up to 70% cheaper than at the optician Free shipping from EUR 99.- [email protected]

Privacy Policy

Data protection provisions

 

We are pleased to welcome you to our website and thank you for your interest. Here, we would like to inform you about how your personal data are handled when using this website.

 

1. Data protection at a glance

General notes

 The following information provides an overview of what happens to your personal data when you visit this website. Under GDPR, personal data (Art. 4 (1) GDPR) are all data relating to an identified or identifiable natural person. This includes, for example, your name or email address, but also the IP address used to access our services. Insofar as you provide information about your eyesight or other medical information required for the provision of corrective visual aids, such as contact lenses, in the context of using our services, this involves health data as defined in Art. 4 (15) GDPR and this information is specifically protected as personal data. For detailed information about data protection, please refer to our privacy policy, which is listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Contact details are provided in the section "Information about the controller" in this data protection statement.

How do we collect your data?

On the one hand, your data are collected when you provide us with information. For example, this might involve data that you enter in a form. Other data are collected automatically by our IT systems or after you have given consent when you visit the website. This mainly involves technical data (e.g. internet browser, operating system or time of page view). These data are collected automatically as soon as you access this website.

What do we use your data for?

Some data are collected to ensure the website can be provided without any errors. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipients and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can withdraw this consent at any time with future effect. You also have the right to request restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time about this and other data protection questions.

 

Third-party analytics and tools

When visiting this website, your surfing behaviour can be statistically analysed. This is done mainly with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.

 

2. Hosting & Content Delivery Network (CDN)

Hosting

This website is hosted externally. The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

The external hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO and the corresponding DSG provisions) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO and the corresponding DSG provisions). If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO and the corresponding DSG provisions. The consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

We use the following hoster:

OVH Groupe SA

Lille

Handelsregister 537 407 926

Rue Kellermann 2

59100 Roubaix

France

For more information about the hoster's privacy policy, please visit the following website: https://www.ovhcloud.com/en-gb/personal-data-protection/

CDN

Through our host, we use the service "Cloudflare". The provider is Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare"). Cloudflare offers a globally distributed content delivery network with DNS. This service means the information transfer between your browser and our website is technically routed through Cloudflare's network. This enables Cloudflare to analyse traffic between your browser and our website and to act as a filter between our servers and potentially malicious internet traffic. In providing this service, Cloudflare may also use cookies or other technologies to recognise internet users, however, these are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in providing a website that is as free from errors and as secure as possible (Art. 6 (1) (f) GDPR). You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.

Data processing on behalf

We have agreed a data processing agreement (DPA) with our hosting provider. This is a contract required under data protection legislation to ensure that the service provider always follows our instructions and complies with GDPR when processing personal data pertaining to our website visitors.

 

3. General notes and mandatory information

Privacy

We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data means any data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose. Please note that online data transmission (e.g. communication via email) can have security vulnerabilities. Complete protection of data against third-party access is not possible.

Controller, data protection officer.

The controller for data processing on this website is:

Vision Group AG
Riedwiesenstrasse 23
8305 Dietlikon
SWITZERLAND

Phone: 800 957 097 (free of charge from an Italian landline)
Email: [email protected]

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the personal data processing (e.g. names, email addresses, etc.).

If you have any concerns regarding data protection, these can be addressed to our data protection officer at the following contact address: Data Protection Officer, Vision Group AG, Riedwiesenstrasse 23, 8305 Dietlikon, SWITZERLAND, or by email [email protected] the subject "Data protection".

 

Storage period

Unless a more specific storage period is mentioned within this privacy policy, your personal data will be held by us until the purpose for data processing ceases to apply. If you assert a legitimate request for erasure or if you withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

 

Note on data transfer to the USA

Some of the tools we use are offered by companies based in the USA. When these tools are active, your personal data may be transferred for processing to servers based in the US for the relevant company.

