Data protection declaration
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data in this context refers to all data that can be used to personally identify you.
1.2 The controller in charge for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is ePages GmbH, Pilatuspool 2, 20355 Hamburg, Deutschland, Tel.: +49-40-350 188-0, Fax: +49-40-350 188-222, E-Mail: nhess@epages.com. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
1.3 The controller has appointed a data protection officer who can be contacted as follows: ‘Nico Hess’
2) Data collection when you visit our website
2.1 If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the page server (so-called ‘server log files’). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
– Our visited website
– Date and time of access
– Amount of data sent in bytes
– Source/reference from which you came to the page
– Browser used
– Operating system used
– IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 (1) point f GDPR, on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller). You can recognise an encrypted connection by the character string ‘https://’ and the lock symbol in your browser line.
3) Hosting & content delivery network
We use a provider to host our website and display the page content. This provider provides its services itself or through selected subcontractors exclusively on servers within the European Union.
All data collected on our website is processed on these servers.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
4) Cookies
In order to make visiting our website more attractive and to enable the use of certain functions, we use cookies, which are small text files placed on your device. Some of these cookies are automatically deleted after closing the browser (so-called ‘session cookies’), while some of these cookies remain on your device for a longer period of time and enable the storage of page settings (so-called ‘persistent cookies’). In the latter case, you can see the storage period in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6 (1) point b GDPR, either for the execution of the contract or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contact
When you contact us (e.g. using a contact form or by email), personal data is collected. The data collected when you use a contact form can be seen from the contact form in question.
These data are stored and used solely for the purpose of answering your enquiry or for establishing contact and for the associated technical administration.
The legal basis for the processing of these data is our legitimate interest in
responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after the final processing of your enquiry. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified, provided that there are no legal storage obligations to the contrary.
6) Use of customer data for direct marketing
6.1 Registering for our email newsletter
If you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) point a GDPR. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later point in time. The data collected by us when registering for the newsletter will be used exclusively for the purpose of promotional address by means of the newsletter. You can cancel the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named above. After you have cancelled your subscription, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data in excess thereof, which is permitted by law and about which we inform you in this statement.
6.2 Brevo
Our e-mail newsletter is sent via this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we provide the data you provided when registering for the newsletter to this provider in accordance with Art. 6 para. 1 lit. f DSGVO so that the provider can take over the newsletter dispatch on our behalf.
Subject to your express consent in accordance with Art. 6 (1) point a GDPR, the provider also carries out a statistical analysis of the success of newsletter campaigns
by means of web beacons or tracking pixels in the e-mails sent, which can measure opening rates and specific interactions with the contents of the newsletter. In doing so, end device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded an order processing contract with the provider that protects the data of our site visitors and prohibits the transfer of this data to third parties.
7) Online marketing
AWIN Performance Advertising Network Affiliate
We participate in the affiliate programme of the following provider: AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany
In this context, we have placed links on our website that lead to offers on the provider’s or third-party websites (‘partner sites’).
To measure the success of an affiliate link, to analyse orders generated by such a link and to bill the corresponding commission payments, the provider uses cookies and/or comparable technologies that are generally set on the partner pages and for which we are not responsible under data protection law. In doing so, the provider also regularly processes the IP address and, if applicable, other end device information.
All of the processing described above, in particular the reading or storage of the information on the end device you are using, will only take place if you have given your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can withdraw your consent at any time with effect for the future by using the cookie consent management options on the partner pages.
8) Web analysis services
8.1 Google Analytics 4
This website uses Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’), which enables an analysis of your use of our website.
By default, Google Analytics 4 does not use cookies when you visit the website, unless you explicitly agree to cookies. Instead, information about your usage behaviour is collected and processed by means of so-called pings (small data packets that are sent to the host of a terminal device). This information also includes your IP address, which is, however, shortened by Google by the last digits in order to exclude a direct personal reference.
The information is transmitted to and processed by Google on their servers. In this context, transmissions to Google LLC based in the USA are also possible.
Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide other services relating to website and internet use. The abbreviated IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.
All the processing described above, including the transmission of data by ‘pings’ and the possible setting of Google Analytics cookies, will only take place if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service using the ‘Cookie Consent Tool’ provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of the data of our site visitors and prohibits unauthorised disclosure to third parties.
Further legal information about Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites.
Demographic characteristics
Google Analytics 4 uses the special function ‘demographic characteristics’ and can use it to create statistics that provide information about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and will be deleted after being stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have personalised ads enabled and have linked your devices to your Google Account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 (1) point a GDPR, analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis,
you can disable the ‘Personalised advertising’ function in your Google Account settings. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de. Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de.
UserIDs
As an extension to Google Analytics 4, the ‘UserIDs’ function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) point a GDPR, set up an account on this website and log in to this account on various devices, your activities, including conversions, can be analysed across devices.
For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
8.2 Google Tag Manager
This website uses ‘Google Tag Manager’, a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter:
‘Google”).
Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analysis services, and for calibrating, controlling and attaching conditions to them via a uniform user interface. Google Tag Manager itself does not store any information on user terminals or read it out. Nor does the service perform any independent data analyses. However, when you visit a page, Google Tag Manager transmits your IP address to Google, where it may be stored. It is also possible that it will be transmitted to Google LLC. servers in the United States.
This processing will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. Without this consent, Google Tag Manager will not be used when you visit our website. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service in the ‘Cookie Consent Tool’ provided on the website.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision by the European Commission.
Further legal information about Google Tag Manager can be found at https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de.
