Privacy Policy

PRIVACY POLICY

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE DATA CONTROLLER

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the processing of your personal data when using our website. Personal data in this context is any information by which you can be personally identified.

1.2 The data controller of this website within the meaning of the General Data Protection Regulation (GDPR) is The Online Society. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or questions to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in the bar of your browser.

2) COLLECTION OF DATA WHEN YOU VISIT OUR WEBSITE

If you use our website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called server log files). When you visit our website, we collect the following data, which is technically necessary to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest to improve the stability and functionality of our website. The data will not be transferred or used in any other way. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

3) COOKIES

To make your visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end devices. Some of the cookies used by us are deleted after the browser session has ended, i.e., when you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data and IP address values, on an individual basis. Persistent cookies are automatically deleted after a certain period of time, which may vary for each cookie.

In part, cookies serve to simplify the ordering process by saving settings (for example, by remembering the contents of a virtual shopping cart for a later visit to the website). If personal data are also processed by individual cookies implemented by us, the processing takes place in accordance with Art. 6 par. 1(b) of the GDPR to fulfill the contract or according to Art. 6 par. 1(f) of the GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and efficient design of the website visit.

We may cooperate with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with the aforementioned advertising partners, you will be informed separately and individually about the use of such cookies and the scope of information collected.

Please note that you can set your browser to inform you about the setting of cookies and individually decide to accept them or exclude the acceptance of cookies in certain cases or in general. Each browser differs in how it handles cookie settings. This is described in each browser's help menu, which explains how to change your cookie settings.

Links to manage cookies in your browser:

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) CONTACTING US

When you contact us (for example, through a contact form or email), personal data is collected. The specific data collected in a contact form is stated in the respective contact form. This data is stored and used exclusively to answer your question or to contact you and for the corresponding technical administration. The legal basis for processing the data is our legitimate interest to answer your inquiry in accordance with Article 6 (1)(f) of the GDPR. If the purpose of your contact is to conclude a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted after the final processing of your request, provided there are no conflicting legal retention obligations.

5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING

In accordance with Art. 6(1)(1)(b) of the GDPR, personal data is further collected and processed if you provide it to us for the performance of a contract or when opening a customer account. Which data will be collected is stated on the relevant form to be filled out. The deletion of your customer account is possible at any time and can be done by sending a message to the address of the responsible person above. We store and use the data you provide for the processing of the contract. After completion of the processing of the contract or deletion of your customer account, your data will be blocked with respect to the tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data is reserved on our part, about which we will inform you below.

6) USE OF YOUR DATA FOR DIRECT MARKETING PURPOSES

6.1 Registration for our Email Newsletter

If you register for our e-mail newsletter, we will send you information about our offers regularly. The only data required for sending the newsletter is your email address. The provision of other data is voluntary and is used to contact you personally. We use the so-called double opt-in procedure for sending the newsletter. This means we will only send you a newsletter if you have explicitly confirmed your consent. We then send you a confirmation email in which we ask you to confirm that you want to receive future newsletters by clicking on an appropriate link.

By activating the confirmation link, you consent to our use of your personal data in accordance with Article 6(1)(a) of the GDPR. When you sign up for the newsletter, we store your IP address, as provided by your internet service provider (ISP), as well as the date and time of registration, to later detect any misuse of your email address. You can unsubscribe from the newsletter at any time via the appropriate link or by sending a message to the responsible person indicated above. Once you have unsubscribed, your email address is immediately removed from our distribution list.

6.2 Sending Email Newsletters to Existing Customers

If you have provided your email address to us when purchasing goods or services, we reserve the right to send you regular email offers for similar goods or services that you have already purchased from our range. This does not require us to obtain your consent.

Data processing takes place solely on the basis of our legitimate interest in personalized direct marketing in accordance with Article 6(1)(f) of the GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you emails. You have the right to object to the use of your email address for the above advertising purposes at any time with effect for the future by notifying the responsible person indicated above.

7) DATA PROCESSING FOR ORDER PROCESSING

7.1 Transfer of Data for Order Processing

The personal data collected by us is passed on to the transport company making the delivery as part of order processing, insofar as this is necessary for the delivery of the goods. We transfer your payment data to the mandated credit institution as part of payment processing, to the extent necessary for payment processing.

