Privacy policy

We appreciate your interest in our online store at www.overkillshop.com. The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.

Responsible in terms of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Overkill GmbH
Managing directors: Thomas Peiser, Marc Leuschner
Köpenicker Street 195 A
10997 Berlin
Germany

Phone: +49 (0) 30 69 50 61 26
E-mail: [email protected]

The data protection officer of Overkill GmbH is:
Thorsten Schuster
Leykestrasse 25, 12053 Berlin, Germany
Member of the professional association of data protection officers in Germany www.bvdnet.de
[email protected]

I. General

1. Scope of the processing of personal data

As a matter of principle, we collect and use personal data only to the extent necessary to provide a functional website and our content and services. The collection and processing of personal data is regularly carried out only with the consent of the user or in accordance with another legal basis.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) f DSGVO serves as the legal basis for the processing.

3. Use of Artificial Intelligence (AI) and Processing of Personal Data

We use artificial intelligence (AI) technologies in certain areas of our services to increase efficiency, improve response handling, and optimize our offerings. In doing so, personal data may also be processed by AI systems. The protection of your data is our highest priority.
Nature and Purpose of ProcessingPersonal data is only processed by AI systems when necessary for a specific purpose. AI may be used, for example, to:

Support the handling of customer inquiries (e.g., via automated text suggestions),
Analyze information for internal process optimization,
Generate content or responses in the context of digital communication.

The AI systems used do not make decisions with legal or similarly significant effects within the meaning of Article 22 GDPR.

Legal Basis
The processing of personal data by AI takes place exclusively on the basis of a valid legal ground, in particular:

Article 6(1)(b) GDPR – if the processing is necessary for the performance of a contract,
Article 6(1)(f) GDPR – for the purposes of legitimate interests, provided that no overriding interests of the data subject prevent such processing.

Our legitimate interests include improving service quality, increasing internal efficiency, and enhancing request handling.

Transparency and Data Subject Rights

We provide transparent information about our use of AI in this privacy policy. You are also entitled to all rights under Articles 15–22 GDPR – in particular, the right to access, rectification, erasure, restriction of processing, data portability, and objection.

Automated decision-making with legal effect will not occur without your explicit consent. If such use arises, we ensure appropriate safeguards are in place, including the possibility of human intervention.

Processors and Third-Party Providers

Where external providers or platforms (e.g., cloud services or AI models) are involved in the use of AI, personal data is processed strictly on the basis of a data processing agreement in accordance with Article 28 GDPR. All providers are carefully selected, contractually bound, and integrated in a GDPR-compliant manner.

Transfers of personal data to countries outside the EU (third countries) only occur if there is an adequacy decision by the European Commission (e.g., the EU-U.S. Data Privacy Framework) or appropriate safeguards such as standard contractual clauses are in place.

Storage Duration

Personal data processed in the context of AI usage is only stored as long as necessary for the intended purpose or required by statutory retention obligations. Longer storage periods are only applied based on an appropriate legal basis.

4. Data deletion and storage period

In principle and unless otherwise specified, personal data will only be stored until the purpose of collection and storage ceases to apply. In accordance with your consent, data may also be stored for longer as long as you do not revoke your consent. In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the responsible party is subject. Blocking or deletion of the data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

5. Use of Third Party Order Processors

In performing the services we offer, we use external service providers who, among other things, also process your personal data as processors exclusively on our behalf. This concerns in particular the following categories of processors:

CRM and hosting service providers
E-commerce store system providers
Payment service providers
Shipping service providers
Newsletter dispatch service providers

We have concluded agreements with all such processors - where required by law - on the processing of personal data on behalf pursuant to Art. 28 DSGVO.

II. Provision of the Website

1. Access Data

You can visit our websites for purely informational purposes, i.e. if you do not register or otherwise transmit information to us, without providing any personal information. Each time you visit a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the request, the amount of data transferred and the requesting provider (access data) and documents the request.

This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. We do not draw any conclusions about your person when using this general data and information. In accordance with Art. 6 para. 1 p. 1 lit. f DSGVO, this serves to protect our legitimate interests in a correct presentation of our offer, which outweigh our interests in the context of a balancing of interests.

