Skip to content
 

Privacy policy

Data Protection Declaration

1) Information on the collection of personal data, and the data controller's contact details

1.1 We are glad that you are visiting our website and would like to thank you for the interest you have shown. The following information will tell you how we handle your personal data when you use our website. "Personal data" refers to all data by which you can be personally identified.

1.2 The data controller responsible for processing data on our website, as per the General Data Protection Regulation (GDPR), is air up GmbH, Bayerstrasse 69, 80335 Munich, Germany, tel. +49 (0)89 / 18 94 71 60, email: alex@air-up.com. The controller responsible for handling personal data is a natural person or legal entity that, on their own, or together with others, decides on the purposes and means for processing personal data.

1.3 The data controller has designated a data protection officer, who may be reached using the following contact details:

 Ms. Pia Bosseler
 Bayerstrasse 69
80335 Munich

 Tel.: +49 (0)89 / 18 94 71 60
 Email:
datenschutz@air-up.com

1.4 For security reasons, and in order to protect personal data and other confidential content (e.g. orders or requests sent to the data protection officer) sent, this website uses SSL/TLC encryption. An encrypted connection may be identified by the characters "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

When you use our website for information purposes only, i.e. when you do not register or send us other information, we only collect the data which your browser sends to our server (what are called server log files). When you access our website, we collect the following data, which we require for technical reasons in order to display our website to you:

  • Our website which you have visited
  • The date and time at which you accessed it
  • Volume of data sent (in bytes)
  • Point of origin/link from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (if relevant, anonymised)

Data processing is carried out as per Article 6, Section 1, Point f of the GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data will not be transmitted to third parties or used for other purposes. We do, however, reserve the right to check the server logfiles post factum, should there be specific indications of illegal use.

3) Hosting

Hosting using Shopify
 We use the shop system provided by Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify“) for the purpose of hosting and displaying the online shop, based on the relevant data being processed at our request. All the data collected on our website is processed on the Shopify servers. Shopify ensures, using appropriate technical and organisational measures, that the data is only processed within the EU/EEA. In respect of the theoretical possibility of the Canadian parent company, Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, accessing the data, the European Commission has adopted an adequacy decision for Canada, certifying that an adequate level of data protection is guaranteed. Further information on Shopify's data protection can be obtained at the following internet page: https://www.shopify.de/legal/datenschutz and here: https://help.shopify.com/de/manual/your-account/privacy/GDPR.

4) Cookies

We use what are called "cookies". Cookies are small text files which are stored on the end device used, and which are saved by the browser. Cookies are used for making what we offer user-friendlier, more effective and more secure. There are different kinds of cookies, which are used for different purposes.

Some cookies ensure that what we offer functions properly, and/or that, having registered successfully, you can be identified on your end device ("essential" cookies). By placing these essential cookies, we make it somewhat easier for you to visit what we have to offer, and to use the services available there. Other cookies are placed for the purpose of analysing your user preferences and thus to improve our offer ("advanced cookies").

We only place advanced cookies with your consent. When you visit what we have to offer for the first time, a pop-up window is displayed with an explanatory message about cookies. As soon as you click on the relevant "agree" button, you consent to us using the relevant cookies selected, which are described in the relevant pop-up window and in this Data Protection Declaration.

You can configure your browser so that you are notified when cookies are being placed, and only allow cookies on a case-by-case basis, accept cookies for particular purposes, or exclude them in general, as well as activating the automatic deletion of cookies when you close the browser. We would point out that, if cookies are deactivated, this may limit the functionality of this website.

Insofar as personal data is processed when "essential" cookies are used, this is done on the legal basis as per Article 6, Section 1, Clause 1, Letter f of the GDPR, on account of a legitimate interest in ensuring quality, and in the interests of the web page displaying without any technical impediment. The processing of personal data when using what are called "advanced" cookies is based on your consent (legal basis: Article 6, Section 1, Clause 1, Letter a of the GDPR). Please bear in mind that not accepting cookies may affect the functionality of our website.

5) Getting in contact

If you get in contact with us (e.g. using the contact form or by email), personal details will be collected. In the case of a contact form, the data collected will be apparent from the contact form in question. This data will only be stored and used for the purpose of responding to your request and/or for making contact, and associated technical administration work. If you make contact with us with a view to concluding a contract, this represents an additional legal basis for data processing as per Article 6, Section 1, Letter b of the GDPR. Otherwise, the legal basis is as per Article 6, Section 1, Letter a of the GDPR. Once your request has been dealt with, your data will be deleted. This is the case if, based on the circumstances, it may be concluded that the relevant matter has been dealt with, and thus there is no legal requirement to retain the data.

6) Data processing in the case of opening a customer account and for processing a contract

As per Article 6, Section 1, Letter b of GDPR, further personal data will be collected and processed, if you send this to us for the purpose of implementing a contract, or when opening a customer account. The data being collected will be cleared from the relevant submission form. You may delete your customer account at any time, and can do so by means of a message sent to the data controller's address above. We store and use the data you send us for the purpose of processing the contract. Once we have fully processed a contract, or have deleted your customer account, your data is retained, bearing in mind statutory fiscal and commerce law retention periods, and then deleted after these have expired, unless you have expressly given your consent for the further use of your data, or if, on our page, we have reserved the right to the further use of your data within the bounds of the law.

7) Use of your data for the purpose of direct marketing

7.1 Registering to receive our email newsletter

If you register to receive our email newsletter, we will regularly send you information on our offers. Your email address is all you need to provide in order to receive the newsletter. You have the option to provide additional data, allowing us to address the newsletter to you personally. For the purposes of sending out the newsletter we use what is called the double opt-in procedure. This means that we only send you an email newsletter, if you have expressly confirmed that you agree to receive the newsletter. We then send you a confirmation email which asks you to click on the relevant link, in order to confirm that you would like to receive the newsletter in future.

By activating the confirmation link, you give us your consent to use your personal data as per Article 6, Section 1, Letter a of the GDPR. When you register for the newsletter, we save the IP address specified by the internet service-provider (ISP), as well as the date and time when you registered, in order to be able to detect if someone else were to potentially misuse your email address at a later point in time. The data we collect from you when you register to receive the newsletter is only used for the purposes of targeted advertising in the form of the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter, or by means of a message sent to the designated data controller. As soon as you unsubscribe, your email address will immediately be deleted from our email distribution list, unless you have expressly consented to the further use of your data, or unless we have reserved the right to the further use of your data, within the bounds of the law, in which case we will have notified you in the present Declaration.

7.2 Sending the email newsletter out to existing customers

If, when purchasing goods or services from us, you have provided us with your email address, we reserve the right to send you regular offers by email in respect of products and services in our range similar to those you have already purchased. To this end we have to obtain consent from you as per Paragraph 7, Section 3 of the German Fair Trade Practices Act (UWG). In this case, data processing is based solely on our legitimate interest in personalised direct marketing as per Article 6, Section 1, Letter f of the GDPR. If, at the start, you did not consent to your email address being used for this purpose, the mailing will not be sent out from our side. You are entitled, at any time, to withdraw consent for future use of your email address for the purpose previously stated, by notifying the data controller designated at the start. The only cost to you will be the cost of sending the message, based on the basic rates. Once we have received notification that you have withdrawn consent, the use of your email address for marketing purposes will cease immediately.

