EumelDocCheck Shop
|
€0.00*

Privacy policy

DocCheck Shop GmbH, Vogelsanger Straße 66, D-50823 Cologne (“DocCheck Shop”) collects personal data as part of its business activities

  • on doccheck.com and other DocCheck domains,
  • on doccheckshop.eu and other DocCheck Shop domains,
  • in emails sent by DocCheck Shop, as well as
  • in orders or inquiries addressed to DocCheck Shop, and other interactions with DocCheck Shop (phone, fax, trade fairs, congresses, etc.),

which are necessary for the use of the services and information offerings (“services”) provided by DocCheck Shop or which we are otherwise authorized or obligated to process. The protection of this data is ensured pursuant to data protection regulations, particularly the General Data Protection Regulation (GDPR), and using the latest technology. We process your personal data for the purposes specified in this policy and based on the legal bases mentioned. We will ask separately for your consent if we require it for specific data processing and you have not already provided it generally, for example, when creating a DocCheck account. You can view and edit the data you have provided in your user account. Any consent you may have given can be revoked at any time with future effect.

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws and regulations is:
DocCheck Shop GmbH
Vogelsanger Str. 66
50823 Cologne
Germany
Tel.: +49 (0)221-920530
Contact: Contact form
or info@doccheckshop.eu

The legal representatives of DocCheck Shop GmbH are the managing directors, Jessica Berger and Lena Mayer.

2. Name and address of the data protection officer

The data protection officer of DocCheck Shop GmbH is:
Tim Halver
DocCheck AG
Vogelsanger Str. 66
50823 Cologne
Germany
Tel.: +49 (0)221-920530
Email: datenschutz@doccheck.com

If you have any questions about data protection, you can contact our data protection officer directly.

Unless otherwise stated below, providing your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to provide the data will have no consequences. This applies only insofar as no different indication is given in the individual processing operations described below. “Personal data” refers to all information relating to an identified or identifiable natural person.

3. Collection of your data

As part of your order with DocCheck Shop and during your membership as a DocCheck user, personal data is collected or updated. This data is collected in three ways:

  • by you entering data into order or form fields and submitting them, or by sending us information via email, post, or fax (“active data collection”)
  • by logging your actions when using DocCheck Shop services (“passive data collection”)
  • through transmission from third parties.

Regardless of the method of collection, DocCheck Shop follows the principle of data minimization. We only collect data that is necessary or beneficial for fulfilling our business mission or for providing an optimal user experience.

Data you provide to us:

3.1 Collection, processing, and sharing of personal data in connection with your order

3.1.1 When you order items from DocCheck Shop, we collect and process your personal data only to the extent necessary to fulfill and process your order and respond to your inquiries. Providing this data is required for concluding the contract. Failure to provide your data will result in no contract being concluded. Processing is carried out on the basis of Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.

3.1.2 Orders in our shop can be placed via your customer account or as a guest. Creating a customer account also registers you as a DocCheck user; see section 3.3 for more details. This registration also enables crediting compensation claims to your customer account that you may earn as a user through various DocCheck services. You can find more information about your customer account in § 6 of our Terms and Conditions and in section 3.3 of this privacy policy.

3.1.3 As part of an order, your data is shared with third parties such as the shipping companies and dropshipping providers you select, payment service providers, order processing service providers, and IT service providers. Payment processing, crediting, or refunds are handled by DocCheck AG, Vogelsanger Str. 66, 50823 Cologne. For this purpose, this affiliated company is granted access to the data of all guest orders and customer accounts. In all cases, we strictly observe legal requirements. The scope of data transmission is limited to the minimum necessary.

3.2 Customer account

3.2.1 Orders in the DocCheck Shop can be placed either as a guest or via an optional customer account. The use of a customer account is not a requirement for concluding a purchase contract.
If you voluntarily choose to create a customer account, we will process the personal data required for this purpose (e.g., master data, contact data, order overview) to provide and manage the customer account, particularly to simplify future orders, to review past orders, and to manage other DocCheck services.
The processing of your personal data in connection with the customer account is based on Art. 6(1)(b) GDPR, as it is necessary for performing the user relationship “customer account.”
You may delete your customer account at any time. In this case, the data associated with the customer account will be deleted, unless otherwise prevented by legal retention or documentation obligations.

3.2.2 When creating a customer account, you are automatically also registered as a user at DocCheck, Europe’s largest healthcare community, operated by DocCheck Community GmbH, Vogelsanger Str. 66, 50823 Cologne. For more information on your DocCheck account, please refer to the DocCheck Community terms and conditions and the applicable privacy policy for users. Details on how to terminate your DocCheck membership can also be found in the DocCheck Community GmbH privacy policy.

3.3 Collection and processing of personal data when contacting us via email

If you initiate business contact with us via email, we collect your personal data (name, email address, message content) only to the extent that you provide it. The data processing serves the purpose of handling and responding to your inquiry. If the contact is made for the purpose of carrying out pre-contractual measures (e.g., advice in case of purchase interest, quote preparation) or concerns an already existing contract between you and us, this data processing is based on Art. 6(1)(b) GDPR.

If the contact is made for other reasons, this data processing is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time to this processing of your personal data based on Art. 6(1)(f) GDPR for reasons arising from your particular situation.

We use your email address only to process your request. Your data will then be deleted pursuant to statutory retention periods, unless you have consented to further processing and use.

