Order within the next 9 hours and we will dispatch today!

Data privacy policy

Thank you for your interest in our online service and we are pleased you have visited. In the following policy, we would like to inform you about the type, scope and purpose of the collection, use and processing of personal data in connection with the use of our website and at the same time explain the rights to which you are entitled.

It is generally possible to visit and use our website without providing personal data. Personal data is all data that personally refers to you, e.g. name, address, email address, user behaviour

However, if certain services (such as registration or other information transfer) of our website are used, personal data is collected and processed exclusively within the scope of the applicable General Data Protection Regulation (GDPR).

Our website always uses an up-to-date encryption method (SSL or TLS) to protect your data.


1. Controller for data processing

1.1 The controller for data processing on this website in the sense of all data protection regulations (in particular in the sense of the GDPR in accordance with Article 4 Para. 7) is:

Kostümpalast GmbH
Ms Anne Perius
Max-Eyth-Str. 1
71691 Freiberg

Tel.:  07141-7024472
Fax:  07141-7024473
E-Mail: [email protected]

You will find our complete provider identification using the following link:
Kostümpalast legal notice

The controller for processing personal data is a natural or legal person that alone or jointly with others decides on the purposes and means of processing personal data.

1.2 If you contact us by email or via a contact form, the personal data you have provided (your email address, if applicable your name and your telephone number) will be stored by us in accordance with Article 6 Para. 1 Sentence 1 Lit f and, if applicable, b GDPR on the basis of our legitimate interest to be able to answer your questions. We delete the data collected in this context after storage is no longer necessary (final clarification of the enquiry) or if statutory retention obligations exist that limit processing.

1.3 If we use contracted service providers for individual functions of our service or would like to use your data for advertising purposes, we will inform you in detail about the respective processes in the course of this data privacy policy. We will also specify the defined criteria for the storage period.

2. Collecting personal data when visiting our website, cookies

2.1 When using the website for information purposes only, meaning if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, in accordance with Article 6 Para. 1 Sentence 1 Lit f GDPR based on our legitimate interest, which is technically necessary for us to display our website to you and to ensure stability, functionality and security: (1) IP address, (2) date and time of the request, (3) time zone difference to Greenwich Mean Time (GMT), (4) content of the request (specific site), (5) access status/HTTP status code, (6) amount of data transferred in each case, (7) website from which the request comes, (8) browser, (9) operating system and its interface, (10) language and version of the browser software.

2.2 In addition to the aforementioned data, cookies are stored on your computer when using our website. Cookies are small text files stored on your hard drive by your browser and through which certain information flows to us. Cookies cannot run programs or transmit viruses to your computer. They are for making the online service more user-friendly and effective overall and making visits to our website easier (for example, displaying the contents of the shopping basket on the next visit to our website).

Our website notably uses transient and persistent cookies.

Transient cookies are automatically deleted if you close your browser. This notably includes session cookies. These store a so-called “session ID” with which different browser requests can be assigned to the common session. This will allow your computer to be recognised if you visit our website again. These session cookies are deleted if you logout or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete these cookies at any time in the security settings.

2.3 You can configure the security settings of your browser according to your preferences regarding the storage of cookies and, for example, refuse the acceptance of third party cookies or all cookies. To do so, please use the help menu of the browser you are using. If you choose to decline cookies in whole or in part, you may not be able to use all the features of our website.

3. More functions and services of our website  

3.1 In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you generally have to provide more personal data, which we use to provide the respective service and to which the aforementioned data processing regulations apply.

3.2 In some instances, we use external service providers for processing. They have been carefully selected and commissioned by us, are bound to our instructions and are checked regularly.

3.3 Furthermore, we may pass on your personal data to third parties if we offer participation in campaigns, competitions, conclusion of contracts or similar services together with partners. You will find further information on this throughout this data privacy policy as well as by entering your personal data or in the service description.

3.4 If our service provider or partner is located in a state outside of the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the service description.


4. Duration of personal data storage

Personal data is stored for the duration of the respective legal retention period (in particular in accordance with commercial and tax law). If this data is neither necessary for contract fulfilment nor for contract initiation after expiry of this legal retention period or if there is no legitimate interest on our part in the continuous storage of the data, it will be deleted.

5. Legal bases for the data processing carried out 

Unless we make separate reference to the legal basis within this data privacy policy, data processing is generally based on the legal bases stated below.

