISP) and the date and time of registration to track any possible misuse of your email address. The data collected during the registration for our email notification service for product availability will be used strictly for this purpose.

You may unsubscribe from availability notifications at any time by notifying the responsible party mentioned above. After unsubscribing, your email address will be promptly removed from the distribution list for this purpose unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is legally permissible and about which we inform you in this declaration.

8.3 Cart Reminders via Email

If you abandon your shopping session before completing your purchase, you may receive a one-time email reminder of the contents of your virtual shopping cart.

The only mandatory information for sending this reminder is your email address. Providing additional data is optional and may be used to address you personally. We use the double opt-in procedure to ensure that you only receive a notification after explicitly confirming your consent via a verification link sent to the email address provided.

By activating the confirmation link, you consent to our use of your personal data in accordance with Article 6(1)(a) of the GDPR to send a cart reminder. We store the IP address entered by your Internet Service Provider (ISP) and the date and time of registration to track any possible misuse of your email address. The data collected when registering for our email reminder service will be used strictly for this purpose.

You may unsubscribe from cart reminders at any time by notifying the responsible party mentioned above. After unsubscribing, your email address will be promptly removed from the distribution list for this purpose unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is legally permissible and about which we inform you in this declaration.

9) Data Processing for Order Fulfillment

9.1 To the extent necessary for contract fulfillment regarding delivery and payment purposes, the personal data collected by us is transmitted to the assigned transport company and the designated financial institution in accordance with Article 6(1)(b) of the GDPR.

If, based on a relevant contract, we owe you updates for goods with digital elements or for digital products, we will process the contact information you provided when placing your order (name, address, email address) to inform you of upcoming updates in a suitable manner (e.g., by mail or email) within the legally stipulated period, as part of our legal information obligations under Article 6(1)(c) of the GDPR. Your contact details will be strictly used for communication regarding updates we owe and will only be processed to the extent necessary for providing this information.

To fulfill your order, we also work with the following service providers who assist us, in whole or in part, in executing concluded contracts. Certain personal data is shared with these service providers as outlined below.

9.2 To fulfill our contractual obligations to our customers, we cooperate with external shipping partners. We provide your name, delivery address, and, if required for the delivery, your phone number exclusively for the purpose of delivering the goods in accordance with Article 6(1)(b) of the GDPR to a shipping partner selected by us.

9.3 Sendcloud

For shipping, we use the services of the following provider: Sendcloud GmbH, Fürstenrieder Str. 70, 80686 Munich, Germany.

In accordance with Article 6(1)(b) of the GDPR, we share your data solely for the purpose of processing your online order with the provider, which, on our behalf, handles printing shipping labels and forwarding shipment data to the assigned transport company. Data transfer only occurs to the extent necessary for order fulfillment.

On our behalf, the provider also sends shipping notifications and status updates. To facilitate effective, informative customer communication and transparent, reliable shipping management, which also benefits customers, we share certain customer data (email address, first and last name, and address) and the tracking number with the provider in accordance with Article 6(1)(f) of the GDPR.

The provider does not share data with third parties and processes it exclusively for the stated purpose. After shipping is complete, the provider deletes the data.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.

9.4 Transfer of Personal Data to Shipping Service Providers

  • Deutsche Post

We use the following provider as a transport service provider: Deutsche Post AG, Charles-de-Gaulle-Str. 20, 53113 Bonn, Germany.

We transfer your email address and/or phone number to this provider in accordance with Article 6(1)(a) of the GDPR before the delivery of goods, solely to coordinate a delivery date or send a delivery notification, provided you have given your explicit consent for this during the ordering process. Otherwise, for delivery purposes under Article 6(1)(b) of the GDPR, we only transfer the recipient's name and delivery address to the provider. Transfer is limited to what is necessary for the delivery of goods, and in such cases, coordinating a delivery date or sending a delivery notification is not possible.

You may withdraw your consent at any time, effective for the future, with the responsible party mentioned above or with the provider.

  • DHL

We use the following provider as a transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

The same consent and data handling procedures apply as outlined for Deutsche Post.

  • DHL Express

Provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany.

The same consent and data handling procedures apply as outlined for Deutsche Post.

