DATA PROTECTION

At LE O' BU, careful handling of our customers' and visitors' data is important to us.
We comply with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Unless otherwise stated below, the provision of your personal data is neither required by law nor contractually, nor is it necessary for the conclusion of a contract. You are not obliged to provide this data and failure to provide it will have no consequences unless otherwise stated in subsequent processing operations. “Personal Data” refers to any information relating to an identified or identifiable natural person.
Server log files
You can visit our websites without providing any personal information. Every time you access our website, usage data is transmitted to us or our web host/IT service provider through your Internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR out of our overriding legitimate interest in ensuring trouble-free operation of our website and in improving our offering.
Your data may be transferred to third countries outside the EU, in particular Canada and the USA, and processed there. There is an adequacy decision from the EU Commission for Canada. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF).
 
Contact
Responsible person
Contact us if you wish. The person responsible for data processing is: Sabrina Zimmermann // LE O' BU, Tal 44, 80331 Munich Germany, +4915142808439, info@leobu.com.
Initiative contact from the customer via email
If you initiate business contact with us via email, we will only collect your personal data (name, email address, message text) to the extent provided by you. The data processing serves to process and answer your contact request. If the contact serves to carry out pre-contractual measures (e.g. advice if you are interested in buying, preparing an offer) or concerns a contract that has already been concluded between you and us, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. If contact is made for other reasons, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR.
We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we only collect your personal data (name, email address, message text) to the extent provided by you. The data processing serves the purpose of establishing contact. If the contact is used to carry out pre-contractual measures (e.g. advice if you are interested in buying, making an offer) or concerns a contract that has already been concluded between you and us, this data processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter f GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR. We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
WhatsApp Business
If you contact us for business via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA). The data processing serves to process and answer your contact request. For this purpose, we collect and process your mobile phone number stored on WhatsApp, your name if provided, and other data to the extent provided by you. For the service, we use a mobile device whose address book only stores data from users who have contacted us via WhatsApp. Personal data will not be passed on to WhatsApp without you having already given your consent to WhatsApp.
Your data will be transmitted by WhatsApp to Meta Platforms Inc. servers in the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has certified itself according to the TADPF and is therefore committed to complying with European data protection principles. If the contact is used to carry out pre-contractual measures (e.g. advice if you are interested in buying, preparing an offer) or concerns a contract that has already been concluded between you and us, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR for our overriding legitimate interest in providing quick and easy contact and in answering your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR. We only use your personal data to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Further information on terms of use and data protection when using WhatsApp can be found at https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy .
 
Customer account orders
Customer account
When you open a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time by notifying us, without this affecting the lawfulness of the processing carried out based on your consent before its revocation. Your customer account will then be deleted.
Collection, processing and transfer of personal data when placing orders
When you place an order, we only collect and process your personal data to the extent that this is necessary to fulfill and process your order and to process your inquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR and is necessary for the fulfillment of a contract with you.
Your data may be transferred to third countries outside the EU, in particular Canada and the USA, and processed there. There is an adequacy decision from the EU Commission for Canada. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF).
 
Advertising
Use of the email address to send newsletters
Regardless of the contract processing, we use your email address exclusively for our own advertising purposes to send newsletters, provided you have expressly agreed to this. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.
Use of the email address to send direct mail
We use your email address, which we received as part of the sale of a good or service, to electronically send advertising for our own goods or services that are similar to those that you have already purchased from us, to the extent that you do so have not objected to use. Providing the email address is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. The contact details for exercising your objection can be found in the legal notice. You can also use the link provided in the promotional email. There are no costs for this other than the transmission costs according to the basic tariffs.
 
Merchandise management
Use of an external merchandise management system
We use an inventory management system to process the contract as part of order processing. For this purpose, your personal data collected as part of the order will be transmitted to Shopify, Victoria Buildings, 1-2 Haddington Road Dublin 4, D04 XN32, Ireland.
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.
 