7.3 Newsletter sent out using Klaviyo
 Our email newsletter is sent out using the technical service provider, Klaviyo, Inc., 125 Summer St, Floor 6 Boston, MA 02111 United States (https://www.klaviyo.com/), to whom we send the data you provided when you registered to receive the newsletter. This data is transmitted to a third party as per Article 6, Section 1, Letter f of the GDPR, and serves our legitimate interest in the use of a promotionally effective, secure and user-friendly newsletter system.
Klaviyo uses this information for the purposes of sending out the newsletter, and, at our request, for statistical assessment of the newsletter. For assessment purposes, the emails sent out contain what are called web beacons and/or tracking pixels, which represent single-pixel image files saved on our website. This allows us to ascertain whether a newsletter message has been opened, and, if relevant, which links have been clicked on. Using web beacons Klaviyo compiles automated general statistics, not related to specific persons, on the response to newsletter campaigns. Based on our legitimate interest in statistical assessment of newsletter campaigns, for the purposes of optimising of marketing communication and improved focus on the interests of the target audience, data relating to the relevant recipient of the newsletter, as per Article 6, Section 1, Letter f of the GDPR, is collected using web beacons (email address, time accessed, IP address, browser type and operating system), and assessed. This data can be traced to an individual recipient of the newsletter, and is processed by Klaviyo in order to compile automated statistics, ascertaining whether a given recipient opened the newsletter email.
If you wish to deactivate data analysis carried out for the purposes of statistical assessment, you will have to unsubscribe to the newsletter.
Klaviyo may, itself, also use this data as per Article 6, Section 1, Letter f of the GDPR, based on its legitimate interest in arranging and optimising the service based on customer needs, as well as for market research purposes, in order to determine recipients' countries of origin. Klaviyo does not, however, use the data of those who receive our newsletter in order write to them, or in order to pass it on to third parties.
For the purpose of protecting your data in the USA, we have signed a data processing agreement with Klaviyo, based on the European Commission standard contract clause, in order to allow your personal data to be sent to Klaviyo. If you are interested, this data processing contract may viewed here. Please bear in mind that, as a rule, your data will be sent to the Klaviyo server in the USA, and stored there. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause. You can view Klaviyo's data protection policy here.

 

7.4 WhatsApp newsletter

If you register for our WhatsApp newsletter, we will send you regular information on our offers via WhatsApp. The only thing you need to provide, in order to receive the newsletter, is your mobile phone number.

In order to receive the newsletter, you need to save the mobile phone number we send you in the contacts address book on your phone, and message us the word, "Start," via WhatsApp. By sending us this WhatsApp message, you give us your consent to use your personal data as per Article 6, Section 1, Letter a of the GDPR for the purpose of sending out the newsletter. We will then include you in our newsletter distribution list.

The data we collect from you when you register to receive the newsletter is only processed for the purposes of targeted advertising in the form of the newsletter. You can unsubscribe from the newsletter at any time by messaging us the word, "Stop," via WhatsApp. As soon as you unsubscribe, your mobile number will immediately be deleted from our newsletter distribution list, unless you have expressly consented to the further use of your data, or unless we have reserved the right to the further use of your data, within the bounds of the law, in which case we will have notified you in the present Declaration.

Please note that WhatsApp obtains access to the address book on the mobile phone we use to send out the newsletter, and the phone numbers saved in the address book are automatically sent to a Facebook server in the USA. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

In order to send out our WhatsApp newsletter, we therefore use a mobile phone with an address book which only contains the WhatsApp contact details for those receiving our newsletter. This ensures that every person whose WhatsApp contact details are saved in our address book has already accepted the WhatsApp Conditions of Use, doing so when they first used the app on their device, and has thus already given consent for their WhatsApp telephone number to be sent from their address books of chat contacts, as per Article 6, Section 1, Letter a of the GDPR. The transmission of data belonging to users that do not use WhatsApp and/or that have not contacted us via WhatsApp is thus excluded.

The purpose and scope of data collection, and subsequent processing and use of the data by WhatsApp, as well as your associated rights and configuration options, with a view to protecting your privacy, may be found in WhatsApp's data protection information at: https://www.whatsapp.com/legal/?eea=1#privacy-policy

7.5 Advertising by surface mail

Based on our legitimate interest in personalised direct marketing, we reserve the right to store your given name and family name, your address and - insofar as we have received this additional information from you during the course of concluding the contract - your title, academic title, your year of birth, and your profession/field/line of business, as per Article 6, Section 1, Letter f of the GDPR, and to use them for the purpose of sending you interesting offers and information about our products by surface mail.

You can, at any time, withdraw your consent to us storing and using your data for this purpose by sending a relevant message to the data controller.

7.6 - CleverPush
 You can register to receive our push notifications. For sending out our push notifications we use the "CleverPush" service, operated by CleverPush UG (limited liability), Tondernstrasse 1, 22049 Hamburg, Germany ("CleverPush“). Via our push notifications you will receive regular information on the goods we have to offer.
To register you have to confirm the query from your browser in respect of receiving such notifications. This process is documented and stored by CleverPush. This includes storing the time you registered for this service, as well as your browser ID and/or your device ID. This data has to be collected, so that, in the case of misuse, we are able track the processes, and this is therefore for the purpose of our legal protection. In order to be able to show you push notifications, CleverPush collects and processes, at our request, your browser ID and, in the case of access via a mobile phone, your device ID.
 By subscribing to our push notifications, you agree to receive them. The legal basis for processing your data after you have registered for our push notifications is the consent you have given as per Article 6, Section 1, Letter a of the GDPR.
CleverPush also assesses the statistics relating to our push notifications. Thus, Cleverpush can tell whether and when our push notifications are displayed and clicked on by you.
 You may, at any time, with effect for the future, withdraw your consent to us storing and using your personal data in order to receive our push notifications, and the collection of data for statistical purposes. In order to withdraw your consent, you can alter the relevant setting in your browser for receiving push notifications. Insofar as you are using our push notifications on a desktop PC with the Windows operating system, you can also unsubscribe from our push notifications by right-clicking on the relevant push notification in the settings there.
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Thus, your data is stored for as along as the subscription for our push notifications is active. There is detailed explanation of the signing-out process at the following link: https://cleverpush.com/faq

7.7 Notification by email that a given product is available

Insofar as we offer the option, in our online shop, of receiving notification by email that a given selected item, which was temporarily unavailable, has now become available, you have the option of registering for our product availability email notification service. If you register for our product availability email notification service, we will send you a one-time message via email that the relevant item you selected is available. Your email address is all you need to provide in order to receive the notification. You have the option to provide additional data, allowing us to address the notification to you personally. For the purposes of sending out the notification we use what is called the double opt-in procedure. This means that we will only send you the relevant notification, if you have expressly confirmed that you agree to receive this type of notification. We will then send you a confirmation email which will ask you to click on the relevant link, in order to confirm that you would like to receive this type of notification in future.

By activating the confirmation link, you give us your consent to use your personal data as per Article 6, Section 1, Letter a of the GDPR. When you register for our product availability email notification service, we save the IP address specified by the internet service-provider (ISP), as well as the date and time when you registered, in order to be able to detect if someone else were to potentially misuse your email address at a later point in time. The data collected by use when you register for our product availability email notification service is used exclusively for the purpose of informing you of the availability of a specific item in our online shop. You can unsubscribe from the product availability email notification service at any time by sending a relevant message to the data controller specified initially. As soon as you unsubscribe, your email address will immediately be deleted from our relevant email distribution list, unless you have expressly consented to the further use of your data, or unless we have reserved the right to the further use of your data, within the bounds of the law, in which case we will have notified you in the present Declaration.

7.8 Mobile Message Service

Your use of the mobile message service (the "Service") constitutes your agreement to the terms and conditions under this Section 7.8 (“Mobile Terms”). We may modify or cancel the Service or any of its features without notice. To the extent permitted by applicable law, we may also modify these Mobile Terms at any time and your continued use of the Service following the effective date of any such changes shall constitute your acceptance of such changes.

We do not charge for the Service, but you are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message and data rates may apply.