  • DPD

Provider: DPD Deutschland GmbH, Wailandtstr. 1, 63741 Aschaffenburg, Germany.

The same consent and data handling procedures apply as outlined for Deutsche Post.

  • GLS

Provider: General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Str. 1–7, 36286 Neuenstein, Germany.

The same consent and data handling procedures apply as outlined for Deutsche Post.

  • Österreichische Post

Provider: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria.

The same consent and data handling procedures apply as outlined for Deutsche Post.

  • Post CH

Provider for Switzerland: Post CH (Swiss Post AG, Switzerland), Wankdorfallee 4, 3030 Bern.

Data transfer procedures are similar, ensuring an adequate level of data protection by an adequacy decision from the European Commission. The same consent procedures apply as outlined for Deutsche Post.

  • Poste Italiane

Provider: Poste Italiane S.p.A., Viale Europa 190, 00144 Rome, Italy.

The same consent and data handling procedures apply as outlined for Deutsche Post.

  • PostNL

Provider: Koninklijke PostNL BV, Waldorpstraat 3, 2521 CA The Hague, Netherlands.

The same consent and data handling procedures apply as outlined for Deutsche Post.

  • UPS

Provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Str. 1, 41460 Neuss, Germany.

The same consent and data handling procedures apply as outlined for Deutsche Post.

Consent for all shipping providers can be withdrawn at any time, effective for the future, with the responsible party or the provider.

9.5 Use of Payment Service Providers (Payment Services)

  • Amazon Pay

This website offers one or more online payment methods from the following provider: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg.

When selecting a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data provided during the order process (including name, address, bank and credit card information, currency, and transaction number) and details about the content of your order are shared with the provider according to Article 6(1)(b) of the GDPR. This data transfer is exclusively for processing payment with the provider and only to the extent necessary for this purpose.

  • Apple Pay

If you choose the "Apple Pay" payment method by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed through the "Apple Pay" feature on your iOS, watchOS, or macOS device by charging a payment card stored in Apple Pay. Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. To authorize a payment, you must enter a code you previously set and verify using the "Face ID" or "Touch ID" feature on your device.

For payment processing, the information provided during the order process, along with details about your order, is forwarded to Apple in encrypted form. Apple further encrypts these data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay. This encryption ensures that only the website where the purchase was made can access the payment data. Once the payment is completed, Apple sends the originating website a confirmation of the transaction’s success along with your device account number and a transaction-specific, dynamic security code.

If personal data is processed during these transmissions, such processing is exclusively for payment processing in compliance with Article 6(1)(b) of the GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, date, time, and a note of whether the transaction was successful. Anonymization fully excludes any personal reference. Apple uses anonymized data to improve "Apple Pay" and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made on Safari on your Mac, the Mac and authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store this information in an identifiable format. You can disable Apple Pay on your Mac in your iPhone settings by going to "Wallet & Apple Pay" and disabling "Allow Payments on Mac."

For more information on Apple Pay privacy, please visit: https://support.apple.com/de-de/HT203027.

  • EPS Transfer

This website offers one or more online payment methods from the following provider: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria.

When selecting a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data provided during the order process (including name, address, bank and credit card information, currency, and transaction number) and details about the content of your order are shared with the provider according to Article 6(1)(b) of the GDPR. This data transfer is exclusively for payment processing with the provider and only to the extent necessary.

  • giropay

This website offers one or more online payment methods from the following provider: paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany.

When selecting a payment method where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and credit card information, currency, and transaction number), as well as information about the content of your order, will be shared with the provider solely for the purpose of payment processing under Article 6(1)(b) of the GDPR. This data transfer is only to the extent necessary for processing the payment.

  • Google Pay

If you choose the "Google Pay" payment method by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment is processed via the "Google Pay" app on your Android device (version 4.4 or later) equipped with an NFC function, using a payment card stored in Google Pay or a verified payment system (e.g., PayPal). For Google Pay payments over €25, unlocking your mobile device with a verification method (such as facial recognition, password, fingerprint, or pattern) is required.