3.4 Collection and processing of personal data when using the contact form

When using the contact form, we collect your personal data (name, email address, message content) only to the extent that you provide it. The data processing serves the purpose of establishing contact. By submitting your message, you consent to the processing of the transmitted data. Processing is based on Art. 6(1)(a) GDPR with your consent.

You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out based on the consent until the time of revocation. We use your email address solely for handling your inquiry. Your data will then be deleted unless you have agreed to further processing and use.

3.5 Data collection when posting a comment on DocCheck Shop domains

When commenting on an article or post, we collect your personal data (name, email address, comment text) only to the extent you provide it. The processing serves the purpose of enabling commenting and displaying comments. By submitting the comment, you consent to the processing of the transmitted data. Processing is based on Art. 6(1)(a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out based on the consent until the revocation. Your personal data will then be deleted.

When your comment is published, only the name you provided will be displayed.

3.6 Google Customer Reviews rating system

We use the Google Customer Reviews rating system on our website, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). After placing your order, you may be asked whether you would like to participate in an email survey by Google. Your participation in Google Customer Reviews requires your active confirmation. Upon confirmation, we transmit your email address to Google. For this purpose, we will contact you as part of the order process, using Google’s technical system within the scope of a data processing agreement.

Processing is based on Art. 6(1)(f) GDPR, stemming from our legitimate interest in receiving truthful, verified evaluations of our services. You have the right to object at any time to this processing of your personal data based on Art. 6(1)(f) GDPR for reasons arising from your particular situation. Your email address will only be used for this purpose and will not be used for any further advertising or shared with third parties.

3.7 Avis Vérifiés

We use the review system Avis Vérifiés provided by SAS Skeepers, 18–20 Avenue Robert Schuman, CS 40494, 13002 Marseille, France (hereinafter referred to as “Avis Vérifiés”) on our website.

Avis Vérifiés supports us in collecting, verifying, and displaying customer reviews and experiences related to orders and products. The goal is to transparently present the quality of our offerings and to provide you and other customers with a solid basis for making decisions.

 

Review invitation process

After completing an order and a set waiting period, you will automatically receive an invitation to submit a review by email or, if provided, via SMS. A link will lead you to a review form where you can first rate your overall shopping experience. If product data was submitted, you may then also review individual purchased items.

After submission, the review undergoes a moderation process to ensure compliance with applicable guidelines. Once reviewed, the rating will be published or, in the case of negative feedback, a mediation process between you and us will be initiated.

 

Transmitted data

In order to carry out the review process, we transmit the following personal data to Avis Vérifiés:

  • Email address (required for sending the review invitation)
  • First and last name (for personal salutation and assignment)
  • Phone number (optional, for SMS-based review requests)
  • Order reference
  • Date of purchase
  • Information about purchased products (e.g., product name, brand)

This data is transmitted in connection with the specific order and solely for the purpose of sending a review invitation, ensuring the authenticity of the review, and linking it to the relevant order.

 

Legal basis

The processing of your personal data in connection with the review system is based on our legitimate interest in transparent customer communication and quality assurance pursuant to Art. 6(1)(f) GDPR.

Our legitimate interest lies in enabling genuine and traceable customer reviews and in continuously improving our offerings. Your interests are protected, as participation in the review process is voluntary and you can object to the use of your data at any time.

 

Right to object and unsubscribe

You may object to the use of your data for review requests at any time. Additionally, every review email sent by Avis Vérifiés includes an unsubscribe link, allowing you to easily opt out of future review invitations.

We also have the option to exclude individual email addresses from further contact within the Avis Vérifiés system.

Further information on data processing carried out by Avis Vérifiés can be found in the Skeepers privacy policy.

3.8 Use of your email address for sending direct advertising

We use your email address, which we obtained during the sale of a product or service, to electronically send you advertisements for our own similar products or services, unless you have objected to this use. Providing your email address is required for the conclusion of the contract. Failure to provide it will result in no contract being concluded. Processing is based on Art. 6(1)(f) GDPR and our overriding legitimate interest in direct advertising. You can unsubscribe from direct advertising at any time by using the corresponding link in the email, or by notifying us. Your email address will then be removed from the mailing list.

3.9 Use of your email address for sending newsletters

We use your email address, independent of contract processing, exclusively for our own promotional purposes to send newsletters, provided you have explicitly consented to this. Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time without affecting the legality of the processing carried out based on the consent prior to its revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.

DocCheck Shop uses processors pursuant to Art. 28 GDPR for sending emails.

Emails are sent on behalf of DocCheck Shop by Emarsys eMarketing Systems GmbH, Zeppelinstrasse 2, 85399 Hallbergmoos (hereinafter referred to as “Emarsys”). For this purpose, Emarsys receives the email address, title, salutation, and other user parameters from DocCheck Shop to enable personalized emails. The terms of data processing are set out in a data processing agreement with Emarsys pursuant to Art. 28 GDPR. Emarsys is prohibited from disclosing user data to third parties.

3.10 Processing and disclosure of your email address to shipping companies for shipping status updates

We pass on your email address to the shipping company as part of contract processing. This disclosure serves the purpose of informing you about the shipping status via email. Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in keeping you continuously informed about the status of your order and thus minimizing our support workload.