Text messages may be sent using an automatic telephone dialing system or other technology. Your consent to receive autodialed marketing text messages is not required as a condition of purchasing any goods or services. If you have opted in, the Service provides [ updates, alerts, and information (e.g., order updates, account alerts, etc.)][ promotions, specials, and other marketing offers (e.g., cart reminders)] from air up via text messages through your wireless provider to the mobile number you provided. Message frequency varies. Text the single keyword command STOP to +44 7479 273897 to cancel at any time. You'll receive a one-time opt-out confirmation text message. If you have subscribed to other air up mobile message programs and wish to cancel, except where applicable law requires otherwise, you will need to opt out separately from those programs by following the instructions provided in their respective mobile terms. For Service support or assistance, text HELP to +44 7479 273897 or reach out to our customer support team via the following form “https://support.air-up.com/en/support/tickets/new".

We may change any short code or telephone number we use to operate the Service at any time and will notify you of these changes. You acknowledge that any messages, including any STOP or HELP requests, you send to a short code or telephone number we have changed may not be received and we will not be responsible for honoring requests made in such messages.

The wireless carriers supported by the Service are not liable for delayed or undelivered messages. You agree to provide us with a valid mobile number. You agree to maintain accurate, complete, and up-to-date information with us related to your receipt of messages.

You agree to indemnify, defend, and hold us harmless from any third-party claims, liability, damages or costs arising from your use of the Service or from you providing us with a phone number that is not your own.

To the extent permitted by applicable law, you agree that we will not be liable for failed, delayed, or misdirected delivery of any information sent through the Service, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.

7.9 Qualtrics XM

We use experience management software from qualtrics XM, 10 York Road, Waterloo, London SE1 7ND, England (“qualtrics XM”).

We use qualtrics XM to create and share surveys and other feedback mechanisms. In this way, we receive direct feedback from consumers about the air up brand.

To this end, the feedback given is passed on to qualtrics XM, in accordance with data protection legislation, so that qualtrics XM can operate the service.

When qualtrics XM is used to collect feedback from consumers via the air up website, a script is run through Google Tag Manager that allows qualtrics XM contents to be served only to certain individuals (e.g. returning rather vs. new customers). Via this script, data is transferred to qualtrics XM, where it is stored and available for analysis. If feedback is collected via a direct link to a questionnaire, qualtrics XM stores the data on its servers without incorporating additional services. If further services (e.g. a CRM system) are used to distribute these links, pseudonymised data can also be passed on to qualtrics XM via a URL addition (as “embedded data”).

For this purpose, to enable you to use our experience management software, we will share your personal data (depending on the purpose: customer ID, current and past order details, responses given, website language, website usage details) in an encrypted, pseudonymised form with qualtrics XM. The software transmits data to us so that we can analyse feedback provided by consumers and improve our services accordingly.

Data processing is voluntary and only with your express consent, in accordance with Art. 6 (1) sentence (1) a) GDPR.

You can revoke your consent for the future at any time. (opt-out link) For further details on how qualtrics XM processes your personal data, please refer to the following link in the privacy policy of qualtrics XM: https://www.qualtrics.com/privacy-statement/.

qualtrics XM places cookies in your browser when you take part in a survey; these cookies are basically there to record the survey history, so that surveys cannot be taken more than once or the survey can be resumed at a certain point after an interruption, for example. A detailed list of potentially used cookies can be found here: https://www.qualtrics.com/support/survey-platform/getting-started/browser-cookies/?rid=ip&prevsite=de&newsite=uk&geo=DE&geomatch=uk#About

 7.10 Usercentrics

We use the Usercentrics consent management service provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This allows us to obtain and manage the consent of website users for data processing. This processing is necessary in order to meet a legal obligation (Art. 7 (1) GDPR) which we are bound by (Art. 6 (1) (c) GDPR). The following data is processed for this purpose:

Date and time of access, browser information, device information, geographic location, cookie preferences, URL of the page visited

The functionality of the website cannot be guaranteed without this processing. Usercentrics is a recipient of your personal data and acts as a processor on our behalf. Processing takes place in the European Union. For more information about opting out and removal options with respect to Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/.

The data will be deleted after 3 years.


8) Data processing for the purposes of processing an order

8.1 In order to process your order, we work in partnership with the following service provider(s) who support us entirely or in part as we implement the contracts we have concluded. Certain personal data is passed on to these service providers, as stated below.

In the context of processing your order, the personal data we collect is passed on to shipment companies tasked with delivery, insofar as this is required for the purposes of delivering the goods. In the context of processing payment, we send your payment details to the credit institution we are using, insofar as this is necessary for processing the payment. Insofar as payment service providers are used, we will explicitly notify you of this below. The legal basis for passing on data is Article 6, Section 1, Letter b of the GDPR.