2. SSL / TSL Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the “https://” instead of “http://” in the address line of the browser and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

3. Hosting Services by a Third-Party Provider

We use the Shopify Inc. platform ("Shopify") of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland to host and display our online store.

All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on behalf of Shopify. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission. Further information on Shopify's data protection can be found at the following website https://www.shopify.de/legal/datenschutz and in the whitepaper https://help.shopify.com/pdf/gdpr-whitepaper.pdf.

All data collected in the course of using this website or in forms provided for this purpose in the online store as described below are processed on these servers. Processing on other servers only takes place within the framework explained here.

The personal customer data can be deleted 180 days after a customer's last order, as Shopify retains the customer data for this long in case of a chargeback. The deletion is noted in the system and takes place automatically on the cut-off date. In the meantime, the customer data is blocked and can no longer be used. During the deletion period, the account can be reactivated by the customer by resetting the password. The deletion request remains valid, the deletion takes place on the key date.

III. Further Data Processing

1. Data Processing for Contract Processing, for Contacting, in the User Account

We collect personal data if you provide it voluntarily in the context of your order or when contacting us (e.g. e-mail). Mandatory fields are marked as such, because in these cases we need the data to process the contract, or to process your contact, because without their information we can not send the order or the contact.

1.1 E-mail contact

When contacting us via e-mail, we will only process your first and last name as well as your e-mail address.

1.2 Order

When you place an order, we process your name, address, telephone number and e-mail address. Your payment data will only be processed by our payment providers, see point 3.2.

1.3 User account

When you create a user account with us, we initially only process your name and email address. Your data will be stored on the servers of Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland) and Pixi/ Descartes Systems (Germany) GmbH Barer Str. 44, D-80799 Munich for processing. You can find the privacy policy of Pixi/ Descartes Systems here: https://www.pixi.eu/datenschutz. The privacy policy of Shopify can be found here: https://www.shopify.de/legal/datenschutz

We use the data provided by you in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO for contract processing and processing your requests.

After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data. The deletion of your customer account is possible at any time, subject to legal retention periods, and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.

To operate our online store, we use the external service provider Shopify, which processes the aforementioned data on our behalf. Shopify is a service of Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; privacy policy: https://www.shopify.com/legal/privacy).

To manage contact and relationships with our customers, we use the technical service provider Klaviyo, which processes the mentioned data on our behalf. Klaviyo is a service of Klaviyo, Inc., 125 Summer St, Floor 6, Boston, MA 02111 United States (https://www.klaviyo.com/). We also transmit information about your user behavior on our website through the use of cookie technology to create and display personalized content, as well as to target behavior-based audiences within personalized email marketing to Klaviyo. You have the option to withdraw your consent at any time through your individual cookie settings.

2. Delivery of Goods and Payment

2.1 Delivery Services

In order to deliver your ordered goods safely and on time, we rely on the services of shipping companies. The data necessary for the delivery will be passed on to the delivering shipping company within the framework of the contract processing. This concerns in particular your first name and surname, your telephone number and the delivery address and the email address specified by you. The legal basis for this is Art. 6 para. 1 p. 1 lit. b DSGVO.

The shipping companies commissioned by us are:

DHL GmbH, Sträßchensweg 10; 53113 Bonn, Germany.
You can find the privacy policy of DHL GmbH here: https://www.dhl.de/de/toolbar/footer/datenschutz.html
Fedex Express Germany GmbH Langer Kornweg 34K, 65451 Kelsterbach, Germany
The privacy policy of FedEx can be found here: https://www.fedex.com/de-de/privacy-policy.html

2.2 Payment service provider

Depending on which payment method you select in the purchase process in our online store, these payment service providers collect payment data for the corresponding processing of these payments. In some cases, you must register with the respective payment service provider in the ordering process with your access data.

The payment service providers integrated with us are:

Shopify Payments (credit card payments, ApplePay, Google Pay, Shop Pay, iDEAL).
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank code, any credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b DSGVO. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose.