3.11 Disclosure of your data to manufacturers for repairs, direct deliveries, and device training

In some cases, it may be necessary for us to share your data with the manufacturers of the purchased products as part of contract fulfillment, particularly for direct shipments and repairs. This is done pursuant to Art. 6(1)(b) GDPR.

3.12 Disclosure of your data to the payment service provider of your choice

3.12.1 Use of PayPal: One of the payment methods we offer is PayPal (see § 5.2 of our General Terms and Conditions). Using PayPal services as a payment method is optional. All PayPal transactions are subject to the PayPal privacy policy, which can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

3.12.2 Use of PayPal invoice purchase: If you choose the PayPal invoice purchase method, your personal information (first and last name, address, phone number, and date of birth) will be transmitted, with your express consent, to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) for the purpose of risk analysis. Based on the personal data you provide, Ratepay checks whether the selected payment method can be approved with regard to repayment and/or default risk. The legal basis is Art. 6(1)(a) GDPR. If your transaction is successfully processed via invoice purchase, the purchase price claim is assigned to Ratepay and you are required to make payments directly to Ratepay. The Ratepay payment terms apply, available at https://www.ratepay.com/legal-payment-terms/, along with the privacy policy at https://www.ratepay.com/legal-payment-dataprivacy/.

3.12.3 Use of Klarna: Klarna is one of the payment methods we offer (see § 5.2 of our General Terms and Conditions). Using Klarna services as a payment method is optional. All Klarna transactions (instant transfer) are subject to Klarna’s privacy policy, available at https://www.klarna.com/de/datenschutz/ (Klarna Bank AB, P.O. Box 900162, Nuremberg 90492 ).

3.12.4 Use of Mollie: Some of the payment methods we offer are provided by Mollie B.V. (see § 5.2 of our General Terms and Conditions). Using Mollie services as a payment method is optional. All Mollie transactions are subject to Mollie’s privacy policy, available at https://www.mollie.com/de/legal/privacy (Mollie B.V. Keizersgracht 126, 1015 CW Amsterdam, Netherlands).

3.12.5 Use of Prescription billing / Optica: One of the payment methods we offer is prescription billing (see § 5.2 of our General Terms and Conditions). Prescription billing is processed by the provider Optica. All payments made via prescription billing are subject to Optica’s privacy policy, available at https://www.optica.de/datenschutz/ (Optica Abrechnungszentrum Dr. Güldener GmbH, Marienstraße 10, 70178 Stuttgart).

3.13 Adverse drug/medical device safety-related events (adverse events)

Patients may respond differently to the same medical treatment, and some adverse drug reactions and/or safety-relevant information, also related to medical devices, are only discovered after many people have undergone treatment over an extended period of time. If you provide information within the scope of our services, surveys, or through your contributions that is relevant for pharmacovigilance (drug safety) or medical device safety, it may be necessary for us to recontact you to request further safety-relevant details. This recontacting is based on our legal obligations under applicable regulations regarding drug and medical device safety, in which DocCheck Shop may act as a data processor (Art. 6(1)(c) GDPR), and on our legitimate interest in fulfilling our contractual reporting obligations to manufacturers (Art. 6(1)(f) GDPR).

Data collected automatically:

3.14 Server log files

You can visit our websites without providing any personal information. However, each time you access our website, usage data is transmitted by your internet browser to us or our web host (maxcluster GmbH, Lise-Meitner-Str. 1b, 33104 Paderborn) / IT service provider and stored in log files (so-called server log files). This stored data includes, for example, the name of the accessed page, date and time of the access, IP address, amount of data transferred, and the requesting provider. Your usage data primarily helps us continuously improve the personalized offering provided by DocCheck Shop. In addition, usage data is statistically evaluated to optimize DocCheck Shop's services and user interface. Your usage data is also collected to enhance data protection and data security within our company, ensuring the highest possible level of protection for the personal data we process. Processing is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our services.

3.15 Log data

When using DocCheck Shop services, we and any third-party providers whose content is embedded into our websites via “embed” or iFrame (e.g., Sketchfab, YouTube, Instagram, Vimeo, Twitter, Facebook, etc.) collect the following data:

  • IP address,
  • access date and time,
  • referrer URL (website from which access was made),
  • information about the hardware and software used (e.g., browser characteristics), and
  • device information (e.g., screen resolution).

This data is not used to draw conclusions about your identity but is used to ensure correct display of the pages or embedded iFrame content. You can prevent the processing of this data and the setting of any cookies by not granting the corresponding consent. The legal basis for processing is therefore your consent pursuant to Art. 6(1)(a) GDPR. You can adjust this setting via our cookie notice or directly in your internet browser. Please note that if you block cookies, you may not be able to use all technical features of our website, which could negatively impact your user experience.

For more detailed information about third-party providers whose content is embedded via “embed” or iFrame, see the section “Integration of third-party services and content.”

3.16 Payment transactions

In connection with payment transactions related to your purchase at DocCheck Shop, we store the payment method used, the date and time of the transaction, the payment amount, the expiration date of the payment method, and other transaction details. If you make a direct bank transfer to our account, we also process your banking information, such as your IBAN. This information is necessary to properly fulfill the contract between you and DocCheck Shop and to enable the provision of payment services, and is therefore processed on the basis of Art. 6(1)(b) GDPR.

