Data protection
1. Data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data that can be used to identify you personally. Detailed information on data protection can be found in our privacy policy listed below this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details either in the website's imprint or in section 2 of this privacy policy.
Shopify
We use Shopify to power our online store. For more information about how Shopify uses your personal data, please visit: https://www.shopify.com/legal/privacy
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This may, for example, be data you enter in a contact form.
Other data is automatically collected by our IT systems when you visit the website. This primarily involves technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our website.
Types of data processed
- Inventory data (e.g., names, addresses).
- Contact details (e.g., email, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Purpose of processing
- Provision of the online offer, its functions and contents.
- Answering contact requests and communicating with users.
- Security measures.
- Reach measurement/marketing
What rights do you have regarding your data?
You have the right to obtain information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking, or deletion of this data. You can contact us at any time at the address provided in the imprint for this purpose and with any other questions regarding data protection. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority.
Analysis tools and third-party tools
When you visit our website, your browsing behavior may be statistically analyzed. This is done primarily with cookies and so-called analysis programs. The analysis of your browsing behavior is generally anonymous; it cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
You can object to this analysis. We will inform you about your options for objecting in this privacy policy.
Right of withdrawal
You have the right to revoke consent given in accordance with Art. 7 (3) GDPR with effect for the future.
Right of objection
You may object to the future processing of your data at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.
2. General information and mandatory information
Data protection
The operators of these websites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose.
We would like to point out that data transmission over the Internet (e.g., when communicating via email) may be subject to security gaps. Complete protection of data from access by third parties is not possible.
Note on the responsible body
The responsible body for data processing on this website is:
Christopher Pälmke
Zodiac Fashion
Joachimstrasse 4
12555 Berlin
Telephone: +49 (0) 151 42 53 0143
Email: support@zodiacfashion.shop
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Transfers to third countries
If the provider processes personal data in a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), or if this occurs as part of the use of third-party services, this only occurs if it is necessary to fulfill pre-contractual or contractual obligations, on the basis of the user's consent, on the basis of a legal obligation or on the basis of legitimate interests. Subject to legal or contractual permissions, personal data is or will only be processed in a third country if the special requirements of Art. 44 et seq. GDPR are met, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level equivalent to that of the EU or compliance with officially recognized, specific contractual obligations.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your previously granted consent at any time. To do so, simply send us an informal email. The legality of the data processing carried out up to the time of revocation remains unaffected.
Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser's address bar.
If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after concluding a paid contract, you are obliged to provide us with your payment details (e.g. account number for direct debit authorization), these details will be required for payment processing.
Payment transactions using common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and by the lock symbol in your browser's address bar.
With encrypted communication, your payment data that you send to us cannot be read by third parties.
Information, blocking, deletion
The data we process will be deleted or restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with Sections 147 Para. 1 AO, 257 Para. 1 Nos. 1 and 4, Para. 4 HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with Section 257 Para. 1 Nos. 2 and 3, Para. 4 HGB (commercial letters).
According to legal requirements in Austria, storage takes place in particular for 7 years in accordance with Section 132 Paragraph 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statements of income and expenditure, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services that are provided to non-entrepreneurs in EU member states and for which the Mini One Stop Shop (MOSS) is used.
Objection to advertising emails
The use of contact information published in accordance with the imprint obligation to send unsolicited advertising and information materials is hereby prohibited. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.
Google Fonts End User License Terms
We integrate the fonts ("Google Fonts") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
3. Data collection on our website
Cookies
Some of our websites use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our services more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.
You can configure your browser to inform you about the use of cookies and to only accept cookies on a case-by-case basis, to exclude cookies for specific cases or in general, and to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.
Cookies that are necessary to carry out electronic communication or to provide certain functions you have requested (e.g., shopping cart function) are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services. If other cookies (e.g., cookies for analyzing your surfing behavior) are stored, these are treated separately in this privacy policy.
Information on this can be found on the following websites:
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
In addition, the user has the option to manage online advertising cookies from companies via the European website or the US website.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Browser type and version
- operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of server request
- IP address
This data will not be merged with other data sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures.
