Log in
Data Protection
1. Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes any data that can be used to personally identify you. For detailed information on data protection, please refer to our full Privacy Policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find the contact details in the section “Information on the Responsible Party” in this Privacy Policy.
How do we collect your data?
Some data is collected when you provide it to us, such as through a contact form.
Other data is automatically collected or obtained with your consent when you visit the website. This mainly includes technical data (e.g., internet browser, operating system, or the time of page access). This data is collected automatically as soon as you access our site.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze how users interact with the site.
What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of your data. If you have given consent to data processing, you may withdraw this consent at any time going forward. Additionally, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time with questions about your rights or data protection in general.
Analytics and Third-Party Tools
When visiting this website, your usage may be statistically evaluated using analytics tools. This happens primarily with the use of cookies and analytics software.
You can find detailed information about these tools in the full Privacy Policy below.
2. Hosting
We host the content of our website with the following provider:
IONOS
The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereafter “IONOS”). When you visit our website, IONOS collects various log files, including your IP address.
For more details, please refer to the IONOS privacy policy: https://www.ionos.com/terms-gtc/terms-privacy.
The use of IONOS is based on Art. 6(1)(f) GDPR.
We have a legitimate interest in the most reliable presentation of our website. Where consent has been requested (e.g., consent to the storage of cookies or access to device information), processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act). Consent can be withdrawn at any time.
Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) with the above provider. This is a contract required by data protection law that ensures they process personal data only according to our instructions and in compliance with the GDPR.
3. General Information and Mandatory Disclosures
Data Protection
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
When you use this website, various personal data may be collected. Personal data is any data that can be used to identify you personally. This Privacy Policy explains what data we collect, how we use it, and for what purposes.
Please note that data transmission over the internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of your data from access by third parties is not possible.
Information About the Responsible Party
The data controller for this website is:
to the top sportswear GmbH
Freiberger Str. 26
D-74379 Ingersheim
Phone: +49123 456789
Email: info@to-the-top.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Data Retention
Unless a more specific retention period is stated in this privacy policy, we will retain your personal data until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for retaining it (e.g., tax or commercial law retention periods); in the latter case, data will be deleted once those reasons no longer apply.
Legal Bases for Data Processing on This Website
If you have given your consent, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. If you have explicitly consented to the transfer of personal data to third countries, data processing is also carried out based on Art. 49(1)(a) GDPR. If you consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on § 25(1) TTDSG. Consent may be withdrawn at any time.
If your data is required for the performance of a contract or pre-contractual measures, we process it on the basis of Art. 6(1)(b) GDPR. If your data is required to fulfill a legal obligation, processing is based on Art. 6(1)(c) GDPR. Furthermore, data may be processed based on our legitimate interest under Art. 6(1)(f) GDPR. The relevant legal basis for each processing activity is outlined in the respective section of this Privacy Policy.
Recipients of Personal Data
As part of our business operations, we work with various external service providers. In some cases, it may be necessary to transmit personal data to them. We only disclose personal data if required to fulfill a contract, if we are legally obligated to do so (e.g., to tax authorities), if we have a legitimate interest in the disclosure under Art. 6(1)(f) GDPR, or if another legal basis permits it. When using data processors, we only share personal data based on a valid Data Processing Agreement (DPA). In cases of joint processing, we conclude a Joint Controller Agreement.
Withdrawal of Your Consent to Data Processing
Many data processing operations require your explicit consent. You can withdraw your consent at any time with future effect. The legality of data processing carried out prior to the withdrawal remains unaffected.
Right to Object to Data Processing in Special Cases and to Direct Marketing (Art. 21 GDPR)
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions.
The applicable legal basis for each processing activity can be found in this Privacy Policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or if processing is necessary to establish, exercise, or defend legal claims (objection under Art. 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such marketing. This also applies to profiling, where it is related to such direct marketing.
If you object, your personal data will no longer be used for direct marketing (objection under Art. 21(2) GDPR).
Right to Lodge a Complaint with a Supervisory Authority
In the event of a violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or the location of the alleged violation. This right exists in addition to other administrative or judicial remedies.
Right to Data Portability
You have the right to receive the personal data we process based on your consent or in fulfillment of a contract in a structured, commonly used, and machine-readable format. You also have the right to request the direct transmission of this data to another controller, where technically feasible.