3.17 Cookie management via CookieFirst

We use cookies to ensure the proper functioning of our website. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website, and to document this properly, we use the consent management platform CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, Netherlands. When you access our website, a connection to the CookieFirst server is established to allow us to obtain your valid consent for the use of certain cookies. CookieFirst then stores a cookie in your browser to enable only those cookies to which you have consented and to document your consent properly. The processed data is stored until the predetermined retention period expires or you request the deletion of the data. Legal retention periods may apply otherwise.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR. We have concluded a data processing agreement with CookieFirst. This agreement is required by data protection law and ensures that the data of our website visitors is processed only pursuant to our instructions and the GDPR. Our website and CookieFirst automatically collect and store the following information in so-called server log files, which your browser transmits to us automatically:

  • Your consent status or the revocation of your consent
  • Your anonymized IP address
  • Information about your browser
  • Information about your device
  • Date and time of your visit to our website
  • The URL of the webpage where you saved or updated your consent settings
  • The approximate location of the user who saved their consent preferences
  • A universally unique identifier (UUID) of the website visitor who clicked the banner cookie

If you wish to manage your cookie settings, you can do so at any time in our cookie notice.

This cookie policy was created and updated by CookieFirst.com.

Integration of third-party services and content

We use content or service offerings from third-party providers within our online offering based on our legitimate interest (i.e., interest in the analysis, optimization, and economic operation of our online offering pursuant to Art. 6(1)(f) GDPR), in order to integrate their content and services, such as videos or fonts (collectively referred to as “content”). This always requires that the third-party providers of this content perceive the users’ IP address since they cannot send the content to their browser without said IP address. The IP address is thus required to display this content. We endeavor to use only content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags can be used to evaluate visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, visit time, and other details regarding the use of our online offering. It may also be linked to such information from other sources.

The following overview provides information about third-party providers and their content, including links to their privacy policies, which contain additional information about the processing of data and opt-out options. Some of the content and service offerings we provide also require your consent for cookies set by these services. If you block cookies, you may not be able to use all technical features of our website, and this may negatively affect your user experience.

3.18 Use of Zammad

We use the helpdesk system Zammad provided by Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany, hereinafter referred to as “Zammad.” We have concluded a data processing agreement with Zammad for this purpose.

Zammad helps us organize and process your support requests, account-related inquiries, and all other incoming messages and chat requests. Zammad uses the data (chat transcripts, emails with email addresses) solely for the technical processing of inquiries and does not share it with third parties. During the processing of service inquiries, it may be necessary to collect additional data from you.

The use of Zammad enables us to provide DocCheck Shop services and the associated support and is therefore carried out for the purpose of contract performance. The legal basis for the use of Zammad is Art. 6(1)(b) GDPR.

If you do not agree with the data collection via Zammad, you can use alternative communication channels, such as telephone.

For further information, please refer to Zammad’s privacy policy.

3.19 Pre-sorting and tagging of support inquiries

We use software from DigitalMeadow Softworks GmbH, Kollwitzstraße 76, 10435 Berlin, Germany, hereinafter referred to as “DigitalMeadow,” for the automated processing of emails.

DigitalMeadow assists us in sorting and efficiently processing your support inquiries, account-related questions, and all incoming messages and digital requests. DigitalMeadow uses the data (chat transcripts, emails with email addresses and their content) solely for the technical processing of inquiries and does not disclose it to third parties. During the handling of service requests, it may be necessary to collect additional data from you.

The use of DigitalMeadow enables us to offer DocCheck Shop services and related support and is therefore carried out for the purpose of contract fulfillment. The legal basis for using DigitalMeadow is Art. 6(1)(b) GDPR.

If you do not agree with the data collection through DigitalMeadow’s software, you may choose alternative communication methods, such as by telephone.

3.20 Data collection and processing in the context of a credit check

If we provide services in advance, such as payment by invoice or direct debit, we reserve the right to obtain a credit report based on mathematical-statistical procedures from telego! GmbH creditPass, Mehlbeerenstr. 4, 82024 Taufkirchen. For this purpose, we transmit the personal data required for the credit check and use the received information on the statistical probability of a payment default to make a balanced decision about the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, and address data may also be included in the calculation. Your legitimate interests are considered pursuant to legal regulations. The data processing serves the purpose of credit assessment for contract initiation. The processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protecting against payment default when we provide services in advance. You have the right to object at any time to this processing of your personal data based on Art. 6(1)(f) GDPR for reasons arising from your particular situation. Providing the data is required to conclude a contract using your chosen payment method. Failure to provide the data means the contract cannot be concluded with the selected payment method.

3.21 Use of YouTube

We use YouTube on our website. This is a video platform operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “YouTube.”

In some cases, user data is processed on servers located in the USA. Data transfers are based on appropriate safeguards pursuant to Art. 46 GDPR, particularly the Standard Contractual Clauses issued by the EU Commission. Google processes the data as an independent controller.

We use YouTube in conjunction with the “extended data protection mode” feature to display videos to you. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in improving the quality of our online presence. According to YouTube, the extended data protection mode ensures that the following data is only transmitted to YouTube's server if you actually start a video.

Without this “extended data protection mode,” a connection to the YouTube server in the USA is established as soon as you visit a page on our website that has a YouTube video embedded.

This connection is necessary to display the video in your browser. In doing so, YouTube will at least record and process your IP address, the date and time, and the webpage you visited. Additionally, a connection to the Google advertising network “DoubleClick” is established.