Contact us
When you contact us (e.g., via contact form, email, telephone, or social media), the user's information will be processed to process the contact request and its handling in accordance with Art. 6 (1) (b) GDPR. User information may be stored in a customer relationship management system ("CRM system") or similar request organization.
We delete requests if they are no longer required. We review their necessity every two years; furthermore, statutory archiving obligations apply.
Contact form
If you send us inquiries via the contact form, your information from the form, including the contact details you provided there, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent.
The data entered into the contact form will therefore be processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. To do so, simply send us an informal email. The legality of the data processing operations carried out up to the time of revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular, retention periods—remain unaffected.
Newsletter
The following information provides you with information about the content of our newsletter, the registration, dispatch, and statistical evaluation procedures, as well as your right to object. By subscribing to our newsletter, you agree to receive it and to the described procedures.
Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletter") with the consent of the recipient or legal permission. If the content of the newsletter is specifically described when registering for the newsletter, this is decisive for the user's consent. Otherwise, our newsletters contain information about our services and us Double opt-in and logging: Registration for our newsletter is carried out using a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else's email address. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
Registration data: To subscribe to the newsletter, simply provide your email address. Optionally, we ask you to provide a name so we can address you personally in the newsletter.
The newsletter is sent and the associated performance measurement is based on the recipient's consent in accordance with Art. 6 (1) (a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG.
The registration process is logged based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest is in using a user-friendly and secure newsletter system that serves our business interests and meets user expectations, while also allowing us to verify consent.
Cancellation/Revocation - You can cancel your subscription to our newsletter at any time, i.e., revoke your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.
We send newsletters with information about our products and our company. Your email address is required to subscribe to the newsletter. You can also provide your name and date of birth so we can contact you personally.
The newsletter is sent via the shipping service provider “Omnisend”, the newsletter distribution platform of Omnisend Ltd, 1401 Sam Rittenberg Blvd Suite 2, Charleston, SC 29407, United States . The newsletter contains a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the server of the shipping service provider when the newsletter is opened. During this retrieval, information about your browser and your system, as well as your IP address and the time of retrieval are collected. This information is used to technically improve the services based on technical data, your reading behavior, the location of the retrieval (which can be determined using an IP address) or the access time. We also record for statistical purposes whether, when and which links in the newsletter are clicked.
For more information about Mapp, please see the platform’s privacy policy at www.omnisend.com .
This data is processed for the purpose of sending the newsletter and on the basis of your consent in accordance with Art. 6 (1) (a) GDPR, i.e. for EU/EEA data subjects. To obtain consent during the registration process, we refer to this privacy policy. You can revoke your consent at any time. You will find a link to unsubscribe from the newsletter at the end of each newsletter. The revocation does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation. If the declaration of consent is revoked, the data will be deleted unless further retention of the data is necessary, e.g. as required by law.
Your personal data will be transmitted to our processor, who sends us a newsletter. A corresponding agreement has been signed. No transmission to recipients in third countries.
You can find your other existing rights in the General Principles of Data Processing under “Data Subject Rights” below.
Newsletter - Measuring Success
The newsletters contain a so-called "web beacon," a pixel-sized file that is retrieved from our server when the newsletter is opened, or from the server of a shipping service provider if we use it. During this retrieval, technical information, such as information about your browser and system, as well as your IP address and the time of retrieval, is initially collected.
This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the shipping service provider, to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content based on the interests of our users.
Processing of data (customer and contract data)
We collect, process, and use personal data only to the extent necessary to establish, define, or modify the legal relationship (master data). This is done on the basis of Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures. We collect, process, and use personal data about the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill them.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer upon conclusion of contract for online shops, retailers and shipping of goods
We only transmit personal data to third parties if this is necessary for the contract processing, for example, to the company entrusted with delivering the goods or the credit institution responsible for payment processing. This includes the customer's first and last name, street and house number, postal code and city, as well as the email address to enable better shipment tracking. Further transmission of data will not occur or only occur if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures.