Right to Access, Rectification, and Deletion
In accordance with applicable law, you have the right at any time to request information free of charge about your stored personal data, its origin and recipient, and the purpose of data processing. You may also have the right to request correction or deletion of this data. For further questions about personal data, you can always contact us.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. You may contact us at any time to request this. The right to restrict processing applies in the following cases:
-
If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the review period, you have the right to request restriction of processing.
-
If the processing of your data is unlawful, you may request restriction instead of deletion.
-
If we no longer need your data, but you need it for the establishment, exercise, or defense of legal claims, you may request restriction instead of deletion.
-
If you have objected under Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not clear whose interests prevail, you have the right to request the restriction of processing.
If you restrict the processing of your personal data, it may only be processed — aside from storage — with your consent or for legal claims, or to protect the rights of another person or for reasons of important public interest of the EU or a Member State.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries), this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser’s address bar switching from “http://” to “https://” and by the lock icon in your browser bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted Payments on This Website
If, after entering into a contract involving payment, you are required to send us your payment data (e.g., account number), this data is necessary for payment processing.
Payment transactions using common methods (Visa/MasterCard, direct debit) are only carried out via encrypted SSL or TLS connections. With encrypted communication, your payment data cannot be read by third parties.
Objection to Promotional Emails
We hereby object to the use of contact data published as part of the legal notice requirement for sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.
4. Data Collection on This Website
Cookies
Our website uses so-called "cookies." Cookies are small data files that are stored on your device and do not cause any harm. Some cookies are temporary (session cookies), and others are stored permanently (persistent cookies). Session cookies are automatically deleted when you leave the site. Persistent cookies remain on your device until you delete them or your browser removes them automatically.
Cookies can be placed by us (first-party cookies) or by third parties (third-party cookies). Third-party cookies allow the integration of specific third-party services (e.g., payment services).
Cookies serve a variety of functions. Some are technically necessary for the operation of the website (e.g., shopping cart function, video display). Others are used to analyze user behavior or serve advertising purposes.
Cookies necessary for electronic communication, certain website functions you request (e.g., shopping cart), or to optimize the website (e.g., measuring web audience) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically sound and optimized provision of services. If consent for the storage of cookies or access to your device (e.g., device fingerprinting) is requested, processing is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. You can withdraw your consent at any time.
You can configure your browser to notify you about cookie usage and to allow cookies only in specific cases, to accept them under certain conditions, or to delete them automatically when closing the browser. Disabling cookies may limit the functionality of this website.
For details on cookies and third-party services used on this site, please refer to this Privacy Policy.
Server Log Files
The provider of this site automatically collects and stores information in server log files, which your browser transmits to us automatically. This includes:
-
Browser type and version
-
Operating system used
-
Referrer URL
-
Hostname of the accessing device
-
Time of the server request
-
IP address
These data are not combined with other data sources.
This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website — for this, server log files must be collected.
Contact Form
If you send us inquiries via a contact form, your details from the form, including the contact information you provide, will be stored by us to process the request and follow-up questions. We do not share this data without your consent.
This data is processed based on Art. 6(1)(b) GDPR if your request is related to a contract or is necessary for pre-contractual measures. In all other cases, data processing is based on our legitimate interest in effectively processing inquiries (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), if requested. Consent can be withdrawn at any time.
The data you provide in the contact form remains with us until you request deletion, withdraw your consent to storage, or the purpose for storage no longer applies (e.g., after your request has been completed). Mandatory legal provisions — especially retention periods — remain unaffected.
Requests via Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including any resulting personal data (name, request), will be stored and processed to handle your request. We do not share this data without your consent.
This data is processed based on Art. 6(1)(b) GDPR if your inquiry is related to a contract or necessary for pre-contractual actions. In all other cases, data processing is based on our legitimate interest in efficiently handling requests (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), if given. Consent may be withdrawn at any time.
The data you provide will remain with us until you request deletion, revoke your consent, or the purpose of data storage no longer applies. Mandatory legal provisions — especially statutory retention periods — remain unaffected.
5. Analytics Tools and Advertising
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate and manage tracking tools and other technologies on our website. The Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the quick and easy integration and management of various tools on our website. If consent has been requested (e.g., consent to store cookies or access information on your device), processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be withdrawn at any time.
Google is certified under the EU-U.S. Data Privacy Framework (DPF), ensuring compliance with European data protection standards for data processing in the U.S. For more information, visit: DPF Certification Details.