8.2 Use of payment service providers (payment services)

- Amazon Pay
 When the "Amazon Pay" option is selected as the form of payment, payment is made via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (henceforth: "Amazon Payments"), to which we pass on the information you have shared with us in the context of the order process, along with the information regarding your order as per Article 6, Section 1, Letter b of the GDPR. Your data is shared, exclusively for the purpose of processing the payment, with the payment service provider, Amazon Payments, and only insofar as this is required for this purpose. At the following internet address you can obtain further information on the data protection stipulations for Amazon Payments: https://pay.amazon.com/de/help/201751600
- Apple Pay
 if you opt for "Apply Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, then payment will be processed via the "Apple Pay“ function on your end device, operated using iOS, watchOS or macOS, by charging a payment card saved on "Apply Pay". This will involve Apply Pay using security functions which are integrated into the hardware and software for your device, in order to protect your transactions. In order to approve a payment you will need to enter a code you have set previously, and to obtain verification of your identity using the "Face ID" or "Touch ID" function on your end device.
For the purpose of processing the payment, your information, which was shared during the course of the payment procedure, along with the information regarding the order, will be passed on to Apple in encrypted form. Apple then re-encrypts this information using a developer-specific key before the data is sent to the relevant payment service provider (for the payment card saved on Apple Pay) for the purpose of carrying out the payment. The encryption ensures that only the website via which the purchase was actioned is able to access the payment details. Once the payment has been actioned, Apple will send your device account number and a transaction-specific, dynamic security code to the original website to confirm that payment has been made successfully.
Insofar as personal data has been processed during the course of the data transfers described, the data is processed exclusively for the purpose of processing the payment as per Article 6, Section 1, Letter b of the GDPR.
Apple saves anonymised transaction data, including the approximate purchase amount, the approximate date and the approximate time, as well as specifying whether the transaction was completed successfully. Due to anonymisation, personal identification is completely excluded. Apple uses the anonymised data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on the iPhone or Apple Watch to complete a purchase you have actioned via Safari or on the Mac, then the Mac and the authorisation device communicate with one another via an encrypted channel on the Apple servers. Apple does not process or save any of this information in a format which would make it possible to identify you. You can deactivate the option of using Apple Pay on your Mac in the settings on your iPhone. Go to "Wallet & Apple Pay", and deactivate "Allow payments on Mac".
You can find further information on data protection for Apple Pay at the following internet address: https://support.apple.com/de-de/HT203027
- Google Pay
 If you opt for payment by "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google“), payment will be processed via the "Google Pay" application on your end device, as long it operates using at least version 4.4 of Android ("KitKat") and is available via an NFC function, by charging a payment card registered with Google Pay or using a form of payment verified there (e.g. PayPal). In order to approve a payment via Google Pay of more than € 25, you will need to unlock your mobile end device using the relevant form of verification (face recognition, password, fingerprint or pattern).
For the purpose of processing the payment, your information, which was shared during the course of the payment procedure, along with the information regarding the order, will be passed on to Google. Google then passes on your payment information, stored on Google Pay, to the original website in the form of a one-time transaction number. This is used to verify that payment has been successful. This transaction number does not contain any information on the real payment details for your means of payment stored on Google Pay, but is generated and sent as a one-time numeric token. In the case of all transactions via Google Pay, Google only acts as a mediator for processing the payment. This is completed as a transaction, involving only the user and the original website, by charging the means of payment stored on Google Pay.
 Insofar as personal data is processed during the course of the data transfer described, this occurs solely for the purpose of processing the payment as per Article 6, Section 1, Letter b of the GDPR.
Google reserves the right, in the case of every payment actioned using Google Pay, to collect, save and assess certain information specific to the payment process. This information includes the date, time and amount of the transaction, the location and a description of the trader, a description, provided by the trader, of the products or services being purchased, photos which you have appended to the transaction, the name and email address of the seller and buyer (or, alternatively, the sender and recipient), the method of payment used, your description of the reason for the transaction and, if relevant, the offer associated with the transaction.
According to Google, this data processing is performed exclusively in accordance with Article 6, Section 1, Letter f of the GDPR, on the basis of a legitimate interest in orderly invoicing, verification of details of the procedure, and optimising and maintaining functionality of the Google Pay service.
Moreover, Google reserves the right to combine the processed data relating to the procedure with other information collected and saved by Google in connection with the use of other Google services.
The conditions of use for Google Pay may be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
 You can find more information on data protection for Google Pay at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
 When you select the Klarna payment service, payment is processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (henceforth, "Klarna“). In order to make it possible for the payment to be processed, your personal details (given name and family name, street, house number, postcode, postal town, gender, email address, telephone number and IP address), as well as data relating to the order (e.g. invoice sum, items, form of delivery), are passed on to Klarna for the purpose of verifying your identity and performing a credit check, insofar as you have expressly given your consent during the course of the order process as per Article 6, Section 1, Letter a of the GDPR. This is where you can see which credit agencies your data may be passed on to:
 https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
 The credit check may contain probability values (what are called score values). Insofar as score values are fed into the credit check result, they are based on a scientifically accepted mathematical/statistical process. One element, but not the only one, fed into the score value calculation is address data. The information obtained on the statistical probability of payment default is used by Klarna for weighing up a decision on creating, implementing or terminating a contractual relationship.
You can, at any time, withdraw your consent by sending a message to the data controller or to Klarna. However, where relevant, Klarna remains entitled to process your personal details, insofar as this is required for processing payment as per the contract.
Your personal details are handled in accordance with the data protection stipulations and in line with what is stated in Klarna's data protection policy for residents of Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
 or, if relevant, for residents of Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
.
 - Paypal
 In the case of payment using PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "payment on invoice" or "payment in instalments" via PayPal, as part of the payment process, we will pass your payment details on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg (henceforth, "PayPal"). Your details will be passed on as per Article 6, Section 1, Letter b of the GDPR, and only insofar as this is required for processing the payment.
PayPal reserves the right to carry out a credit check in the case of payment by credit card via PayPal, direct debit via PayPal or - if offered - "payment on invoice" or "payment in instalments" via PayPal. To this end payment details will, if relevant, be passed on to credit agencies, as per Article 6, Section 1, Letter f of the GDPR, on the basis of PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of default with a view to deciding on whether or not to offer a given method of payment. The credit check may also contain probability values (what are called score values). Insofar as score values are fed into the credit check result, they are based on a scientifically accepted mathematical/statistical process. One element, but not the only one, fed into the score value calculation is address data. You can find more information on data protection, including credit agencies used, in PayPal's data protection declaration at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
 You may, at any time, refuse for your data to be processed in this way by sending a message to PayPal. If this is the case, PayPal nevertheless remains entitled to process your personal data insofar as this is required in order to process payment in accordance with the contract.
 - Shopify Payments
 We use the payment service provider, "Shopify Payments“, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you opt for a mode of payment using the payment service provider "Shopify Payments", then payment will be processed via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will pass on the information shared during the order process, along with information relating to your order (name, address, account number, sort code, credit card number (if relevant), invoice sum, currency and transaction number), as per Article 6, Section 1, Letter b of the GDPR. Your data is passed on exclusively for the purpose of processing the payment with Stripe Payments Europe Ltd. and only insofar as this is necessary. You can find more detailed information data protection for Shopify Payments at the following internet address: https://www.shopify.com/legal/privacy.
 Legal information on data protection relating to Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
- SOFORT
 When you select SOFORT as the payment method, the payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (henceforth, "SOFORT"), to which we pass on the information shared during the course of the order process, along with information on your order, as per Article 6, Section 1, Letter b of the GDPR. Sofort GmbH forms part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is shared, exclusively for the purpose of processing the payment, with the payment service provider, SOFORT, and only insofar as this is required for this purpose. At the following internet address you can obtain more information on SOFORT's data protection stipulations: https://www.klarna.com/sofort/datenschutz

9) Making contact with you to remind you to leave a review

We send out our own reminder for you to leave a review (this is not sent out via a customer review system)
 We use your email address to send out a one-time reminder to leave a review of your order on the review system we use, as long as, for this purpose, during or after your order, you have expressly given your consent as per Article 6, Section 1, Letter a of the GDPR.
 You may withdraw your consent at any time by sending a message to the data controller.

10) Online marketing

10.1 Facebook Pixel for creating Custom Audiences with enhanced data matching
 Our online presence uses what is called "Facebook Pixel" from the social network Facebook in the form of enhanced data matching, operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook“).
 Based on having obtained their express consent, if a user clicks on a web ad featured by us and shown in Facebook, Facebook Pixel appends a suffix to the URL of our linked page. Once the user has been redirected in the browser, this URL parameter is then registered by means of a cookie placed by our linked page. In addition, this cookie collects specific customer data such as, for example, the email address, which we collect on our website linked to the Facebook ad during processes such as purchases, applications to open an account or registrations (extended data matching). The cookie is then read by Facebook Pixel, and this allows the data, including the specific customer details, to be forwarded to Facebook. The information generated by Facebook is, as a rule, transferred to a Facebook server, and saved there, whereby data may be sent to servers belonging to Facebook Inc. in the USA. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.
Using Facebook Pixel with enhanced data matching, Facebook is able to precisely determine who has visited our online presence, creating a target group to be shown ads (what are called "Facebook ads"). Thus, we use Facebook Pixel with enhanced data matching so that we only show our Facebook ads to those Facebook users who have also shown an interest in our online presence, or who meet various criteria (e.g. interest in particular topics or products, determined by websites they have visited) we have communicated to Facebook (what are called "custom audiences"). Using Facebook Pixel with extended data matching we also want to ensure that our Facebook Ads match users' potential interests, and are not annoying. This allows us to assess the effectiveness of Facebook ads for the purposes of statistics and market research by understanding whether users were redirected to our site having clicked on a Facebook ad (what is called "conversion"). Compared to the standard version of Facebook Pixel, the enhanced data matching function helps us to better measure the effectiveness of our advertising campaigns by detecting more assigned conversions.
All data passed on is stored and processed by Facebook, so it can be traced to a given user profile, and Facebook can use the data for its own advertising purposes in line with the Facebook guidelines on the use of data (https://www.facebook.com/about/privacy/). The data in question can allow Facebook and its partners to show ads on Facebook and beyond.
This data processing occurs exclusively in the case of you giving your express consent, as per Article 6, Section 1, Letter a of the GDPR. You can withdraw your consent at any time by deactivating Facebook Pixel tracking. To this end, by clicking on the following link, you can place an opt-out cookie, which deactivates Facebook Pixel tracking:
 Deactivate Facebook Pixel
 This opt-out cookie only functions in this browser and only for this domain. If you deleted your cookies in this browser, you will need to click on the link above again.