Payment service provider
We process your payment details to process payments when you order a product via our website. Depending on the payment method you choose, we pass this information on to third parties (e.g. to the credit card provider for credit card payments). Various payment options are available to you:
Using PayPal Express
We use the PayPal Express payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L- 2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the PayPal Express payment service. In order to integrate this payment service, it is necessary for PayPal to collect, store and analyze data (e.g. IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies can also be used for this purpose. The cookies enable your browser to be recognized.
Your personal data is processed on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of various payment methods. You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation. By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. Further information on data processing when using the PayPal Express payment service can be found in the associated data protection declaration at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS .
Using PayPal Check-Out
We use the PayPal Check-Out payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, the data required for payment processing will be transmitted to PayPal in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. Cookies can be stored here, which enable your browser to be recognized. The resulting data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of different payment methods. You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation.
Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal
For individual payment methods such as credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, PayPal reserves the right, if necessary, to obtain credit information based on mathematical and statistical methods using credit agencies. For this purpose, PayPal sends the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of non-payment to make a balanced decision about the establishment, implementation or termination of the contractual relationship. The credit report can contain probability values ​​(score values) that are calculated on the basis of scientifically recognized mathematical-statistical methods and whose calculation includes, among other things, address data. Your concerns will be considered in accordance with the statutory provisions. The data processing serves the purpose of checking your creditworthiness to initiate a contract. The processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in protecting against non-payment if PayPal makes advance payments. For reasons arising from your particular situation, you have the right to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method you require. Failure to provide this means that the contract cannot be concluded using the payment method you have chosen.
Third Party
If you pay using a third-party payment method, the data required to process the payment will be transmitted to PayPal. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. To carry out this payment method, PayPal may then pass on the data to the respective provider. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. Local
Third-party providers can be, for example: Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany) giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main).
Purchase on account via PayPal
When paying via the purchase invoice payment method, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, PayPal will then transmit the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. Ratepay may carry out a credit report based on mathematical-statistical procedures (probability or score values) using credit agencies according to the process described above. The data processing serves the purpose of checking your creditworthiness to initiate a contract. The processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in protecting against non-payment if Ratepay makes advance payments. Further information on data protection and which credit agencies use Ratpay can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ . Further information on data processing when using PayPal can be found in the associated data protection declaration at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
Shopify Payments
If you choose to pay with a credit card, Shop Pay, Apple Pay or Google Pay, we use the payment service Shopify Payments. We also offer the payment methods Bancontact (for customers in Belgium), eps transfer (for customers in Austria), Ideal (for customers in the Netherlands) and Klarna via the Shopify Payments payment service. This is provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Your payment details/credit card details are collected and processed directly by Shopify Payments and are not stored by us. Your payment data will only be transferred if this is necessary for payment processing. This data processing is necessary to fulfill the contract (Art. 6 Para. 1 b GDPR). You can find further information on data protection here.
 
Cookies
Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on a user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again.
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them and prevent the storage of the cookies and the transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to fully use all of the functions of this website.
You can find out how you can manage cookies in the most important browsers (including deactivating them) using the links below:
Chrome:
https://support.google.com/accounts/answer/61416?hl=de

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablassen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically necessary cookies
Unless otherwise stated in the data protection declaration below, we only use these technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Cookies also enable our systems to recognize your browser even after you change pages and to offer you services. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.
The use of cookies or comparable technologies is based on Section 25 Paragraph 2 TTDSG. Your personal data is processed on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offering. You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation.
Use of Cookiebot
On our website we use the consent management tool Cookiebot from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark; “Cookiebot”).
The tool enables you to grant consent to data processing via the website, in particular the setting of cookies, and to make use of your right to revoke consent that has already been given. The data processing serves the purpose of obtaining and documenting the necessary consent for data processing and thus complying with legal obligations. Cookies can be used. The following information, among others, can be collected and transmitted to Cookiebot: anonymized IP address, date and time of consent, URL from which the consent was sent, anonymous, random, encrypted key, consent status. This data will not be passed on to other third parties.
Data processing is carried out to fulfill a legal obligation based on Article 6 Paragraph 1 Letter c GDPR. Further information about data protection at Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/ .

