Pravila zaštite privatnosti

Data protection declaration

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.

Server log files

You can use our websites without submitting personal data.

Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.

Proactive contact of the customer by e-mail

If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.

If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.

We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.

Collection and processing when using the contact form

When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.

Collection and processing when sending images via upload
We provide an upload function for image files on our website. It is thus possible to send images to us by means of encrypted data transmission. With the transmission of your images, we may collect your personal data (image of an identifiable person) only to the extent provided by you. The purpose of data processing is to create personalized products. The sent image serves as a template for the product and is used for this purpose (e.g., T-shirt print). The processing is carried out on the basis of Art. 6 para. 1(b) GDPR and is required for the performance of a contract with you. Your data will not be transferred.
We only use the image you send within the scope of service provision. Your data will then be deleted subject to legal retention periods, provided that you have not consented to further processing and use.

Collection and processing when images are sent by e-mail
You have the option to send us images via e-mail in connection with the order of a personalized product.
With the transmission of your images, we may collect your personal data (image of an identifiable person) only to the extent provided by you. The purpose of data processing is to create personalized products. The sent image serves as a template for the product and is used for this purpose (e.g. T-shirt print). The processing is carried out on the basis of Art. 6 para. 1(b) GDPR and is required for the completion of a contract with you.
Your data will not be transferred.
We only use the image you send within the scope of service provision. Your data will then be deleted subject to legal retention periods, provided that you have not consented to further processing and use.

Customer account Orders

Customer account

When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.

Collection, processing, and transfer of personal data in orders

When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract with you.

Your data will be shared, for example, with shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.

Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. The EU Commission has issued an adequacy decision for Canada. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.

Advertising

Use of the e-mail address for sending newsletters
We use your e-mail address to send you information and offers by newsletter, provided you have expressly consented to this. The data processing serves the sole purpose of advertising. For this purpose, we process your e-mail address and any other data that you have voluntarily provided when registering for our newsletter.
The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by sending us a message. Your e-mail address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a blacklist to prevent you from receiving future newsletter emails from us. This storage takes place on the basis of Art. 6 para. 1 lit. f GDPR out of our and your legitimate interest in preventing the reuse of your e-mail address for sending our newsletter. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.

Payment service providers

Use of PayPal
On our website we use the PayPal payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, the data required for processing the payment will be transmitted to PayPal in order to enable us to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

All PayPal transactions are subject to PayPal Privacy Policy. You can find these at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of PayPal Plus
On our website we use the PayPal Plus payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, the data required for payment processing is transmitted to PayPal in order to enable us to fulfil the contract with you by means of the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

For individual payment methods such as credit card via PayPal, direct debit via PayPal, PayPal reserves the right, if necessary, to obtain a credit report on the basis of mathematical-statistical procedures using credit reporting agencies. For this purpose, PayPal transmits the personal data required for credit assessment to a credit agency and uses the obtained information on the statistical probability of a payment default in order to reach a reasonable decision on the establishment, performance or termination of the contractual relationship. The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical methods and include, among other things, address data. Your legitimate interests will be taken into account in accordance with the legal requirements. The data processing serves the purpose of a credit check for contract initiation. The processing is carried out on the basis of art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default if PayPal pays in advance.
For reasons that arise from your particular situation, you have the right to object to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. f GDPR at any time by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method of your choice. Failure to provide such data shall mean that the contract cannot be concluded with the payment method you have selected.

Use of PayPal Express

Our website uses the payment service PayPal Express from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; "PayPal").

The processing of data enables us to offer you the option of paying via the PayPal Express payment service.

To integrate this payment service it is essential that PayPal collects, stores, and analyses data when you access the website (e.g. IP address, device type, operating system, browser type, device location). Cookies may be used for this purpose. Cookies allow your internet browser to be recognised.

The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in a customer-oriented offer of different payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.

By selecting and using "PayPal Express", the data required for payment processing will be submitted to PayPal to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR.

Further information on data processing when using the Paypal Express payment service can be found here in the associated data privacy policy.

Cookies

Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.

Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.

The use of cookies or comparable technologies is carried out on the basis of Art. 25 para. 2 TDDDG. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.
You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

Use of the Cookie Consent Manager CCM19
On our website, we use the Cookie Consent Manager CCM19 from HB legal tech GmbH (Kohlgartenstraße 11-13, 04315 Leipzig, Germany; "CCM19") within the framework of order processing.
The plug-in is hosted on consenttool.haendlerbund.de and enables you to give your consent to data processing via the website, in particular to set cookies, as well as to make use of your right of revocation for consents already provided. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies are used for this purpose. Among other things, the following information can be collected, stored and, if necessary, transferred to HB legal tech GmbH: randomly assigned ID, consent status, date and time of consent/rejection. The data is stored for one year and one month and then deleted. This data will not be passed on to any other third parties.
The data processing is carried out on the basis of Article 6 para. 1 lit. c GDPR to comply with a legal obligation.
For more information about data protection, please visit: https://www.haendlerbund.de/de/datenschutzerklaerung.