Google Analytics
This website uses features of the web analytics service Google Analytics, provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of visit, operating systems used, and the user's origin. These data are assigned to the respective device of the user. A user ID is not assigned.
Furthermore, Google Analytics allows us to record, among other things, your mouse and scroll movements and clicks. Google Analytics uses various modeling approaches to supplement the collected data and employs machine learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be withdrawn at any time.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: Google Data Terms.
Google is certified under the EU-U.S. Data Privacy Framework: Certification Details.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information on how Google Analytics handles user data, visit: https://support.google.com/analytics/answer/6004245?hl=en.
Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics E-Commerce Tracking
This website uses the "E-Commerce Tracking" feature of Google Analytics. E-Commerce Tracking allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing a product to purchasing it are recorded. These data can be summarized by Google under a transaction ID, which is assigned to the respective user or their device.
Google Ads
The website operator uses Google Ads, an online advertising program provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Additionally, targeted advertisements can be displayed based on the user data available at Google (e.g., location data and interests) (audience targeting). As the website operator, we can evaluate these data quantitatively, for example, by analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be withdrawn at any time.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: Google Data Terms.
Google is certified under the EU-U.S. Data Privacy Framework: Certification Details.
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing, provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads Remarketing allows us to assign people who interact with our online offer to specific target groups to display interest-based advertising to them within the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. This allows interest-based, personalized advertising messages that have been adapted to you based on your previous usage and surfing behavior on one device (e.g., mobile phone) to be displayed on another of your devices (e.g., tablet or PC).
If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be withdrawn at any time.
Further information and the privacy policy can be found in Google's privacy policy: https://policies.google.com/technologies/ads?hl=en.
Google is certified under the EU-U.S. Data Privacy Framework: Certification Details.
Audience Building with Customer Match
To build target audiences, we use Google Ads Remarketing's Customer Match feature. We transmit specific customer data (e.g., email addresses) from our customer lists to Google. If the respective customers are Google users and are logged into their Google account, they will be shown appropriate
Google Conversion Tracking
This website uses Google Conversion Tracking, a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Conversion Tracking allows Google and us to determine whether a user has completed certain actions. For example, we can evaluate which buttons were clicked on our site and which products were most frequently viewed or purchased. These insights help us compile conversion statistics. We receive aggregate data on users who interacted with our ads and the actions they took. We do not receive information that personally identifies users. Google uses cookies or similar recognition technologies for identification.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
For more information on Google Conversion Tracking, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=en
Google is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the EU and the U.S. to ensure adequate data protection standards for data transfers. Certified companies are committed to complying with these standards. More information is available here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Klaviyo
We use Klaviyo on this website, a service provided by Klaviyo Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, USA.
Klaviyo is a marketing automation tool used for sending emails, SMS, push notifications, and collecting customer reviews for eCommerce merchants.
Klaviyo processes consent for email marketing and may collect the following data: name, phone number, email address, physical address, IP address, device identifiers, and usage data (e.g., user interaction with Klaviyo’s platform, website or emails, browser used, OS, and referrer URL).
The use of Klaviyo is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
For more details, please refer to Klaviyo’s Privacy Policy: https://www.klaviyo.com/legal/privacy
Klaviyo is certified under the EU-U.S. Data Privacy Framework (DPF). More information is available here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000012uf9AAA&status=Active
Klaviyo also uses Standard Contractual Clauses (SCCs) for data transfers: https://www.klaviyo.com/legal/data-processing-agreement
We have signed a Data Processing Agreement (DPA) with Klaviyo to ensure data is processed only under our instruction and in compliance with GDPR.
Meta Pixel (formerly Facebook Pixel)
This website uses the Meta Pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the data collected may also be transmitted to the U.S. and other third countries.
The Meta Pixel allows us to track the actions of website visitors after they click on a Facebook ad and are redirected to our site. This allows us to measure ad effectiveness for statistical and market research purposes and improve future advertising efforts.
The data collected is anonymous to us and does not allow us to identify users. However, Meta may link this data to your Facebook account and use it for its own advertising purposes, according to Meta’s data policy: https://www.facebook.com/about/privacy/
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
We use the advanced matching function of the Meta Pixel, which allows us to transmit additional data (e.g., location, state, ZIP code, hashed email addresses, names, gender, date of birth, or phone numbers) to Meta. This helps improve ad targeting, conversion tracking, and custom audience creation.