 
Advertising tracking analysis
Use of Google Analytics 4
We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The following information can be collected, among other things: IP address, date and time of page access, click path, information about the browser you use and the device you use, pages visited, referrer URL (website through which you access our website), location data, purchasing activities. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and any other data that Google has about you.
The IP address is previously shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.
Google uses technologies such as cookies, web storage in the browser and web beacons that enable analysis of your use of the website. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR.
The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. We also use the Google Signals service in this context. Google Signals enables cross device tracking. Your data can therefore be analyzed across devices if you have activated “personalized advertising” in your account settings and your devices are linked to your Google account. This makes it possible to identify which device you are browsing for products on and later return to complete purchases on another device such as a tablet.
The cross-device reports created in this context only contain aggregated data. We therefore only receive statistics created on the basis of Google Signals. To prevent Google Signals from collecting and storing data across devices, you can deactivate the “personalized ads” feature in your Google Account settings. Further information can be found at https://support.google.com/ads/answer/2662922?hl=de . Further information on data processing and data protection regarding Google Signals can be found at https://support.google.com/analytics/answer/7532985?hl=de .
We use the advanced implementation of Advanced Consent Mode. Even if consent is not given, user data is transmitted to Google in the form of “pings”. These pings can contain, among other things, the following information: IP address to derive the IP country (the IP address is not logged), date and time of the page view, URL of the pages visited, user agent, referrer URL (website, through which our website was accessed) or information about the triggering of website events such as a conversion. Based on this information, Google models user data in order to be able to carry out a comprehensive usage analysis despite the refusal of consent.
The information generated in this way about your use of this website is usually transmitted to a Google server in the USA and stored there. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. Both Google and US government authorities have access to your data. Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and at https://policies.google.com/privacy?hl=de&gl=de .
How to use Shopify statistics
We use the statistics and analysis functions of Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of order processing. Shopify is a company affiliated with Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada). The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and made available in reports, analyzes and statistics. The following device information is collected and processed, among other things: information about the web browser, the IP address, the time zone and some of the cookies that are installed on your device. When you navigate the website, information about the web pages or products you visit, the referrer URL (web page from which you accessed our website), and information about how you interact with the website are also collected. This uses technologies such as cookies, web beacons, tags and pixels (electronic files that collect information about how you navigate the website).
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. You can find more information about data protection at Shopify at https://www.shopify.com/de/legal/datenschutz , information about the order processing contract at https://www.shopify.com/de/legal/dpa and information about the cookies used at https://www.shopify.com/de/legal/cookies .
Using the Meta Pixel
We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website. Meta and we are jointly responsible for the collection of your data when you integrate the service and the transmission of this data to Meta. The basis for this is an agreement between us and Meta on the joint processing of personal data, in which the respective responsibilities are determined. The agreement is at https://de-de.facebook.com/legal/terms/businesstools callable. Thereafter, we are in particular responsible for fulfilling the information obligations in accordance with Articles 13 and 14 of the GDPR, for compliance with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations under Article 33 , 34 GDPR, to the extent that a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling the rights of those affected in accordance with Articles 15 - 20 of the GDPR, of complying with the security requirements of Article 32 of the GDPR with regard to the security of the service and of fulfilling the obligations under Articles 33 and 34 of the GDPR insofar as there is a violation of protection of personal data affects Meta's obligations under the Joint Processing Agreement.
The purpose of the application is to target visitors to the website with interest-based advertising on the social networks Facebook and Instagram. For this purpose, Meta's remarketing tag was implemented on the website. This tag is used to establish a direct connection to the meta servers when you visit the website. This sends information to the meta server about which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will be shown personalized, interest-based ads.
The application also serves the purpose of creating conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, as well as what actions were taken after being redirected to this website. However, we do not receive any information that can be used to personally identify users. Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. You can deactivate the “Custom Audiences” remarketing function here. Further information on how Meta collects and uses data, your rights in this regard and options for protecting your privacy can be found in Meta's data protection information at https://www.facebook.com/about/privacy/ .
Use of Google Ads conversion tracking
We use the online advertising program “Google Ads” on our website and, in this context, conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google). If you click on an ad placed by Google, a cookie for conversion tracking will be stored on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. There is therefore no possibility that cookies can be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to create conversion statistics. Here we find out the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users. Your data may be transmitted to Google LLC servers in the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. Further information and Google's privacy policy can be found at: https://www.google.de/policies/privacy/ .
Use of Google AdSense
We use the AdSense function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The data processing serves the purpose of renting out advertising space on the website and targeting website visitors with interest-based advertising. Using this function, visitors to the provider's website are shown personalized, interest-based advertising ads from the Google Display Network. Google uses cookies that enable analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Under no circumstances will Google associate your IP address with other Google data.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information and Google's privacy policy can be found at : https://www.google.com/policies/technologies/ads/ and https://www.google.de/policies/privacy/.
Using the Pinterest tag
We use the Pinterest tag from Pinterest Europe Limited (Palmerston House, 2nd, Fenian Street, Floor, Dublin 2, Ireland "Pinterest") on our website. The purpose of the application is to target visitors to the website with interest-based advertising on the social network Pinterest. For this purpose, the Pinterest conversion tag was implemented on the website. This tag creates a direct connection to the Pinterest servers when you visit the website. This sends information to the Pinterest server about which of our pages you have visited. Pinterest assigns this information to your personal Pinterest user account if you are logged in to the social network. When you visit Pinterest, you will then see personalized, interest-based Pinterest ads.