 

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw consent that you gave previously at any time. The legality of the data processing carried out until the withdrawal of consent remains unaffected.

Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR) If the data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The relevant legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your relevant personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection under Art. 21 (1) GDPR). Where personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for these purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection under Art. 21 (2) GDPR).

 

Right of appeal to the competent supervisory authority

In the event of a breach of GDPR, data subjects shall have a right of appeal to a supervisory authority, specifically in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

 

Right to data portability

For data that we process automatically based on your consent or to fulfil a contract, you have the right to have the data issued to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

 

Access, erasure and rectification

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, the purpose of data processing and, if applicable, a right to rectify or erase these data. You can contact us at any time with regard to this and other questions about personal data.

If you want your customer data to be deleted, please contact our customer support via email or phone.

E-Mail: [email protected]

Phone: 800 957 097

 

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restrict processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

  • If the processing of your personal data is/was unlawful, you may request the restriction of data processing instead of erasure.

  • If we no longer need your personal data, but you need the data for the establishment, exercise or defence of legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.

  • If you file an objection under Art. 21 (1) GDPR, a balance must be struck between your interests and ours. Until it has been determined whose interests prevail, you have the right to demand restriction of the processing of your personal data.

If the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

4. Data collection on this website

Cookies

Our website uses so-called "cookies". Cookies are small text files and do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain third-party company services (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary because certain website functionality would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising. Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functionality that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies in order to eradicate technical errors and to optimise its service provision. Insofar as consent has been obtained to store cookies, the storage of the relevant cookies shall be based exclusively on this consent (Art. 6 (1) (a) GDPR); consent can be withdrawn at any time. You can configure your browser settings so that you are informed about cookie storage and only allow cookies in individual cases, you can decline cookies in certain cases or in general, and you can enable automatic cookie deletion whenever the browser is closed. If cookies are disabled, the functionality of this website may be limited. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you about this separately as part of this privacy policy and, if necessary, obtain your consent.

Cookie consent with Usercentrics

Our website uses cookie consent technology from Usercentrics to obtain your consent to the storage of certain cookies on your device and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics"). When you visit our website, a connection is established to the Usercentrics servers in order to obtain your consent and other declarations regarding cookie use. Usercentrics then saves a cookie in your browser, so that you can be linked with the granting or withholding of consent. The data collected in this way are stored until you request erasure, or you delete the Usercentrics cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected. Our use of the Usercentrics service enables us to obtain consent for the use of cookies as stipulated in law. The legal basis for this is Art. 6 (1) (c) GDPR. Data processing on behalf We have agreed a data processing agreement (DPA) with the aforementioned provider. This is a contract required under data protection legislation to ensure that the provider always follows our instructions and complies with GDPR when processing personal data pertaining to our website visitors.

Enquiry by email or telephone

If you contact us by email or telephone, your enquiry including all associated personal data (name, request) will be stored and processed by us for the purpose of dealing with your enquiry. We do not share these data without your consent. The processing of these data is based on Art. 6 (1) (b) GDPR, insofar as your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of requests addressed to us (Art. 6 (1) (f) GDPR) or based on your consent (Art. 6 (1) (a) GDPR), if this has been obtained. The data you send to us via contact requests will be held until you request its erasure, or withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions — especially statutory retention periods — remain unaffected.

Registration on this website

You can register on this website to use additional online features. The relevant data entered will only be used for the purpose of using whatever offer or service you registered for. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. If there are important changes, for example in the scope of the offer or changes required for technical reasons, we will use the email address provided during registration to notify you. The data entered during registration are processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 (1) (b) GDPR). The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

 

5. Analysis tools and marketing

Google Analytics

This website uses functionality offered by the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. In this context, the website operator receives various usage data, such as page impressions, duration of visit, operating systems used and origin of the user. The data may be summarised by Google in a profile that is assigned to the respective user or his/her device. Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. The use of this analysis tool is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Insofar as appropriate consent has been obtained (e.g. consent to store cookies), the processing shall be based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

We have activated the IP anonymization function on this website. As a result, before your IP address is transmitted to the USA, it is truncated by Google within a member state of the European Union or in another contracting state to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data processing agreement

We have agreed a data processing agreement (DPA) with Google.

