Privacy Policy

Unless stated otherwise below, the provision of your personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data will have no consequences. This applies only if no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.

Server log files
You can visit our websites without providing any personal information.
Each time you access our website, usage data is transmitted by your internet browser to us or our web host / IT service provider and stored in log files (so-called server log files). This stored data includes, for example, the name of the accessed page, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offering.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, an adequacy decision by the EU Commission is in place, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.

Contact

Controller
Contact us if you wish. The controller for data processing is: Joanne Nelder, Stahlbühlring 15, 68526 Ladenburg Baden-Württemberg, +4917640435291, info@stoffeimstall.de

Customer initiated contact via email
If you initiate business contact with us by email, we only collect your personal data (name, email address, message text) to the extent you provide it. Data processing serves the purpose of processing and responding to your contact request.
If the contact serves to carry out pre-contractual measures (e.g., advice for purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to the processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR for reasons arising from your particular situation.
We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form
When using the contact form, we only collect your personal data (name, email address, message text) to the extent you provide it. Data processing serves the purpose of making contact.
If the contact serves to carry out pre-contractual measures (e.g., advice for purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to the processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR for reasons arising from your particular situation. We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Customer account Orders

Customer account
When opening a customer account, we collect your personal data to the extent specified there. Data processing serves to improve your shopping experience and simplify order processing. Processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. Your customer account will then be deleted.

Collection, processing and disclosure of personal data for orders
When placing an order, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order and for handling your inquiries. The provision of data is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. Processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR and is necessary for the performance of a contract with you.
Your data will be passed on, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transmission is limited to a minimum.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, an adequacy decision by the EU Commission is in place, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.

Advertising

Use of the email address for sending newsletters
We use your email address to send you information and offers via newsletter, provided you have expressly consented to this. Data processing serves exclusively the purpose of advertising. For this purpose, we process your email address and, if applicable, other data that you voluntarily provided when registering for our newsletter.
Processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR with your consent. You can revoke your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a so-called blacklist to prevent you from receiving newsletter emails from us in the future. This storage is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our and your legitimate interest in preventing the renewed use of your email address for sending our newsletter. You have the right to object at any time to this processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR for reasons arising from your particular situation.

Use of the email address for sending direct advertising
We use your email address, which we received in connection with the sale of a product or service, for the electronic transmission of advertising for our own goods or services that are similar to those you have already purchased from us, unless you have objected to this use. The provision of the email address is necessary for the conclusion of the contract. Failure to provide the email address means that no contract can be concluded. Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. The contact details for exercising the objection can be found in the imprint. You can also use the corresponding link in the advertising email. There will be no costs other than the transmission costs according to the basic rates.

Payment service providers

Use of PayPal Express
We use the payment service PayPal Express from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. Data processing serves the purpose of being able to offer you payment via the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when the website is accessed. Cookies may also be used for this purpose. The cookies enable the recognition of your browser.
The processing of your personal data is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of various payment methods. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.
By selecting and using PayPal Express, the data necessary for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Further information on data processing when using the PayPal Express payment service can be found in the associated privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS (http://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS).

Use of PayPal Check-Out
We use the payment service PayPal Check-Out from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. Data processing serves the purpose of being able to offer you payment via this payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data necessary for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR.

Cookies may be stored, which enable the recognition of your browser. The data processing thereby carried out is based on Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of various payment methods. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.

Credit card via PayPal, Direct Debit via PayPal & "Pay Later" via PayPal
For individual payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, and their calculation includes, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. Data processing serves the purpose of credit checking for initiating a contract. Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR by notifying PayPal for reasons arising from your particular situation. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide the data means that the contract cannot be concluded with the payment method you have chosen.

Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. To carry out this payment method, the data may then be forwarded by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Local third-party providers may include, for example:

- Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
Purchase on account via PayPal
When paying via the purchase on account payment method, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Ratepay may obtain a credit report based on mathematical-statistical procedures (probability or score values) using credit agencies, following the procedure already described above. Data processing serves the purpose of credit checking for initiating a contract. Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Ratepay makes advance payments. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ (https://www.ratepay.com/legal-payment-dataprivacy/) and https://www.ratepay.com/legal-payment-creditagencies/ (https://www.ratepay.com/legal-payment-creditagencies/).

Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full (https://www.paypal.com/de/webapps/mpp/ua/privacy-full).

Use of Shopify Payments We use the "Shopify Payments" payment service from Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Payment processing in this case is carried out by the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; "Stripe"). Data processing serves the purpose of being able to offer you payment via the Shopify Payments payment service. By selecting and using a corresponding "Shopify Payments" payment method, the data necessary for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Stripe reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, and their calculation includes, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. Data processing serves the purpose of credit checking for initiating a contract. Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Stripe makes advance payments. You have the right to object at any time to this processing of personal data concerning you based on Art. 6 Para. 1 lit. f GDPR by notifying Stripe for reasons arising from your particular situation. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide the data means that the contract cannot be concluded with the payment method you have chosen. Further information on data processing when using the Shopify Payments service can be found in Shopify's privacy policy at: https://www.shopify.com/de/legal/datenschutz (https://www.shopify.com/de/legal/datenschutz). Further information on data processing when payment is processed via the payment service provider Stripe can be found in Stripe's privacy policy at: https://stripe.com/de/privacy (https://stripe.com/de/privacy).

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. If a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data contained therein. Already stored cookies can be deleted at any time. However, we would like to point out that in this case, you may not be able to fully use all functions of this website.

