Privacy Policy - Engel-Kette

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the subsequent processing operations.
"Personal data" means all information relating to an identified or identifiable natural person.

Server Log Files
You can visit our websites without providing any personal information.
Each time you access our website, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
The processing is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offering.

Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. An adequacy decision from the EU Commission exists for Canada. For the USA, an adequacy decision from the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.

Contact

Controller
Contact us if you wish. The controller for data processing is: Sessorium-Commerce GbR, Hauptstraße 36, 74865 Neckarzimmern, Germany, support@engel-kette.de, +4915151751150

Proactive Contact by the Customer via Email
If you initiate business contact with us by email, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves to process and respond to your contact request.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., consultation regarding purchase interest, preparation of a quote) or concerns a contract already concluded between you and us, this data processing is based on Art. 6(1)(b) GDPR.
If the contact is for other reasons, this data processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR for reasons arising from your particular situation.
We use your email address only to process your request. Your data will subsequently be deleted in compliance with legal retention periods, unless you have consented to further processing and use.

Collection and Processing When Using the Contact Form
When using the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of establishing contact.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., consultation regarding purchase interest, preparation of a quote) or concerns a contract already concluded between you and us, this data processing is based on Art. 6(1)(b) GDPR.
If the contact is for other reasons, this data processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR for reasons arising from your particular situation.
We use your email address only to process your request. Your data will subsequently be deleted in compliance with legal retention periods, unless you have consented to further processing and use.

Use of Google Maps API Address Validation
We use the address validation of the provider Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, "Google") on our website.
The data processing serves the purpose of checking your entries in our address forms in real time for input and spelling errors, and possibly supplementing missing data. For incorrectly entered data, alternative suggestions for data correction are displayed. For this purpose, the address data you enter is transmitted to the provider, stored there, and evaluated.
The following information, among others, may be transmitted to Google and processed there: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transferred to the USA. For the USA, an adequacy decision from the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is thus committed to complying with European data protection principles.
The processing of your personal data is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in a correct data basis for fulfilling our contractual obligations. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider once the status of the entered data has been determined, but no later than after 30 days.
Further information on terms of use and data protection at Google can be found at: https://cloud.google.com/maps-platform/terms and at https://www.google.de/policies/privacy/.

Customer Account | Orders

Customer Account
When opening a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Art. 6(1)(a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of processing based on consent before its withdrawal. Your customer account will then be deleted.

Collection, Processing, and Disclosure of Personal Data for Orders
When ordering, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order and to handle your inquiries. The provision of data is necessary for the conclusion of the contract. Failure to provide it will result in the contract not being concluded. The processing is based on Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data is disclosed, for example, to the shipping companies and dropshipping providers you have chosen, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly observe legal requirements. The scope of data transmission is limited to a minimum.

Advertising

Use of Email Address for Newsletter Mailings
We use your email address, irrespective of contract processing, exclusively for our own advertising purposes for sending newsletters, provided you have expressly consented to this. The processing is based on Art. 6(1)(a) GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.

Use of Klaviyo
We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; “Klaviyo”) for sending newsletters within the scope of order processing.
We pass on the information you provided during newsletter registration (email address, possibly first and last name) to Klaviyo. The data processing serves the purpose of sending newsletters and their statistical evaluation.
To evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect personal data such as your IP address, browser type and device, and the time. Usage profiles can be created from this data under a pseudonym. The data collected is not used to identify you personally. The data collected is only used for statistical analysis to improve newsletter campaigns.
Your data is usually transmitted to Klaviyo's servers in the USA and stored there. For the USA, an adequacy decision from the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo is certified under the TADPF and is thus committed to complying with European data protection principles.
The processing of your personal data is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in a targeted, effective, and user-friendly newsletter system. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.
Further information on data protection at Klaviyo can be found at https://www.klaviyo.com/legal/privacy-notice and at https://www.klaviyo.com/legal/data-processing-agreement.

Payment Service Providers | Credit Assessment

Use of PayPal
We use the payment service PayPal of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR.
All PayPal transactions are subject to the PayPal Privacy Policy. This can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of PayPal Plus
We use the payment service PayPal Plus of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR.
For certain payment methods such as credit card via PayPal, direct debit via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may include probability values (score values) calculated based on scientifically recognized mathematical-statistical methods, in the calculation of which address data is included, among other things. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when PayPal provides advance performance.
You have the right to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR for reasons arising from your particular situation by notifying PayPal. The provision of data is necessary for the conclusion of the contract with the payment method you desire. Failure to provide it will result in the contract not being concluded with the payment method you selected.