Demographic characteristics in Google Analytics

This website uses the Google Analytics "demographics" function to display suitable advertisements to website visitors within the Google advertising network. This allows the generation of reports containing information about the age, gender and interests of site visitors. These data come from personalised advertising by Google and from visitor data from third-party providers. The data cannot be assigned to a specific person. You can disable this functionality at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under "Objection to data collection".

Google Analytics e-commerce tracking

This website uses the Google Analytics "e-commerce tracking" function. E-commerce tracking allows the website operator to analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs, and the time between viewing and purchasing a product. The data can be summarised by Google under a transaction ID, which is assigned to the relevant user or his/her device.

Storage period

Data stored by Google at a user and event level that is linked to cookies, user identifiers (e.g. user ID), or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. For details, please see the following link:https://support.google.com/analytics/answer/7667196?hl=de

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program offered by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. By using Google Ads, we are able to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be shown based on user data (e.g. location data and interests) available at Google (focus group targeting). As a website operator, we can conduct quantitative assessments of these data, for example by analysing which search terms led to our advertisements being shown and by examining how many ads resulted in corresponding clicks. The use of Google Ads is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in marketing its services and products as effectively as possible. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and at https://privacy.google.com/businesses/controllerterms/mccs/.

Google Remarketing

This website uses the Google Analytics remarketing functionality. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing analyses your user behaviour on our website (e.g. clicking on certain products) in order to assign you to particular advertising target groups and subsequently show you suitable advertising messages when you visit other online services (remarketing or retargeting). Furthermore, the advertising target groups created with Google Remarketing can be linked to Google functionality across any device. This means that targeted, personalised advertising messages that have been designed based on your previous usage and surfing behaviour on one device (e.g. a mobile phone) can also be displayed on another of your devices (e.g. a laptop or PC). If you have a Google account, you can opt out of personalised advertising via the following link: https://www.google.com/settings/ads/onweb/. The use of Google Remarketing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in marketing its products as effectively as possible. If appropriate consent has been obtained, the processing is based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. For more information and details of the data protection provisions, please see Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Target group formation with Customer Match

For target group formation, one of the systems we use is Google's Customer Match functionality. This involves transferring certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged in to their Google account, they will be shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail and in the search engine).

Google conversion tracking

This website uses Google conversion tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google conversion tracking allows Google and us to recognise whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked, and how often, and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We find out the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to identify the user in person. Google itself uses cookies or similar recognition technologies for the identification process. The use of Google conversion tracking is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Insofar as appropriate consent has been obtained (e.g. consent to store cookies), the processing shall be based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. More information about Google conversion tracking can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google DoubleClick

This website uses functionality offered by Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "DoubleClick"). DoubleClick is used to show you personalised ads across the Google advertising network. The ads can be targeted to the interests of the respective viewer with the help of DoubleClick. For example, our advertising may be displayed in Google search results or in advertising banners associated with DoubleClick. In order to show users personalised ads, DoubleClick must be able to recognise the relevant viewer and link them to the web pages visited, their clicks and other user behaviour information. For this purpose, DoubleClick uses cookies or similar recognition technologies (e.g. device fingerprinting). The information collected is combined in a pseudonymous user profile in order to display personalised advertising to the relevant user. Google DoubleClick is used in the interest of enabling targeted advertising. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Insofar as appropriate consent has been obtained (e.g. consent to store cookies), the processing shall be based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. For more information on how to object to advertisements displayed by Google, see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