For payment processing, the information provided during the order process, along with details about your order, is transferred to Google. Google then transmits your payment information stored in Google Pay as a unique transaction number to the originating website, which verifies that payment was completed. This transaction number does not contain real payment data from your Google Pay account but is instead created and transmitted as a single-use numeric token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The transaction is solely between the user and the originating website, with the charge being made against the payment method stored in Google Pay.

If personal data is processed as part of these transmissions, such processing is solely for payment processing under Article 6(1)(b) of the GDPR.

Google may collect, store, and analyze certain transaction-specific information for each Google Pay transaction, including transaction date, time, amount, merchant location and description, item descriptions provided by the merchant, any photos attached to the transaction, the name and email of the buyer and seller, payment method used, and, if applicable, any offers associated with the transaction.

According to Google, this processing is carried out under Article 6(1)(f) of the GDPR, based on its legitimate interest in ensuring proper invoicing, verifying transaction data, and optimizing and maintaining the Google Pay service.

Google may also link processed transaction data with other information collected during the use of other Google services.

Google Pay's Terms of Service are available here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on Google Pay's privacy policy can be found here:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

  • Klarna

This website offers one or more online payment methods from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

When selecting a payment method where you pay in advance (e.g., credit card payment), the payment data provided during the order process (including name, address, bank and credit card information, currency, and transaction number) and details about your order will be shared with the provider solely for payment processing under Article 6(1)(b) of the GDPR.

For payment methods where the provider advances funds (e.g., invoice purchase, installment purchase, or direct debit), you will be required to provide certain personal data (first and last name, street address, house number, postal code, city, date of birth, email address, phone number, and possibly alternative payment information) during the ordering process.

To safeguard our legitimate interest in determining our customers' creditworthiness, this data is shared with the provider under Article 6(1)(f) of the GDPR for the purpose of credit checks. The provider assesses whether the chosen payment option can be granted based on your provided data and additional data (such as shopping cart contents, invoice amount, order history, and payment history).

For credit assessment decisions, the provider may also use identity and credit information from the following credit agencies according to Article 6(1)(f) of the GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

Credit information may include probability scores (known as score values), which are calculated based on a scientifically recognized mathematical-statistical method. Address data, among other factors, may be used in score calculation.

You may object to this data processing at any time by contacting us or the provider. However, the provider may still be entitled to process your personal data if it is required for contractually compliant payment processing.

  • Paypal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

When selecting a payment method where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and credit card information, currency, and transaction number), as well as details about your order, will be shared with the provider solely for the purpose of payment processing under Article 6(1)(b) of the GDPR. This data transfer is limited to what is necessary for processing the payment.

When selecting a payment method where we advance payment, you will also be prompted to provide certain personal information (first and last name, street address, house number, postal code, city, date of birth, email address, phone number, and possibly alternative payment information) during the ordering process.

To safeguard our legitimate interest in verifying your creditworthiness, this data is shared with the provider under Article 6(1)(f) of the GDPR for the purpose of a credit check. The provider uses your personal data and other information (such as shopping cart contents, invoice amount, order history, and payment experience) to determine if the selected payment option can be granted with respect to payment or default risk.

Credit assessments may include probability scores (known as score values), which are calculated using scientifically recognized mathematical-statistical methods. Address data, among other factors, may contribute to the score values.

You may object to this data processing at any time by contacting us or the provider. However, the provider may still process your personal data if required for contractual payment processing.

  • PayPal Checkout

This website uses PayPal Checkout, an online payment system provided by PayPal that includes PayPal’s own payment methods and local third-party payment methods.

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, "Pay Later" via PayPal, we transfer your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"), solely for payment processing under Article 6(1)(b) of the GDPR.

For payments made via credit card, direct debit, or “Pay Later” via PayPal, PayPal may conduct a credit check. Your payment data may be shared with credit agencies based on PayPal’s legitimate interest in determining your creditworthiness, under Article 6(1)(f) of the GDPR. PayPal uses the credit check outcome to decide whether to offer the specific payment method. Credit checks may include probability scores (score values), based on scientifically recognized mathematical-statistical methods, including address data.

You may object to this data processing at any time by notifying PayPal. However, PayPal may still be entitled to process your data if necessary for contractual payment processing.