9) Retargeting/Remarketing and Conversion Tracking
9.1 Meta Pixel
Within our online offering, we use the ‘Meta Pixel’ service of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (‘Meta’)
If a user clicks on an advertisement placed by us on Facebook and/or Instagram, ‘Meta Pixel’ is used to add a parameter to the URL of our linked page. This URL parameter is then entered into the user’s browser after redirection by a cookie that our linked page itself sets.
This enables Meta, on the one hand, to determine the visitors to our online offering as a target group for the display of ads.
Accordingly, we use the service to display the Facebook and/or Instagram ads we have placed only to users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Meta (so-called ‘custom audiences’).
On the other hand, the ‘Meta Pixel’ can be used to track whether users have been redirected to our website after clicking on an advert and what actions they take there (so-called ‘conversion tracking’).
The data collected is anonymous to us, so we cannot use it to identify users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.
All the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the ‘Cookie Consent Tool’ provided on the website.
We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorised disclosure to third parties.
The information generated by Meta is usually transferred to a Meta server and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision by the European Commission.
9.2 LinkedIn Insight
This website uses retargeting technology from the following provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
This enables visitors to our website who have already shown an interest in our shop and our products to be targeted with personalised, interest-based advertising. The display of the advertising material is based on a cookie-based analysis of previous and current usage behaviour, but no personal data is stored. In the case of retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymised data about your interests and thus to customise the advertising to the stored information. These cookies are small text files that are stored on your computer or mobile device. This way, you are shown advertising that most likely matches your product and information interests.
All the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. Without this consent, retargeting technology will not be used during your visit to the website.
You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service in the ‘Cookie-Consent-Tool’ provided on the website.
9.3 TikTok Pixel
This website uses the conversion tracking technology of the following provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
If you have reached our website from an advertisement on the provider’s domain, cookies and/or comparable technologies (tracking pixels, web beacons, pings or HTTP requests) can be used to track the success of the advertisement.
For this purpose, certain end device and browser information, including, where applicable, your IP address, is read out via the tracking technology in order to record and evaluate user actions predefined by us (e.g. completed transactions, leads, search queries on the website, views of product pages). This enables us to create statistics about user behaviour on our website after being redirected from an advertisement, which we use to optimise our offer.
All of the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the ‘Cookie-Consent-Tool’ provided on the website.
We have concluded an order processing contract with the provider that ensures the protection of the data of our site visitors and prohibits unauthorised disclosure to third parties.
10) Site functionalities
10.1 Vimeo
This website uses plugins to display and play videos from the following provider: Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. In doing so, certain information, including your IP address, is transmitted to the provider.
If embedded videos are played via the plugin, the provider also uses cookies to collect information about user behaviour, to create playback statistics and to prevent abusive behaviour.
If you are logged into a user account with the provider while visiting the site, your data will be directly associated with your account when you click on a video. If you do not want the data to be associated with your account, you must log out before clicking the play button.
All the processing mentioned above, in particular the setting of cookies for reading information on the end device used, will only take place if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can withdraw the consent you have given at any time with effect for the future by deactivating this service using the ‘Cookie Consent Tool’ provided on the website.
For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
10.2 Google reCAPTCHA
On this website, we use the CAPTCHA service of the following provider: Google
Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data may also be transmitted to: Google LLC, USA. The provider uses ‘Google Fonts’, i.e. fonts downloaded from the internet by Google, for the visual design of the captcha window. No further information than that mentioned above, which is already transmitted to Google via the ReCaptcha functionality, is processed.
The service checks whether an input is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks and similar automated malicious access. To ensure that an action is being taken by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this to the provider’s server for evaluation. Cookies, i.e. small text files that are stored in the browser of the end device, may be used for this purpose.
If the processing described above is carried out on the basis of cookies, these are only set if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the ‘Cookie Consent Tool’ provided on the website.
If the processing operations described above are carried out without the use of cookies, the legal basis is our legitimate interest in determining individual responsibility on the Internet and avoiding abuse and spam in accordance with Art. 6 para. 1 lit. f DSGVO.
We have concluded an order processing contract with the provider that ensures the protection of the data of our site visitors and prohibits unauthorised disclosure to third parties.
For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
Further information about Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/
11) Tools and Miscellaneous
Cookie consent tool
This website uses a so-called ‘cookie consent tool’ to obtain effective user consent for cookies and cookie-based applications that require consent
Consent Tool’. The “Cookie Consent Tool” is displayed to users when they visit the site in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate boxes. When the tool is used, all cookies/services requiring consent are only loaded if the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only set on the respective user’s device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this process.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) point f GDPR, on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and, consequently, in a legally compliant design of our website.
Another legal basis for the processing is also Article 6(1)(c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorised disclosure to third parties.
Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
12) Rights of the data subject
12.1 The applicable data protection law grants you the following rights (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, whereby reference is made to the legal basis stated for the respective conditions of exercise:
Right of access according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to notification according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
– Right to revoke consent granted in accordance with Art. 7 (3) GDPR;
– Right to lodge a complaint in accordance with Art. 77 GDPR.
12.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING RESULT FROM YOUR PARTICULAR SITUATION, TO FILE AN OBJECTION TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
13) Duration of storage of personal data
The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of the processing and, if relevant, additionally on the basis of the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data on the basis of express consent in accordance with Art. 6 (1) point a GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that is processed in the context of legal or similar obligations on the basis of Art. 6 para. 1 lit. b DSGVO are processed, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of the contract and/or there is no longer any legitimate interest on our part in further storage.
When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until you exercise your right of objection under Art. 21 (1) GDPR, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or
defence of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) point f GDPR, this data is stored until you exercise your right of objection under Art. 21 (2) GDPR.
Unless otherwise provided in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