Facebook Pixel

This website uses Facebook Pixel to collect data on visitor activity for conversion tracking. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected are also transferred to the USA and other third countries. This technology makes it possible to track the behaviour of a website visitor after they have been redirected to the provider's website by clicking on a Facebook ad. This allows an evaluation of the effectiveness of Facebook ads for statistical and market research purposes and the optimisation of future advertising measures. The collected data are anonymous for us as the operator of this website and do not allow any conclusions to be drawn about the identity of the users. Nonetheless, the data are stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to Facebook's Data Policy. This enables Facebook to place ads on Facebook pages and outside Facebook. As the site operator, we have no influence over this use of the data. The use of Facebook Pixel is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures that incorporate social media. Insofar as appropriate consent has been obtained (e.g. consent to store cookies), the processing shall be based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and at https://de-de.facebook.com/help/566994660333381. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we are jointly responsible for this data processing along with Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. Any data processing by Facebook that takes place after transmission is excluded from joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of this agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for data security in Facebook products. The rights of the data subject (e.g. information requests) regarding data processed by Facebook can be asserted directly with Facebook. If the data subject asserts their rights by contacting us, we are obliged to pass these on to Facebook. Facebook's privacy policy contains more information about protecting your privacy: https://de-de.facebook.com/about/privacy/. You can also disable the Custom Audiences remarketing feature under ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can opt out of targeted advertising from Facebook at the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

Criteo

This website uses functionality offered by Criteo. The provider is Criteo SA, 32 Rue Blanche, 75009 Paris, France (hereinafter "Criteo"). Criteo is used to show you personalised advertisements within the Criteo advertising network. Your interests are determined based on your previous usage behaviour. For example, Criteo records which products you have viewed, added to your shopping basket or purchased. More details about the data collected by Criteo can be found here: https://www.criteo.com/de/privacy/how-we-use-your-data/. In order to show you targeted advertising, we or other Criteo partners must be able to recognise you. For this purpose, a cookie is stored on your device, or a comparable identifier is used to link your user behaviour with a pseudonymous user profile. For details, please see Criteo's privacy policy at: https://www.criteo.com/de/privacy/. Your personal data and the Criteo cookies stored in your browser are held for a maximum of 13 months from the date of collection. Criteo is used in the interest of enabling targeted advertising. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Insofar as appropriate consent has been obtained (e.g. consent to store cookies), the processing shall be based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. We are joint controllers with Criteo within the meaning of Art. 26 GDPR. An agreement on joint processing has been concluded between Criteo and us, the main contents of which Criteo describes under the following link: https://www.criteo.com/de/privacy/how-we-use-your-data/.

Voucher marketing

In order to select a voucher offer that is currently of interest to you, the hash value of your email address and IP address are pseudonymized and encrypted and sent to Sovendus GmbH (Sovendus), Hermann-Veit-Str. 6, 76135 Karlsruhe (Art. 6 (1) (f) GDPR). The pseudonymized hash value of the email address is used in order to establish whether there is any objection to advertising by Sovendus (Art. 21 (3), Art. 6 (1) (c) GDPR). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymised after seven days (Art. 6 (1) (f) GDPR). In addition, for billing purposes, we transmit the pseudonymized order number, order value with currency, session ID, voucher code and time stamp to Sovendus (Art. 6 (1) (f) GDPR). If you are interested in a voucher offer from Sovendus and there is no advertising objection filed against your email address, and if you click on the voucher banner that will be displayed only if this is the case, your title, name, postcode, country and email address will be transmitted by us in encrypted form to Sovendus to prepare the voucher (Art. 6 (1) (b), (f) GDPR). For more information about how Sovendus processes your data, please see the online privacy notice at https://www.sovendus.de/datenschutz.