Use of PayPal Express
We use the payment service PayPal Express of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you visit the website. Cookies may also be used for this purpose. The cookies enable your browser to be recognized.
The processing of your personal data is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in a customer-oriented offering of various payment methods. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.
By selecting and using PayPal Express, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR. Further information on data processing when using the PayPal Express payment service can be found in the associated privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.

Use of PayPal Checkout
We use the payment service PayPal Checkout of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR.
Cookies may be stored that enable your browser to be recognized. The data processing that takes place as a result is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in a customer-oriented offering of various payment methods. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.

Credit Card via PayPal, Direct Debit via PayPal & "Pay Later" via PayPal
For certain payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may include probability values (score values) calculated based on scientifically recognized mathematical-statistical methods, in the calculation of which address data is included, among other things. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when PayPal provides advance performance.
You have the right to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR for reasons arising from your particular situation by notifying PayPal. The provision of data is necessary for the conclusion of the contract with the payment method you desire. Failure to provide it will result in the contract not being concluded with the payment method you selected.

Third Parties
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Art. 6(1)(b) GDPR. To carry out this payment method, the data may then be passed on by PayPal to the respective provider. This processing is based on Art. 6(1)(b) GDPR. Local third parties may include, for example:
Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)

Invoice Purchase via PayPal
When paying via the invoice purchase payment method, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, the data is then passed on by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR. Ratepay may conduct a credit check based on mathematical-statistical methods (probability or score values) using credit agencies according to the process already described above. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when Ratepay provides advance performance. Further information on data protection and which credit agencies Ratepay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of Klarna Payment Options
We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”) on our website. By selecting and using payment via Klarna, the data required for payment processing is transmitted to Klarna to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR.
Cookies may be stored that enable your browser to be recognized. The data processing that takes place as a result is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in a customer-oriented offering of various payment methods. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.

"Pay Later" (Invoice), "Pay Now" (Direct Debit), "Financing" (Installment Purchase)
For certain payment methods such as "Pay Later" (Invoice), "Pay Now" (Direct Debit), "Financing" (Installment Purchase), Klarna reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address, and data related to the order, for the purpose of identity and credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may include probability values (score values) calculated based on scientifically recognized mathematical-statistical methods, in the calculation of which address data is included, among other things. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when Klarna provides advance performance. You have the right to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR for reasons arising from your particular situation by notifying Klarna. The provision of data is necessary for the conclusion of the contract with the payment method you desire. Failure to provide it will result in the contract not being concluded with the payment method you selected.
Further information, in particular to which credit agencies Klarna passes on your personal data, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.
General information about Klarna can be found at: https://www.klarna.com/de/. Your personal data will be handled by Klarna in accordance with the applicable data protection regulations and as stated in Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

"Pay Later" (Invoice), "Pay Now" (Direct Debit), "Financing" (Installment Purchase)
For certain payment methods such as "Pay Later" (Invoice), "Pay Now" (Direct Debit), "Financing" (Installment Purchase), Klarna reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address, and data related to the order, for the purpose of identity and credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may include probability values (score values) calculated based on scientifically recognized mathematical-statistical methods, in the calculation of which address data is included, among other things. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when Klarna provides advance performance. You have the right to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR for reasons arising from your particular situation by notifying Klarna. The provision of data is necessary for the conclusion of the contract with the payment method you desire. Failure to provide it will result in the contract not being concluded with the payment method you selected.
Further information, in particular to which credit agencies Klarna passes on your personal data, can be found for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies and for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/credit_rating_agencies
General information about Klarna can be found for Germany at: https://www.klarna.com/de/ and for Austria at https://www.klarna.com/at/. Your personal data will be handled by Klarna in accordance with the applicable data protection regulations and as stated in Klarna's privacy policy for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy and for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.