Plug-ins

Use of social plug-ins
Our website uses social network plug-ins. The integration of social plug-ins and the data processing associated with this serves the purpose of optimising the advertising for our products.
The integration of social plug-ins involves a connection between your computer and the servers of the service provider of the social network which then instructs your web browser to display the plug-in on that web page, provided you have expressly consented to this. In this process, both your IP address as well as the information on which web pages you have visited will be transmitted to the provider’s servers. This happens regardless of whether you are registered with or logged into the social network. The information is transferred even if users are not registered or logged in. Should you be connected simultaneously with one or more of your social network accounts, the collected information may also be assigned to your corresponding profiles. When using the plug-in functions (e.g. by pressing the appropriate button), this information will also be assigned to your user account. You can therefore prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
The following social networks are integrated in our website through social plug-ins. You can find more detailed information on the scope and purpose of collection and use of the data and your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://help.instagram.com/155833707900388

Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Use of social plug-ins via “Shariff”

Our website uses social network plug-ins. We use data protection-compliant “Shariff” buttons to ensure that you retain control over your data.No connection is made to the social network servers and no data submitted without your explicit consent. “Shariff” was developed by specialists at the computer magazine c't. It enables more personal privacy in the network and replaces the usual social network "share" buttons. You can find more information on the Shariff project here https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

When you click the buttons a pop-up window appears, allowing you to log on with the relevant provider using your data. It is only after you actively login that a direct connection to the social network is set up. By logging in, you give your permission for the transfer of your data to the respective social media provider. At this time, information such as your IP address and which websites you have visited is transmitted. Should you be connected simultaneously with one or more of your social network accounts, the information collected is also assigned to your corresponding profiles. Therefore, you can only prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts. The social networks listed below are integrated with the “Shariff” function. You can find more detailed information on the scope and purpose of collection and use of the data, your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) https://help.instagram.com/155833707900388.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Use of social plug-ins via the “2-click solution”

Our website uses social network plug-ins via the “2-click solution”. No connection is made to the social network servers and no data submitted without your explicit consent.Standard integration of plug-ins set up a connection between your computer and the provider’s servers when you call up pages on our website which contain such a plugin, allowing the plug-in to be shown on the web page by a notice sent to your browser. Both your IP address and the fact that you have visited our web pages are transmitted to the provider’s servers. This happens regardless of whether you are registered with or logged into the social network. The information is transferred even if users are not registered or logged in. If you are also logged into the social network, this information is also assigned to your user profile. When you use plug-in functions (e.g. activate the button) this information is also assigned to your user account, which you can only prevent by logging out before using the plug-in. To ensure that you retain control over your data we have decided to initially deactivate the corresponding button. This is shown by the greyed-out button. No connection is made to the social network servers and no data submitted without your explicit consent - in the form of activation of the button.Only when you activate the button does it become active (highlighted) and set up a direct connection to the social network’s servers.By logging in, you give your permission for the transfer of your data to the respective social media provider. At this time, information such as your IP address and which websites you have visited is transmitted. Should you be connected simultaneously with one or more of your social network accounts, the information collected is also assigned to your corresponding profiles. Therefore, you can only prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts.

The social networks listed below are integrated with the “2-click function”. You can find more detailed information on the scope and purpose of collection and use of the data, your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
http://instagram.com/legal/privacy/
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Use of Google reCAPTCHA
Our website uses the reCAPTCHA service by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). The request serves to distinguish whether the input was made by a human or automatic machine processing. For this purpose your input will be transmitted to Google and used by them further. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transferred to Google. This data will be processed by Google within the EU and potentially also in the USA.

For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para.1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.

You can find more detailed information on Google reCAPTCHA and the associated data protection declaration at: https://www.google.com/recaptcha/intro/android.html and

https://www.google.com/privacy.

Use of Google invisible reCAPTCHA
Our website uses the invisible reCAPTCHA service by reCAPTCHA der Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland; "Google"). This serves to distinguish whether the input was made by a human or automatic machine processing. In the background, Google collects and analyses usage data which is also used by invisible reCaptcha to distinguish between regular users and bots. For this purpose your input will be transmitted to Google and further used there. In addition, the IP address and, where applicable, other data required by Google for the invisible reCAPTCHA service will be transmitted to Google. This data will be processed by Google within the European Union and, where necessary, also in the USA.

The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.

You can find more detailed information on Google reCAPTCHA and the associated data privacy policy at: https://www.google.com/recaptcha/intro/android.html

and https://www.google.com/privacy.

Use of Google Translate
We use the translation service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website via API integration. The data processing serves the purpose of presenting the information provided on the website in a different language. In order for the translation to be automatically displayed after you have selected a national language, the browser you are using connects to the Google servers. Cookies may be used for this purpose. Thereby, among other things, the following information can be collected and processed: IP address, URL of the page visited, date and time. Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more information on the collection and use of your data by Google at: https://www.google.com/policies/privacy/.

Rights of persons affected and storage duration

Duration of storage

After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.

Rights of the affected person

If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.

Right to complain to the regulatory authority

You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.

You can lodge a complaint with, among others, the supervisory authority responsible for us, which you may reach at the following contact details:

Hessischer Beauftragter für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Tel.: +49 611 14080
Fax: +49 611 1408900 oder +49 611 1408901
E-Mail: poststelle@datenschutz.hessen.de

Right to object

If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.

If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.

last update: 22.10.2024