10.2 Use of Google Ads Conversion Tracking

This website uses the online "Google Ads" advertising program, and, in connection with Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google“). We use what Google Ads have to offer, using these marketing tools (what are called Google Adwords) to draw attention, on external webpages, to our appealing offers. The data from the advertising campaigns allows us to determine how successful individual advertising activities have been. Thus, we are motivated by a desire to show you advertising which you are interested in, to present our website in a way which is more interesting for you, and to achieve fair calculation of the advertising costs payable.

The cookie for conversion tracking is placed, if a user clicks on one of the ads displayed by Google. Cookies are small text files which are saved on your end device. As a rule, these cookies expire after 30 days and cannot be used to identify someone personally. If the user visits particular pages on this website, and if the cookie has not expired, Google and we can tell that the user has clicked on the ad, and has been forwarded to this page. Each Google Ads customer gets a different cookie. So cookies cannot be traced via the websites of Google Ads customers. The information gathered using the conversion cookie serves the purpose of compiling statistics for Google Ads customers who have chosen conversion tracking. Customers can see the total number of users who have clicked on their ad, and have been forwarded to a page featuring a conversion tracking tag. However, they do not receive any information which would allow users to be personally identified. If you don't want to take part in tracking, you can block this use by deactivating the Google conversion tracking cookie via your internet browser using the key word "user settings". Then you will not be included in the conversion tracking statistics. We only place Google Ads with your consent as per Article, Section 1, Letter a of the GDPR. In connection with using Google Ads, it is possible that your personal data may be sent to the Google LLC. servers in the USA. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

At the following internet address you can obtain more information on Google's data protection policy: https://www.google.de/policies/privacy/

You can permanently deactivate cookies relating to ad preferences by blocking these using the relevant setting in your browser software, or by downloading and installing the browser plug-in available at the following link:
https://www.google.com/settings/ads/plugin?hl=de

Please note that it may not be possible to use some functions on this website, or their use may be limited, if you deactivate the use of cookies.

Insofar as this is a legal requirement, we have obtained your consent for processing your data, as described above in accordance with Article 6, Section 1, Letter a of the GDPR. You may, at any time, withdraw the consent you have granted with future effect. In order to exercise your right to withdraw consent, please follow the procedure for filing your objection set out above.

10.3 Google Marketing Platform

This webpage uses the online marketing tool, Google Marketing Platform, operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").

GMP places cookies in order to show users relevant ads, to improve reports on campaign performance, or to avoid a user seeing the same ads several times. Using a cookie ID, Google finds out which ads have been displayed in which browsers, and so can avoid these being displayed more than once. The data is processed based on your consent as per Article 6, Section 1, Letter a of the GDPR.

Moreover, GMF can, using cookie IDs, also register what are called conversions, which relate to enquiries in respect of the ad. This is the case, if a user sees a GMP ad, and later, using the same browser, accesses the advertiser's website and, via the website, makes a purchase. According to Google, the GMP cookies do not contain any person-related information.

Based on the marketing tools used, your browser automatically sets up a direct connection with the Google server. We do not have any influence on the volume and further use of data collected by Google using this tool, and therefore hereby inform you of what we know: by embedding GMP, Google obtains the information that you have accessed the relevant part of our internet presence, or have clicked on one of our ads. As long as you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google, or have not logged it, there is a possibility of your provider finding out and saving your IP address. In connection with using GMP, it is possible that your personal data may be sent to the Google LLC. servers in the USA. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

If you do not wish to take part in this tracking process, you can deactivate cookies for conversion tracking by configuring your browser so that cookies from the www.googleadservices.com domain are blocked (see https://www.google.de/settings/ads). This setting is cleared if you deactivate your cookies. Alternatively, you can find out about the placing of cookies from the Digital Advertising Alliance at www.aboutads.info, and configure your settings accordingly. Finally, you can configure your browser so that you are notified when cookies are being placed, and only accept cookies on a case-by-case basis, or exclude cookies being placed in particular cases or in general. If you do not accept cookies, the functionality of our website may be impaired.

At the following internet address you can obtain more information on Google's data protection policy: https://www.google.de/policies/privacy/

Insofar as this is a legal requirement, we have obtained your consent for processing your data, as described above in accordance with Article 6, Section 1, Letter a of the GDPR. You may, at any time, withdraw the consent you have granted with future effect. In order to exercise your right to withdraw consent, please follow the procedure for filing your objection set out above.

10.4 Taboola

Our website uses technologies from Taboola Inc. (1115 Broadway, 7th Floor, New York, NY 10010, USA). Taboola uses cookies to determine what content you use and which of our sites you visit.
To allow us to track users, the Taboola pixel has been implemented on our website. The pixel tracks activity only on an anonymous basis and does not track or collect any personally identifiable information.
Taboola collects the following user information using cookies:

  • the user’s operating system,
  • web pages/content accessed on our web pages,
  • referrer/link via which the user accessed our website,
  • time and number of website accesses,
  • location information (city and state),
  • IP addresses in abbreviated form.

Further information about Taboola and the possibility to deactivate the Taboola cookie can be found here: https://www.taboola.com/privacy-policy

10.5 Clerk.io

Some product recommendation emails (newsletters) are sent out using the technical service provider Clerk.io ApS, Kigkurren 8G, 2. sal 2300 Copenhagen, Denmark, www.clerk.io, to whom we send the data you provided when you registered to receive the newsletter. This data is transmitted to this third party as per Article 6, Section 1, Letter f of the GDPR, and serves our legitimate interest in the use of a promotionally effective, secure and user-friendly newsletter system. When you register to receive product recommendations you also give consent pursuant to Article 6, Section 1, Letter a of the GDPR to share the following customer data related to:

  • Customer email address.
  • The pages a customer visits.             
  • The content a customer sees via Clerk.io.
  • The clicks on content via Clerk.io.   
  • The products in the orders a customer placed (if any).

clerk.io uses this information for the purposes of providing personalized product recommendations and, at our request, for statistical assessments and analytics.
If you wish to deactivate recommendations data analysis carried out for the purposes of statistical assessment, you will have to unsubscribe to the email newsletter.

11) Web analysis services

Google (Universal) Analytics

Google (Universal) Analytics with Google Signals
 This website uses Google (Universal) Analytics, a web analysis service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses what are called "cookies", which are text files that are saved on your computer, and allow use of the website to be analysed. The information on the use of this website (included the abbreviated IP address) generated by the cookie, is, as a rule, sent to a Google server and saved there. In this connection, it is possible that the information will be sent to the servers at Google LLC. in the USA.
This website uses Google (Universal) Analytics exclusively with the "_anonymizeIp()" extension, ensuring that the IP address is anonymised, and excluding the possibility of it being directly linked to a particular individual. The extension means that Google previously shortens the IP address within the European Union and European Economic Area. In exceptional cases only, the full IP address will be sent to a Google LLC. server in the USA, and shortened there. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.
 At our request, Google uses this information to assess your use of the website, in order to produce reports on website activity, and to provide additional services for us, related to the use of the website and of the internet. The IP address communicated by your browser in connection with Google (Universal) Analytics is not merged with other Google data.
 You can prevent cookies being saved by configuring your browser software accordingly. However, we advise you that in this case not all of the functions on this website can be used to their full extent. Over and above this, you can block the data generated by the cookie and related to your use of the website (incl. your IP address) being sent to Google, and this data being processed by Google, by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
 As an alternative to the browser plug-in or in browsers on mobile devices, please click on the following link to place an opt-out cookie which will block Google Analytics from gathering any data on this website in future (this opt-out cookie only functions in this browser and only for this domain. If you delete your cookies in this browser, you have to click on this link again: Deactivate Google Analytics
 Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
 This website also uses the Google Signals service as an extension of Google Analytics Google Signals allow us to perform cross device tracking using Google. Insofar as you have activated "personalised ads" in the settings on your Google account, and have linked your internet-enabled devices with your Google account, Google can perform cross-device analysis of your user behaviour, and, on that basis, create database models. This takes into consideration the log-ins and device types of all those who have visited the page, who are logged into a Google account and have performed a conversion. Among other things, the data shows what device you were on when you first clicked on an ad, and on what device the associated conversion occurred. This does not mean that we obtain personal data from Google, but rather only on the basis of statistics produced by Google Signals. The data is processed as per Article 6, Section 1, Letter a of the GDPR, based on your consent.