Use of SOFORT
We use the payment service provider SOFORT GmbH (Theresienhöhe 12, 80339 Munich, Germany; “SOFORT”) for payment processing on our website. Sofort GmbH is a company of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The data processing serves the purpose of being able to offer you various payment methods through payment processing via the payment service provider SOFORT. If you choose this payment option, the data required for payment processing is transmitted to SOFORT. This data processing is based on Art. 6(1)(b) GDPR. Further information on data processing when using the payment service provider SOFORT can be found at https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/ and https://www.klarna.com/sofort/.

Use of the Payment Service Provider Stripe
We use the payment service Stripe of Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR.
Stripe reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may include probability values (score values) calculated based on scientifically recognized mathematical-statistical methods, in the calculation of which address data is included, among other things. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when Stripe provides advance performance.
You have the right to object at any time to this processing of personal data concerning you based on Art. 6(1)(f) GDPR for reasons arising from your particular situation by notifying Stripe. The provision of data is necessary for the conclusion of the contract with the payment method you desire. Failure to provide it will result in the contract not being concluded with the payment method you selected.
All Stripe transactions are subject to the Stripe Privacy Policy. This can be found at https://stripe.com/de/privacy

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually on their acceptance, as well as prevent the storage of cookies and transmission of the data they contain. Already stored cookies can be deleted at any time. However, we would like to point out that you may then not be able to use all functions of this website to their full extent.
Under the following links, you can find out how to manage (including disable) cookies in the most important browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlaunden-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically Necessary Cookies
Unless otherwise stated in the privacy policy below, we only use these technically necessary cookies for the purpose of making our offering more user-friendly, effective, and secure. Furthermore, cookies allow our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The use of cookies or similar technologies is based on § 25(2) TTDSG. The processing of your personal data is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offering.
You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.

Use of GDPR Legal Cookie
We use the consent management tool GDPR Legal Cookie from beeclever GmbH (Universitätsstraße 3, 56070 Koblenz a. Rh.; “beeclever”) on our website. The tool allows you to give consent to data processing via the website, in particular the setting of cookies, and to exercise your right of withdrawal for already given consents.
The data processing serves the purpose of obtaining necessary consents for data processing and documenting them, thereby complying with legal obligations. For this purpose, cookies may be used. Among other things, the following information may be collected and transmitted to beeclever: anonymized IP address, date and time of consent, URL from which the consent was sent, anonymous, random, encrypted key, consent status. This data is not passed on to other third parties.
The data processing takes place to fulfill a legal obligation based on Art. 6(1)(c) GDPR.
Further information on terms of use and data protection at beeclever can be found at: https://gdpr-legal-cookie.com/pages/terms-conditions and at https://gdpr-legal-cookie.com/pages/datenschutzerklarung.

Analysis | Advertising Tracking

Use of Google Analytics 4
We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website usage and internet usage to the website operator.
The following information, among others, may be collected: IP address, date and time of page view, click path, information about the browser and device you use, pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. Google may combine your data with other data, such as your search history, your personal accounts, your usage data from other devices, and all other data that Google has about you.
The IP address is shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Google uses technologies such as cookies, web storage in the browser, and counting pixels that enable an analysis of your use of the website. The use of cookies or similar technologies takes place with your consent based on § 25(1) p. 1 TTDSG in conjunction with Art. 6(1)(a) GDPR.
The processing of your personal data is based on your consent according to Art. 6(1)(a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
We use the advanced implementation of the consent mode (Advanced Consent Mode). Even if consent is not given, user data is transmitted to Google in the form of "pings". These pings may contain, among other things, the following information: IP address to infer the IP country (logging of the IP address does not take place), date and time of page view, URL of visited pages, user agent, referrer URL (website from which our website was accessed), or information about triggering website events such as a conversion. Based on this information, Google models usage data to be able to perform a comprehensive usage analysis despite the refusal of consent.
The information generated about your use of this website is usually transmitted to a Google server in the USA and stored there. For the USA, an adequacy decision from the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is thus committed to complying with European data protection principles. Both Google and US government authorities have access to your data.
Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and at https://policies.google.com/privacy?hl=de&gl=de.