If the "Invoice Purchase" option via PayPal is available and selected, your payment data is initially transferred to PayPal for payment preparation, after which PayPal forwards it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for payment processing. Ratepay then performs identity and credit checks as described above, using your data to verify your creditworthiness under Article 6(1)(f) of the GDPR.

For a list of credit agencies Ratepay may consult, visit: https://www.ratepay.com/legal-payment-creditagencies

If using a third-party local payment method, your payment data is initially transferred to PayPal, which then forwards it to the relevant third-party provider, depending on the selected payment method, for payment processing under Article 6(1)(b) of the GDPR:

  • Apple Pay (Apple Distribution International, Hollyhill Industrial Estate, Cork, Ireland)
  • Google Pay (Google Ireland Limited, Gordon House, Dublin, Ireland)
  • iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
  • Bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
  • BLIK (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, Warsaw, Poland)
  • EPS (PSA Payment Services Austria GmbH, Handelskai 92, Vienna, Austria)
  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, Paris, France)
  • Przelewy24 (PayPro SA, Kanclerska 15A, Poznań, Poland)

For further privacy information, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

  • SOFORT

This website offers one or more online payment methods from the following provider: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.

When selecting a payment method where you pay in advance (e.g., credit card payment), the payment data provided during the order process (including name, address, bank and credit card information, currency, and transaction number) as well as details about your order will be shared with the provider solely for payment processing under Article 6(1)(b) of the GDPR.

10) Online Marketing

Own Affiliate Program

In connection with the product presentations on our website, we operate our own affiliate program, through which we provide partner links to interested third-party website operators for placement on their websites, leading to our offerings. Cookies are used for the affiliate program, which are typically set on the partner’s site after clicking the relevant partner link; thus, we are not responsible for data protection regarding these cookies. Cookies are small text files stored on your device to track the origin of transactions (e.g., "sales leads") generated via such links. This allows us, for instance, to see that you clicked on a partner link and were directed to our website. This information is necessary for processing payments between us and our affiliate partners. If this information also contains personal data, the processing is conducted based on our legitimate financial interest in processing commission payments under Article 6(1)(f) of the GDPR.

If you wish to block user behavior analysis via cookies, you can adjust your browser settings to be notified when cookies are set, allowing you to decide on their acceptance individually or to generally exclude cookies for specific cases.

11) Web Analytics Services

Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your website usage.

By default, Google Analytics 4 sets cookies when you visit the website. These are small text files placed on your device that collect certain information, including your IP address, which Google truncates by the last digits to prevent direct identification of individuals.

The information is transmitted to Google servers and processed there. This may also involve transfers to Google LLC, based in the USA.

Google uses the collected information on our behalf to evaluate your website usage, compile reports on website activity, and provide further services related to website and internet usage. The IP address shortened by your browser via Google Analytics will not be combined with other Google data. Data collected through Google Analytics 4 is stored for two months and then deleted.

All processing described above, including the placement of cookies on your device, occurs only if you have given us your explicit consent according to Article 6(1)(a) of the GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You may withdraw your consent at any time, effective for the future. To exercise your right to withdraw, please deactivate this service via the "Cookie-Consent-Tool" provided on the website.

We have signed a data processing agreement with Google, which ensures the protection of our visitors' data and prevents unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de, and https://policies.google.com/technologies/partner-sites.

Demographic Features

Google Analytics 4 uses the "demographic features" function, allowing it to generate statistics on the age, gender, and interests of site visitors. This is achieved by analyzing ads and information from third parties, which helps identify target groups for marketing activities. The collected data cannot be linked to a specific person and is deleted after a two-month storage period.

Google Signals

As an extension to Google Analytics 4, Google Signals may be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, with your consent to the use of Google Analytics, analyze your usage behavior across devices and create data models, including cross-device conversions, under Article 6(1)(a) of the GDPR. We receive only aggregated statistics from Google, not personal data. To stop cross-device analysis, you can disable the "Personalized Ads" feature in your Google account settings by following the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de. For more information on Google Signals, see: https://support.google.com/analytics/answer/7532985?hl=de.