You can find information on how to manage (including deactivating) cookies in the most important browsers via the following links:
Chrome: https://support.google.com/ilgili_bilgiler/answer/61416?hl=en (https://support.google.com/accounts/answer/61416?hl=de)
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09 (https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09)
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen (https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen)
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac (https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac)

Technically necessary cookies
Unless otherwise stated in the privacy policy below, we only use these technically necessary cookies to make our offer more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after a page change.

The use of cookies or comparable technologies is based on Section 25 (2) TDDDG. The processing of your personal data is based on Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer.
You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

Use of Complianz GDPR Cookie Consent
We use the Complianz GDPR Cookie Consent plugin from iubenda s.r.l (Via San Raffaele 1, 20121 Milan, Italy; "iubenda") on our website.
The plugin allows you to give consent for data processing via the website, in particular the setting of cookies, and to exercise your right of withdrawal for consents already given. The data processing serves the purpose of obtaining and documenting required consents for data processing and thus complying with legal obligations. Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to iubenda: uniquely identifiable ID, consent status. This data will not be passed on to other third parties.
Data processing is carried out to fulfill a legal obligation based on Art. 6 (1) (c) GDPR.
Further information on data protection can be found at: https://complianz.io/de/legal-deutsch/datenschutzerklaerung-von-complianz-shopify/ (https://complianz.io/de/legal-deutsch/datenschutzerklaerung-von-complianz-shopify/)

Analytics Advertising Tracking

Use of Shopify Statistics
We use the statistics and analysis functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of a data processing agreement. Shopify is an affiliated company of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and provided in reports, analyses and statistics. Among other things, the following device information is collected and processed: information about the web browser, the IP address, the time zone and some of the cookies installed on your device. When you navigate the website, information about visited web pages or products, the referrer URL (website from which you accessed our website), and information about how you interact with the website are also collected. Technologies such as cookies as well as web beacons, tags and pixels (electronic files to collect information about how you navigate the website) are used for this purpose.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the USA. For Canada, an adequacy decision by the EU Commission exists. For the USA, an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Privacy Framework (TADPF), is available. Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or comparable technologies is carried out with your consent based on Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent based on Art. 6 (1) (a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal.
You can find more information on data protection at Shopify at https://www.shopify.com/de/legal/datenschutz (https://www.shopify.com/de/legal/datenschutz), information on the data processing agreement at https://www.shopify.com/de/legal/dpa (https://www.shopify.com/de/legal/dpa) and information on the cookies used at https://www.shopify.com/de/legal/cookies (https://www.shopify.com/de/legal/cookies).

Use of Meta Pixel
We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website.
Meta and we are joint controllers for the collection of your data and its transfer to Meta when the service is integrated. This is based on an agreement between us and Meta on the joint processing of personal data, in which the respective responsibilities are defined. The agreement can be viewed at https://de-de.facebook.com/legal/terms/businesstools (https://de-de.facebook.com/legal/terms/businesstools). Accordingly, we are particularly responsible for fulfilling the information obligations according to Art. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling the data subject rights according to Art. 15 - 20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects Meta's obligations under the joint processing agreement.
The application serves the purpose of targeting website visitors with interest-based advertising on the social networks Facebook and Instagram. For this purpose, Meta's remarketing tag has been implemented on the website. This tag establishes a direct connection to Meta's servers when visiting the website. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads.
The application also serves the purpose of creating conversion statistics. In this way, we learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, as well as what actions were taken after being redirected to this website. However, we do not receive any information that allows users to be personally identified.
Your data may be transferred to the USA. For the USA, an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), is available. Meta has certified itself under the TADPF and has thus committed to comply with European data protection principles.
The processing of your personal data is carried out with your consent based on Art. 6 (1) (a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal.
You can deactivate the "Custom Audiences" remarketing function here. Further information on the collection and use of data by Meta, your rights in this regard and options for protecting your privacy can be found in Meta's privacy policy at https://www.facebook.com/about/privacy/ (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0).

Plugins and Other

Use of Google Translate
On our website, we use the translation service of
Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) via an API integration.
The data processing serves the purpose of displaying the information provided on the website in other languages. In order for the translation to be automatically displayed in your chosen national language, the browser you use connects to Google's servers. Cookies may be used for this purpose. Among other things, the following information may be collected and processed: IP address, URL of the visited page, date and time.
Your data may be transferred to the USA. For the USA, an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), is available. Google has certified itself under the TADPF and has thus committed to comply with European data protection principles.
The use of cookies or comparable technologies is based on your consent pursuant to Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data is based on your consent pursuant to Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal.
Further information on the collection and use of your data by Google can be found at: https://www.google.com/policies/privacy/ (https://www.google.com/policies/privacy/).
Data subject rights and storage period

Duration of storage
After complete contract processing, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law, retention periods and then deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: Right to information, to rectification, to erasure, to restriction of processing, to data portability.
In addition, you have a right to object under Art. 21 (1) GDPR to processing based on Art. 6 (1) (f) GDPR, as well as to processing for the purpose of direct marketing.

Right to lodge a complaint with the supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.

You can lodge a complaint, among others, with the supervisory authority responsible for us, which you can reach at the following contact details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart
Tel.: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de

Right to object
If the personal data processing listed here is based on our legitimate interest according to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation.
After a successful objection, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If personal data processing is carried out for direct marketing purposes, you can object to this processing at any time by notifying us. After a successful objection, we will stop processing the data concerned for direct marketing purposes.

Country/region

Language

Privacy Policy