Trusted Shops Trustbadge

To display our Trusted Shops seal of approval and to offer Trusted Shops membership to buyers after they have placed an order, the Trusted Shops Trustbadge is incorporated in this website. This serves to protect our legitimate interest in the optimal marketing of our services, where this interest is considered to prevail in a balancing of interests, Art. 6 (1) (f) GDPR. The Trustbadge and associated services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. Whenever the Trustbadge is used, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the usage, the amount of data transferred and the requesting provider (access data) and documents the usage. These access data are not evaluated and are automatically overwritten no later than seven days after the end of your visit to the site. Further personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.

6. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the relevant email address and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use these details exclusively for sending the requested information and do not pass them on to third parties. The processing of data entered via the newsletter registration form is based exclusively on your consent (Art. 6 (1) (a) GDPR). You can withdraw your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example by using the "unsubscribe" link in the newsletter. The legality of any data processing already carried out remains unaffected by the withdrawal of consent. The data you provide for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to block or remove email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or by the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). The storage of data in the blacklist is not subject to any temporal restriction. You can object to the storage if your interests outweigh our legitimate interest.

MailChimp

This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that can be used, among other things, to organise and analyse newsletter distribution. If you submit data for the purpose of receiving the newsletter (e.g. email address), this will be stored on MailChimp's servers in the USA. With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (the so-called web beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the specific newsletter recipient. The information is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters to meet the interests of recipients more closely. If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. We provide a link in every newsletter message for this purpose. The data processing is based on your consent (Art. 6 (1) (a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The legality of any data processing already carried out remains unaffected by the withdrawal of consent. The data you provide for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remain unaffected by this. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses. After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or by the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). The storage of data in the blacklist is not subject to any temporal restriction. You can object to the storage if your interests outweigh our legitimate interest. For more details, see MailChimp's privacy policy at: https://mailchimp.com/legal/terms/.

Data processing agreement

We have agreed a data processing agreement (DPA) with the aforementioned provider. This is a contract required under data protection legislation to ensure that the service provider always follows our instructions and complies with GDPR when processing personal data pertaining to our website visitors.

 

7. Other plugins and tools

Google Web Fonts (local)

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers for this purpose. For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the Google Maps service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. To use Google Maps functionality, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is enabled, Google may use Google Web Fonts for the purpose of uniform font display. When you visit Google Maps, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly. Google Maps is used in the interest of presenting our online services in an attractive way and making it easy to find the locations indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If appropriate consent has been obtained, the processing is based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and at https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of reCAPTCHA is to verify whether data entered on this website (e.g. in a contact form) is being submitted by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website user based on various characteristics. This analysis starts automatically as soon as the user visits the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent at the website and mouse movements made by the user). The data collected during the analysis are forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not alerted to the fact that an analysis is taking place. The storage and analysis of the data are based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web offering from abusive automated spying and SPAM. If appropriate consent has been obtained, the processing is based exclusively on Art. 6 (1) (a) GDPR; consent can be withdrawn at any time. For more information about Google reCAPTCHA, please see the Google Privacy Policy and Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Dixa

We use the CRM system Dixa to process user requests. The provider is Dixa ApS, Vimmelskaftet 41A, 1st Sal., 1161 Copenhagen, Denmark. We use Dixa to process your requests quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. You can send requests that only specify the email address and without giving your name. The messages you send us will be held until you request their deletion, or withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions (especially retention periods) remain unaffected. If you are not comfortable with us processing your request through Dixa, you may alternatively communicate with us by email or phone. For more information, please see Dixa's privacy policy: https://www.dixa.com/legal/privacy/.

Data processing agreement
We have agreed a data processing agreement (DPA) with the aforementioned provider. This is a contract required under data protection legislation to ensure that the service provider always follows our instructions and complies with GDPR when processing personal data pertaining to our website visitors.

8. eCommerce and payment providers

Processing of data (customer and contract data)

We collect, process and use personal data only to the extent necessary for the establishment, definition or modification of the legal relationship (user data). This is done on the basis of Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. Insofar as health data are required for this purpose, the legal basis is Art. 9 (2) (h) GDPR. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable use of the service or for billing purposes. The customer data collected will be deleted once the order is complete or when the business relationship is terminated. Statutory retention periods remain unaffected.