UserIDs

As an extension to Google Analytics 4, the "UserIDs" function may be used on this website. If you have consented to the use of Google Analytics 4 per Article 6(1)(a) of the GDPR, created an account on this website, and logged in with this account on different devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

12) Retargeting/Remarketing and Conversion Tracking

12.1 Meta Pixel

Within our online offerings, we use the "Meta Pixel" service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

When a user clicks on an ad we place on Facebook and/or Instagram, the URL of our linked page is enhanced with a parameter via "Meta Pixel." This URL parameter is then entered into the user’s browser through a cookie set by our linked page after redirection.

This allows Meta to identify visitors to our online offerings as a target group for displaying ads (known as "Ads"). We use this service to display our Facebook and/or Instagram ads only to users who have shown interest in our online offerings or possess certain characteristics (e.g., interests in specific topics or products determined by visited websites), which we transmit to Meta ("Custom Audiences").

The "Meta Pixel" also allows us to track whether users were redirected to our website after clicking an ad and what actions they performed there ("Conversion Tracking").

The data we collect is anonymous and does not allow us to identify users. However, Meta stores and processes this data, potentially linking it to the user’s profile and using it for Meta's advertising purposes.

All processing described above, including setting cookies to read information on the device, is performed only if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by disabling this service in the "Cookie-Consent-Tool" provided on the website.

We have signed a data processing agreement with Meta, ensuring the protection of our visitors’ data and preventing unauthorized disclosure to third parties.

Data generated by Meta is usually transmitted to and stored on a Meta server, which may also involve transfer to Meta Platforms Inc. servers in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with European data protection standards based on an adequacy decision by the European Commission.

12.2 Google Ads Remarketing

This website uses retargeting technology from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

For this purpose, Google sets a cookie in your device’s browser, which automatically enables interest-based advertising based on a pseudonymous cookie ID and the pages you visit. Additional data processing only occurs if you have agreed to Google linking your browsing history to your Google account and using information from your Google account to personalize ads. If you are logged in to Google while visiting our website, Google uses your data along with Google Analytics data to create and define cross-device remarketing target lists. For this, Google temporarily links your personal data with Google Analytics data to form target audiences.

Data transfers may also occur to Google LLC servers in the USA.

All processing described above, including setting cookies, is only performed if you have given your explicit consent under Article 6(1)(a) of the GDPR. Without this consent, retargeting technology will not be used during your visit.

You can withdraw your consent at any time by deactivating this service in the website's "Cookie-Consent-Tool."

For data transfers to the USA, Google has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards.

Details on data processing initiated by Google and how Google handles website data are available here: https://policies.google.com/technologies/partner-sites.

Further information on Google’s privacy policies can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/.

12.3 Google Ads Conversion Tracking

This website uses the "Google Ads" online advertising program and Google Ads conversion tracking provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We use Google Ads to draw attention to our offerings on external websites through Google ads. This enables us to assess the success of our ad campaigns and provides a fair calculation of advertising costs.

A conversion tracking cookie is set when a user clicks on a Google ad. This cookie typically expires after 30 days and is not used for personal identification. If the user visits certain pages on this website while the cookie is active, Google and we can detect that the user clicked the ad and was redirected to this page. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Google Ads clients' websites. The information collected through the conversion cookie is used to create conversion statistics for Google Ads clients who have opted for conversion tracking. Clients learn the total number of users who clicked their ad and were redirected to a conversion-tracked page, but they do not receive data that identifies users.

Data transfers to Google LLC servers in the USA may occur within the use of Google Ads.

Details on processing through Google Ads Conversion Tracking and how Google handles website data can be found here: https://policies.google.com/technologies/partner-sites.

All processing described above, including setting cookies, is only performed if you have given your explicit consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by deactivating this service in the "Cookie-Consent-Tool."

You can also permanently opt-out of Google Ads Conversion Tracking cookies by downloading and installing the browser plugin available at: https://www.google.com/settings/ads/plugin?hl=de.

To better target advertising, we use a customer match feature within Google Ads for users whose data we have through business relationships. We electronically transfer a file with aggregated customer data (mainly email addresses and phone numbers) to Google. Google does not access clear data, as the information is encrypted during transmission. The encrypted information can only be used by Google to match existing Google accounts of affected users, enabling personalized ads across Google services.