12) Retargeting/ Remarketing/ Recommendations

Bing Ads (Microsoft Corporation) Universal Event Tracking
 This website uses universal event tracking related to "Bing Ads“ conversion tracking technology by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).
For the purpose of universal event tracking, a tag has been saved on each page on our website, which interacts with the conversion cookie placed by Microsoft Bing Ads. This interaction allows user behaviour on our website to be tracked, and sends the relevant information collected in this regard to Microsoft Bing Ads. The purpose of this is to be able to statistically measure and assess certain outcomes such as, for example, purchases or leads, in order to tailor the focus and content of what we offer more in line with customer interest. At no time do the tags allow users to be personally identified.
To the extent to which the information on user behaviour sent to Microsoft Bing Ads contains personal user data, this occurs in accordance with Article 6, Section 1, Letter a of the GDPR, on the basis of you giving your consent. Insofar as the data is sent to the USA, In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.
 If you do not wish to participate in tracking, you can opt out by deactivating the Bing Ads conversion tracking cookie in the user settings in your internet browser. You will not then be included in the Conversion Tracking statistics. Alternatively, using the deactivation page for users in the EU http://www.youronlinechoices.com/de/praferenzmanagement/
, you can check whether ad cookies from Microsoft have been placed in your browser, and deactivate them.
At the following internet address you can obtain further information on the Microsoft Bing Ads data protection stipulations: https://privacy.microsoft.com/de-de/privacystatement.

Google Ads Remarketing
 Our website uses the functions of Google Ads Remarketing. We use this to advertise for our website in the Google search results, as well as on third party websites.
The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). To this end Google places a cookie in the browser on your end device, which automatically, using a pseudonymous cookie ID, based on the pages you have visited, allows us to show you advertising based on your interests. This data processing is based on you giving your consent as per Article 6, Section 1, Letter a of the GDPR.
 Any data processing over and beyond this will only be performed insofar as you have agreed with Google that your internet and app browser use is linked with your Google account, and that information from your Google account may be used to personalise the ads you see on the web. If, in this case, when you visit pages on our website, you are logged into Google, then Google will use your data, along with Google Analytics data, to create and define target group lists for the purposes of cross-device remarketing. To this end Google temporarily links your personal data to Google Analytics data, in order to form target groups. In the context of using Google Ads Remarketing your personal data may be sent to Google LLC. servers in the USA.
 You can permanently deactivate the placing of cookies for ad preferences by downloading and installing a browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
 Alternatively, you can find out about the placing of cookies from the Digital Advertising Alliance at the following URL: www.aboutads.info, and configure your settings accordingly. Finally, you can configure your browser so that you are notified when cookies are being placed, and only accept cookies on a case-by-case basis, or exclude cookies being placed in particular cases or in general. If you do not accept cookies, this may limit the functionality of our website.
 Given the possibility that personal data may be sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause. You can see more information, and the relevant data protection stipulations in respect of advertising and Google, at the following URL:
https://www.google.com/policies/technologies/ads/

Pinterest Tag conversion tracking
 This website uses "Pinterest Tag“ conversion tracking technology from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest“).
 Insofar as you have reached our website via a Pin on Pinterest, we will place a cookie on your computer which interacts with a "tag", implemented likewise, in the form of a JavaScript code from Pinterest. Cookies are small text files which are saved on your end device. These cookies expire after 180 days and cannot be used for personal identification.
If the user has been redirected to our website by a Pin on Pinterest, and if the cookie has not expired, the tag detects certain user actions we have pre-determined, and can track these (e.g. transactions completed, leads, search requests, product pages accessed). If you perform this action, your browser will send an HTTP request, via the Pinterest tag from the cookie, to the Pinterest server, with particular information on the action in question (among others, type of action, time, and browser type on end device). Given the possibility that personal data may be sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.
 Sending the data in this way allows Pinterest to compile statistics on user behaviour on our website, after users have been redirected from a Pinterest Pin,; we use these statistics to optimise what we have to offer.
Insofar as personal data is processed in this connection, this is in accordance with Article 6, Section 1, Letter a of the GDPR on the basis of your consent.
However, we do not receive any information which would allow users to be personally identified.
 If you do not wish to participate in tracking, you can decline this by deactivating the Pinterest Tag conversion tracking cookie under user settings in your internet browser. You will not then be included in the conversion tracking statistics. Alternatively, using the deactivation page for users in the EU https://www.youronlinechoices.com/uk/your-ad-choices
, you can check whether ad cookies from Microsoft have been placed in your browser, and deactivate them.
At the following internet address you can obtain further information on Pinterest's data protection stipulations: https://policy.pinterest.com/en-gb/privacy-policy.

13) Using a live chat system

Our own live chat system
 On this website, in order to operate a live chat system for answering live requests, your chat name and the chat content you share are collected as data, and saved for the duration of the chat. The chat and your chosen chat-name are only stored in what is called RAM (Random Access Memory), and immediately deleted, as soon as we or you have ended the chat, however, no later than 2 hours after the last message in the chat conversation. Cookies are used for operating the chat function. Cookies allow us to identify the internet browser used by the person visiting the page, in order to differentiate between different users of the chat function on our internet page.
 Insofar as the information gathered allows a person to be identified, this data processing is on the basis of Article 6, Section 1, Letter f of the GDPR, namely on the basis of our legitimate interest in effective customer care and the statistical analysis of user behaviour with a view to achieving optimisation. Cookies are placed on the basis of you giving your consent, as per Article 6, Section 1, Letter b of the GDPR.
In order to avoid cookies being saved, you can configure your internet browser, so that cookies cannot be stored on your computer in future and/or so that cookies that have already been stored are deleted. If you switch off all cookies, this can, however, mean that the chat function on our internet site will no longer work.

14) Tools and other things

14.1 Google reCAPTCHA

On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google“). Above all, this function is used for determining whether information has been entered by a human person or, fraudulently, by a machine or automated means. The service encompasses sending Google the IP address and, if relevant, other data required by Google for the reCAPTCHA service, and this takes place in accordance with Article 6, Section 1, Letter f of the GDPR on the basis of our legitimate interest in establishing individual responsibility on the internet, and the avoidance of misuse and spam. In connection with using reCAPTCHA from Google, personal data may also be sent to the Google LLC. servers in the USA. Insofar as the data is sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

You can find more information on Google reCAPTCHA, as well as Google's data protection declaration, at: https://www.google.com/intl/de/policies/privacy/

Insofar as this is a legal requirement, we have obtained your consent for processing your data, as described above in accordance with Article 6, Section 1, Letter a of the GDPR. You may, at any time, withdraw the consent you have granted with future effect. In order to exercise your right to withdraw consent, please follow the procedure for filing your objection set out above.

14.2 Google customer reviews (previously Google's certified trader programme)

We work in partnership with Google as part of the "Google customer reviews" programme. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This programme allows us to receive customer reviews from users of our website. This involves you being asked, after you have made a purchase on our website, whether you would like to take part in an email survey from Google. If you give your consent, as per Article 6, Section 1, Letter a of the GDPR, we will pass your email address on to Google. You will receive an email from Google customer reviews, which will ask you to evaluate your customer experience on our website. Your evaluation will then be combined with other evaluations, and displayed under our Google customer reviews logo, and on our Merchant Center dashboard. Your evaluation will also be used for Google Seller evaluations. In connection with using Google Customer Reviews, it is possible that your personal data may be sent to the Google LLC. servers in the USA. Insofar as the data is sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

At the following link you can access more information on Google's data protection in connection with the Google Customer Review program: https://support.google.com/merchants/answer/7188525?hl=de

You can read more information on data protection in connection with Google Buyer Reviews at the following link: https://support.google.com/google-ads/answer/2375474

14.3 Greenhouse

We use the applicant tracking service of Greenhouse Inc. (“Greenhouse”). Located principally at 18 West 18th Street, 11th Fl., New York, New York 10011, USA. 

