Data Protection

Privacy Policy

1) Introduction and contact details of the controller

1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data here means all data by which you can be personally identified.

1.2 The responsible party for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is Abdul Saboor, Ellernkamp, 3, 31691 Helpsen, Germany, Tel: 01793990072, E-Mail: support@myonline-shop.de The responsible party for processing personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data collection when visiting our website

2.1 When using our website for informational purposes only, even if you do not register or provide us with other information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating System
Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no disclosure or other use of the data. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the servers of the provider. We have entered into a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

When transferring data to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device longer and allow the storage of page settings (so-called "persistent cookies"). In the latter case, you can view the storage duration in the cookie settings overview of your web browser.

If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, according to Art. 6 para. 1 lit. a GDPR in the case of granted consent, or according to Art. 6 para. 1 lit. f GDPR to safeguard our interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that by not accepting cookies, the functionality of our website may be limited.

5) Contact

In the context of contacting us (e.g., via contact form or email), personal data will be processed solely for the purpose of processing and responding to your inquiry.

The legal basis for processing this data is our legitimate interest in responding to your inquiry according to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

6) Comment function

As part of the comment function on this website, in addition to your comment, the time of the comment's creation and the commentator name you chose will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is done for security reasons and in case the affected person violates the rights of third parties or posts illegal content through a comment. We need your email address to contact you in case a third party should contest your published content as illegal.

Legal bases for storing your data are Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are reported as unlawful by third parties.

7) Use of customer data for direct marketing

7.1 Sign up for our email newsletter

When you subscribe to our email newsletter, we will regularly send you information about our offers. The only requirement for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For the newsletter dispatch, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter after you have explicitly confirmed your consent to receive the newsletter by clicking on a verification link sent to the provided email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. We will store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration to trace any potential misuse of your email address at a later time. The data we collect during newsletter registration will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time using the designated link in the newsletter or by sending a corresponding message to the responsible party mentioned above. After unsubscribing, your email address will be promptly removed from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve a further data use that is legally permitted and of which we inform you in this statement.

7.2 Klaviyo

The distribution of our email newsletter is carried out by this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we share the data you provided during newsletter registration with this provider according to Art. 6 para. 1 lit. f GDPR, so that they can handle the newsletter distribution on our behalf.

Subject to your explicit consent according to Art. 6 para. 1 lit. a GDPR, the provider also conducts a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits forwarding to third parties.

For data transmissions to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

Data processing for order fulfillment

8.1 Submission of image files for order processing via upload function

On our website, we offer customers the opportunity to personalize products by submitting image files through an upload function. The submitted image will be used as a template for personalizing the selected product.

Through the upload form on the website, the customer can directly transmit one or more image files from the storage of the used device to us via automated, encrypted data transmission. We collect, store, and use the transmitted files solely for the creation of the personalized product as described on our website. If the transmitted image files are shared with a specific service provider for the creation and processing of the order, you will be explicitly informed about this in the following paragraphs. No further sharing will occur. If the transmitted files or the digital motifs contain personal data (especially images of identifiable individuals), all the aforementioned processing operations will be carried out solely for the purpose of processing your online order in accordance with Art. 6 para. 1 lit. b GDPR.

After the final processing of the order, the transmitted image files will be automatically and completely deleted.

8.2 As far as necessary for the processing of the contract for delivery and payment purposes, the personal data we collect will be passed on to the transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact details you provided when ordering (name, address, email address) to inform you personally about upcoming updates within the legally prescribed period in accordance with our legal information obligations under Art. 6 para. 1 lit. c GDPR via suitable communication channels (e.g., by post or email). Your contact details will be used strictly for the purpose of notifications regarding updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also collaborate with the following service provider(s) who assist us in whole or in part with the execution of concluded contracts. Certain personal data will be transmitted to this service provider in accordance with the following information.

8.3 To fulfill our contractual obligations, we work with external shipping partners. We provide your name and delivery address, and, as necessary for delivery, your phone number, solely for the purpose of delivering goods in accordance with Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.

8.4 Use of payment service providers (payment services)

- Amazon Pay

This website offers one or more online payment methods from the following provider: Amazon Payments Europe sca, 38 avenue JF Kennedy, L-1855 Luxembourg

When selecting a payment method from the provider where you pay in advance (such as credit card payment), your payment data (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be shared in accordance with Art. 6 para. 1 lit. b GDPR. The sharing of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for this.
Apple Pay

If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing occurs through the "Apple Pay" function of your device running iOS, watchOS, or macOS by charging a payment card stored in "Apple Pay." Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must also enter a code you previously set and verify using the "Face ID" or "Touch ID" feature of your device.

For the purpose of payment processing, the information you provide during the ordering process is first transmitted to Apple in encrypted form along with your order information. Apple re-encrypts this data with a developer-specific key before sending the data to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is sent, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.

If personal data is processed in the described transmissions, the processing is carried out solely for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely eliminates any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac."

