1) Information on the collection of personal data and contact details of the person in charge
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we would like to inform you about how we handle your personal data when you use our website. Personal data are all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the Data Protection Basic Regulation (DSGVO) is Lukas Bock, MustHype, Windener Weg 3, 76547 Sinzheim, Germany, Tel.: 01799070087, E-Mail: firstname.lastname@example.org. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential contents (e.g. orders or inquiries to the responsible person), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
2) Data collection when visiting our website
When using our website for purely informational purposes, i.e. when you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called "server log files"). When you call up our website, we collect the following data, which are technically necessary for us to display the website:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the site - Browser
used - Operating
system used - IP address used (if applicable: in anonymized form)
In accordance with Art. 6 para. 1 lit. f DSGVO, processing is based on our justified interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the Shopify services described above, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on behalf of Shopify. In the event that data is transferred to Shopify Inc. in Canada, an adequacy finding by the European Commission will ensure an adequate level of data protection. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA have been certified for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
For further information on Shopify's data protection policy, please visit the following website: https:/
/www.shopify.de/legal/datenschutz. Any further processing on servers other than the aforementioned servers of Shopify shall only take place within the scope of the following.
To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser the next time you visit us (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 Para. 1 letter b DSGVO either for the execution of the contract, in accordance with Art. 6 Para. 1 letter a DSGVO in the case of a granted consent or in accordance with Art. 6 Para. 1 letter f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit. Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for each browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-mana ge-cookies
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en Safari
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Making contact
5.1 Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f DSGVO. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be deduced from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5.2 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose we use the so-called "Business Version" of WhatsApp.
If you contact us via WhatsApp in connection with a specific business transaction (e.g. an order placed), we will store and use the mobile phone number you use at WhatsApp and - if provided - your first name and surname in accordance with Art. 6 para. 1 lit. b. DSGVO for processing and answering your request. Based on the same legal basis, we will ask you via WhatsApp to provide further data (order number, customer number, address or e-mail address), if necessary, in order to be able to assign your request to a specific transaction.
If you use our WhatsApp contact for general enquiries (e.g. regarding the range of services, availability or our Internet presence), we will store and use the mobile telephone number you use at WhatsApp and - if provided - your first and last name in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in the efficient and prompt provision of the information requested.
Your data will only be used to respond to your request via WhatsApp. Your data will not be passed on to third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Facebook Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book stores only the WhatsApp contact data of users who have contacted us via WhatsApp.
Facebook Inc. with headquarters in the USA is certified for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
6) Data processing when opening a customer account and for contract processing
In accordance with Art. 6 Para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide us with this information for the purpose of executing a contract or opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above mentioned address of the responsible person. We store and use the data you provide us with to process the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us.
7) Use of your data for direct advertising
Registration for our e-mail newsletter
If you subscribe to our e-mail newsletter, we will send you regular information about our offers. Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you agree to receive newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link.
By activating the confirmation link you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a DSGVO. When you register for the newsletter, we save your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for the purpose of advertising in the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. After you have cancelled your subscription, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this declaration.
8) Data processing for order processing
8.1 In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery within the framework of the contract processing, as far as this is necessary for the delivery of the goods. Your payment data will be passed on to the assigned credit institute within the scope of the payment processing, as far as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.
8.2 Use of payment service providers (payment services)
- Apple Pay
If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your iOS, watchOS or macOS-operated terminal by debiting a payment card deposited with "Apple Pay". Apple Pay uses security features built into the hardware and software of your device to protect your transactions. In order to authorise a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your terminal.
For the purpose of payment processing, the information you provide during the ordering process, together with the information about your order, will be transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment processing. The encryption ensures that only the website from which the purchase was made can access the payment data. Once the payment has been made, Apple will send your device account number and a transaction-specific dynamic security code to the originating website to confirm payment.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b DSGVO.
Apple stores anonymised transaction data, including the approximate amount of the purchase, the approximate date and time and whether the transaction was completed successfully. Anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or the Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate through an encrypted channel on Apple's servers. Apple does not process or store this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone preferences. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac".
For more information about Apple Pay privacy, please visit the following web address: https:/
/support.apple.com/de-de/HT203027 - Klarna
If you choose Klarna payment service, payment will be processed by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable the payment to be processed, your personal data (name, surname, street, house number, postcode, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, delivery method) will be passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly agreed to this in accordance with Art. 6 para. 1 letter a DSGVO during the ordering process. To which credit agencies your data may be forwarded in this context, you can see here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies The credit information may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained on the statistical probability of payment default to make a balanced decision on the establishment, execution or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.
Your personal data will be treated in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for data subjects domiciled in Germany h
ttps://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy or for data subjects domiciled in Austria h
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") within the framework of the payment processing. The data will be passed on in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for the processing of payments.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.
If you select the payment method "IMMEDIATELY", the payment will be processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "IMMEDIATELY"), to whom we will pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 letter b DSGVO. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The passing on of your data takes place exclusively for the purpose of the payment processing with the payment service provider IMMEDIATELY and only to the extent that it is necessary for this. At the following internet address you will find more information about the data protection regulations of SOFORT: https://www.klarna.com/sofort/datenschutz.
If you choose a payment method of the payment service provider Stripe, the payment processing is carried out via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b DSGVO. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information about the data protection of Stripe can be found under the URL https://stripe.com/de/privacy#translation.
9) Rights of the person concerned
9.1 The applicable data protection law grants you comprehensive data protection rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data, about which we inform you below:
- Right of access in accordance with Art. 15 DSGVO: In particular, you have a right of access to your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;
- Right to correction in accordance with Art. 16 DSGVO: you have the right to request immediate correction of incorrect data concerning you and/or completion of incomplete data stored by us;
- Right to deletion in accordance with Art. 17 DSGVO: you have the right to request deletion of your personal data if the conditions of Art. 17 Par. 1 DSGVO are met. However, this right does not apply in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Right to restrict processing in accordance with Art. 18 DPA: You have the right to request the restriction of the processing of your personal data for as long as the accuracy of your data which you dispute is verified, if you refuse to have your data deleted due to unauthorised data processing and instead request the restriction of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims, after we no longer require these data after the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation, as long as it has not yet been established whether our legitimate reasons outweigh the objection;
- Right to information in accordance with Art. 19 DPA: If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
- Right to data transferability in accordance with Art. 20 DSGVO: You have the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party, insofar as this is technically feasible;
- Right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO: You have the right to revoke at any time with future effect any consent you have given to the processing of data. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
- Right of appeal under Art. 77 DSGVO: If you consider that the processing of personal data relating to you is in breach of the DPA, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.
9.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A WEIGHING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR SPECIAL SITUATION.
IF YOU MAKE USE OF YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
10) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).
When personal data are processed on the basis of an express consent pursuant to Art. 6 para. 1 letter a DSGVO, these data are stored until the person concerned withdraws his or her consent.
If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 Para. 1 letter b DSGVO, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no justified interest in their further storage.
When personal data are processed on the basis of Art. 6 para. 1 letter f DSGVO, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 para. 1 DSGVO, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Art. 6 Para. 1 letter f DSGVO, this data is stored until the person concerned exercises his or her right of objection in accordance with Art. 21 Para. 2 DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
Copyright © 2020, IT-Recht-Kanzlei - Alter Messeplatz 2 - 80339 München Tel: +49 (0)89 / 130 1433 - 0- Fax: +49 (0)89 / 130 1433 - 60