Greenhouse is a leading provider of cloud-based software services that help companies manage and optimize their recruiting and hiring processes. We use their software as an applicant tracking system.    

For this purpose, applicant data will be shared with Greenhouse in accordance with the GDPR so that Greenhouse can operate the service.  

With Greenhouse as our applicant tracking service we map our recruiting process system wise and we work exclusively via this system with the information on the application process. Within the system, only the stakeholders who are relevant to the respective opening are given access rights so that the hiring decision can be made at the end of the process. For this purpose, we will collect your personal data such as salary expectations, notice period, address, working permit Germany, all relevant documents for the recruiting process, CV, cover letter, references, so that you can participate in our applicant process. The provided data helps us to find the perfect candidate.  For this purpose, your personal data will be processed.  

Personal data of customers based in the EEA, the United Kingdom or Switzerland is currently stored in the EU. Greenhouse transfers personal data to the USA as they are based there under the European Commission's Standard Contractual Clauses pursuant to Commission Decision 2021/914/EU to ensure that it is adequately protected. 

In addition, we carry out an individual risk analysis to ensure data protection that goes beyond the standard contractual clauses. 

The processing of the data takes place voluntarily, in accordance with  Article 6, Section 1, Letter b of the GDPR.  

Insofar as special categories of personal data within the meaning of  Article 9, Section 1 of the GDPR (e.B. health data such as information about the severely disabled status) are requested from applicants as part of the application process, the processing takes place in accordance with  Article 9, Section 2, Letter b of the GDPR, so that we can exercise the rights arising from labour law and the law of social security and social protection and fulfil our obligations in this regard. 

Cumulatively or alternatively, the processing of the special categories of data may also be based on  Article 9, Section 1, Letter h of the GDPR if it is carried out for the purposes of health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector. 

If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws his application prematurely, his data transmitted by e-mail as well as all electronic correspondence including the original application e-mail will be deleted after a corresponding notification after 6 months at the latest. This period is based on our legitimate interest in answering any follow-up questions about the application and, if necessary, in being able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants. 

In the event of a successful application, the data provided will be further processed on the basis of Article 6, Section 1, Letter b of the GDPR for the purposes of carrying out the employment relationship. 

For more details on how Greenhouse processes your personal data, please refer to the following link in Greenhous’ Privacy Policy

14.4 TikTok Pixel air up

Our online presence uses "TikTok pixel" of the social network TikTok, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

With the help of the TikTok pixel, it is possible for TikTok, on the one hand, to determine you as a customer to our online offer as a target group for the display of advertisements.

Based on having obtained their express consent, if a customer clicks on a web ad featured by us and shown in TikTok, TikTok Pixel appends a suffix to the URL of our linked page. Once the customer has been redirected in the browser, this URL parameter is then registered by means of a cookie placed by our linked page. In addition, specific customer data such as the e-mail address, which we collect on our website linked to the TikTok ad for transactions such as purchases is recorded by this cookie. The cookie is then read by the TikTok pixel and enables the data, to be forwarded to TikTok. The information generated by TikTok is usually transmitted to a TikTok server and stored there.

Personal data belonging to customer based in the EEA, UK or Switzerland is currently stored in the US or Singapore. TikTok transfer personal data to the US or Singapore under the European Commission’s standard contractual clauses pursuant to Commission Decision 2021/914/EU to ensure that it is adequately protected.

In addition, we carry out an individual risk analysis to ensure data protection that goes beyond the standard contractual clauses.

With the help of the TikTok pixel with extended data comparison, TikTok can precisely determine the visitors of our online offer as a target group for the display of advertisements (so-called "TikTok Ads"). Accordingly, we use the TikTok pixel in order to only display the TikTok ads we have placed to those TikTok users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products, which are determined based on the websites visited), which we transmit to TikTok (so-called “Custom Audiences”).

All transmitted data is stored and processed by TikTok so that a connection to the respective user profile is possible and TikTok can use the data for its own advertising purposes in accordance with the TikTok data usage guidelines

Privacy policy of TikTok

For information and details about the TikTok pixel and how it works, please visit the TikTok help section under https://www.tiktok.com/legal/privacy-policy-eea?lang=de

TikTok's Data Privacy Policy:  https://www.tiktok.com/legal/new-privacy-policy

TikTok's Terms & Conditions: https://www.tiktok.com/legal/new-terms-of-service

These processing operations only take place if you have given your express consent in accordance with  Art. 6 Sec. 1 Lit. a. You can revoke your consent at any time by deactivating TikTok pixel tracking.

Deactivate Tiktok Pixel

This opt-out cookie only functions in this browser and only for this domain. If you deleted your cookies in this browser, you would need to click on the link above again: Deactivate Tiktok Pixel

14.5 SYZYGY Performance Marketing GmbH

Some SEO recommendations are provided by the technical service provider Syzygy, to whom we send the data you provided when you navigate on air up online store. This data is transmitted to this third party as per Art. 6 Sec. 1 Lit. F. of the GDPR, and serves our legitimate interest in the improvement of air up online store. When you accept navigate on air up online store you also give consent pursuant to Art. 6 Sec. 1 Lit. F. of the GDPR to share the following customer data related to:

  • Google Analytics cookie ID

Syzygy will have access to Google Analytics and Google Analytics 4 for the purposes of providing SEO recommendations and, at our request, for statistical assessments and analytics.

If you wish us not to transmit your Cookie ID to third party, you will have to disable the Google Analytics and Google Analytics 4 cookies. Deactivate

14.6 Mention Me

We use a referral marketing programme of Mention Me Ltd, Kennington Park, 1-3 Brixton Rd, London, SW9 6DE, GB (“Mention Me”). With the aid of this programme, we make it possible for you to refer air up to your own friends. If the friend you refer also becomes a customer of ours, we reward both you as the referrer and your referred friend.

For this purpose, your name and e-mail address will be passed on to Mention Me as a referrer in accordance with the GDPR so that Mention Me can run the service on behalf of air up.

As soon as you make a purchase on this website, a notice to this effect will be displayed by Mention Me. It is also possible to initiate the referral process via a landing page on the website. You can then decide at your leisure whether you wish to recommend someone or not. If you decide to do so, you have the option to send a personally created link to a friend via e-mail, Facebook, SMS or WhatsApp. Both you and the friend referred by you will then receive a reward for the referral, provided the referred friend has placed an order on this website.

For this purpose, we will share your personal data (e-mail address, name and order details) in encrypted, pseudonymised form with Mention Me so that you can participate in our "refer a friend" programme. In this way, it can be determined which customer is the referrer of a new customer and who should receive a reward for their referral. For this purpose, the e-mail address, name and IP address of you as the referrer are processed. The e-mail address and IP address of the recommended friend are also processed for this purpose, but only if the friend voluntarily enters their data in the "Recommended by a friend" link at checkout. In both cases, the data will only be passed on in pseudonymised form.

To ensure that you can participate in our referral programme, we set cookies. This is done either at check-out, when you make a purchase on our website or when you are redirected to our website via the referral link. By setting these cookies, we prevent, among other things, that the recommendation function can be used unlawfully.

The data processing is partly based on Art. 6 para. 1 sentence 1 lit. f DSGVO and partly voluntary and only with your explicit consent, according to Art. 6 para. 1 sentence 1 lit. a DSGVO.