Weitere Hinweise zum Datenschutz bei Apple Pay finden Sie unter der folgenden Internetadresse: https://support.apple.com /de-de /HT203027
Google Pay

If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is done through the "Google Pay" application on your mobile device equipped with at least Android 4.4 ("KitKat") by charging a payment card stored in Google Pay or a verified payment system there (PayPal). To authorize a payment over Google Pay of more than €25, prior unlocking of your mobile device through the respective verification method (such as facial recognition, password, fingerprint, or pattern) is required.

For the purpose of payment processing, the information you provided during the ordering process is first forwarded to Google along with your order information. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which verifies that a payment has been made. This transaction number does not contain any information about the actual payment data of your payment method stored in Google Pay, but is created and transmitted as a uniquely valid numerical token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The execution of the transaction occurs solely between the user and the originating website by charging the payment method stored in Google Pay.

If personal data is processed in the described transmissions, the processing is carried out solely for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason for the transaction, and any associated offer.

According to Google, this processing is carried out solely in accordance with Art. 6 para. 1 lit. f GDPR based on the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when using other Google services.

You can find the terms of use for Google Pay here:

https:// payments.google.com / payments /apis-secure /u /0 /get_legal_document ?ldo=0 &ldt=googlepaytos &ldl=de
Further information on data protection with Google Pay can be found at the following internet address: https:// payments.google.com
/ payments /apis-secure /get_legal_document ?ldo=0 &ldt=privacynotice &ldl=de
Paypal

This website offers one or more online payment methods from the following provider: PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg

When selecting a payment method from the provider where you pay in advance, your payment data (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be shared in accordance with Art. 6 para. 1 lit. b GDPR. The sharing of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for this.

When selecting a payment method where we pay in advance, you will also need to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and if applicable, data for an alternative payment method) during the order process.

In such cases, to maintain our legitimate interest in assessing your creditworthiness, this data will be forwarded to the provider in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check. The provider checks based on the personal data you provided as well as other data (such as shopping cart, invoice amount, order history, payment experiences) whether the payment option you selected can be guaranteed in terms of payment and/or default risk.

The credit report may contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data as necessary for contractual payment processing.
- Shopify Payments

This website offers one or more online payment methods from the following provider: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

One or more online payment methods from the following provider are available on this website: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany

9) Retargeting/ Remarketing and Conversion Tracking

Meta Pixel

Within our online offering, we use the "Meta Pixel" service from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta")

When a user clicks on an advertisement we run on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using "Meta Pixel." This URL parameter is then entered into the user's browser after the redirect by a cookie set by our linked page.

This makes it possible to define the visitors of our online offering as a target group for displaying ads (so-called "Ads"). If we use the service to show the Facebook and/or Instagram ads we run only to users who have also shown interest in our online offering or who exhibit certain characteristics (e.g., interests in topics or products determined by the visited websites), we transmit these to Meta (so-called "Custom Audiences").

Conversely, the "Meta Pixel" can track whether users were redirected to our website after clicking on an advertisement and what actions they take there (so-called "conversion tracking").

The data collected is anonymous to us and does not provide us with any conclusions about the identity of the user. However, the data is stored and processed by Meta, allowing a connection to the respective user profile and enabling Meta to use the data for its own advertising purposes.

All the processing described above, especially the setting of cookies to read information on the device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transmitted to a server of Meta and stored there; in this context, there may also be a transfer to a server of Meta Platforms Inc. in the USA.

10) Page functionalities

Endereco

To check certain inputs in the address form of the order process in our webshop for input errors in real-time, we use the services of the following provider: Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany

The provider validates the entered address, verifies the spelling, and supplements any missing data if necessary. For ambiguous addresses, correct alternative suggestions are displayed. For this purpose, the address data you entered is transmitted to the provider, stored there, and evaluated.

This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in properly capturing the correct address data of the customer to fulfill our contractual delivery obligations and to prevent contract execution issues.

The provider processes the affected data separately and does not combine it with other data sets, and deletes it as soon as its status or accuracy has been confirmed, but no later than after 30 days.

11) Rights of the affected individuals

11.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention) against the controller regarding the processing of your personal data, whereby the respective legal basis for exercising these rights is referenced:

Right of access pursuant to Art. 15 GDPR;
Right to notification according to Art. 16 GDPR;
Right to deletion pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to revoke given consents pursuant to Art. 7 para. 3 GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS AFTER BALANCING INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNING YOU FOR DIRECT MARKETING PURPOSES.

12) Duration of storage of personal data

The duration of storage of personal data is based on the respective legal basis, the processing purpose, and – if applicable – additionally on the respective statutory retention periods (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent according to Art. 6 para. 1 lit. a GDPR, the affected data will be stored until you revoke your consent.

There are statutory retention periods for data processed under legal or legally similar obligations based on Art. 6 para. 1 lit. b GDPR; this data will be routinely deleted after the retention periods expire, provided it is no longer necessary for contract fulfillment or contract initiation and/or we have no legitimate interest in further storage.

When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 2 GDPR.

Unless otherwise specified by the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Item has been added to the shopping cart