If you access our website via a pin on the social network Pinterest, a cookie for conversion tracking will be stored on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, Pinterest and we can recognize that you clicked on the pin and were redirected to that page. The information collected using the conversion cookie serves the purpose of creating conversion statistics and thus optimizing our website. The following information can be processed here: total number of users who clicked on one of our pins and were redirected to our website, sub-pages visited on our website (e.g. category or product pages), search queries on our website, your shopping cart contents, completed ones Transactions.
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified according to the TADPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard -contractual-clauses- scc_de .
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. Further information on how Pinterest collects and uses data, your rights in this regard and options for protecting your privacy can be found in Pinterest's data protection information at https://policy.pinterest.com/de/privacy-policy.
 
Plug-ins and others

Using Google Tag Manager

We use the Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
This application manages JavaScript tags and HTML tags, which are used to implement tracking and analysis tools in particular. The data processing serves the purpose of tailoring and optimizing our website. The Google Tag Manager itself neither stores cookies nor processes personal data. However, it enables the triggering of additional tags that can collect and process personal data. Further information on terms of use and data protection can be found here .
Use of social plug-ins
We use social network plug-ins on our website. The integration of social plug-ins and the data processing that takes place serves the purpose of optimizing advertising for our products. When social plug-ins are integrated, a link is created between your computer and the servers of the social network providers and the plug-in is displayed on the page by notifying your browser, provided you have expressly agreed to this. Both your IP address and the information about which of our pages you have visited are transmitted to the provider servers. This applies regardless of whether you are registered or logged in to the social network. A transmission also takes place if users are not registered or logged in. If you are connected to one or more of your social network accounts at the same time, the information collected can also be assigned to your corresponding profiles. When you use the plug-in functions (e.g. by clicking the button), this information is also assigned to your user account. You can prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. The social networks named below are integrated into our website using social plug-ins. Further information on the scope and purpose of the collection and use of the data as well as your rights in this regard and options for protecting your privacy can be found in the linked data protection information provided by the providers.
Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are jointly responsible for the collection of your data when you integrate the service and the transmission of this data to Facebook. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, which sets out the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum . Thereafter, we are in particular responsible for fulfilling the information obligations in accordance with Articles 13 and 14 of the GDPR, for compliance with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations under Article 33 , 34 GDPR, to the extent that a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling the rights of those affected in accordance with Articles 15 - 20 of the GDPR, of complying with the security requirements of Article 32 of the GDPR with regard to the security of the service and of fulfilling the obligations under Articles 33 and 34 of the GDPR in the event of a violation the protection of personal data concerns Meta Platforms Ireland's obligations under the Joint Processing Agreement. Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook's data protection information at https://www.facebook.com/about/privacy/ .
Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland): https://help.instagram.com/155833707900388 . Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA): https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified according to the TADPF.
Use of social plug-ins using “Shariff”
We use social network plug-ins on our website. To ensure that you maintain control over your data, we use the data protection-safe “Shariff” buttons. Without your express consent, no links will be created to the social network servers and therefore no data will be transmitted. “Shariff” is a development by the specialists at computer magazine c 't. It enables more privacy on the Internet and replaces the usual “Share” buttons on social networks. You can find more information about the Shariff project here http://www.heise.de/ct/artikel/Shariff-Social- Media-Buttons-with-data-protection-2467514.html .
If you click on the buttons, a pop-up window will appear in which you can log in to the respective provider with your data. Only after you have actively logged in will a direct connection to the social networks be established.