If you are logged into YouTube when you visit our site, YouTube can associate the connection information with your YouTube account. If you want to prevent this, you must log out of YouTube before visiting our website or change the corresponding settings in your YouTube account.

To ensure functionality and analyze usage behavior, YouTube stores cookies on your device via your browser. The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR. If you do not agree to this processing, you can prevent the storage of cookies via your browser settings or our cookie preferences. Please note, however, that doing so may limit the functionality of our website.

For further details on the collection and use of data by YouTube and your rights and protection options, please refer to Google’s privacy policy.

3.22 Instagram

On our website, we use technically necessary social plugins (“plugins”) from the social network instagram.com (“Instagram”), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering pursuant to Art. 6(1)(f) GDPR). Instagram is an internet service provided by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Within the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; hereinafter both referred to as “Meta.” The plugins may consist of interactive elements or content (e.g., videos, graphics, or text posts) and are identifiable by an Instagram logo or the phrase “Instagram Social Plugin.”

In some cases, user data is processed on Meta’s servers in the USA. The data transfer is based on appropriate safeguards pursuant to Art. 46 GDPR (Standard Contractual Clauses). Meta processes the data as an independent controller.

When you visit a page on our site that contains such a plugin, your device establishes a direct connection to Meta's servers. The content of the plugin is transmitted directly to your device by Meta and integrated into our site. From the processed data, a usage profile may be created. We have no influence over the scope of data that Meta collects using this plugin and inform you based on our knowledge.

By integrating the plugins, Meta receives the information that you have accessed the corresponding page of our website. If you are logged into Instagram, Meta can associate your visit with your Instagram account. If you interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from your device to Meta and stored there. Even if you are not a member of Instagram, it is still possible that Meta will obtain and store your IP address. According to Meta, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection and the further processing and use of the data by Meta, as well as your rights and settings options to protect your privacy, can be found in Meta’s privacy policy.

If you are an Instagram member and do not want Meta to collect data about you via our website and link it to your Instagram account, you must log out of Instagram and delete your cookies before using our website. You can make further settings and objections regarding the use of data for advertising purposes in your Instagram profile settings. These settings apply across all platforms, meaning they will apply to all devices, including desktop and mobile.

3.23 Facebook

On our website, we use technically necessary social plugins (“plugins”) from the social network facebook.com (“Facebook”) based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering pursuant to Art. 6(1)(f) GDPR). Facebook is an internet service provided by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Within the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; hereinafter both referred to as “Meta.” The plugins may consist of interactive elements or content (e.g., videos, graphics, or text posts) and are identifiable by a Facebook logo (a white “f” on a blue tile, the term “Like,” or a thumbs-up icon) or are labeled “Facebook Social Plugin.” Here you will find a list and appearance of the Facebook Social Plugins.

In some cases, user data is processed on Meta’s servers in the USA. The data transfer is based on appropriate safeguards pursuant to Art. 46 GDPR (Standard Contractual Clauses). Meta processes the data as an independent controller.

When you visit a page on our website that contains such a plugin, your device establishes a direct connection to Meta's servers. The content of the plugin is transmitted directly to your device by Meta and integrated into the online offering. From the processed data, a usage profile may be created. We have no influence on the scope of the data that Meta collects using this plugin and inform you to the best of our knowledge.

By integrating the plugin, Meta receives the information that you have accessed the corresponding page of our website. If you are logged into Facebook, Meta can assign your visit to your Facebook account. If you interact with the plugin, for example by clicking the Like button or leaving a comment, the relevant information is transmitted directly from your device to Meta and stored there. Even if you are not a member of Facebook, it is still possible that Meta will obtain and store your IP address. According to Meta, only an anonymized IP address is stored in Germany.

For the purpose and scope of data collection, the further processing and use of the data by Meta, and your rights and settings options for protecting your privacy, please refer to Meta’s privacy policy.

If you are a Facebook member and do not want Meta to collect data about you via our website and link it to your Facebook account, you must log out of Facebook and delete your cookies before using our website. You can make further settings and objections to the use of data for advertising purposes within the Facebook profile settings or via the U.S. website or the EU website. These settings apply across all platforms, i.e., they will apply to all devices such as desktop computers or mobile devices.

3.24 Use of the Meta Pixel

We use the Meta Pixel on our website, a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). The Meta Pixel allows Meta to determine the visitors of our online offering as a target group for displaying ads (so-called “Meta Ads”). This enables us to show Meta Ads only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interest in specific topics or products) identified based on the websites visited. By using the Meta Pixel, we aim to ensure that our Meta Ads correspond to the potential interests of users and are not perceived as annoying.

Furthermore, the Meta Pixel enables us to track the effectiveness of Meta Ads for statistical and market research purposes, by seeing whether users were redirected to our website after clicking on a Meta Ad (so-called “conversion tracking”).

The data processing is carried out only with your explicit consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time by adjusting your cookie settings on our website.

The data collected by Meta is anonymous to us and does not allow us to draw any conclusions about the identity of users. However, the data is stored and processed by Meta, allowing a connection to the respective user profile and Meta’s use of the data for its own advertising purposes, market research, and personalized design of its services. We have no influence over this use of data.