Agency services
We process our customers' data within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
We process inventory data (e.g. customer master data such as names or addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. contract subject matter, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. in the context of the evaluation and measurement of the success of marketing measures). We generally do not process special categories of personal data unless these are part of a commissioned processing operation. Those affected include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis for the processing is Art. 6 (1) (b) GDPR (contractual services) and Art. 6 (1) (f) GDPR (analysis, statistics, optimization, security measures). We process data that is necessary to establish and fulfill the contractual services and point out the necessity of providing it. Disclosure to external parties only occurs if it is necessary within the scope of an order. When processing the data provided to us within the scope of an order, we act in accordance with the client's instructions and the legal requirements for order processing pursuant to Art. 28 GDPR and do not process the data for any purposes other than those specified in the order.
We delete data after the expiration of statutory warranty and similar obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiration (6 years, according to Section 257 Para. 1 of the German Commercial Code (HGB), 10 years, according to Section 147 Para. 1 of the German Fiscal Code (AO). In the case of data disclosed to us by the client within the scope of an order, we delete the data in accordance with the specifications of the order, generally after the end of the order.
Participation in affiliate partner programs
Within our online offering, we use industry-standard tracking measures based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering) in accordance with Art. 6 (1) (f) GDPR, insofar as these are necessary for the operation of the affiliate system. Below, we explain the technical background to users.
The services offered by our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, for example, when links or services from third parties are offered after a contract has been concluded). The operators of the respective websites receive a commission when users follow the affiliate links and subsequently take advantage of the offers.
In summary, it is necessary for our online offering to be able to track whether users who are interested in affiliate links and/or the offers available from us subsequently take advantage of the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented with certain values that can be part of the link or set otherwise, e.g. in a cookie. These values include in particular the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID and categorizations.
The online user identifiers we use are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or email addresses. They only help us determine whether the same user who clicked on an affiliate link or expressed interest in an offer via our online offering has accepted the offer, i.e., for example, concluded a contract with the provider. However, the online identifier is personal insofar as the partner company and we have the online identifier together with other user data. This is the only way the partner company can tell us whether the user has accepted the offer and whether we can, for example, pay out the bonus.
4. Analysis tools and advertising
Google Analytics
This website uses features of the web analysis service Google Analytics, provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website is typically transferred to a Google server in the United States and stored there.
Google Analytics cookies are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plug-in
You can prevent cookies from being saved by selecting the appropriate settings in your browser; however, please note that if you do this, you may not be able to use all of the features of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de .
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking the following link. This will set an opt-out cookie that prevents the collection of your data on future visits to this website: Deactivate Google Analytics .
For more information about how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .
Contract data processing
We have concluded a contract for order data processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics in Google Analytics
This website uses the "demographics" feature of Google Analytics. This allows reports to be created that contain information about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific individual. You can deactivate this feature at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the "Objection to data collection" section.
Facebook Pixel, Custom Audiences and Facebook Conversion
Within our online offering, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offering and for these purposes.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook pixel, Facebook is able to define visitors to our online offering as a target group for displaying advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Facebook processes data in accordance with Facebook's data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
You can opt out of the Facebook pixel's collection and use of your data to display Facebook ads. To control which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions for settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, meaning they apply to all devices, such as desktop computers and mobile devices.
You can also object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative deactivation page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
5. Payment provider
The processing of personal data by a payment service provider is based on Article 6 (1) (b) GDPR for the purpose of contract execution and only to the extent necessary for this purpose and within the scope of our legitimate interests pursuant to Article 6 (1) (f) GDPR to be able to offer you reliable and secure payment processes. The respective payment provider is responsible for the data collected and processed by the payment provider in compliance with data protection regulations.