5.1 If you have given your consent to the processing of your personal data for one or more purposes, the data will be processed by us on the basis of Article 6 I Lit. a GDPR.

5.2 If processing is necessary due to the fulfilment of a contractual relationship to which you are a contracting party, for example, to deliver products according to an order or to execute precontractual measures, in particular to respond to a request you have made, the processing of the data is carried out on the basis of Article 6 I Lit. b GDPR.

5.3 If the processing of the data is necessary due to the fulfilment of a legal (e.g. tax) obligation to which we are subject, we process the data on the basis of Article 6 I Lit. c GDPR.

5.4 If the data is processed in order to protect your vital interests or the vital interests of another natural person, this is based on Article 6 I Lit. d GDPR.

5.5 If the processing of personal data is not covered by any of the aforementioned legal bases, the data is processed on the basis of Article 6 I Lit. f GDPR. According to that, processing takes place to protect our legitimate interest or the interest of a third party provided that your interests, fundamental rights and freedoms do not prevail.

6. Your rights

You have the following rights when it comes to our company with regard to personal data concerning you.

6.1 Right to information, Article 15 GDPR

You have the right to request information free of charge and a copy from us about personal, processed data concerning you. Furthermore, you may also obtain information about (1) the processing purposes, (2) the categories of personal data that are processed, (3) the recipient or categories of recipients to whom to the personal data has been or is still being disclosed, particularly in the cases of recipients in third countries or international organisations, (4) – if possible – the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration, (5) the existence of a right to correct or delete personal data concerning you or limitation of processing by the controller or a right to object to this processing, (6) the right to complain to a supervisory authority, (7) all available information about the origin of the data is the personal data is not processed by us, (8) the existence of automated decision-making, including profiling, in accordance with Article 22 Para. 1 and 4 GDPR and, – at least in these cases – meaningful information about the logic involved and the scope and intended effects of this kind of processing for you as the data subject, (9) the suitable guarantees in accordance with Article 46 GDPR in relation to the transfer when personal data is transferred to a third country or international organisation.

6.2 Right to correction, Article 16 GDPR

You have the right to request the immediate correction of inaccurate personal data concerning you. Furthermore, you also have the right to ask for the completion of incomplete personal data – also by means of a supplementary declaration.

6.3 Right to deletion, Article 17 GDPR (“right to be forgotten”)

You have the right to the immediate deletion of personal data if one of the following reasons applies: (1) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, (2) you revoke your consent on which the processing is based in accordance with Article 6 Para 1. Lit. a GDPR or Article 9 Para. 2 Lit. a GDPR and there is no other legal basis for processing, (3) you file an objection to the processing in accordance with Article 21 Para. 1 GDPR and there are no overriding legitimate grounds for processing or you file an objection to the processing in accordance with Article 21 Para. 2 GDPR, (4) the personal data has been processed unlawfully, (5) the deletion of the personal data is necessary to fulfil a legal obligation in accordance with EU law or the law of a member state to which we are subject, (6) the personal data has been collected in relation to a service provided by an information society in accordance with Article 8 Para. 1 GDPR.

6.4 Right to restrict processing, Article 18 GDPR

You have the right to request that we restrict processing if one of the following requirements applies: (1) the accuracy of the personal data is disputed by you and for a duration that enables us to check the accuracy of the personal data, (2) the processing is unlawful and you refuse the deletion of personal data and instead request that use of the personal data is restricted, (3) we no longer require the personal data for the processing purposes, however, you require it to assert, exercise or defend legal claims or (4) you have filed an objection against processing in accordance with Article 21 Para. 1 GDPR as long as it has not yet been determined whether our legitimate reasons prevail.

6.5 Right to notification, Article 19 GDPR

We have an obligation to notify all recipients whose personal data has been disclosed of any correction or deletion of the personal data or any restriction on processing in accordance with Article 16, Article 17 Para. 1 and Article 18 GDPR unless this proves impossible or involves disproportionate effort. You have the right to be informed of these recipients if you request this.

6.6 Right to data transferability, Article 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another controller without hindrance by us, to whom the personal data has been provided, provided that the processing is based on consent in accordance with Article 6 Para. 1 Lit. a or Article 9 Para. 2 Lit. a GDPR or on a contract in accordance with Article 6 Para. 1 Lit. b GDPR and the processing is carried out using automated procedures. You also have the right to request that the personal data concerning you be transferred directly from one controller to another if this is technically feasible.