For more information about how Meta processes data and your rights and options for protecting your privacy, please refer to Meta’s privacy policy: https://www.facebook.com/policy.php

Please note that the use of the Meta Pixel may result in the transfer of personal data to Meta’s servers in the USA. This data transfer is based on the Standard Contractual Clauses pursuant to Art. 46 GDPR. Meta processes the data as an independent controller.

3.25 Use of Emarsys Web Extend

We use Web Extend from Emarsys (Emarsys eMarketing Systems AG, Märzstrasse 1, 1150 Vienna) on our website. This tool serves the purpose of targeting website visitors with relevant newsletter content.

The Emarsys’ Web Extend tag has been implemented on our website. Emarsys processes data exclusively according to our instructions and is bound by this privacy policy. Under no circumstances may Emarsys use data collected or processed on our behalf for its own purposes.

All data collected by Emarsys on our website and in the database, via JavaScript commands and cookies, is either anonymous (visits without newsletter interaction) or pseudonymized (visits via newsletter link).

This allows Emarsys to receive information about which of our pages you have visited. Emarsys links this information to your personal user profile. If you have subscribed to our newsletter, personalized, interest-based content will then be displayed to you.

Emarsys places several different cookies in visitors’ browsers. These cookies generally have both a first-party and third-party version, selected based on the visitor’s browser settings. The domain for the third-party cookies is http://scarabresearch.com/.

The cookies used by Emarsys have varying expiration times. Some remain valid for up to 365 days, others only during the current session.

In general, the cookies collect the following two types of information:

  • Service information related to the operation of the data collection service
  • Browsing information (e.g., product numbers viewed or added to the cart)

All non-operational data is collected in encrypted form.

Web Extend cookies on our site collect the following data:

  • IP address
  • Browser user agent
  • Cookie identifiers
  • Pseudonymized identifiers
  • Web traffic: viewed products (mayView cookie) and shopping carts (mayAdd cookie)

Emarsys uses these cookies to recognize your browser, allowing us to track your movement on our website and measure the success of specific marketing campaigns. We use this information to improve our email newsletters.

The storage of Emarsys cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in anonymized analysis of user behavior to optimize both its website and advertising.

3.26 Use of Matomo

We use the web analytics tool “Matomo” to design our website according to users’ needs. Matomo is a service provided by InnoCraft Limited, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. Matomo creates user profiles based on pseudonyms. Matomo uses so-called cookies, text files that are stored on your computer and allow the analysis of website use. The information generated by the cookie about your use is transmitted to the server and stored in order to evaluate user behavior. Your IP address is immediately anonymized; this ensures you remain anonymous as a user. The information generated by the cookie about your use of this website is not shared with third parties. This allows us to identify and count repeat visitors. We also use the modules Heatmap & Session Recording. The heatmap service shows us which areas of our website users interact with the most (e.g., mouse movements, clicks). The session recording service records individual user sessions, which we can replay to analyze usage patterns. Data entered into forms is not recorded and remains invisible at all times.

Data processing is based on your consent pursuant to § 25(1) TTDSG (Telecommunications Telemedia Data Protection Act) and Art. 6(1)(a) GDPR, provided you have given your consent via our cookie banner. You can revoke your consent at any time with effect for the future. Please use our banner to adjust your settings accordingly.

For more information about the terms of use and privacy policy of Matomo, visit: https://matomo.org/privacy/

3.27 Use of Google Analytics

We use the web analytics service Google Analytics on our website, provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you reside in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller for your data. Google Ireland Limited is therefore the affiliated company responsible for processing your data and ensuring compliance with applicable data protection laws.

The data processing is used to analyze this website and its visitors, and for marketing and advertising purposes. Google uses the collected information on behalf of the website operator to evaluate your use of the website, compile reports on website activities, and provide further services related to website and internet usage. The data collected may include: IP address, date and time of page access, click path, browser and device information, visited pages, referrer URL (the website from which you accessed ours), location data, and purchase activity. The IP address transmitted by your browser within Google Analytics is not merged with other data held by Google.

Google Analytics uses technologies such as cookies, local browser storage, and tracking pixels to analyze your use of the website. The information generated is usually transmitted to a Google server in the USA and stored there. The transfer of personal data to the USA is based on the Standard Contractual Clauses pursuant to Art. 46 GDPR. Google processes the data as an independent controller. IP anonymization is activated on this website, which means your IP address is shortened by Google within EU member states or in other contracting states of the EEA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

We also use the Google Signals service as an extension of Google Analytics. Google Signals allows us to create cross-device reports (so-called “Cross Device Tracking”). This enables identifying a single user across multiple devices—however, only if the visitor is logged into a Google service and has activated “personalized advertising” in their account settings. Even then, we cannot view any personal data or user profiles; you remain anonymous to us. If you do not wish to use “Google Signals,” you can deactivate “personalized advertising” in your Google account settings.

The use of cookies or similar technologies is based on § 25(1) TTDSG. The processing of your personal data is based on Art. 6(1)(f) GDPR and our legitimate interest in tailoring the website to your needs and targeting users with relevant content. You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

You can prevent the collection of data generated by Google Analytics relating to your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

To prevent data collection and storage via Google Analytics across devices, you can set an opt-out cookie. This opt-out cookie prevents your data from being collected on future visits to this website. You must perform the opt-out on all systems and devices you use to make it effective. If you delete the opt-out cookie, data will be sent to Google again. Click here to set the opt-out cookie: Deactivate Google Analytics for this website. For more information about Google’s terms of use and privacy policy, visit https://www.google.com/analytics/terms/de.html, https://www.google.de/intl/de/policies/, and https://policies.google.com/technologies/cookies?hl=de

3.28 Use of Google Ads Conversion Tracking

We use the online advertising program “Google Ads” on our website, including conversion tracking (tracking of visit actions). Google Conversion Tracking is an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you reside in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for your data. Google Ireland Limited is the affiliated company of Google that is responsible for processing your data and for compliance with applicable data protection laws.

