Privacy policy
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when you use our website. Personal data refers to all data that can be used to personally identify you.
1.2 The controller responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is:
Tim Kulzer, Vor dem Kolem 6, 61276 Weilrod, Germany,
Phone: +49 176 20206239,
Email: e-commercekulzer@web.de.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 If you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
-
The website visited
-
Date and time at the time of access
-
Amount of data sent in bytes
-
Source/reference from which you accessed the page
-
Browser used
-
Operating system used
-
IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or used in any other way. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.
3) Hosting & Content Delivery Network
Shopify
We use the system of the following provider for hosting our website and displaying the site content:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
In the case of data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow us to save your settings (so-called “persistent cookies”). You can find the storage duration in your browser’s cookie settings overview.
If personal data is also processed through individual cookies implemented by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR for the performance of a contract, in accordance with Art. 6(1)(a) GDPR if consent has been given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective experience.
You can configure your browser to notify you when cookies are set and decide individually whether to accept them, accept cookies in certain cases, or generally exclude them.
Please note that disabling cookies may limit the functionality of our website.
5) Contacting Us
When you contact us (e.g., via contact form or email), we process your personal data solely for the purpose of handling and responding to your request, and only to the extent necessary.
The legal basis for this processing is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) GDPR. If your contact aims to conclude a contract, the legal basis for processing is additionally Art. 6(1)(b) GDPR. Your data will be deleted once it can be inferred from the circumstances that your inquiry has been conclusively resolved, provided there are no statutory retention obligations.
6) Use of Customer Data for Direct Advertising
6.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Any other details you provide are optional and will be used to personalize the newsletter.
We use the double opt-in method to ensure that the newsletter is sent only if you explicitly confirm your consent via a verification link sent to your email address.
By activating the confirmation link, you give us your consent to process your personal data in accordance with Art. 6(1)(a) GDPR. We record the IP address assigned by your internet service provider (ISP) as well as the date and time of registration in order to trace any potential misuse of your email address at a later date. Data collected during the newsletter registration process is used exclusively for the newsletter and not for other purposes.
You can unsubscribe from the newsletter at any time via the link provided in each newsletter or by contacting the controller mentioned above. Upon unsubscribing, your email address will be removed from our distribution list unless you have expressly consented to further use or we reserve the right to use your data in a manner permitted by law and explained in this policy.
6.2 Newsletter to Existing Customers
If you provide us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar products or services by email. According to § 7(3) of the German Unfair Competition Act (UWG), no separate consent is required in this case. The processing of this data is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address, you will not receive any marketing emails.
You may object to the use of your email address for this purpose at any time by notifying the controller. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, we will immediately stop using your email address for advertising.
6.3 Omnisend
Our email newsletters are sent via the provider: Soundest Ltd., Unit A3, Gateway Tower, 32 Western Gateway, London E16 1YL, United Kingdom.
Based on our legitimate interest in effective and user-friendly email marketing, we transfer your data provided during newsletter registration to this provider, in accordance with Art. 6(1)(f) GDPR.
With your explicit consent under Art. 6(1)(a) GDPR, the provider also conducts statistical performance analyses of newsletter campaigns using web beacons or tracking pixels included in the emails, which measure open rates and user interactions. Device-specific data (e.g., access time, IP address, browser type, and operating system) may also be collected but will not be linked to other datasets. You may withdraw your consent to newsletter tracking at any time with future effect.
We have concluded a data processing agreement with the provider to protect our website visitors’ data and to prevent unauthorized disclosure to third parties.
An adequate level of data protection is guaranteed for transfers to the provider's location by an adequacy decision of the European Commission.
6.4 Shopify Email
Our email newsletters are also sent via the provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
On the basis of our legitimate interest in effective and user-friendly email marketing, we share your newsletter registration data with this provider in accordance with Art. 6(1)(f) GDPR so they can send newsletters on our behalf.
With your explicit consent under Art. 6(1)(a) GDPR, the provider also analyzes the performance of newsletter campaigns using web beacons or tracking pixels in the emails to measure open rates and specific interactions. Device-related information (e.g., time of access, IP address, browser type, and operating system) is also collected but not merged with other data. You may revoke your consent to newsletter tracking at any time with future effect.
We have signed a data processing agreement with this provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure.
An adequate level of data protection is ensured for data transfers to Canada by a European Commission adequacy decision.
7) Data Processing for Order Handling
7.1 For the purpose of fulfilling the contract, your personal data is passed on to the shipping company and the payment service provider responsible for delivery and payment, in accordance with Art. 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or for digital products under a contract, we will use the contact details provided during the order to notify you personally within our legal obligations in accordance with Art. 6(1)(c) GDPR. Your contact data will only be processed to the extent necessary for such notifications.
In order to process your order, we also work with the following service providers who support us in whole or in part in executing contracts. Certain personal data will be transmitted to these providers as explained below.
7.2 Use of Payment Service Providers
- PayPal
This website offers one or more online payment methods via: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When choosing a payment method that involves prepayment, your payment details (name, address, banking/card information, currency, transaction ID, and order content) will be shared with PayPal in accordance with Art. 6(1)(b) GDPR for payment processing purposes only.