6.7 In accordance with Article 77 Para. 3 GDPR, you also have the right to complain to the data protection regulatory authority about the processing of your personal data by us.

7.  Objection or revocation against the processing of your data, Article 7 Para. 3 GDPR

7.1 If you have given your consent to the processing of your data, you can revoke this at any time. This revocation influences the permissibility of processing your personal data after you have given it to us.

7.2 If we base the processing of your personal data on the balancing of interests, you may file an objection to the processing. This is the case if processing is not particularly necessary to fulfil a contract with you, which is described by us in the following description of the functions. When exercising an objection like this, we request that you explain the reasons as to why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling legitimate reasons on the basis of which we will continue processing.

7.3 Of course, you can object to the processing of your personal data for advertising purposes and data analysis at any time. You can inform us about your objection to advertising using the following contact data:

Kostümpalast GmbH
Ms Anne Perius
Max-Eyth-Str. 1
71691 Freiberg

Tel.: 07141-7024472
Fax:  07141-7024473
E-Mail: [email protected]


8. Using our online shop

8.1 If you would like to place an order in our online shop, it is necessary for you to provide us with the personal data we require to process your order for the conclusion of the contract. The mandatory information required to process contracts is marked separately; further information is optional. We process the data provided by you to process your order. For this purpose, we may pass on your payment data to our bank. The legal basis for this is Article 6 Para. 1 Sentence 1 Lit. b GDPR.

8.2 You can optionally create a customer account through which we may store your data for later purchases. When creating an account under “My account”, the data you have provided will be stored revocably. You can delete all other data in the customer area, including your user account, at any time.

8.3 We may also process the information you provide to inform you of other interesting products in our range or to send you emails containing technical information.

8.4 We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after [two years] we will limit processing, meaning your data will only be used to comply with legal obligations.

8.5 The order process is encrypted using TLS technology to prevent unauthorised access to your personal data, especially financial data.

9. Newsletter

9.1 With your consent, you can subscribe to our newsletter, which we use to inform you about our current offers. The advertised goods and services are named in the declaration of consent.

9.2 We use a so-called “double opt-in” procedure for registration for our newsletter. This means that after you register, we send an email to the email address given in which we ask you to confirm that you want us to send you the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. Furthermore, we store your IP address and the time of registration confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify possible misuse of your personal data.

9.3 Your email address alone is mandatory for sending the newsletter. Giving other, separately marked data is optional and is used to be able to address you personally. After giving confirmation, we store your email for the purpose of sending the newsletter. The legal basis is Article 6 Para. 1 Sentence 1 Lit. a GDPR.

9.4 You can revoke your consent given for receiving the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter email, by sending an email to [email protected] or by sending a message to the contact details in the legal notice.

9.5 Please note that we analyse your user behaviour when sending the newsletter. For this analysis, the emails sent contain so-called “web beacons” or “tracking pixels” which represent single-pixel image files stored on our website. For the analyses, we link the data mentioned in clause 3 and the web beacons with your email address and an individual ID. Data is collected exclusively in pseudonymised form, IDs are not connected with your other personal information and direct links to a particular individual are excluded. You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact method. The information is stored as long as you are subscribed to the newsletter. After cancellation, we store the data purely statistically and anonymously.

9.6 Use of MailChimp

(1) We use the service provider MailChimp to send our newsletter. We pass on the data you have provided when registering for the newsletter to this service provider, which will then be stored on a server in the USA. The legal basis for processing and transmitting data that serves our legitimate interest in sending advertising by email as part of a newsletter is the provision of Article 6 Para. 1 Lit. f GDPR.

(2) MailChimp uses this data to send and statistically analyse the newsletter on our behalf. Furthermore, this data can be used by the service provider to optimise or improve the service offered in accordance with Article 6 Para. 1 Lit. f GDPR. However, this service provider will never use the data to send independent emails or to pass it on to third parties.

(3) If you do not agree with the data you provided to us in the context of the registration to the newsletter being passed on to MailChimp, you can cancel your subscription to the newsletter at any time.