When you click on an ad placed by Google, a cookie is set on your device for conversion tracking. These cookies are valid for a limited time, do not contain personal data, and are not used for personal identification. If you visit certain pages on our website before the cookie expires, Google and we can detect that you clicked the ad and were redirected to this page. Each Google Ads customer receives a different cookie, so tracking cookies cannot be followed across the websites of different Ads customers.

The information collected via the conversion cookie is used to generate conversion statistics. We learn the total number of users who clicked our ad and were redirected to a page with a conversion tracking tag. We do not receive any information that personally identifies users. Your data may be transferred to the USA. The transfer of personal data to the USA is based on the Standard Contractual Clauses under Art. 46 GDPR. Google processes this data as an independent controller.

We also use “Enhanced Conversions” in Google Ads. This allows us to generate hashed data (e.g., from your email address) from the information you provide. These hashed values are matched against logged-in Google accounts to attribute conversions (e.g., clicks or views) to our ad campaigns.

The use of cookies or comparable technologies is based on § 25(1) TTDSG. The processing of your personal data is based on Art. 6(1)(f) GDPR and our overriding legitimate interest in targeting website visitors with interest-based advertising. You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

You can disable personalized advertising in your Google ad settings. Instructions are available at https://support.google.com/ads/answer/2662922?hl=de. Alternatively, you can prevent the use of cookies by third-party providers by visiting the Network Advertising Initiative's opt-out page at https://support.google.com/ads/answer/2662922?hl=de and implementing the opt-out instructions. You will then no longer be included in conversion tracking statistics. More information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/

3.29 Use of Criteo

We use technology from Criteo GmbH on this website to collect and store anonymized data about the browsing behavior of website visitors for marketing purposes. This data is stored using so-called “cookie” text files on your computer. Criteo analyzes browsing behavior using an algorithm and can subsequently display targeted product recommendations as personalized advertising banners on other websites (so-called publishers). Under no circumstances can this data be used to personally identify the visitor of this website. The processing is based on Art. 6(1)(f) GDPR, arising from our legitimate interest in the above-mentioned purposes.

You have the right to object at any time, for reasons arising from your particular situation, to this processing of your personal data based on Art. 6(1)(f) GDPR.

The data collected is used solely to improve our offering. It is not used for other purposes or shared with third parties. You may object to this completely anonymous analysis of your browsing behavior. More information about Criteo’s technology and privacy practices can be found in their privacy policy: https://www.criteo.com/de/privacy/

3.30 Use of the Google Inc. Remarketing or “Similar Audiences” function

We use Google LLC’s (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) remarketing or “Similar Audiences” function on our website. If you reside in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for your data. Google Ireland Limited is therefore the affiliated company that handles your data and ensures compliance with applicable data protection laws.

This application serves the purpose of analyzing visitor behavior and interests. Google uses cookies to carry out the analysis of website use, which forms the basis for creating interest-based advertisements. Through the cookies, website visits and anonymized data about website use are recorded. No personal data of website visitors is stored. If you subsequently visit another website within the Google Display Network, you may be shown ads that likely relate to previously accessed product and information content.

The use of cookies or comparable technologies is based on § 25(1) TTDSG. The processing of your personal data is based on Art. 6(1)(f) GDPR due to our legitimate interest in targeting website visitors with interest-based advertising. You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

You can permanently disable the use of cookies by Google by following the link below and downloading and installing the provided plugin: https://support.google.com/ads/answer/7395996?hl=de

Alternatively, you can disable the use of cookies by third-party providers by visiting the Network Advertising Initiative’s opt-out page at https://www.networkadvertising.org/choices/ and implementing the opt-out instructions provided there.

Further information about Google Remarketing and the associated privacy policy can be found at: https://www.google.com/privacy/ads/

3.31 Use of Microsoft Advertising

We use Microsoft Advertising on our website, a service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft”).

The data processing serves marketing and advertising purposes as well as the measurement of the success of advertising campaigns (conversion tracking). We receive information about the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. Personal identification of these users is not possible. Microsoft Advertising uses technologies such as cookies and tracking pixels to analyze website usage.

When you click on an ad placed by Microsoft Advertising, a cookie is stored on your computer for conversion tracking. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognize that you clicked the ad and were redirected to that page. The information collected may include: IP address, identifiers assigned by Microsoft, information about the browser and device used, referrer URL (the website through which you accessed our site), and the URL of our website. Your data may be transferred to the USA. The data transfer is based on the Standard Contractual Clauses pursuant to Art. 46 GDPR. Microsoft processes this data as an independent controller.

The use of cookies or similar technologies is based on § 25(1) TTDSG. The processing of your personal data is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in targeting visitors with personalized advertising. You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

You can prevent cookies from being stored by selecting the appropriate technical settings in your browser software. However, please note that doing so may limit your ability to use all the functions of this website. If you opt out, you will not be included in conversion tracking statistics.