You can find more information on the data protection of Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy .

You can find data protection information on Stripe Payments Europe Ltd. here: https://stripe.com/de/privacy

PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg
When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these have your basis in a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. Further information on data protection can be found in the PayPal data protection principles:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden

If you select Klarna as your payment method, Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, will process your payment data in accordance with Art. 6 (1) lit. b DSGVO for the purpose of executing the payment transaction. This includes your name, address, e-mail address, and payment details (e.g. account or credit card information). Klarna may also perform a credit check if applicable, to determine eligibility for payment methods. The applicable data protection provisions of Klarna can be found at: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

Your payment data will only be shared with Klarna for the purpose of processing your payment, in compliance with the applicable data protection regulations. Klarna reserves the right to perform a credit check depending on the payment method selected.

3. E-Mail Newsletter

If you register for our free newsletter to receive information about new products, valuable tips or exclusive offers, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.

The registration for our newsletter takes place in a so-called double opt-in process. This means that you will receive an e-mail after registration in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.

Unsubscribing from the newsletter is possible at any time and can be done either by sending an e-mail to our service team at [email protected] or via a link provided for this purpose in the e-mail newsletter. After unsubscribing, we will delete your e-mail address, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

The newsletter is sent out by a service provider on our behalf, to whom we share your email address, your name, and—if provided—your information preferences. Our newsletters are dispatched via the technical service provider Klaviyo, Inc., 125 Summer St, Floor 6 Boston, MA 02111 United States (https://www.klaviyo.com/), to whom we transfer the data provided during newsletter registration. Klaviyo is an email marketing platform that allows us to manage and analyze newsletters and email marketing campaigns.

When signing up for our newsletter, we transmit personal data, such as your email address, to Klaviyo. This data is used for sending the newsletter as well as for analyzing and optimizing our email campaigns. Klaviyo tracks whether emails are opened and which links are clicked. Klaviyo uses this information for sending and statistically evaluating newsletters and email marketing mailings, with an integrated customer data platform (CDP). The sent emails contain so-called web beacons or tracking pixels, which are stored as 1-pixel image files on our website. This allows us to determine whether a newsletter or email marketing message was opened and which links may have been clicked. Additionally, technical information such as the time of retrieval, your IP address, browser type, and operating system may be collected. The data is processed pseudonymously and not linked to your other personal data.

The processing is based on your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time by using the unsubscribe link in any email sent to you or by contacting us directly.

Since Klaviyo is based in the USA, please note that your data is generally transferred to a server in a third country. To protect your personal data, we have concluded a data processing agreement with Klaviyo based on the standard contractual clauses of the European Commission. This contract ensures that your data is processed in compliance with European data protection standards. For more information, please visit: https://www.klaviyo.com/legal/dpa.

For additional information on data processing by Klaviyo and their privacy policies, please visit: https://www.klaviyo.com/legal/privacy-notice.

IV. Cookies and Web Analysis

In order to make the visit to our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests in an optimized presentation of our offer, which prevail in the context of a balancing of interests, in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us to recognize your browser the next time you visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find this for the respective browsers under the following links:

Internet Explorer™: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: https://help.opera.com/de/latest/web-preferences/#cookies

If cookies are not accepted, the functionality of our website may be limited.

1. Basis of Processing

We use cookies in accordance with Art. 6 para. 1 lit. c) DSGVO, insofar as this is necessary for the fulfillment of a legal obligation to which we are subject, as well as, pursuant to Art. 6 para. 1 lit. f) DSGVO, for the protection of our legitimate interests in an optimized presentation of our offer, which prevail in the context of a balancing of interests. We only use other cookies that are not absolutely necessary, e.g. cookies that allow us to monitor and evaluate user behavior for market analysis purposes, if you have given us your consent pursuant to Art. 6 (1) a) DSGVO. These are third-party cookies that are used when you use our services. You can find details in the following sections. Unless otherwise stated, the transfer of your data to third parties in the USA, whose cookies are used via our website, takes place within the framework of the EU-USA Privacy Shield. However, there is currently no adequacy decision from the European Commission for the USA. Unless explicitly stated otherwise, we use the following cookies and trackers only with your consent. The basis of the processing is therefore Art. 6 (1) a) DSGVO.