By logging in, you give your consent to the transfer of your data to the respective social media provider. Both your IP address and the information about which of our pages you have visited are transmitted. If you are connected to one or more of your social network accounts at the same time, the information collected will also be assigned to your corresponding profiles. You can only prevent this association by logging out of your social media accounts before visiting our website and activating the buttons. The following social networks are integrated using the “Shariff” function. Further information on the scope and purpose of the collection and use of the data as well as your rights in this regard and options for protecting your privacy can be found in the linked data protection information provided by the providers. Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland): https://www.facebook.com/policy.php
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) https://help.instagram.com/155833707900388 . Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA): https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified according to the TADPF.
Use of social plug-ins using the “2-click solution”
We use social network plug-ins on our website using the “2-click solution”. Without your express consent, no connections will be made to the social network servers and therefore no data will be transmitted. With the standard integration of plug-ins, when you access the pages of our website that contain such a plug-in, a link is established between your computer and the servers of the social network providers and the plug-in is activated by notifying your browser shown on the page. Both your IP address and the information about which of our pages you have visited are transmitted to the provider servers. This applies regardless of whether you are registered or logged in to the social network. A transmission also takes place if users are not registered or logged in. If you are also logged in to the social network Facebook, this information will be assigned to your personal user account. When you use the plug-in functions (e.g. by clicking the button), this information is also assigned to your user account, which you can only prevent by logging out before using the plug-in. So that you retain control over your data, we have decided to initially deactivate the corresponding button. You can recognize this by the grayed out button. Without your express consent - in the form of activating the button - no link will be established to the social network server and therefore no data will be transmitted. Only when you activate the button does the button become active (highlighted in color) and a direct connection to the social network server is established.

By activating, you give your consent to the transfer of your data to the respective social network provider. Both your IP address and the information about which of our pages you have visited are transmitted. If you are connected to one or more of your social network accounts at the same time, the information collected will also be assigned to your corresponding profiles. You can only prevent this association by logging out of your social network user accounts before visiting our website and activating the buttons. The social networks named below are integrated using the “2-click function”. Further information on the scope and purpose of the collection and use of the data as well as your rights in this regard and options for protecting your privacy can be found in the linked data protection information provided by the providers.
Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland): https://www.facebook.com/policy.php
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland): http://instagram.com/legal/privacy/
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA):
https://policy.pinterest.com/de/privacy-policy
https://help.pinterest.com/de/articles/personalization-and-data

Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified according to the TADPF.
Use of Google reCAPTCHA
We use the reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The query serves the purpose of distinguishing between input by a human or by automated, machine processing. For this purpose, your input will be transmitted to Google and used there. In addition, the IP address and any other data required by Google for the reCAPTCHA service are transmitted to Google. This data is processed by Google within the European Union and may also be transmitted to Google LLC servers in the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.

The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. Further information about Google reCAPTCHA and the associated data protection declaration can be found at:
https://www.google.com/recaptcha/about/ and https://www.google.com/privacy .
Use of Google invisible reCAPTCHA
We use the invisible reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. This serves the purpose of distinguishing between input by a human or by automated, machine processing. In the background, Google collects and analyzes usage data, which Invisible reCaptcha uses to distinguish regular users from bots. For this purpose, your input will be transmitted to Google and used there. In addition, the IP address and any other data required by Google for the Invisible reCAPTCHA service are transmitted to Google.