Use of Hotjar
We use the analysis tool from Hotjar Ltd. (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; “Hotjar”) on our website.
The data processing serves the purpose of designing, optimizing, and analyzing our website according to needs.
With the tool, movements of page visitors on the website are recorded on a random basis. This creates a log of mouse movements, scrolling behavior, dwell time, and clicks on the website (so-called heatmap).
For this purpose, Hotjar uses, among other things, cookies. The following information, among others, may be collected: IP address (in anonymized form), information about the device you use (screen size, devices, unique device identifier), information about the browser you use, location data (only the country), preferred language for displaying the website, operating system used. Detailed information about the cookies used, their function, and storage duration can be found here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies.
User profiles are created from this data under a pseudonym. The data is not used to personally identify the visitor of the website and is not merged with personal data of the pseudonym holder. Hotjar is contractually prohibited from selling the collected data to other third parties.
Your data may be transferred to the USA. For the USA, an adequacy decision from the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Hotjar is not certified under the TADPF. The data transfer is based, among other things, on appropriate safeguards. Hotjar will provide you with further information on the measures taken upon request.
The use of cookies or similar technologies takes place with your consent based on § 25(1) p. 1 TTDSG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data is based on your consent according to Art. 6(1)(a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data protection when using Hotjar can be found here: https://www.hotjar.com/legal/policies/privacy#enduserenglish.

Use of Shopify Analytics
We use the statistics and analysis functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website within the scope of order processing. Shopify is a company affiliated with Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and optimization purposes. Data is stored and provided in reports, analyses, and statistics. Among other things, the following device information is collected and processed: information about the web browser, IP address, time zone, and some of the cookies installed on your device. When you navigate the website, information about visited web pages or products, the referrer URL (website from which you accessed our website), as well as information about how you interact with the website is also recorded. For this purpose, technologies such as cookies as well as web beacons, tags, and pixels (electronic files that collect information about how you navigate the website) are used.
Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. An adequacy decision from the EU Commission exists for Canada. For the USA, an adequacy decision from the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or similar technologies takes place with your consent based on § 25(1) p. 1 TTDSG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data is based on your consent according to Art. 6(1)(a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find further information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz, information on the order processing agreement at https://www.shopify.com/de/legal/dpa, and information on the cookies used at https://www.shopify.com/de/legal/cookies.

Use of the Meta Pixel

We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website. Meta and we are jointly responsible for the collection of your data and its transmission to Meta when the service is integrated. This is based on an agreement between us and Meta regarding the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://de-de.facebook.com/legal/terms/businesstools. Accordingly, we are particularly responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Articles 33 and 34 of the GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling the rights of data subjects under Articles 15 to 20 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the security of the service, and for complying with the obligations under Articles 33 and 34 of the GDPR, insofar as a personal data breach affects Meta’s obligations under the joint processing agreement. The application serves the purpose of targeting website visitors with interest-based advertising on the social networks Facebook and Instagram. For this purpose, Meta’s remarketing tag has been implemented on the website. This tag establishes a direct connection to Meta’s servers when you visit the website. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads. The application also serves the purpose of creating conversion statistics. This allows us to find out the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag, as well as which actions were taken after being redirected to this website. However, we do not receive any information with which users can be personally identified. Your data may be transferred to the USA. An adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. Meta has certified itself under the TADPF and is thus committed to complying with European data protection principles. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the withdrawal. You can deactivate the “Custom Audiences” remarketing function here. Further information on the collection and use of data by Meta, as well as your related rights and options for protecting your privacy, can be found in Meta’s privacy policy at https://www.facebook.com/about/privacy/.

Use of Google Ads Conversion Tracking

We use the online advertising program “Google Ads” on our website and, within this framework, conversion tracking (visit action evaluation). Google Conversion Tracking is an analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google). When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity, do not contain personal data, and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. Thus, there is no possibility for cookies to be tracked across the websites of Ads customers. The information obtained with the help of the conversion cookie serves the purpose of creating conversion statistics. This allows us to find out the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. Your data may be transferred to the servers of Google LLC in the USA. An adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. Google has certified itself under the TADPF and is thus committed to complying with European data protection principles. The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1)(1) of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the withdrawal. Further information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/