7.2 Use of Payment Service Providers

- PayPal
In the event of payment via PayPal, credit card via PayPal, direct debit via PayPal, or "purchase on account" via PayPal, we transfer your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A. as part of payment processing. The transfer takes place in accordance with Article 6(1)(b) of the GDPR and only to the extent necessary for the payment procedure.

For payment methods like credit card via PayPal, PayPal reserves the right to perform a credit check. PayPal may provide credit reference agencies with your payment data, and the results of the creditworthiness check may influence the decision regarding payment options.

For more details on PayPal’s data protection laws, please check their privacy statement.

- SOFORT
If you choose the payment method "SOFORT", the payment is processed by SOFORT GmbH, part of Klarna Group. Your data will be transferred to SOFORT GmbH for payment processing only.

For more information on SOFORT's data protection policy, visit SOFORT's Privacy Policy.

8) CONTACT RATING REMINDER
Your own rating reminder (not sent by a customer rating system).

We use your email address for a one-time rating reminder for your order in the rating system used by us, provided you have given express consent during or after your order in accordance with Article 6, paragraph 1 lit. a DSGVO.
You can withdraw your consent at any time by sending a message to the data controller.

9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook Plugins with Shariff Solution
Our website uses social plugins ("plugins") of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

To better protect your data when visiting our website, these buttons are not fully integrated as plugins but only via an HTML link. This ensures that no connection is established with Facebook’s servers when you visit a page containing such buttons. When you click the button, a new browser window opens and the Facebook page is accessed, where you can interact with the plugins (possibly after logging in).

Facebook Inc., based in the US, is certified for the US-EU "Privacy Shield", ensuring compliance with the EU’s data protection level.

For further details on data collection and processing, please refer to Facebook's privacy policy: https://www.facebook.com/policy.php.

9.2 Google+ Plugins with Shariff Solution
Our website uses social plugins ("plugins") from the social network Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

To better protect your data when visiting our website, these buttons are not fully integrated but only via an HTML link. This ensures that no connection is established with Google+’s servers unless you click the button, opening a new browser window where you can interact with the plugins (possibly after logging in).

Google LLC, based in the US, is certified for the US-EU "Privacy Shield", ensuring compliance with the EU’s data protection level.

For further details on data collection and processing, please refer to Google’s privacy policy: https://www.google.com/intl/de/policies/privacy/.

9.3 Instagram Plugin with Shariff Solution
Our website uses social plugins ("plugins") from Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").

To better protect your data when visiting our website, these buttons are integrated only via an HTML link. This ensures that no connection is made with Instagram's servers when visiting a page containing such buttons. When you click the button, a new browser window opens and the Instagram page is accessed, where you can interact (possibly after logging in).

Instagram LLC, based in the US, is certified for the US-EU "Privacy Shield", ensuring compliance with the EU’s data protection level.

For further details on data collection and processing, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/.

10) ONLINE MARKETING

10.1 DoubleClick from Google
This website uses Google’s online marketing tool DoubleClick from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").

DoubleClick uses cookies to display relevant ads, improve campaign performance reports, or prevent a user from seeing the same ads repeatedly. Google uses a cookie ID to record which ads are displayed in which browser, preventing repeated ads. This processing is based on our legitimate interest in optimizing our website marketing under Article 6(1)(f) of the GDPR.

Additionally, DoubleClick uses the cookie ID for "conversion tracking", recording when a user sees an ad and later makes a purchase. Google claims that DoubleClick cookies do not contain personal information.

Google receives information about your website visits or ad clicks. Google may link this data to your Google account, even if you're not logged in.

To opt-out of tracking, you can block cookies for conversion tracking by adjusting your browser settings at https://www.google.de/settings/ads.
For more information on Google’s privacy practices: https://www.google.de/policies/privacy/.

10.2 Google AdWords Conversion Tracking
Our website uses Google AdWords and its conversion tracking tool from Google LLC. We use AdWords to advertise attractive offers via external websites. The data allows us to measure the effectiveness of individual ads.

When you click on an AdWords ad, a cookie is set. The cookie helps us track conversions and ensures targeted advertising based on user interests. If you do not want to participate in this tracking, you can disable the Google conversion tracking cookie in your browser settings.