Data transmission for contract conclusion for online shops, retailers and shipping

We transmit personal data to third parties only if this is a necessary part of contract performance, for example to companies entrusted with the delivery of the goods or to the financial institution entrusted with payment processing. There is no further transmission of the data unless you have explicitly agreed to this. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes. The basis for the data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. In order to process your order, we work with the following service providers, who support us to varying extents in the performance of agreed contracts. Personal data are transferred to these service providers in accordance with the following information.

Use of special service providers for order processing and handling

Paqato
To enable shipment tracking after a customer has placed an order, we use the service provided by PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster ("Paqato"). On our behalf, Paqato sends shipment notifications and delivery status updates. For this purpose, pursuant to Art. 6 (1) (f) GDPR based on our legitimate interest in effective and informative customer communication as well as in transparent and reliable shipment processing (which is also in the customer's interest), we pass on certain customer data (email address, first and last name, postal address) and the shipment number to Paqato after the package has been dispatched. The data will not be passed on to third parties by Paqato and will be processed exclusively for the aforementioned purpose. Once shipping has been completed, the data will be deleted by Paqato. We have put in place a data processing agreement with Paqato, by which we oblige Paqato to protect our customers' data in accordance with the legal requirements. Paqato's privacy policy can be viewed here: https://www.paqato.com/datenschutzerklaerung/

pixi
Order processing takes place via the service provider "pixi" (Descartes Systems (Germany) GmbH, Walter-Gropius-Str. 15, D-80807 Munich). In accordance with Art. 6 (1) (b) GDPR, name, address and potentially other personal data are provided to pixi exclusively for the purpose of processing the online order. Your data will only be disclosed to the extent actually necessary for order processing. Details about data protection at pixi and the privacy policy for Descartes Systems (Germany) GmbH can be viewed at the following link: https://www.pixi.eu/datenschutz

Transfer of personal data to shipping service providers

DHL

If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), we will disclose your email address to DHL in accordance with Art. 6 (1) (a) GDPR before delivery of the goods, so that DHL can arrange the delivery date or issue delivery notifications, provided you have explicitly consented to this in the ordering process. Otherwise, for the purpose of delivery pursuant to Art. 6 (1) (b) GDPR, we will only provide DHL with the name of the recipient and the delivery address. The disclosure of this information is made only insofar as is necessary for the delivery of goods. In this case, prior coordination of the delivery date with DHL and delivery notifications will not be possible. Consent can be withdrawn at any time with future effect vis-à-vis the aforementioned controller or the transport service provider DHL.

GLS

If the goods are delivered by the transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 - 7, 36286 Neuenstein), we will disclose your email address in accordance with Art. 6 (1) (a) GDPR before delivery of the goods, so that GLS can arrange the delivery date or issue delivery notifications, provided you have explicitly consented to this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 (1) (b) GDPR, we will only provide GLS with the name of the recipient and the delivery address. The disclosure of this information is made only insofar as is necessary for the delivery of goods. In this case, prior coordination of the delivery date with GLS and status updates regarding the delivery will not be possible. Consent can be withdrawn at any time with future effect vis-à-vis the aforementioned controller or the transport service provider GLS.

Credit checks

In the case of a purchase on account or any other method of payment for which we offer credit, we may carry out a credit check (score). For this purpose, we transfer data you have submitted (e.g. name, address, age or bank details) to a credit agency. These data are used to calculate the probability of default. In the event of an excessive risk of non-payment, we may refuse the payment method in question. The credit check is carried out for contract performance (Art. 6 (1) (b) GDPR) and to avoid payment defaults (legitimate interest according to Art. 6 (1) (f) GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 (1) GDPR); consent can be withdrawn at any time.