More information about data protection and the cookies used by Microsoft Bing can be found here.

3.32 Use of Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you reside in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller for your data. Google Ireland Limited is the affiliated company responsible for processing your data and ensuring compliance with applicable data protection laws.

This tool manages JavaScript tags and HTML tags that are used for implementing tracking and analytics tools. The data processing serves the purpose of needs-based design and optimization of our website.

Google Tag Manager itself does not store any cookies or process personal data. However, it can trigger other tags that may collect personal data.

For more information about usage and data protection, please visit: https://www.google.com/intl/de/tagmanager/use-policy.html

3.33 Use of Google Maps

We use Google Maps functions on our website for address validation. Google Maps is a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you reside in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for your data. Google Ireland Limited is the affiliated company responsible for processing your data and ensuring compliance with applicable data protection laws.

This function allows us to validate addresses you enter, in order to reduce input errors and related delivery problems or additional costs. It is based on Art. 6(1)(b) GDPR. The addresses you enter are transmitted in real time to Google’s servers. The Google API matches the transmitted data with its database. If the address is recognized, the API returns a standardized address format. If not, a message is returned. Your data may be transferred to the USA.

More information about how Google collects and uses data can be found in Google’s privacy policy: https://www.google.com/privacypolicy.html. You can also manage and protect your data processed by Google in the privacy center available there.

3.34 Use of Crazy Egg

We use the web analytics service Crazy Egg on our website, provided by Crazy Egg, Inc. (16220 E. Ridgeview Lane, La Mirada CA 90638, USA), hereinafter referred to as “Crazy Egg.” By using Crazy Egg, we can understand how you navigate our website and what you specifically view or click on. The tracked usage behavior is evaluated systemically and anonymously, meaning the affected user cannot be identified. Selection of which users’ behavior is recorded is also partly random. Crazy Egg provides us with valuable insights to improve the user-friendliness and speed of our website.

Crazy Egg uses so-called technically necessary cookies, text files stored on your computer. that allow an analysis of your website usage. Crazy Egg processes the following information:

  • IP address in anonymized form (Crazy Egg anonymizes the IP address at the point of collection);
  • Pages viewed and navigation patterns on those pages;
  • Number and position of clicks on links;
  • Browser type and version;
  • Screen size of the device used.

The information collected via cookies or generated by Crazy Egg is transmitted anonymously to servers in the USA and stored there. The transfer of data to the USA is based on the EU Standard Contractual Clauses. We have also concluded a data processing agreement with Crazy Egg to ensure that the processing of personal data complies with GDPR-level security. The data processing, including the setting of technically necessary cookies, is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in designing the website to meet user needs and targeting content.

For more information on Crazy Egg’s data protection practices, please refer to their privacy policy.

3.35 Verification of VAT identification number with the Federal Central Tax Office (BZSt)

To fulfill our tax obligations, we verify the VAT identification number (VAT ID) you provide during the ordering process if you act as a business and enter a VAT ID.

For this purpose, we transmit the required data via a qualified confirmation request to the Federal Central Tax Office (BZSt), An der Küppe 1, 53225 Bonn, Germany. As part of this verification, the following data is transmitted in particular:

  • VAT identification number
  • Name or company name
  • Street, postal code, and city

This transmission is made exclusively for the purpose of verifying the validity and assignment of the provided VAT ID and to ensure proper tax handling of our services, including the correct issuance of legally required invoices.

The processing and transmission of this data is carried out to fulfill a legal obligation we are subject to. The legal basis is Art. 6(1)(c) GDPR in conjunction with § 18e of the German VAT Act (UStG).

The Federal Central Tax Office processes the transmitted data exclusively within the scope of its statutory duties. We do not use or share the data beyond this purpose.

Providing a valid VAT ID is required in certain tax scenarios. If you do not provide a VAT ID or order as a private individual, no data will be transmitted to the Federal Central Tax Office.

Further information on how the German Federal Central Tax Office (BZSt) processes data can be found in the BZSt privacy notices at:

– German: https://www.bzst.de/DE/DasBZSt/Beauftragte/Datenschutz/datenschutz_node.html
– English: https://www.bzst.de/EN/Federal_Central_Tax_Office/privacy_policy/privacy_policy.html

4. Storage duration

After full completion of the contract, the data will initially be stored for the duration of the statutory warranty period, and thereafter pursuant to statutory retention periods, particularly those required under tax and commercial law. Once these periods expire, the data will be deleted unless you have consented to further processing and use.

5. Data subject rights

If the legal requirements are met, you have the following rights under Articles 15 to 20 of the GDPR: the right to access, rectification, erasure, restriction of processing, and data portability. You also have the right to object to processing based on Article 6(1)(f) GDPR and to processing for direct marketing purposes under Article 21(1) GDPR.

Please contact us if you wish to exercise your rights. You can find our contact details in our legal notice.

6. Right to lodge a complaint with the supervisory authority

According to Article 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.

7. Right to object

If the processing of your personal data described here is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation, with future effect.

Once you have objected, the processing of the relevant data will be stopped unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed for the purpose of direct marketing, you can object to this processing at any time by notifying us. Once you have objected, we will stop processing the relevant data for direct marketing purposes.

Last updated: January 23rd, 2026