This data is processed by Google within the European Union and may also be transmitted to Google LLC servers in the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
You can find further information about Google reCAPTCHA and the associated data protection declaration
at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy .
Using Cloudflare
We use the content delivery network Cloudflare CDN from Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA; “Cloudflare”) on our website. This is a supra-regional network of servers in various data centers to which our web server connects and through which certain content on our website is delivered.

The data processing serves the purpose of optimizing the loading times of our website and thus making our offering more user-friendly. The following information, among others, may be collected: IP address, system configuration information, information about traffic to and from customer websites (so-called server log files).
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare has certified itself according to the TADPF and is therefore committed to complying with European data protection principles. Your personal data is processed on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in the needs-based and targeted design of the website. For reasons arising from your particular situation, you have the right to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR. Further information on data protection when using Cloudflare can be found at https://www.cloudflare.com/de-de/privacypolicy/ .
Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. The data processing serves the purpose of uniformly displaying fonts on our website. In order to load the fonts, a connection to Google servers is established when the page is accessed. Cookies can be used here. Among other things, your IP address and information about the browser you use are processed and transmitted to Google. This data is not linked to your Google account. Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq .
Use of Adobe Fonts
We use Adobe Fonts from Adobe Systems Software Ireland Limited (4-6 Riverwalk Citywest Business Campus, Dublin 24, Ireland; “Adobe”) on our website. The data processing serves the purpose of uniformly displaying fonts on our website. In order to load the fonts, a connection to Adobe servers is established when the page is accessed. Cookies can be used here. Among other things, your IP address as well as information about the browser and operating system you use are processed and transmitted to Adobe. Your data may be transferred to third countries such as the USA and India. There is no adequacy decision from the EU Commission for India. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Adobe has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. Further information on data processing and data protection can be found at https://www.adobe.com/de/privacy/policy.html and at https://www.adobe.com/de/privacy/policies/adobe-fonts.html .
Using FontAwesome
We use Font Awesome from Fonticons Inc. (307 S Main St., Suite 202, Bentonville, AR, 72712-9214 USA “Font Awesome”) on our website. The data processing serves the purpose of uniformly displaying fonts and icons on our website. In order to load the fonts, a connection to FontAwesome servers is established when the page is accessed.

Cookies can be used here. Among other things, your IP address and information about the browser you use are processed and transmitted to Font Awesome. Your data may be transferred to third countries, such as the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Font Awesome is not TADPF certified.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. Further information on data processing and data protection can be found at https://fontawesome.com/privacy and at https://fontawesome.com/support .
Miscellaneous
Integration of a QR code from “scankauf.de” or “denk24.de”
A QR code that leads to another page ( https://denk24.de/die-magie-von-luxus-duftkerzen-exquisite-duefte-fuer-ihr-zuhause/ ) is integrated into our footer. By scanning this QR code you will be redirected to this page, which may result in personal data such as your IP address being collected. This data is used to enable redirection to the other site. Please note that the privacy policy of the linked site applies when you visit it. In this case, we would like to point out the data protection guidelines on the stored page of the QR code: https://denk24.de/datenschutz/.
 
 
Rights of those affected and storage period
Duration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then taking into account statutory retention periods, in particular tax and commercial law, and then deleted after the deadline has expired, unless you have agreed to further processing and use.
Rights of the data subject
If the legal requirements are met, you are entitled to the following rights in accordance with Articles 15 to 20 of the GDPR: right to information, to correction, to deletion, to restriction of processing, to data portability. In addition, according to Art. 21 Para. 1 GDPR, you have the right to object to processing based on Art. 6 Para. 1 f GDPR, as well as to processing for the purpose of direct advertising.
Right to lodge a complaint with the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that your personal data is not being processed lawfully. You can lodge a complaint with, among other things, the supervisory authority responsible for us, which you can reach using the following contact details:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel.: +49 981 1800930
Fax: +49 981 180093800
Email: poststelle@lda.bayern.de
Right to object
If the personal data processing listed here is based on our legitimate interest in accordance with Article 6 Paragraph 1 Letter f of the GDPR, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation. After an objection has been made, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If personal data is processed for direct advertising purposes, you can object to this processing at any time by notifying us. After an objection has been made, we will stop processing the data concerned for the purpose of direct advertising.
last updated: March 2024