We only transfer customer data to Google if you have given us explicit consent under Article 6(1)(a) of the GDPR. You may withdraw this consent at any time. Further information on Google’s customer match function is available here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

Google’s privacy policy is available here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/.

For data transfers to the USA, Google has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards.

13) Site Functionalities

13.1 Facebook Plugins

Our website uses plugins from the social network provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These plugins enable direct interaction with content on the social network.

To protect your data while visiting our website, the plugins are initially disabled via a "2-click" or "Shariff" solution.

This setup ensures that no connection is made with the provider’s servers when you access a page on our site that contains such plugins.

Only when you activate the plugins and thereby give your consent to data transmission per Article 6(1)(a) of the GDPR does your browser establish a direct connection with the provider's servers. Regardless of whether you are logged into an existing user profile, some information about your device (such as IP address), your browser, and your page history is transmitted to the provider and possibly processed further.

If you are logged into a user profile on the provider’s social network, interactions with the plugins are published and visible to your contacts.

You may withdraw your consent anytime by deactivating the enabled plugin by clicking it again. However, withdrawal does not affect data already transmitted to the provider.

Data may also be transmitted to: Meta Platforms Inc., USA.

We have signed a data processing agreement with the provider, ensuring the protection of our site visitors' data and preventing unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with European data protection standards.

13.2 Instagram Plugins

Our website uses plugins from the social network provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The plugins allow for direct interaction with social network content.

To protect your data, plugins are initially disabled using the "2-click" or "Shariff" solution.

Only after you activate the plugins, thereby giving your consent per Article 6(1)(a) of the GDPR, does your browser establish a direct connection with the provider's servers, transmitting certain information about your device, browser, and page history to the provider.

Logged-in users will have interactions with plugins published to their profile and shown to contacts. Consent may be withdrawn anytime by clicking the plugin to deactivate it. However, withdrawal does not affect data already transmitted to the provider.

Data may also be transmitted to: Meta Platforms Inc., USA.

We have signed a data processing agreement with the provider, ensuring data protection and preventing unauthorized third-party disclosure.

13.3 Pinterest Plugins

Our website uses plugins from the social network Pinterest, provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Plugins enable direct interaction with content on the social network.

The plugins are initially disabled to protect your data. They only activate, and data is only transmitted, when you click to enable them per Article 6(1)(a) of the GDPR. At that point, your device, browser, and page history may be shared with the provider.

If logged into a Pinterest account, interactions are published and visible to contacts. Consent may be withdrawn anytime by deactivating the plugin.

Data may also be transferred to Pinterest Inc., USA.

We have a data processing agreement with the provider, ensuring data protection and prohibiting unauthorized third-party disclosure. For data transfers to the USA, the provider uses standard contractual clauses from the European Commission.

13.4 YouTube

Our website uses plugins for displaying and playing videos from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transferred to Google LLC, USA.

When you access a page with such a plugin, your browser connects directly to the provider’s servers. This includes transmitting specific information, like your IP address.

Once video playback begins, cookies are set to gather user behavior information, compile playback statistics, and prevent misuse.

If you are logged into your account with the provider, data is associated with your account when you click on a video. To avoid this, log out before activating the playback button.

All processing, including cookie setting, occurs only with your consent under Article 6(1)(a) of the GDPR, which you can withdraw at any time by disabling this service in the "Cookie-Consent-Tool."

For data transfers to the USA, the provider adheres to the EU-US Data Privacy Framework.

13.5 Trusted Shops Trustbadge

Our website incorporates graphic elements from Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany, to display external customer reviews and/or a quality seal.

If you access a page containing these graphics, your browser connects to the provider’s servers to load them, transmitting specific information, including your IP address.

If personal data is processed in this context, it is based on our legitimate interest in optimizing our site’s presentation and marketing, per Article 6(1)(f) of the GDPR.

Upon completing an online order, further processing may occur if you give explicit consent under Article 6(1)(a) of the GDPR. This includes encrypted transmission of order information (order amount, order number, purchased product, and email) to the provider to check for existing registration for the provider’s services (particularly "buyer protection") or enable new registration.