(4) This service provider’s address is: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. We have concluded a contract with this service provider regarding data processing in order to guarantee the protection of processed and collected data. You can view MailChimp’s data privacy policies using the following link: https://mailchimp.com/legal/privacy/

10. Use of Google Analytics

10.1 This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website will normally be transmitted to and stored by Google on servers in the USA. Due to IP anonymisation on this website, your IP address will be truncated beforehand within a member state of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

10.2 Google will not associate your IP address transferred within the framework of Google Analytics with any other data held by Google.

10.3 You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data generated by the cookie and related to your use of the website (including your IP address)  by downloading and installing the browser plug-in or alternatively clicking on the following link to opt out of cookies: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively to this plug-in, especially when visiting our website via mobile devices, the following link (opt-out cookie) is necessary to prevent Google from collecting the data generated by the cookie and data relating to your use of the website (including your IP address) and processing this data by Google. Deactivate Google Analytics

10.4 This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are truncated and further processed to exclude a direct link to a particular individual. If the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.

10.5 We use Google Analytics to analyse and regularly improve the use of our website. We can improve our service and make it more interesting for you as the user using the statistics gained. For exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield,  https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Article 6 Para. 1 Sentence 1 Lit. f GDPR.

10.6 Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data privacy policy: http://www.google.de/intl/de/policies/privacy.

11. Use of blog functions

11.1 You can make public comments on our blog, in which we publish various articles on topics related to our activities. Your comment will be published with your user name. We recommend using a pseudonym instead of your real name. Entering your user name and email address is required; all other information is optional. If you leave a comment, we store your IP address, which we will delete after [one week]. The storage is necessary for us to be able to defend ourselves against liability claims in cases of possible publication of illegal content. We require your email address to get in touch with you if a third party complains that your comment is unlawful. The legal bases are Article 6 Para. 1 Sentence 1 Lit. b and f GDPR. Comments are not checked before publishing. We reserve the right to delete comments if third parties complain that they are unlawful.

11.2 After writing a comment you can activate the check box for our email service. By doing so, you will be informed if another use leaves a comment on your post. We use the double opt-in procedure for this service, meaning you will receive an email in which you must confirm that you are the owner of this email address and wish to receive notifications. You can unsubscribe from the notifications at any time by clicking on the link contained in the email. Your personal data, including your email address, the time of registration for the service and your IP address will be stored by us until you log out of the information service.

12. Social Media

12.1 We currently use the following social media plug-ins: Facebook, Google+, Twitter, Pinterest, Instagram. We use the so-called “two-click solution”. This means that when you visit our site, no personal data is initially passed on to the plug-in providers. You can recognise the plug-in provider by the mark on the box above its first letter or the logo. We provide you with the option of communicating directly with the plug-in provider via the button. Only when you click on the marked field and activate it does the plug-in provider does the plug-in provider receive the information that you have visited the corresponding website of our online service. In addition, the data mentioned in clause 3 of this policy will be transmitted. In the case of Facebook and Xing, the IP address is anonymised immediately after collection, according to the respective provider in Germany. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (by providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies before clicking on the greyed-out box via your browser’s security settings.

12.2 We have no influence on the data collected and data processing procedures, nor are we familiar with the full extent of data collection, the purpose of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

12.3 The plug-in provider stores the data collected about you as usage profiles and uses it for the purpose of advertising, market research and/or demand-orientated design of its website. An analysis like this takes place in particular (even for users that are not logged in) to deliver demand-orientated advertising and to inform other uses of the social and to inform other uses of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Using this plug-in, we provide you with the option of interacting with the social network and other users so that we can improve our service and make it more interesting for you as the user. The legal basis for using plug-ins is Article 6 Para. 1 Sentence 1 Lit. f GDPR.

12.4 Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to the existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

12.5 For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the following privacy policies of these providers. There you will also find more information about your rights concerning this and setting options to protect your privacy.

12.6 Addresses of the respective plug-in providers and URL with data privacy policies:

(1) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection:  http://www.facebook.com/help/186325668085084. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(2) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google is subject to the EU-US Privacy Shield,  https://www.privacyshield.gov/EU-US-Framework.

(3) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(4) Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; https://policy.pinterest.com/de/privacy-policy.

(5) Instagram LLC, Vertreten durch Kevin Systrom und Mike Krieger, 1601 Willow Rd, Menlo Park,  CA 94025, USA; https://help.instagram.com/155833707900388

13. YouTube video integration

13.1 We have integrated YouTube videos (Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in our online service, which are stored on http://www.youtube.com and are playable directly on our website.