2. Use of Google (Universal) Analytics for Web Analysis

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices. We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behavior is recorded in the form of “events”. Events may include: page views; first visit to the website; start of the session; web pages visited; your “click path”, interaction with the website; scrolls; clicks on external links; internal search queries; language setting; etc.

Also recorded: your approximate location (region), date and time of the visit, your IP address (in abbreviated form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution), your internet provider, the referrer URL.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR), Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

The data sent by us and linked to cookies is automatically deleted after 2 [OR: 14 months]. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

a.) not giving your consent to the setting of the cookie or

b.) downloading and installing the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

3. Microsoft Clarity for Web Analysis

If you have given your consent, this website uses Microsoft Clarity for the purpose of anonymization and the creation of statistics and analysis of usage behavior for the creation of usage statistics.

The legal basis for the processing is your consent in accordance with Art. 6 (1) a GDPR. Data is transferred to the independent controller Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The legal basis for the transfer of data to Microsoft Ireland Operations Ltd. is your consent in accordance with Art. 6 (1) a GDPR. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF).

To contact the Data Protection Officer of Microsoft Ireland Operations Ltd. by email, you can find all the information you need here: https://www.microsoft.com/de-at/concern/privacy. The privacy policy of Microsoft Ireland Operations Ltd. can be found here: https://privacy.microsoft.com/de-de/privacystatement.

4. Cookiebot by Usercentrics for Consent Management

We use the consent management tool Cookiebot by Usercentric, Usercentrics A/S, Havnegade 39, 1058 Kopenhagen, Denkmark on our website.

We use Cookiebot by Usercentrics to obtain the consent required under data protection law for the storage of marketing and analysis cookies.

The legal basis for processing is Art. 6 para. 1 lit. c GDPR. The processing is necessary to fulfill a legal obligation (obtaining and managing consent under data protection law).

V. Online-Marketing

1. Google Ads Remarketing

Through Google Ads, we advertise for this website in Google search results as well as on third-party websites. If you have given us your consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, the so-called remarketing cookie is set by Google when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous CookieID and on the basis of the pages you visit. After the end of the purpose and the end of the use of Google Ads Remarketing by us, the data collected in this context will be deleted.

Any further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalize ads you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form target groups.

Google Ads is a service provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield.

A current certificate can be viewed here.

You can revoke your consent at any time with effect for the future by deactivating the remarketing cookie via this link. In addition, you can find out more about the setting of cookies from the Digital Advertising Alliance and make settings for this.

2. Affiliate Partner Program / Webgains

We participate in the affiliate program "Webgains" of the company Webgains Deutschland ad pepper media GmbH Frankenstraße 150C FrankenCampus, 90461 Nuremberg. Webgains is a German affiliate network that offers affiliate marketing – an Internet-based form of distribution that enables commercial operators to display advertising, which is usually remunerated via click or sales commissions, on third-party sites.

In doing so, we use cookies from Webgains – small text files that are stored on your device in order to be able to trace the origin of orders. For example, Webgains can recognize that you have reached our website via an affiliate link.

You can find more information about data usage at Webgains here.

3. Google Maps

This website uses Google Maps for the visual representation of geographical information. Google Maps is a service provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in an optimized presentation of our offer as well as easy accessibility of our locations in accordance with Art. 6 para. 1 lit. f) DSGVO.

When using Google Maps, Google transmits or processes data about the use of the Maps functions by website visitors, which may include, in particular, the IP address and location data. We have no influence on this data processing.

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here.

In order to deactivate the Google Maps service and thus prevent data transmission to Google, you must deactivate the Java Script function in your browser. In this case, Google Maps cannot be used or can only be used to a limited extent.

Further information about Google's data processing can be found in Google's privacy policy. The terms of use for Google Maps contain detailed information about the map service. The data processing is executed on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view here.