For such transactions, we are jointly responsible with the provider under Article 26 of the GDPR. The contract on joint responsibility is available here: https://help.etrusted.com/hc/de/articles/4402587369105-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO

13.6 Best Currency Converter

This website uses "Best Currency Converter" by Grizzly Apps SRL, Str. Muresului Nr. 7 Bloc E23, Scara B, Apartament 15, Brasov, Romania.

Based on our legitimate interest in displaying prices in your local currency, Best Currency Converter collects and analyzes your IP address per Article 6(1)(f) of the GDPR to adjust currency display according to your location. The IP address is not stored long-term. After the first currency adjustment, Best Currency Converter sets a functional cookie to retain the currency setting for the session duration, after which the cookie is automatically deleted.

13.7 Google Customer Reviews

We partner with Google for the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program enables us to collect reviews from our customers. After a purchase, you will be asked if you wish to participate in a Google survey.

If you consent per Article 6(1)(a) of the GDPR, we will share your email address with Google, which will email you to rate your purchase experience. Your rating may be shown in the Google Customer Reviews logo and used for Google Seller Ratings. Data may also be transferred to Google LLC servers in the USA.

You may withdraw consent at any time by contacting the data controller or Google.

For data transfers to the USA, Google adheres to the EU-US Data Privacy Framework.

Further information on Google’s privacy policy is available here: https://business.safety.google/intl/de/privacy/

14) Tools and Miscellaneous

Cookie-Consent Tool

This website uses a "Cookie-Consent Tool" to obtain valid user consent for cookies and cookie-based applications requiring consent. When visiting the site, users are presented with an interactive interface where they can grant consent for specific cookies and/or cookie-based applications by ticking the relevant boxes. With this tool, all cookies or services requiring consent are only loaded if the user provides the appropriate consent. This ensures that such cookies are only set on the user’s device if consent is given.

The tool places technically necessary cookies to save your cookie preferences. Generally, no personal user data is processed.

If, in exceptional cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this occurs based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management system for cookies, in line with Article 6(1)(f) of the GDPR, and in ensuring the legal compliance of our website.

Further legal grounds for this processing include Article 6(1)(c) of the GDPR, as we are legally obligated to ensure that non-essential cookies are only set with user consent.

Where required, we have signed a data processing agreement with the provider to ensure the protection of our visitors’ data and prevent unauthorized disclosure to third parties.

Further information about the operator and configuration options for the Cookie-Consent Tool can be found directly within the respective interface on our website.

15) Rights of the Data Subject

15.1 Under applicable data protection law, you have the following rights with respect to the processing of your personal data by the data controller. The conditions for exercising each of these rights are based on the referenced legal provisions:

  • Right of access according to Article 15 of the GDPR;
  • Right to rectification according to Article 16 of the GDPR;
  • Right to erasure ("right to be forgotten") according to Article 17 of the GDPR;
  • Right to restriction of processing according to Article 18 of the GDPR;
  • Right to notification according to Article 19 of the GDPR;
  • Right to data portability according to Article 20 of the GDPR;
  • Right to withdraw consent granted, according to Article 7(3) of the GDPR;
  • Right to lodge a complaint according to Article 77 of the GDPR.

15.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR PREDOMINANT LEGITIMATE INTEREST FOLLOWING A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH FUTURE EFFECT ON GROUNDS THAT RELATE TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT OF OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR DIRECT MARKETING PURPOSES.

16) Duration of Storage of Personal Data

The duration for which personal data is stored is determined based on the applicable legal basis, the processing purpose, and—if relevant—any applicable statutory retention periods (e.g., commercial and tax law retention periods).

When processing personal data based on explicit consent according to Article 6(1)(a) of the GDPR, the data is stored until you withdraw your consent.

If statutory retention periods apply to data processed as part of legal or quasi-legal obligations on the basis of Article 6(1)(b) of the GDPR, this data will be routinely deleted upon expiration of the retention periods, provided that it is no longer necessary for contract fulfillment or initiation and/or there is no legitimate interest on our part in continuing to store it.

For personal data processed based on Article 6(1)(f) of the GDPR, this data is stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms or if the processing serves the assertion, exercise, or defense of legal claims.

For personal data processed for direct marketing purposes based on Article 6(1)(f) of the GDPR, this data is stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless specified otherwise within this statement for specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.