13.2 By visiting the website, YouTube receives the information that you have visited the corresponding subpage of our website. In addition, the data mentioned in clause 3 of this policy will be transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or no user account exists. If you are logged in to Google, your data is assigned directly to your account. If you do not wish to be assigned to your profile on YouTube, you must logout before activating the button. YouTube stores your data as usage profiles and uses it for the purpose of advertising, market research and/or the demand-orientated design of its website. An analysis like this takes place in particular (even for users that are not logged in) to deliver demand-orientated advertising and to inform other uses of the social and to inform other uses of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

13.3 Data is processed based on YouTube’s legitimate interest in a demand-orientated Internet presence for visitors c.f. Article 6 Para. 1 Lit. f GDPR.

13.4 For more information on the purpose and scope of data collection and its processing by YouTube, please refer to its data privacy policy. There you will also find more information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

14. Vimeo video integration

14.1 We have integrated Vimeo videos (Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA) in our website, which are stored on http://www.vimeo.com and a playable directly on our website.

14.2 By visiting the website, Vimeo receives the information that you have visited the corresponding subpage of our website. In addition, the data mentioned in clause 3 of this policy will be transmitted. This happens regardless of whether Vimeo provides a user account through which users are logged in or no user account exists. If you are logged in to Vimeo, your data is assigned directly to your account. If users do not wish to be assigned to their profile on Vimeo, they must logout before activating the button. Vimeo stores your data as usage profiles and uses it for the purpose of advertising, market research and/or the demand-orientated design of its website. An analysis like this takes place in particular (even for users that are not logged in) to deliver demand-orientated advertising and to inform other uses of the social and to inform other uses of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact Vimeo to exercise this right.

14.3 Data is processed based on Vimeo’s legitimate interest in a demand-orientated Internet presence for visitors c.f. Article 6 Para. 1 Lit. f GDPR.

14.4 For more information on the purpose and scope of data collection and its processing by Vimeo, please refer to its data privacy policy. There you will also find more information about your rights and setting options to protect your privacy http://vimeo.com/privacy.

14.5 Vimeo videos also include tracking by Google Analytics, which is used independently and without any influence from us. Please refer to clause 12.1 of this policy for tracking with Google Analytics.

15. Integration of Google Maps

15.1 We use the Google Maps service on this website. By doing so, we can display interactive maps directly on the website and allow you convenient use of the map functions.

15.2 By visiting the website, Google receives the information that you have visited the corresponding subpage of our website. In addition, the data mentioned in clause 3 of this policy will be transmitted. This happens regardless of whether Google provides a user account through which users are logged in or no user account exists. If you are logged in to Google, your data is assigned directly to your account. If users do not wish to be assigned to their profile on Google, they must logout before activating the button. Google stores your data as usage profiles and uses it for the purpose of advertising, market research and/or the demand-orientated design of its website, whereby there is a legitimate interest c.f. Article. 6 Para. 1 Lit. f GDPR. An analysis like this takes place in particular (even for users that are not logged in) to deliver demand-orientated advertising and to inform other uses of the social and to inform other uses of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

15.3 For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy policies of the provider. There you will also find more information about your rights concerning this and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

16. Use of Google Fonts

16.1 Google Fonts provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) are integrated in this website.

16.2 To correctly display of our website within the browser you use, which also gives rise to a legitimate interest on our part (c.f. Article 6 Para. 1 Lit. f GDPR), it loads fonts provided by Google (web fonts) into the cache. The necessary requirement for this is the establishment of a connection between your browser and Google’s servers. In this context, Google is informed that our website has been accessed via your IP address.

16.3 For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy policies of the provider. There you will also find more information about your rights concerning this and setting options to protect your privacy  : http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

17. Online advertising

17.1 Use of Google AdSense

(1) This website uses the Google AdSense online advertising service, which allows us to present advertisements tailored to your interests. We are interested in showing you advertisements that may be of interest to you in order to make our website more interesting to you. Statistical information about you is collected and processed by our advertising partners for this purpose. These advertisements can be recognised via the information “Google ad” in the respective advertisement.