4. Google reCAPTCHA

For the purpose of protecting against misuse of our web forms and spam, we use the Google reCAPTCHA service as part of some forms on this website. Google reCAPTCHA is a service provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). By verifying a manual entry, this service prevents automated software (so-called bots) from performing abusive activities on the website. In accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, this serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the protection of our website against misuse and in a trouble-free presentation of our online presence.

Google reCAPTCHA uses methods that enable an analysis of your use of the website, such as cookies, by means of a code integrated into the website, a so-called JavaScript, as part of the check. The automatically collected information about your use of this website, including your IP address, is usually transmitted to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.

Personal data is not read or stored from the input fields of the respective form.

You can prevent the collection of data generated by the JavaScript or the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by preventing the execution of JavaScripts or the setting of cookies in your browser settings. Please note that this may limit the functionality of our website for your use.

You can find more information about Google's privacy policy here.

4. Cloudflare reCAPTCHA

For the purpose of protecting against misuse of our web forms and spam, we also use the provider Cloudflare, Cloudflare Germany GmbH, Rosental 7, 80331 Munich (Cloudflare, 101 Townsend St, San Francisco, CA 94107, USA) in the context of some forms on this website. You can find more information about Cloudflare's privacy policy here.

VI. Social Media PlugIns

1. Use of Social Plugins from Facebook, Google, Twitter, Instagram, Pinterest, TikTok

So-called social plugins ("plugins") from social networks are used on our website.
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider (possibly in the USA) and stored there. If you are logged in to one of the services, the providers can directly assign your visit to our website to your profile in the respective social network. If you interact with the plugins, for example by clicking the "Like" or "Share" button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information will also be published on the social network and displayed to your contacts. This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. The purpose and scope of the data collection and the further processing and use of the data by the providers as well as a contact option and your rights and setting options in this regard for the protection of your privacy can be found in the data protection information of the providers.

Facebook: https://de-de.facebook.com/about/privacy/
Twitter: https://twitter.com/de/privacy
Instagram: https://help.instagram.com/155833707900388
Pinterest: https://policy.pinterest.com/de/privacy-policy
TikTok: https://www.tiktok.com/legal/privacy-policy

If you do not want the social networks to assign the data collected via our website directly to your profile in the respective service, you must log out of the corresponding service before visiting our website. You can also completely prevent the loading of the plugins with add-ons for your browser, e.g. with the script blocker "NoScript" (https://noscript.net/).

2. Youtube Video Plugins

Third-party content is integrated into this website. This content is provided by Google ("Provider").

YouTube is a service provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

For videos from Youtube that are integrated on our site, the extended data protection setting is activated. This means that no information from website visitors is collected and stored on YouTube unless they play the video. The integration of the videos serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.

The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options for the protection of your privacy can be found in the privacy policy of Google https://policies.google.com/privacy.

VII. Your Rights

1. Contact Options and your Rights

As a data subject, you have the following rights:

In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent specified therein;
In accordance with Art. 16 GDPR, you have the right to request the immediate correction of incorrect or incomplete personal data stored by us;
In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing is required

to exercise the right to freedom of expression and information;
to comply with a legal obligation;
for reasons of public interest, or
is necessary for the assertion, exercise or defence of legal claims;

In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as

the accuracy of the data is disputed by you;
the processing is unlawful, but you oppose its deletion;
we no longer need the data, but you need it to assert, exercise or defend legal claims, or
you have lodged an objection to the processing pursuant to Art. 21 GDPR;

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another person responsible;
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of granted consent or objection to a specific use of data, please contact us directly using the contact details in our imprint or our data protection officer:

You can reach our data protection officer at: [email protected]

2. Right of Objection

Insofar as we process personal data as explained above in order to protect our legitimate interests, which predominate in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. Insofar as the processing is carried out for other purposes, you only have the right to object if there are reasons arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the purpose of asserting, exercising or defending legal claims.

This does not apply if the processing is carried out for direct marketing purposes. Then we will no longer process your personal data for this purpose.