PayPal
When paying using a payment method provided by PayPal (direct debit, credit card, installment payment or purchase on account), payment processing is carried out via the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
If you choose a PayPal payment method, you will be redirected to the PayPal website. When you use this service, PayPal collects, processes, and stores transaction data, such as the amount paid, technical usage data, and location data. PayPal reserves the right to conduct a credit check for the above-mentioned payment methods. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR, based on PayPal's legitimate interest in determining your ability to pay.
For further information on data protection, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Google Pay
If you choose to use "Google Pay," payment processing will be handled by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). You will need a Google Pay-enabled device with Google Pay installed. Payment will be made using a payment card (credit card) stored with Google Pay or via a payment system such as PayPal.
The data collected during payment processing is forwarded to Google. The payment is then verified using a token (virtual number) valid only for this payment transaction. The payment information is transmitted to the merchant in encrypted form. For the use of this service, Google collects, processes, and stores transaction data, such as the amount paid, technical usage data, and location data.
The Google Pay terms of use can be found at:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=buyertos&ldr=DE
You can find privacy information for Google Payments here:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
Google’s privacy policy and terms of use are available at:
https://policies.google.com/privacy
Apple Pay
If you choose to pay with Apple Pay, payment will be processed by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland. You will need an Apple Pay-enabled device with Apple Pay enabled and a supported payment card from a bank that cooperates with Apple.
The data collected during payment processing is forwarded to Apple. Apple then verifies the payment using a device-specific number along with a transaction code unique to this payment transaction. The payment information is transmitted to the merchant in encrypted form.
To use this service, Apple collects, processes and stores transaction data, such as the amount paid, technical usage data and location data.
Further information can be found on Apple’s website:
https://www.apple.com/de/apple-pay/
Apple’s privacy policy is available at:
https://www.apple.com/de/legal/privacy/de-ww/
Klarna instant bank transfer
If you choose the Klarna Sofortüberweisung payment option, payment processing will be carried out by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany. Sofort GmbH is a subsidiary of Klarna Bank AB (publ), a company under Swedish law with its principal place of business at Sveavägen 46, 111 34 Stockholm, Sweden.
With Sofortüberweisung, you will be redirected to the secure payment page of Sofort GmbH after selecting the appropriate payment method. As a technical service provider, Sofort GmbH forwards the data you entered into the secure payment form to your bank in encrypted form. For this purpose, Sofort GmbH collects, processes, and stores your name, IBAN, subject, amount, and date. Once the transfer is complete, we receive a real-time transaction confirmation.
The data protection declaration of Sofort GmbH is available at:
https://www.sofort.de/datenschutz.html
Klarna’s privacy policy is available at:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
Klarna purchase on account
If you choose the Klarna invoice payment option, payment will be processed via Klarna Bank AB (publ), a company under Swedish law with its head office at Sveavägen 46, 111 34 Stockholm, Sweden.
If you choose the Klarna invoice payment method, you will be redirected to Klarna's website. Here, Klarna collects, processes, and stores contact and identification information, such as your name, billing address, and email address; payment information, such as your debit or credit card number and account number; and device-related information, such as your IP address and browser settings.
When purchasing on account, Klarna may pass on your personal data, such as name, address, date of birth and telephone number, to credit agencies as part of the credit check in accordance with Art. 6 (1) (f) GDPR on the basis of Klarna's legitimate interest in determining your ability to pay.
Klarna’s privacy policy is available at:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
credit card
When paying by credit card, we collect and process the personal data required to process the payment, such as your name, credit card number, credit card validity period and security code, and pass this on to your credit card company for billing purposes.
Shopify Payments
When paying using a payment option from Shopify Payments (“Shopify Payments”, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2), payment processing is carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
For this purpose, Stripe Payments Europe Ltd. processes and stores the relevant transaction data, such as the payment method (e.g., payment by credit card), the amount, and the date of the payment. Depending on the payment method used, Stripe Payments Europe Ltd. may also process and store your name, email address, billing address, or shipping address.
The privacy policy of Stripe Payments Europe Ltd. is available at:
https://stripe.com/de/privacy#translation
Shopify Payments’ privacy policy is available at:
https://www.shopify.com/legal/privacy