(2) By visiting the website, Google receives the information that you have visited our website. For this purpose, Google uses a web beacon to put a cookie on your computer. The data mentioned in clause 3 of this policy will be transmitted. We have no influence on the data collected, nor are we familiar with the full extent of data collection and the storage periods. Your data is transferred to the USA and analysed there. If you are logged in with your Google account, your data can be directly assigned to it. If you do not wish to be assigned to your Google profile, you must logout. It is possible that this data will be passed on to Google’s contractual partners and to third parties and authorities. The legal basis for processing your data is Article 6 Para. 1 Sentence 1 Lit. f GDPR. This site has also enabled third-party Google AdSense ads. The aforementioned data may be transferred to these third-party providers (named in https://support.google.com/dfp_sb/answer/94149).

(3) You can prevent Google AdSense cookies being installed in different ways: a) by adjusting your browser software accordingly, in particular the elimination of third party cookies means that you will not receive ads from third parties; b) by deactivating the interest-based ads on Google via the link http://www.google.de/ads/preferences, whereby this setting is deleted if you delete your cookies; c) by deactivating the interest-based ads of providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome using the link http://www.google.com/settings/ads/plugin. Please note that if you do this you may not be able to use the full functionality of this service.

(4) For more information on the purpose and scope of data collection and its processing as well as more information on your rights concerning this and setting options to protect your privacy, please refer to: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; data privacy conditions for advertising: http://www.google.de/intl/de/policies/technologies/ads. Google is subject to the EU-US Privacy Shield , https://www.privacyshield.gov/EU-US-Framework.

17.2 Use of Google AdWords conversion

(1) We use the Google AdWords service to draw attention to our attractive offers with the help of advertising materials (Google AdWords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising measures. We are interested in showing you advertisements that are of interest to you, in making our website more interesting to you and in achieving a fair calculation of advertising costs.

(2) These advertising materials are delivered by Google via so-called “AdServers”. We use AdServer cookies to measure certain parameters for measuring success, such as the insertion of advertising or clicks by users. If you access our website via a Google advert, Google AdWords stores a cookie on your PC. These cookies usually lose their validity after 30 days and should not personally identify you. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that user no longer wants to be addressed) are usually stored as analysis values.

(3) These cookies enable Google to recognise your Internet browser. If a user visits certain pages of an AdWords customer’s website and the cookie stored on their computer has not expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this page. Every AdWords customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. We do not collect and process any personal data in the advertising measures mentioned. We only receive statistical analyses from Google. Based on these analyses, we can identify which of the advertising measures used are particularly effective. We do not receive further information from the use of the advertising measures; notably, we cannot identify users based on this information.

(4) Your browser automatically establishes a direct connection with the Google server based on the marketing tools used. We have no influence on the extent and further use of the data collected by Google through using this tool and are therefore providing you with information according to our level of knowledge: by integrating AdWords Conversion, Google receives the information that you have visited the corresponding part of our Internet presence or clicked on one of our ads. If you are registered on a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider will find out and store your IP address.

(5) You can prevent participating in this tracking procedure in different ways: a) by adjusting your browser software accordingly, in particular the elimination of third party cookies means that you will not receive ads from third parties; b) by deactivating cookies for conversion tracking by setting your browser so that cookies are blocked by the domain www.googleadservices.com, https://www.google.de/settings/ads, whereby this setting is deleted if you delete your cookies; c) by deactivating the interest-based ads of providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome using the link http://www.google.com/settings/ads/plugin. Please note that if you do this you may not be able to use the full functionality of this service.

(6) The legal basis for processing your data is Article 6 Para. 1 Sentence 1 Lit. f GDPR. Find out more about data privacy at Google here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

17.3 Google Remarketing

(1) We use the Google Remarketing application in addition to AdWords Conversion. This as a procedure we would like to use to contact you again. This application allows you to see our advertisements on other websites that provide advertising space for Google when you continue to use the Internet after you visit our website. This is done using cookies stored in your browser, which are used to record and analyse your usage behaviour when Google visits various websites. This is how Google can detect your previous visit to our website. Google thereby obtains knowledge of personal data, such as the IP address and/or surfing behaviour of the user, which are to be used exclusively for displaying advertisements that meet the interests of the user. When you visit our website, personal data, in particular your IP address, is transferred to Google. According to Google’s own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. Notably according to Google, pseudonymisation is used for remarketing.

