Privacy Policy
Unless otherwise specified below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data will have no consequences. This applies only insofar as no other information is given in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.
Server log files
You can visit our websites without providing any personal information.
Each time our website is accessed, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider.
The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and in improving our offer.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, an adequacy decision of the EU Commission exists. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and in improving our offer.
Contact
Controller
Contact us if you wish. The controller for data processing is: Krupa Desai, Ysenburgstraße 27, 34125 Kassel Germany, 015166986420, kontakt@vihatwiesch.de
Customer's proactive contact by email
If you proactively contact us by email for business purposes, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves to process and answer your contact request.
If the contact serves to carry out pre-contractual measures (e.g., advice on purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If the contact is made for other reasons, this data processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation.
We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when using the contact form
When using the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of contacting us.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., advice on purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If contact is made for other reasons, this data processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time to this processing of your personal data based on Art. 6 para. 1 lit. f GDPR, for reasons arising from your particular situation.
We will only use your email address to process your inquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Use of address validation by Endereco
We use the address validation service of Endereco UG (haftungsbeschränkt) (Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany; "Endereco") on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and if necessary, supplementing missing data. In case of incorrectly entered data, alternative suggestions for correcting the data are displayed.
Among other things, the following information can be transmitted to and processed by Endereco: postal addresses (country, city, postal code, street, house number), email address, telephone number.
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in correct data for the fulfillment of our contractual obligations. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than after 30 days.
Further information on data protection at Endereco can be found at: https://www.endereco.de/datenschutzerklaerung/.
Use of address validation by Google Maps API
We use the address validation service of Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland "Google") on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and if necessary, supplementing missing data. In case of incorrectly entered data, alternative suggestions for correcting the data are displayed. For this purpose, the address data entered by you is transmitted to the provider, stored and evaluated there.
Among other things, the following information can be transmitted to and processed by Google: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transmitted to the USA. An adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. Google has certified itself under the TADPF and has thus committed to complying with European data protection principles.
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in accurate data for the fulfillment of our contractual obligations. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than after 30 days.
Further information on terms of use and data protection at Google can be found at: https://cloud.google.com/maps-platform/terms or at https://www.google.de/policies/privacy/.
Customer Account Orders We use the address validation service of Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland "Google") on our website.
The data processing serves the purpose of checking your entries in our address forms for input and spelling errors in real time, and if necessary, supplementing missing data. In case of incorrectly entered data, alternative suggestions for correcting the data are displayed. For this purpose, the address data entered by you is transmitted to the provider, stored and evaluated there.
Among other things, the following information can be transmitted to and processed by Google: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transmitted to the USA. An adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), exists for the USA. Google has certified itself under the TADPF and has thus committed to complying with European data protection principles.
The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in accurate data for the fulfillment of our contractual obligations. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation.
The data is processed separately by the provider and not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than after 30 days.
Further information on terms of use and data protection at Google can be found at: https://cloud.google.com/maps-platform/terms or at https://www.google.de/policies/privacy/.
Customer account
When opening a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal. Your customer account will then be deleted.
Collection, processing and transfer of personal data during orders
When placing an order, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order and for handling your inquiries. The provision of data is required for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. The processing is based on Art. 6 para. 1 lit. b GDPR and is necessary for the fulfillment of a contract with you.
Your data will be passed on, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transmission is limited to a minimum.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, an adequacy decision of the EU Commission exists. For the USA, an adequacy decision of the EU Commission exists, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.Shipping service providers
Transfer of email address to shipping companies for information about shipping status
We pass on your email address to the transport company as part of contract processing, provided you have expressly consented to this during the ordering process. The transfer serves the purpose of informing you by email about the shipping status. The processing is based on Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us or the transport company, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Payment service providers Creditworthiness check
Use of PayPal
On our website, we use the payment service PayPal from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 para. 1 lit. b GDPR.
All PayPal transactions are subject to the PayPal Privacy Policy. You can find this at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Use of PayPal Plus
On our website, we use the payment service PayPal Plus from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, or direct debit via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 para. 1 lit. b GDPR.
For individual payment methods such as credit card via PayPal, direct debit via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. Your legitimate concerns will be taken into account in accordance with legal provisions. The data processing serves the purpose of credit assessment for initiating a contract. The processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data concerning you, based on Art. 6 para. 1 lit. f GDPR, for reasons arising from your particular situation, by notifying PayPal. The provision of data is necessary for the conclusion of the contract with the payment method you have chosen. Failure to provide the data means that the contract cannot be concluded with the payment method you have chosen.
On our website, we use the payment service PayPal Express provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The purpose of data processing is to enable you to pay via the PayPal Express payment service. To integrate this payment service, PayPal needs to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies may also be used for this purpose. Cookies enable your browser to be recognized.
The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in offering a customer-oriented selection of payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.
By selecting and using PayPal Express, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. For more information on data processing when using the PayPal Express payment service, please refer to the associated privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.
Use of PayPal Checkout
On our website, we use the payment service PayPal Checkout provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The purpose of data processing is to enable you to pay via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
Cookies may be stored here, which enable your browser to be recognized. The data processing that takes place as a result is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in offering a customer-oriented selection of payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.
Credit card via PayPal, direct debit via PayPal & "Pay Later" via PayPal
For individual payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated based on scientifically recognized mathematical-statistical procedures, which include address data, among other things. Your legitimate interests are taken into account in accordance with legal provisions. Data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when PayPal provides advance payment.
You have the right to object to this processing of your personal data based on Art. 6 para. 1 lit. f GDPR at any time for reasons arising from your particular situation by notifying PayPal. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with the payment method you have chosen.
Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. To carry out this payment method, the data may then be forwarded by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Local third-party providers may include, for example:
- Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Invoice purchase via PayPal
When paying via invoice, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Ratepay may carry out a credit assessment based on mathematical-statistical procedures (probability or score values) using credit agencies according to the process already described above. Data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Ratepay provides advance payment. Further information on data protection and which credit agencies Ratepay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Use of Klarna Payment Options
On our website, we use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”). By selecting and using payment via Klarna, the data required for payment processing is transmitted to Klarna to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
Cookies may be stored here, which enable your browser to be recognized. The data processing that takes place as a result is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in offering a customer-oriented selection of payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.
Cookies may be stored here, which enable your browser to be recognized. The data processing that takes place as a result is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in offering a customer-oriented selection of payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.
"Pay Later" (Invoice), "Pay Now" (Payment by direct debit, credit card, instant transfer), "Financing" (Installment purchase)
For individual payment methods such as "Pay Later" (invoice), "Pay Now" (payment by direct debit, credit card, instant transfer), "Financing" (installment purchase), Klarna reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address, and data related to the order, to a credit agency for identity and credit assessment purposes, and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated based on scientifically recognized mathematical-statistical procedures, which include address data, among other things. Your legitimate interests are taken into account in accordance with legal provisions. Data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Klarna provides advance payment. You have the right to object to this processing of your personal data based on Art. 6 para. 1 lit. f GDPR at any time for reasons arising from your particular situation by notifying Klarna. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with the payment method you have chosen.
Further information, in particular to which credit agencies Klarna transmits your personal data, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.
General information on Klarna can be found at: https://www.klarna.com/de/. Your personal data will be handled by Klarna in accordance with applicable data protection regulations and as stated in Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
Use of the payment service provider Stripe
On our website, we use the payment service Stripe provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. The purpose of data processing is to enable you to pay via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
Stripe reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated based on scientifically recognized mathematical-statistical procedures, which include address data, among other things. Your legitimate interests are taken into account in accordance with legal provisions. Data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Stripe provides advance payment.
You have the right to object to this processing of your personal data based on Art. 6 para. 1 lit. f GDPR at any time for reasons arising from your particular situation by notifying Stripe. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with the payment method you have chosen.
All Stripe transactions are subject to Stripe's Privacy Policy. You can find this at https://stripe.com/de/privacy
Cookies
Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again.
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before cookies are set, decide individually whether to accept them, and prevent the storage of cookies and the transmission of the data contained therein. Already stored cookies can be deleted at any time. However, we would like to point out that in this case you may not be able to fully use all functions of this website.
Under the following links you can find out how to manage (including deactivating) cookies in the most common browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Technically necessary cookies
Unless otherwise stated below in the privacy policy, we only use these technically necessary cookies for the purpose of making our offer more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again even after a page change.
The use of cookies or comparable technologies is based on Section 25 (2) TDDDG. The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer.
You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.
Data Subject Rights and Storage PeriodStorage Period
Upon complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then, taking into account statutory retention periods, particularly those under tax and commercial law, deleted after the expiration of the period, provided you have not consented to further processing and use.
Rights of the Data Subject
Subject to the legal requirements, you are entitled to the following rights under Art. 15 to 20 GDPR: Right of access, to rectification, to erasure, to restriction of processing, to data portability.
In addition, under Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) f GDPR, as well as to processing for direct marketing purposes.
Right to Lodge a Complaint with the Supervisory Authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.
You can lodge a complaint with the supervisory authority responsible for us, among others, which you can reach at the following contact details:
Hessian Commissioner for Data Protection and Freedom of Information
Postfach 3163
65021 Wiesbaden
Tel.: +49 611 14080
Fax: +49 611 1408900 or +49 611 1408901
E-Mail: poststelle@datenschutz.hessen.de
Right to Object
If the personal data processing listed here is based on our legitimate interest according to Art. 6 (1) lit. f GDPR, you have the right to object to these processing activities at any time with effect for the future for reasons arising from your particular situation.
After a successful objection, the processing of the affected data will be terminated unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.
Last updated: 22.10.2024