Use of TikTok Pixel

We use the TikTok Pixel from TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”) on our website. Both companies are jointly responsible for data processing (hereinafter “TikTok”). The data processing serves the purpose of identifying and analyzing our customers’ website visits and for better targeting customers by placing targeted advertisements and evaluating the effectiveness of advertisements on TikTok. For this purpose, TikTok uses technologies such as cookies and pixels that enable recognition of your browser. Among other things, the following information may be collected and transmitted to TikTok: date and time of the visit, information about the browser and device type used, screen resolution, IP address. TikTok can assign this information to your personal TikTok user account. Usage profiles can be created from the collected data using pseudonyms. However, personal identification of users is not possible through this. Your data may be transferred to third countries, such as the USA. An adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. TikTok is not certified under the TADPF. Data transfers to the USA and third countries without an adequacy decision are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de. The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1)(1) of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the withdrawal. Further information on data protection can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Plug-ins and Miscellaneous

Use of Google Tag Manager

We use the Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. This application manages JavaScript tags and HTML tags used to implement tracking and analytics tools in particular. The data processing serves the purpose of designing and optimizing our website according to needs. The Google Tag Manager itself neither stores cookies nor processes personal data. However, it enables the triggering of additional tags that may collect and process personal data. Further information on terms of use and data protection can be found here.

Use of Google reCAPTCHA

We use the reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. The query serves the purpose of distinguishing input by a human from automated, machine-based processing. For this purpose, your input is transmitted to Google and processed further there. Additionally, the IP address and, if applicable, other data required by Google for the reCAPTCHA service are transferred to Google. This data is processed by Google within the European Union and may also be transferred to the servers of Google LLC in the USA. An adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. Google has certified itself under the TADPF and is thus committed to complying with European data protection principles. The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1)(1) of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the withdrawal. Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

Use of Google Invisible reCAPTCHA

We use the Invisible reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. This serves the purpose of distinguishing input by a human from automated, machine-based processing. In the background, Google collects and analyzes usage data used by Invisible reCAPTCHA to distinguish regular users from bots. For this purpose, your input is transmitted to Google and processed further there. Additionally, the IP address and, if applicable, other data required by Google for the Invisible reCAPTCHA service are transferred to Google. This data is processed by Google within the European Union and may also be transferred to the servers of Google LLC in the USA. An adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. Google has certified itself under the TADPF and is thus committed to complying with European data protection principles. The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1)(1) of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the withdrawal. Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

Use of Google Fonts

We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. The data processing serves the purpose of uniformly displaying fonts on our website. To load the fonts, a connection to Google’s servers is established when the page is accessed. Cookies may be used for this purpose. Among other things, your IP address and information about the browser you are using are processed and transmitted to Google. This data is not linked to your Google account. Your data may be transferred to the USA. An adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. Google has certified itself under the TADPF and is thus committed to complying with European data protection principles. The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1)(1) of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the withdrawal. Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ and https://developers.google.com/fonts/faq.

Klar Attribution

We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar collects, processes, and stores data on this website and its subpages for reach measurement and statistical analysis on our behalf. This collection is based on the following legal basis: If the user’s consent pursuant to Article 6(1)(1)(a) of the GDPR and Section 25(1)(1) of the TTDSG is given, the data to be processed is collected on a user-specific basis. Different cookies are used for the aforementioned different types of collection to ensure the respective type of collection. Cookie - Objection To generally object to the use of Klar, please use this link. This will set a cookie named “do_not_track” from the domain “engel-kette.de”. Please do not delete this cookie, as otherwise it cannot be ensured that you are not tracked by Klar. Information on data protection and data use by Klar can be found on the following website: https://www.getklar.com/data-protection.

Data Subject Rights and Storage Duration

Storage Duration

After complete contract fulfillment, the data will first be stored for the duration of the warranty period, then stored taking into account legal, particularly tax and commercial law retention periods, and deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the Data Subject

If the legal requirements are met, you have the following rights under Articles 15 to 20 of the GDPR: the right to information, rectification, erasure, restriction of processing, and data portability. Furthermore, pursuant to Article 21(1) of the GDPR, you have the right to object to processing based on Article 6(1)(f) of the GDPR, as well as to processing for the purpose of direct marketing.

Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful. You can lodge a complaint, among others, with the supervisory authority responsible for us, which you can reach at the following contact details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg Königstrasse 10 a 70173 Stuttgart Tel.: +49 711 6155410 Fax: +49 711 61554115 E-Mail: poststelle@lfdi.bwl.de

Right to Object

If the personal data processing listed here is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future. After an objection has been made, the processing of the affected data will be terminated unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

Last updated: November 29, 2023