(2) You can prevent participating in this tracking procedure in different ways: a) by adjusting your browser software accordingly, in particular the elimination of third party cookies means that you will not receive ads from third parties; b) by deactivating cookies for conversion tracking by setting your browser so that cookies are blocked by the domain www.googleadservices.com, https://www.google.de/settings/ads, whereby this setting is deleted if you delete your cookies; c) by deactivating the interest-based ads of providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome using the link http://www.google.com/settings/ads/plugin. Please note that if you do this you may not be able to use the full functionality of this service. 

(3) The legal basis for processing your data is Article 6 Para. 1 Sentence 1 Lit. f GDPR. Find out more about data privacy at Google here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at   http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

18. Google reCAPTCHA

We use the reCAPTCHA service provided by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). This service makes it possible to differentiate between certain interactions on our website, whether an input is made by a person or automatically. Your IP address is transferred to Google when using this service. The legal basis is Article 6 Para. 1 Lit. f GDPR. In this respect, there is a legitimate interest on our part in avoiding spam and misuse in connection with the use of our website.

Find out more about data privacy at Google here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.
Alternatively, you can visit the Network Advertising Initiative (NAI) website at   http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

19. Facebook Connect


19.1 In order to make using our app simpler, we use the Facebook Connect service on our website. You can easily set up a customer account if you have a Facebook account.

19.2 Using this service establishes a direct connection to Facebook servers in the USA. Facebook will become aware of your IP address and that you have visited our website, even if you do not have a Facebook account or are logged out of Facebook. This data is stored by Facebook. The legal basis for data processing by Facebook is based on Article 6 Para. 1 Lit. f GDPR and Facebook’s legitimate interest is in broadcasting personal advertising.

19.3 If you register or login on our website with Facebook registration data as part of using this service, we receive – only with your explicit consent in accordance with Article 6 Para. 1 Lit. a GDPR – from Facebook the data stored by you there and any publicly accessible information. This especially includes the user ID, name, profile picture, age and gender. The data transmitted by Facebook in this context is determined by your data protection settings there. If your friends’ profile pictures, user IDs and your friends list have been marked as “public”, this data may also be transmitted. We process and store the data provided by Facebook in this context, which may particularly include title, name, addresses, country, email address(es) and date of birth.

19.4 To prevent the information collected on our site from being assigned to your Facebook profile, you must logout before visiting our website or use an appropriate add-on.

19.5 You will find the data privacy policies of Facebook Inc., (1601 S California Ave, Palo Alto, California 94304, USA) at http://www.facebook.com/policy.php; more information on data collection:  http://www.facebook.com/help/186325668085084. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

20. Google+ Sign-In

20.1 In order to make using our app simpler, we use the Google+ Sign-In service on our website. You can easily set up a customer account if you have a Google+ account. 

20.2 Using this service establishes a direct connection to Google+ servers in the USA. Google+ will become aware of your IP address and that you have visited our website, even if you do not have a Google+ account or are logged out of Google+. This data is stored by Google+. The legal basis for data processing by Google+ is based on Article 6 Para. 1 Lit. f GDPR and Google+’s legitimate interest is in broadcasting personal advertising.

20.3 If you register or login on our website with Google+ registration data as part of using this service, we receive – only with your explicit consent in accordance with Article 6 Para. 1 Lit. a GDPR – from Google+ the data stored by you there and any publicly accessible information. This especially includes the user ID, name, profile picture, age and gender. The data transmitted by Google+ in this context is determined by your data protection settings there. If your friends’ profile pictures, user IDs and your friends list have been marked as “public”, this data may also be transmitted. We process and store the data provided by Google+ in this context, which may particularly include title, name, addresses, country, email address(es) and date of birth.

20.4 To prevent the information collected on our site from being assigned to your Google+ profile, you must logout before visiting our website or use an appropriate add-on.

20.5 You will find the data privacy policies of Google Inc., (1600 Amphitheater Parkway, Mountainview, California 94043, USA) at https://www.google.com/policies/privacy/partners/?hl=de. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

21. Transmitting personal data to DHL

21.1 We send our goods using the shipping service provider DHL. So that we are always able to inform you about the delivery status or to arrange a delivery date, we will pass on the email address and/or telephone number you provided in the order to the shipping service provider DHL provided that you have given us your express consent in the context of the order. The legal basis for processing and passing on your data in this context is Article 6 Para. 1 Lit. a GDPR.

21.2 Data is only passed on for the purpose of delivering our goods. Any consent given can be revoked at any time with respect to us or the shipping service provider DHL with effect for the future.