Google LLC, based in the US, is certified for the US-EU "Privacy Shield".
More information on Google's privacy policy: https://www.google.de/policies/privacy/.

11) WEB ANALYTICS SERVICES

Google (Universal) Analytics
This website uses Google Analytics, a web analytics service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies to analyze user behavior. The collected information, including your IP address, is transmitted and stored by Google on US servers.

We use Google Analytics with the "_anonymizeIp()" extension to anonymize your IP address. This ensures that the full IP address is only sent in exceptional cases. This data processing is based on our legitimate interest in statistical analysis and optimization of our website under Article 6(1)(f) of the GDPR.

To opt-out of Google Analytics, you can install the browser plugin: https://tools.google.com/dlpage/gaoptout.

For more details: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376.

12) RETARGETING/REMARKETING/RECOMMENDATION

Facebook Custom Audience via Pixel Process
Our website uses the "Facebook pixel" from Facebook Inc. This allows tracking of user behavior after viewing or clicking on a Facebook ad. The data collected is anonymous, and we cannot identify users personally. However, Facebook processes the data to connect it with a user profile for advertising purposes.

You can disable the use of cookies by adjusting your browser settings or using the Digital Advertising Alliance’s website: https://www.aboutads.info/choices/.

Google AdWords Remarketing
We use Google AdWords Remarketing to advertise our website on Google search results and third-party websites. This tool places cookies in the browser for interest-based advertising using pseudonymous IDs.

If you’ve linked your web and app browsing history to your Google account, Google can use this data to personalize ads. You can opt-out by adjusting your browser settings or using the available browser extension: https://www.google.com/settings/ads/onweb/.

More information on Google's advertising practices: https://www.google.com/policies/technologies/ads/.

13) DATA SUBJECT RIGHTS

13.1 Rights Under Data Protection Law
Applicable data protection law gives you extensive rights against the data controller in connection with the processing of your personal data. The following outlines these rights:

  • Right of Access (Article 15 of the GDPR): You have the right to obtain information about the personal data processed by us, including the purposes, categories of data, recipients, storage period, and the existence of rights like rectification, erasure, restriction of processing, or objection to processing.

  • Right to Rectification (Article 16 of the GDPR): You have the right to have inaccurate data relating to you rectified without delay and/or incomplete data completed.

  • Right to Erasure (Article 17 of the GDPR): You can request the erasure of your personal data if the conditions of Article 17(1) are met. This right does not apply if the processing is necessary for legal compliance, public interest, or for the establishment, exercise, or defense of legal claims.

  • Right to Restriction of Processing (Article 18 of the GDPR): You can request the restriction of processing if you dispute the accuracy of your data, if you oppose erasure and request restriction instead, if you need the data for legal claims, or if you object to processing based on your particular situation.

  • Right to Information (Article 19 of the GDPR): If you invoke the right to rectification, erasure, or restriction of processing, we are obligated to inform recipients of your data about these actions unless impossible or disproportionately effortful.

  • Right to Data Portability (Article 20 of the GDPR): You have the right to receive your personal data in a structured, machine-readable format or to request its transfer to another controller, as long as technically feasible.

  • Right to Withdraw Consent (Article 7(3) of the GDPR): You can withdraw any consent given for processing your data at any time, with future effect. Withdrawal will lead to the immediate deletion of the concerned data unless legal grounds exist for further processing.

  • Right to Lodge a Complaint (Article 77 of the GDPR): If you believe your data has been processed in violation of the GDPR, you can lodge a complaint with a supervisory authority, typically in the state where you live, work, or where the alleged violation took place.

13.2 Right to Object

If we process your personal data based on a balancing of interests, you have the right to object to such processing for reasons related to your particular situation.

If you exercise this right, we will stop processing your data unless we can demonstrate compelling legitimate grounds for processing that outweigh your rights and freedoms, or if processing serves to establish, exercise, or defend legal claims.

If we process your personal data for direct marketing, you have the right to object at any time. In such cases, we will stop processing your data for marketing purposes.

14) DURATION OF STORAGE OF PERSONAL DATA

The duration of personal data storage is determined by statutory retention periods (e.g., commercial and tax law). After the retention period expires, the data will be deleted unless it is still necessary for contract performance or initiation, or if there is a justified interest in further storage.