Payment services

We include third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of handling the payment. These transactions are subject to the relevant provider's contractual and data protection provisions. The use of payment service providers is based on Art. 6 (1) (b) GDPR (contract processing) and in the interest of a convenient, straightforward and secure payment process (Art. 6 (1) (f) GDPR). Insofar as your consent is obtained for certain actions, Art. 6 (1) (a) GDPR is the legal basis for data processing; consent can be withdrawn at any time with future effect. We use the following payment services / payment service providers within this website:

PayPal

Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. For details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g. payment by instalments). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimise the use of the Klarna checkout solution. For details about the use of Klarna cookies, please see the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf. You can read details about this in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

Datatrans AG
The provider of this payment service is Datatrans, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland. Further information can be found on the Datatrans website at https://www.datatrans.ch and in the privacy policy at https://www.datatrans.ch/en/privacy-policy/.

Debt collection service

If you do not pay outstanding invoices despite repeated reminders, we reserve the right to send the necessary data for debt collection to a debt collection service provider. In addition, we may sell outstanding receivables to a debt collection service and, for this purpose, assign these receivables to the relevant service, which may then take responsibility for enforcing the claims against you under statutory provisions. The legal basis for the transfer of data as part of debt collection is Art. 6 (1) (b) GDPR; the transfer of data in the context of the sale of receivables is based on Art. 6 (1) (f) GDPR. In Germany, we work with the following debt collection service providers: Arvato Financial Solutions, infoscore Forderungsmanagement GmbH, Rheinstr. 99, 76532 Baden-Baden.

9. Encryption

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content (such as orders or requests that you send to us as the site operator) this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the web address changes from "http://" to "https://" and by the appearance of the lock symbol in the browser address bar. When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

After agreeing a contract for which there is a fee, if there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization) these data are required for payment processing. Payment transactions via standard payment methods (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the web address changes from "http://" to "https://" and by the appearance of the lock symbol in the browser address bar. With encrypted communication, the payment data that you transmit to us cannot be read by third parties.

10. Online presence in social networks

Data processing through social networks

We maintain publicly accessible profiles on social networks. The specific social networks used by us can be found below. Social networks such as Facebook, Twitter, etc. can generally undertake an extensive analysis of your user behaviour when you visit their website or a website with integrated social media content (e.g. 'like' buttons or banner ads). Visiting our social media sites instigates lots of processing operations that are relevant to data protection. In detail: If you are logged in to your social media account and visit our social media offering, the operator of the relevant social media portal can link this visit to your user account. However, under certain circumstances your personal data may be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, the data collection takes place, for example, via cookies that are stored on your device or by recording your IP address. Social media portal operators can use data collected in this way to create user profiles, which record your preferences and interests. This allows you to be shown personalised advertising both within the social media site and elsewhere. If you have an account with the relevant social network, personalised ads may be displayed on any devices on which you are or were logged in. Please also note that we cannot track all processing on social media portals. Consequently, depending on the provider, there may be other processing operations carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies for the respective social media portals.

Legal basis

Our social media content is designed to ensure the broadest possible presence online. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analytical processes initiated by the social networks may have different legal foundations, which must be indicated by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for data processing operations triggered during this visit. You can exercise your rights (access, rectification, erasure, restriction of processing, data portability and complaints) either with regard to us or with regard to the operator of the respective social media portal (e.g. Facebook). Please note that despite this joint responsibility with the social media portal operators, we do not have full influence over their data processing operations. Our options are largely determined by the relevant provider's corporate policy.

Storage period

Data collected directly by us via social media will be deleted from our systems as soon as you request its deletion, or withdraw your consent to the storage, or when the purpose for storing the data no longer applies. Cookies will remain on your device until you delete them. Mandatory legal provisions (especially retention periods) remain unaffected. We have no influence over the storage period for your data that are held by the social network operators for their own purposes. For details, please check with the relevant social network operator directly (e.g. in their privacy policy, see below).