For certain payment methods where the merchant bears the risk (e.g., purchase on invoice or later payment), PayPal may request additional personal data to perform a credit check based on Art. 6(1)(f) GDPR. Probabilistic values (so-called “scores”) may be used, calculated using recognized statistical methods, potentially including address data.
You can object to this processing at any time by notifying PayPal, though PayPal may still process your data if necessary for contract-based payment processing.
- PayPal Checkout
This site uses PayPal Checkout, which includes PayPal’s own payment methods and local third-party payment options.
If paying via PayPal, credit card via PayPal, direct debit via PayPal, or “Pay Later” (where available), your payment data is transferred to PayPal (Europe) S.a.r.l. et Cie, S.C.A., in accordance with Art. 6(1)(b) GDPR.
For certain methods, PayPal may conduct a credit check using your data based on their legitimate interest in verifying creditworthiness under Art. 6(1)(f) GDPR. This may involve scoring models. You may object to this processing at any time.
If the "PayPal Invoice" method is selected, PayPal transfers your data to Ratepay GmbH, which performs its own identity and credit checks based on Art. 6(1)(f) GDPR.
For local third-party methods (e.g., Apple Pay, Google Pay, iDeal, etc.), PayPal forwards your data to the respective provider solely for payment processing, in accordance with Art. 6(1)(b) GDPR.
See PayPal’s privacy policy for more details: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Shopify Payments
This website offers payment methods via Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
When selecting a prepayment method (e.g., credit card), your payment data (name, address, card/bank details, currency, transaction ID, and order details) will be transferred to Shopify in accordance with Art. 6(1)(b) GDPR for payment processing.
8) Online Marketing
8.1 Facebook Pixel for Creating Custom Audiences (with Consent Mode)
Within our online offering, the "Facebook Pixel" of the social network Facebook is used, operated by Meta Platforms Ireland Limited, 4 Grand Canal Quay, Square, Dublin 2, Ireland ("Facebook").
If a user clicks on an ad placed by us on Facebook, the URL of our linked page is supplemented by a parameter via Facebook Pixel. After being redirected, this URL parameter is then written into the user's browser via a cookie, which our site sets itself.
This makes it possible to track whether a user was redirected to our website after clicking a Facebook ad and whether specific actions (e.g., product purchases) were taken. This allows us to generate statistics about the effectiveness of Facebook ads for market research and optimization purposes.
The data collected is anonymous to us, so we cannot identify the user. However, Facebook stores and processes the data, thereby making a connection to the respective user profile possible and allowing Facebook to use it for its own advertising purposes in accordance with Facebook's Data Policy. The data may also be used by Facebook and its partners to serve ads on and outside of Facebook.
The use of Facebook Pixel only takes place with your express consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" on the website.
We have concluded a data processing agreement with Facebook, which ensures the protection of our website visitors and prohibits unauthorized disclosure to third parties.
The data may be transmitted to the USA. In this case, Meta Platforms Inc. is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection based on an adequacy decision by the European Commission.
9) Tools and Miscellaneous
Cookie Consent Tool
This website uses a "cookie consent tool" to obtain effective user consent for cookies requiring consent and cookie-based applications. The “cookie consent tool” is displayed to users when they access the page, where they can give their consent for certain cookies and functions. The tool also logs the consent to comply with legal obligations.
The processing of data (IP address, consent status, timestamp) is based on our legitimate interest in legally compliant, user-specific, and documented consent management in accordance with Art. 6(1)(f) GDPR.
10) Rights of the Data Subject
10.1 The applicable data protection law grants you the following rights (under the conditions stated therein):
-
Right of access under Art. 15 GDPR;
-
Right to rectification under Art. 16 GDPR;
-
Right to erasure (“right to be forgotten”) under Art. 17 GDPR;
-
Right to restriction of processing under Art. 18 GDPR;
-
Right to notification under Art. 19 GDPR;
-
Right to data portability under Art. 20 GDPR;
-
Right to withdraw consent under Art. 7(3) GDPR;
-
Right to lodge a complaint under Art. 77 GDPR.
10.2 Right to Object
If we process your personal data based on our legitimate interest under Art. 6(1)(f) GDPR, you have the right to object to such processing at any time, on grounds relating to your particular situation.
If you exercise your right to object, we will stop processing the affected data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.
If your personal data is used for direct marketing purposes, you may object at any time, and we will cease such processing immediately.
11) Duration of Storage of Personal Data
The duration of storage of personal data is determined based on the applicable legal retention period (e.g., commercial and tax retention periods). After the expiry of the period, the corresponding data is routinely deleted unless it is still required for contract fulfillment or initiation or we have a legitimate interest in continued storage.
12) Duration of Storage of Personal Data
The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing, and—if applicable—additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).
When processing personal data based on an explicit consent pursuant to Art. 6(1)(a) GDPR, the data of the affected persons will be stored until you revoke your consent.
If statutory retention periods exist for data processed in the context of contractual or contract-like obligations based on Art. 6(1)(b) GDPR, these data will be routinely deleted after the expiration of the retention periods, provided they are no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data based on Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise specified in the other information of this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.