If Meta processes personal data collected on our website, we and Meta Platforms Ireland Limited are jointly responsible (Art. 26 GDPR) for the data collection and its transmission to Meta. A joint processing agreement defines the respective responsibilities: https://www.facebook.com/legal/controller_addendum
Meta is responsible for securing its products and handling user rights related to the data it processes. If you submit a data subject request to us, we are obligated to forward it to Meta.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381
For more on how Meta protects your data, visit: https://www.facebook.com/about/privacy/
You can opt out of Meta’s Custom Audiences feature here (must be logged in): https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
If you do not have a Facebook account, you can opt out of interest-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/
Meta is certified under the EU-U.S. Data Privacy Framework (DPF): https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
6. Newsletter
Newsletter Data
If you would like to subscribe to the newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.
The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of your data, email address, and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.
The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or once the purpose has been fulfilled. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.
Data stored for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for newsletter distribution (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
7. Plugins and Tools
Adobe Fonts
This website uses Adobe Web Fonts to ensure a uniform presentation of fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA ("Adobe").
When you access this website, your browser loads the required fonts directly from Adobe in order to display them correctly on your device. In doing so, your browser establishes a connection to Adobe’s servers in the United States. This informs Adobe that your IP address was used to access our website. According to Adobe, no cookies are stored when fonts are provided.
The storage and analysis of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the site's typeface. If consent was requested (e.g. consent to the storage of cookies or access to device information as defined under the TTDSG), processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may withdraw your consent at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details are available here: https://www.adobe.com/privacy/eudatatransfers.html
Further information about Adobe Fonts can be found at:
https://www.adobe.com/privacy/policies/adobe-fonts.html
Adobe’s full privacy policy is available at:
https://www.adobe.com/privacy/policy.html
Adobe is certified under the EU-U.S. Data Privacy Framework (DPF), a framework designed to ensure compliance with European data protection standards for data processing in the U.S. For more details, visit:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TNo9AAG&status=Active
8. eCommerce and Payment Providers
Processing Customer and Contract Data
We collect, process, and use personal customer and contract data to initiate, define, and modify our contractual relationships. We only collect, process, and use personal usage data (i.e., data collected while you use this website) to the extent necessary to enable or bill for the use of our services. The legal basis for this is Art. 6(1)(b) GDPR.
Collected customer data is deleted once the contract has been fulfilled or the business relationship has ended, provided no statutory retention periods apply. Legal retention periods remain unaffected.
Data Transfer When Concluding Contracts for Online Stores, Retailers, and Shipping
When you order products from us, we share your personal data with the shipping company responsible for delivery and the payment service provider handling the payment process. We only provide the information necessary for each service provider to fulfill their task. The legal basis for this is Art. 6(1)(b) GDPR, which permits data processing for the fulfillment of a contract or pre-contractual measures. If you have provided your consent in accordance with Art. 6(1)(a) GDPR, we will also share your email address with the shipping provider so they can notify you about the shipping status of your order. You can withdraw this consent at any time.
Payment Services
We integrate payment services from third-party providers on our website. When you make a purchase, your payment data (e.g., name, payment amount, bank details, credit card number) is processed by the payment service provider for the purpose of handling the payment. The respective contractual and privacy policies of each provider apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract performance) and our legitimate interest in a smooth, convenient, and secure payment process (Art. 6(1)(f) GDPR). Where specific consent is requested, Art. 6(1)(a) GDPR serves as the legal basis. Consent may be withdrawn at any time with future effect.
We use the following payment services on our website:
PayPal
Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg
Data transfer to the U.S. is based on the EU Commission’s Standard Contractual Clauses.
Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Apple Pay
Provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
Privacy policy: https://www.apple.com/legal/privacy/de-ww/
Google Pay
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy
Shopify Payments
Provider: Shopify International Limited, 2nd Floor Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland
Privacy policy: https://www.shopify.de/legal/datenschutz
American Express
Provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany
Data may be transferred to the parent company in the U.S., based on Binding Corporate Rules.
Privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html
Mastercard
Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Data may be transferred to the parent company in the U.S., based on Mastercard’s Binding Corporate Rules.
Privacy policy:
https://www.mastercard.de/de-de/datenschutz.html
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf
VISA
Provider: Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, United Kingdom
The UK is considered a safe third country under EU data protection laws.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses.
Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