21.3 The address of the shipping service provider DHL is: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn.

22. Transmitting personal data to Hermes

22.1 We send our goods using the shipping service provider Hermes. So that we are always able to inform you about the delivery status or to arrange a delivery date, we will pass on the email address and/or telephone number you provided in the order to the shipping service provider Hermes provided that you have given us your express consent in the context of the order. The legal basis for processing and passing on your data in this context is Article 6 Para. 1 Lit. a GDPR.

22.2 Data is only passed on for the purpose of delivering our goods. Any consent given can be revoked at any time with respect to us or the shipping service provider Hermes with effect for the future.

22.3 The address of the shipping service provider Hermes is: Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg.

23. Using the payment service provider PayPal

23.1 You can make payments in our online shop using the service provider PayPal, among others. This service makes it possible to make payments via direct debit, credit card or purchase on account.

23.2 When using this service, we will pass on the payment data provided by you as part of the order to PayPal. Data is disclosed taking Article 6 Para. 1 Lit. b GDPR as a legal basis and is only for processing the payment.

23.3 PayPal may carry out a credit check for certain types of payment. In this context, the payment data provided is passed on to credit agencies in order to be able to decide as to whether a certain means of payment is permitted on the basis of the result of your ability to pay. The result of the payment probability is calculated on the basis of score values, which include your specified name and address data, among other things. The legal basis for the disclosure of the data by PayPal is the provision of Article 6 Para. 1 Lit. f GDPR.

23.4 The consent given for data processing can be revoked at any time. In this respect, please address your objection directly to PayPal.

23.5 The address of the payment processor PayPal is: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. For further information on data protection, please refer to PayPal’s data privacy policy, which can be found using the link below: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

24. Using the payment service provider Sofortüberweisung

24.1 You can make payments in our online shop using the service provider Sofortüberweisung, among others.

24.2 When using this service, we will pass on the payment data provided by you as part of the order to Sofortüberweisung. Data is disclosed taking Article 6 Para. 1 Lit. b GDPR as a legal basis and is only for processing the payment.

24.3 The consent given for data processing can be revoked at any time. In this respect, please address your objection directly to Sofortüberweisung.

24.4 The address of the payment processor Sofortüberweisung is: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, part of Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. For further information on data protection, please refer to Sofortüberweisung’s data privacy policy, which can be found using the link below: https://www.klarna.com/sofort/datenschutz

25. Using the payment service provider AmazonPay

25.1 You can make payments in our online shop using the service provider AmazonPay, among others.

25.2 When using this service, we will pass on the payment data provided by you as part of the order to AmazonPay. Data is disclosed taking Article 6 Para. 1 Lit. b GDPR as a legal basis and is only for processing the payment.

25.3 The consent given for data processing can be revoked at any time. In this respect, please address your objection directly to AmazonPay.

25.4 The address of the payment processor AmazonPay is: Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg. For further information on data protection, please refer to AmazonPay’s data privacy policy, which can be found using the link below: https://pay.amazon.com/de/help/201751600.

26. Using the payment service provider Heidelpay
 
26.1 You can make payments in our online shop using the service provider heidelpay GmbH, among others.

26.2 When using this service, we will pass on the payment data provided by you as part of the order to heidelpay GmbH. Data is disclosed taking Article 6 Para. 1 Lit. b GDPR as a legal basis and is only for processing the payment.

26.3 The consent given for data processing can be revoked at any time. In this respect, please address your objection directly to heidelpay GmbH.

26.4 The address of the payment processor heidelpay GmbH is: heidelpay GmbH, Vangerowstraße 183, 69115 Heidelberg, Deutschland. For further information on data protection, please refer to heidelpay's data privacy policy, which can be found using the link below: https://www.heidelpay.com/de/datenschutz/

27. Using review reminders from Trusted Shops GmbH

27.1 We use the service provided by Trusted Shops GmbH for review submissions and sending review reminders. This platform sends reminders on our behalf for submitting a review, provided that you have expressly consented to this within the framework of the contractual relationship. In this context, your name and email address will be transmitted to Trusted Shops. The legal basis in this respect is the provision of Article 6 Para. 1 Lit. a GDPR.  

27.2 You can revoke your consent at any time by contacting us or the Trusted Shops platform.

27.3 The address of the Trusted Shops review platform is: Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne.