Privacy Policy 

Cookies

Our website uses ‘cookies’: small data packets that do no harm to your device. Cookies are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted once you leave the site. Persistent cookies remain stored on your device until you delete them manually or your browser removes them automatically.

Cookies may originate from us (first-party cookies) or from third-party providers (third-party cookies). Third-party cookies enable certain services offered by external providers to be integrated smoothly into websites (e.g. cookies used for processing payment services).

Cookies serve a variety of functions. Many are technically necessary, since certain website features would not function without them (e.g. the shopping basket function or video display). Other cookies may be used for analysing user behaviour or for advertising purposes.

Cookies that are required for electronic communication, for providing specific features (e.g. the shopping basket), or for optimising the website (e.g. audience measurement cookies), are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies to ensure the error-free and optimised delivery of its services. Where your consent has been requested for the storage of cookies or similar recognition technologies, data processing is carried out exclusively on the basis of that consent (Article 6(1)(a) GDPR and § 25(1) TDDDG); this consent can be withdrawn at any time.

You can configure your browser to notify you when cookies are set, to allow cookies only in individual cases, to exclude the acceptance of cookies in certain cases or entirely, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

For details about which cookies and services are used on this website, please refer to this privacy policy.

CookieFirst

Our website uses CookieFirst to obtain your consent for the storage of certain cookies on your device and for the use of specific technologies, and to document this consent in a manner compliant with data protection regulations. The provider of this technology is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands (hereinafter “CookieFirst”).

When you access our website, a connection is established with servers of CookieFirst to obtain your consent and process other declarations regarding cookie usage. CookieFirst then stores a cookie in your browser in order to link the consents you have given or withdrawn with your session. In the process, the anonymised IP address, the user agent of the browser and operating system, and the URL from which the consent was given are processed and stored within the CookieFirst system. Data collected in this way is retained until you request its deletion, delete the CookieFirst cookie yourself, or the purpose for storing the data no longer applies. Statutory retention obligations remain unaffected.

CookieFirst transmits personal data to third-party providers. These include a content delivery network (CDN) based in Slovenia, IP geolocation services in Romania, and hosting services provided by OVH in Germany and France. CookieFirst is headquartered in Amsterdam, Netherlands.

CookieFirst is used to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.

Order processing

We have entered into a data processing agreement (DPA) regarding the use of the aforementioned service. This legally mandatory agreement ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Server log files

The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits to us. These include:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6(1)(f) of the UK GDPR. The website operator has a legitimate interest in the error-free display and optimisation of the website. This requires server log files to be recorded.

Contact form

If you send us an enquiry via the contact form, the details you provide in the form, including your contact information, will be stored by us for the purpose of processing your enquiry and in case of follow-up questions. We do not disclose this data without your consent.

If your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, the processing of this data is based on Article 6 (1)(b) of the GDPR. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6 (1)(f) GDPR) or on your consent (Article 6 (1)(a) UK GDPR), if this has been requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to storage, or the purpose for data retention no longer applies (e.g. once your enquiry has been fully dealt with). Mandatory legal provisions — in particular retention periods — remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry – including all personal data generated by the enquiry (such as your name and the content of your request) – will be stored and processed by us for the purpose of handling your enquiry. We do not share this data without your consent.

If your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, the processing of this data is based on Article 6 (1)(b) of the GDPR. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries directed to us (Article 6 (1)(f) GDPR) or on your consent (Article 6 (1)(a) UK GDPR), where this has been requested; consent may be withdrawn at any time.

The data you send to us as part of an enquiry will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for data retention no longer applies (e.g. once your enquiry has been fully resolved). Mandatory legal provisions — particularly statutory retention periods — remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp, among others, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is secured through end-to-end encryption (peer-to-peer), which prevents WhatsApp or any other third parties from accessing the content of the messages. However, WhatsApp does receive access to metadata generated during communication (e.g. sender, recipient, and timestamp). Please also note that, according to information provided by WhatsApp itself, it shares personal data of its users with its parent company, Meta, based in the United States. Further details on data processing can be found in WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

We use WhatsApp on the basis of our legitimate interest in fast and efficient communication with customers, prospects, and other business and contractual partners (Article 6 (1)(f) GDPR). Where consent has been requested, data processing is carried out solely on the basis of that consent; consent may be withdrawn at any time with future effect.

Messages exchanged between you and us via WhatsApp will remain with us until you request their deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g. after your enquiry has been fully dealt with). Mandatory legal provisions — particularly statutory retention periods — remain unaffected.

WhatsApp is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/7735.

We use the “WhatsApp Business” version of the service.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

Our WhatsApp accounts are configured to prevent automatic syncing with the address books of the devices on which it is used.

We have entered into a data processing agreement (DPA) with the above-mentioned provider.

 Registration on this website

You can register on this website in order to access additional features. The data you enter during registration is used solely for the purpose of providing the specific service or feature for which you have registered. All mandatory fields requested during registration must be completed in full; otherwise, we will be unable to process the registration.

We use the email address provided at the time of registration to inform you of important changes, such as updates to the range of services offered or modifications that become technically necessary.

The processing of registration data is carried out for the purpose of fulfilling the user agreement established by registration and, where applicable, for initiating further contractual relationships (Article 6 (1)(b) UK GDPR).

The data collected during registration will be stored by us for as long as you remain registered on this website and will be deleted thereafter. Statutory retention obligations remain unaffected.

Registration via Facebook Connect

Instead of registering directly on this website, you can register using Facebook Connect. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected may also be transferred to the United States and other third countries.

If you choose to register via Facebook Connect and click the ‘Login with Facebook’ or ‘Connect with Facebook’ button, you will be redirected to the Facebook platform, where you can log in using your Facebook credentials. This will link your Facebook profile to our website or services. Via this connection, we gain access to the data you have stored on Facebook. This primarily includes:

• Facebook name
• Facebook profile and cover picture
• The email address you have stored with Facebook
• Facebook ID
• Facebook friend lists
• Facebook Likes
• Birthday
• Gender
• Country
• Language

This data is used to create, provide, and personalise your account.

Registration via Facebook Connect and any associated data processing are carried out on the basis of your consent (Article 6 (1)(a) UK GDPR). You may withdraw this consent at any time with effect for the future.

Where personal data is collected on our website using the Facebook Connect tool as described above and is subsequently transferred to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited solely to the collection of the data and its transmission to Facebook. Any processing carried out by Facebook after the data has been transferred is not part of the joint responsibility.

Our respective responsibilities are defined in a joint controller agreement. The text of this agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook Connect tool and for its secure implementation on our website in accordance with data protection law. Facebook is responsible for the data security of its products. Data subject rights (e.g. access requests) regarding data processed by Facebook may be exercised directly with Facebook. If you assert your rights with us, we are obliged to refer the matter to Facebook.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. For details, please see: https://www.facebook.com/legal/EU_data_transfer_addendum; https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php

Further information can be found in Facebook’s Terms of Service and Privacy Policy, available at https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.

Facebook is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/4452.

Registration via Google

Instead of registering directly on this website, you can register using Google. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To register with Google, you only need to enter your Google username and password. Google will identify you and confirm your identity to our website.

If you sign in with Google, we may be able to use certain information from your account to complete your profile on our site. You control which information is shared in your Google security settings, which can be accessed at https://myaccount.google.com/security and https://myaccount.google.com/permissions.

The data processing associated with registration via Google is based on our legitimate interest in offering users the simplest possible registration process (Article 6 (1)(f) UK GDPR). Since use of the registration feature is voluntary and users can determine what access is granted, there are no overriding rights or interests that would conflict with this processing.

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processed in the US. Companies certified under the DPF undertake to uphold these data protection standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780

Pinterest

This website integrates elements from the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you access a page that contains such an element, your browser establishes a direct connection to Pinterest’s servers. The social media element transmits log data to Pinterest’s server in the United States. This log data may include your IP address, the addresses of the websites you visit that also contain Pinterest features, your browser type and settings, the date and time of your request, your use of Pinterest, and cookies.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25(1) TDDDG. You may withdraw your consent at any time.

Further information on the purpose, scope, and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables website operators to analyse the behaviour of website visitors. Within the scope of this process, the website operator receives usage data such as page views, time spent on site, operating systems used, and the user’s origin. These data are compiled into a user ID and assigned to the respective device of the website visitor.

Additionally, Google Analytics can record mouse and scroll movements and clicks. Google Analytics also applies various modelling approaches to enhance the collected data and uses machine learning technologies in the data analysis process.

Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about your use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25(1) TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780

IP anonymisation

IP anonymisation is activated on this website for Google Analytics. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects information including your location, search history, YouTube history, and demographic data. These data may be used by Google Signals to deliver personalised advertising. If you have a Google account, the visitor data collected by Google Signals is linked to your Google account and used to deliver personalised ad content. The data is also used to generate anonymised statistics about user behaviour on our website.

Order processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

E-commerce measurement in Google Analytics 

This website uses the e-commerce measurement feature of Google Analytics. E-commerce measurement enables website operators to analyse the purchasing behaviour of website visitors for the purpose of improving online marketing campaigns. Information such as completed orders, average order values, shipping costs, and the time from viewing a product to making a purchase is recorded. These data can be aggregated by Google under a transaction ID, which is assigned to the user or their device.

Google Ads

This website uses Google Ads. Google Ads is an online advertising platform provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms on Google (keyword targeting). In addition, it enables targeted advertisements to be shown based on user data held by Google (e.g. location data and interests). This is known as audience targeting. As the website operator, we are able to evaluate this data quantitatively, for example by analysing which search terms triggered the display of our ads and how many clicks were generated as a result.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25(1) TDDDG. Consent can be withdrawn at any time.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. Details can be found at: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking allows Google and us to determine whether users have completed certain actions. For example, we can analyse which buttons on our website are clicked and how often, or which products are viewed or purchased most frequently. This information is used to generate conversion statistics. We receive information on the total number of users who clicked on our ads and what actions they performed. However, we do not receive any information that would allow us to personally identify users. Google uses cookies or similar recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25(1) TDDDG. You may withdraw your consent at any time.

Further information about Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780

If you provide your email address in the course of ordering goods or services, we may subsequently use this email address to send you newsletters, provided we have informed you of our intention to do so in advance. In such cases, newsletters will contain only direct advertising for similar goods or services sold by us. You can unsubscribe from newsletters at any time. Each newsletter contains an unsubscribe link. The legal basis for sending newsletters is Article 6 (1)(f) UK GDPR in conjunction with § 7(3) of the German Act Against Unfair Competition (UWG). When we collect your email address and upon every subsequent use of it, we provide clear notification that you can object to receiving the newsletter at any time. Unsubscribing does not incur any costs beyond your standard connection or transmission rates.

We use the email marketing platform SAP Emarsys, a service provided by SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany. Data processing is carried out on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. Processing is carried out exclusively on servers within the EU. Data is transferred to third countries only where appropriate safeguards exist in accordance with Articles 44 ff. GDPR.

You may object to the sending of our customer newsletter at any time with effect for the future. Simply use the unsubscribe link at the end of any newsletter or contact us using the details
provided in the legal notice.

After you unsubscribe from the newsletter mailing list, your email address may be stored in a blacklist to prevent future mailings. The data in the blacklist is used solely for this purpose and will not be merged with other data. This serves both your interests and ours in complying with legal requirements for sending newsletters (legitimate interest under Article 6 (1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to this storage if your interests outweigh our legitimate interest.

Processing of customer and contract data

We collect, process, and use personal customer and contract data for the purpose of establishing and managing our contractual relationships. Personal data relating to the use of this website (usage data) is collected, processed, and used only to the extent necessary to enable the user to make use of the service or for billing purposes. The legal basis for this is Article 6 (1)(b) GDPR.
Collected customer data will be deleted after completion of the order or termination of the business relationship and after any applicable statutory retention periods have expired. Statutory retention requirements remain unaffected.

Data transfer upon conclusion of contract for online stores, retailers and shipping of goods

When you order goods from us, we pass your personal data to the shipping company responsible for delivery as well as to the payment service provider responsible for processing the payment. Only the data necessary for the respective service provider to perform its task is shared. The legal basis for this is Article 6 (1)(b) GDPR, which permits data processing for the performance of a contract or the implementation of pre-contractual measures. If you have given your consent in accordance with Article 6 (1)(a) UK GDPR, we will also provide your email address to the shipping company so they can inform you about the status of your shipment via email. You may withdraw this consent at any time.

Payment services

Payment services from third-party providers are integrated on our website. When you make a purchase with us, your payment data (e.g. name, payment amount, bank details, credit card number) is processed by the payment service provider for the purpose of handling the payment. The handling of these transactions is governed by the relevant provider’s terms of service and privacy policy. This use of payment service providers is based on Article 6 (1)(b) GDPR (contract fulfilment) and on our legitimate interest in offering a smooth, convenient, and secure payment process (Article 6 (1)(f) GDPR). Where consent is required for specific actions, the legal basis for data processing is Article 6 (1)(a) GDPR; consent can be withdrawn at any time with effect for the future.

The payment services / payment service providers used on this website are as follows:

Payments by credit card

Provider:

VR-Pay (Card-Process-GmbH)

CardProcess GmbH
Wachhausstraße 4
76227 Karlsruhe

The legal basis for processing is Art. 6 (1)(b) GDPR:
Performance of a purchase contract.

Mondu (B2B)

We offer business customers the following payment methods via Mondu:

• Payment by invoice
• Payment by instalments
• Direct debit

If you choose one of these payment methods, the claim is initially assigned to the partner financial institution Raisin Bank AG, Niedenau 61–63, 60325 Frankfurt am Main, which then transfers the claim to Mondu Capital S.à r.l. The invoice purchase is facilitated by Mondu GmbH, Alexanderstraße 36, 10179 Berlin (hereinafter referred to as "Mondu"). As part of processing the transaction, Mondu also carries out a credit check. Mondu acts independently and under its own responsibility.

• First and last name
• Email address
• Billing address
• Delivery address
• IP address, including browser and device information
• Shop order number
• Payment amount

In the further course of the purchase process, Mondu conducts identity and credit checks and verifies whether you have any outstanding invoices with Mondu or have exceeded a payment limit. These processes are outside our control. As part of these checks, Mondu or authorised partner companies may transmit your personal data to credit reference agencies (e.g. SCHUFA Holding GmbH) and receive information from them, including creditworthiness data based on mathematical and statistical analysis. Your payment data is transmitted to credit reference agencies under Article 6 (1)(f) GDPR, based on Mondu’s legitimate interest in assessing your creditworthiness and preventing fraud. The result of the credit assessment, particularly the statistical probability of payment default, is used by Mondu to determine whether you are eligible for the selected payment method. If the purchase is approved, Mondu will send you an email with purchase information. If the credit check is unsuccessful, you may choose an alternative payment method. Some of Mondu’s service providers operate servers located in the USA and other countries outside the European Union that are considered non-secure third countries under data protection law. In such cases, Mondu ensures an adequate level of data protection through contractual agreements or other established safeguards. The data retention period refers to the length of time the collected data is stored for processing. Your data will be deleted once it is no longer required for the purposes stated. For more information on Mondu’s privacy policy, please 
visit: https://www.mondu.ai/de/privacy-policy/.

Albis Leasing

ALBIS Leasing Gruppe, Ifflandstraße 4, 22087 Hamburg, Germany (“Albis”), is the provider of the leasing finance option available during the checkout process. If you select this payment method, you will submit a leasing application directly to Albis. Your data will be processed and stored for the purpose of carrying out pre-contractual measures, executing the leasing agreement, and providing related services. This data processing includes a credit check.

• First and last name / title / company / legal form
• Contact details
• Date of birth
• Creditworthiness data
• Bank details
• Identification document data
• Billing address
• Delivery address
• IP address, including browser and device information
• Shop order number
• Payment amount

The legal basis for data processing is Art. 6 (1) (f) GDPR.

Further information on Albis’ privacy policy can be found at https://www.albis-leasing.de/datenschutz

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. See details at: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

PayPal’s privacy policy can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy- full.

Apple Pay

The provider of this payment service is Apple Inc, Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy can be found at: https://www.apple.com/legal/privacy/de-ww/.

Google Pay

The provider of this payment service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found at: https://policies.google.com/privacy.

Klarna

The provider of this payment service is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers a range of payment options (e.g. payment in instalments). If
you choose to pay with Klarna (Klarna Checkout solution), Klarna will collect various personal data from you.

Klarna uses cookies to optimise the use of the Klarna Checkout solution. Details regarding the use of Klarna cookies can be found at:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf Klarna’s privacy policy can be found at: https://www.klarna.com/de/datenschutz/

Paydirekt

The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter “Paydirekt”). When you make a payment using Paydirekt, Paydirekt collects various transaction data and forwards it to the bank with which your Paydirekt account is held. In addition to the data required for the payment, Paydirekt may collect further information during the processing of the transaction, such as the delivery address or information specific items in your shopping basket. Paydirekt then authenticates the transaction using the authentication procedure stored with your bank. Once authenticated, the payment amount is transferred from your account to ours. Neither we nor any third parties have access to your account details. For more information on paying with Paydirekt, please refer to Paydirekt’s terms and privacy policy at: https://www.paydirekt.de/agb/index.html.

Instant transfer (Sofortüberweisung)

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”). When you use the instant transfer method, we receive immediate confirmation of payment from Sofort GmbH, allowing us to begin fulfilling our obligations. If you choose this method, you will transmit your PIN and a valid TAN to Sofort GmbH, which uses these credentials to log into your online banking account. Once logged in, Sofort GmbH automatically checks your account balance and completes the transfer to us using the TAN you provided. It then sends us a transaction confirmation. After logging in, your recent transactions, available overdraft limit, and the existence and balances of any other accounts are also automatically checked. In addition to your PIN and TAN, the payment details you enter and your personal data are also transmitted to Sofort GmbH. This personal data includes your first and last name, address, telephone number(s), email address, IP address, and any other data required to process the payment. This data transfer is necessary to verify your identity and to prevent fraud. For further details about payments using the instant transfer method, please visit: https://www.klarna.com/sofort/

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transfer data to its parent company in the USA. Data transfer to the USA is based on American Express’ Binding Corporate Rules. Details can be found at:
https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-
rules/.

The American Express privacy policy can be found at: https://www.americanexpress.com/de-

de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B- 1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found at:
https://www.mastercard.de/de- en/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf..

VISA

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The UK is considered a safe third country under data protection law. This means that the UK has a level of data protection that corresponds to the level of data protection in the European Union.

VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found at:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-
zu-zustandigkeitsfragen-fur-den-ewr.html.

VISA’s privacy policy can be found at:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html