The data will be processed voluntarily and only with your express consent or based on the consent of the recommended friend, according to Art. 6 para (1) sentence 1 a) GDPR.

You can revoke your consent with future effect at any time. https://www.mention-me.com/referral-unsubscribe-data-request For further details on how Mention Me processes your personal data, please refer to the following link in the privacy policy of Mention Me: https://mention-me.com/help/privacy_policy_s#referrers.

14.10 Pinterest Tag Conversion Tracking

This website uses the conversion tracking technology "Pinterest Tag" of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").

If you have reached our website from a pin on Pinterest, we will set a cookie on your computer, which interacts with a likewise implemented "tag" in the form of a JavaScript code from Pinterest. Cookies are small text files that are stored on your end device. These cookies lose their validity after 180 days and are not used for personal identification.

If the user is redirected from a pin on Pinterest to pages on this website and the cookie has not yet expired, the tag records certain user actions predefined by us and can track them (e.g. completed transactions, leads, searches on the website, calls to product pages). When such  action is performed, your browser sends an HTTP request from the cookie to Pinterest's server via the Pinterest tag, with certain information about the action (including type of action, time, browser type of the end device). In the event that personal data is transferred to the USA, Pinterest has implemented the so-called standard contractual clauses of the European Union to ensure an appropriate level of data protection. In addition, we conduct a case-by-case risk analysis to ensure data protection beyond the standard contractual clauses.

Through this transmission, Pinterest can create statistics about the usage behaviour on our website after forwarding from a Pinterest Pin, which serve us to optimize our offer.

If personal user data is processed in the process, this is done on the basis of your consent in accordance with Article 6, Section 1, Letter a of the GDPR.

However, we do not receive any information which would allow users to be personally identified.

If you do not want to take part in  tracking, you can block this cookie by deactivating the Pinterest tag conversion tracking cookie via your internet browser using the key word “user settings”. Then you will  not be included in the conversion tracking statistics. Alternatively, you can use  the deactivation page for EU consumers http://www.youronlinechoices.com/de/praferenzmanagement/to check whether Microsoft advertising cookies are set in your browser and deactivate them.

You can find more information about Pinterest's privacy policy at the following website: https://policy.pinterest.com/de/privacy-policy.

14.11 Hotjar web analytics services

air up website uses the HotJar analytics services for purposes of improving customer friendliness and customer experiences. These services can record mouse clicks as well as scroll movements. They can also record information entered on this website via keyboard. Such information is not personalised and thus remains anonymous. HotJar does not record such information on pages that do not use the HotJar system. You can disable the HotJar service at https://www.hotjar.com/privacy/do-not-track/

14.12 Reviews.io

We use a review management platform, reviews.io, owned by Liquid New Media Limited Trading As Reviews.co.uk & REVIEWS.io with a business address at: 29 St Nicholas Place, Leicester, LE1 4LD UK 

Reviews.io allows us to collect, manage and publish customer reviews on our website.For this purpose, your name and review will be shared with reviews.io in accordance with the GDPR so that reviews.io can operate the service. 

The tool collects customer feedback via SMS, e-mail or in-store app.For this purpose, we will share and process your e-mail address, name and order details, phone number in encrypted, pseudonymized form with reviews.io so that you can participate in leaving reviews. 

The data is passed on exclusively in pseudonymized form. Personal data is processed and stored in the region collected. The processing of the data takes place voluntarily and only with your express consent, in accordance with Art. 6 para. 1 sen. 1 lit. a GDPR.You can revoke your consent at any time with future effect. (opt-out link, usercentrics banner) For more details on how reviews.io processes your personal data, please refer to the following link in reviews.io’s Privacy Policy: https://www.hotjar.com/privacy/do-not-track/

14.13 Builder.io

The content of our website is created with Builder.io, Builder.io, Inc., registered at 1501 Filbert St #7B San Francisco, CA 94123.Builder.io tracks user behavior and other events on our website.

If you wish to opt out of the data analysis performed, you must opt ​​out of Builder.io under the Services section of our consent management tool, which you can access by clicking on 'Cookie Settings' in the footer of the website or by clicking here.Builder.io can also use the collected data itself in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR on the basis of its legitimate interest in the needs-based design and optimization of the service and for market research purposes.Personal information may be transferred, stored and processed in a country other than the country in which it was collected, including but not limited to the United States. Builder.io may transfer personal data about our website visitors in the EEA, Switzerland and the UK and when doing so relies on recognized safeguards within the meaning of the GDPR, including adequacy decisions and standard contractual clauses of Decision 2021/914/EU of the Commission.If you have any questions about Builder.io's information policy, please email steve@builder.io. If you want to read more, Shogun's privacy policy can be found here. You can find out more about the GPDR-specific disclosures here.

14.14 Twilio 

We use a Marketing Tool of Twilio Germany GmbH, located in Rosenheimer Str. 143 C, 81671 Munich, Germany (“Twilio”).  

Twilio is a messaging tool that connects air up to customers on any digital channel (SMS, What’sApp, Facebook Messenger).For this purpose, customer data will be shared with Twilio in accordance with the GDPR so that Twilio can operate the service.  

Twilio processes your personal information as a customer (or potential customer) of Twilio’s services, such as e-mail address, name, phone number, IP-address, device ID (Communications metadata)  and order details (Supply chain management data).  

Twilio processes the personal information of you as a customer who uses or interactes with their application that we’ve built on Twilio’s platform, like the people we communicate with by way of that application. This includes information Twilio uses to route messages and metadata about messages and it also includes the contents of communications.  

For this purpose, we will collect your personal data (e-mail address, name, phone number and order details) in encrypted, pseudonymized form with Twilio so that you can participate in our Marketing Tool, to send and receive messages to and from us.For this purpose, your e-mail address, name, phone number and IP address will be processed. The data is passed on exclusively in pseudonymised form.The processing of the data takes place voluntarily and only with your express consent, in accordance with Art. 6 para. 1 sen. 1 lit. a GDPR.  

You can revoke your consent at any time with future effect. (https://support.twilio.com/hc/en-us/articles/360034798533-Getting-Started-with-Advanced-Opt-Out-for-Messaging-Services). For more details on how Twilio processes your personal data, please refer to the following link in Twilio’s Privacy Policy: https://www.twilio.com/legal/privacy 

14.15 Netlify

We use Netlify, Inc. (“Netlify”) to host the frontend of our website. They are located at 44 Montgomery Street, Suite 300, San Francisco, California 94104.  

Our website is hosted by the external service provider Netlify. Netlify processes the IP address of all visitors to our website and stores it in log files. The log files are not stored for more than 30 days. The data processing takes place automatically and is mandatory/technically necessary for the provision/use and security of our website, as well as its improvement. 

For this purpose, your IP adress will be shared with Netlify in accordance with the GDPR so that Netlify can operate the service. 

Personal data of customers based in the EEA, the United Kingdom or Switzerland is currently stored outside the EU. Netlify transfers personal data outside the EU under the European Commission's Standard Contractual Clauses pursuant to Commission Decision 2021/914/EU to ensure that it is adequately protected. 

In addition, we carry out an individual risk analysis to ensure data protection that goes beyond the standard contractual clauses. 

The processing of the data takes place to ensure the functionality of our website, in accordance with Art. 6 para. 1 sen. 1 lit. f GDPR.  

15) Rights of the affected person

15.1 Current data protection legislation guarantees you wide-ranging rights as an affected person vis-à-vis the data controller in respect of the processing of your personal data (right to information and right to intervene), as we will explain below:

  • Right of access as per Article 15 of the GDPR: In particular, you have a right of access to your personal data processed by us, the purpose for which they are being processed, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned period of retention or the criteria for setting the period of retention, the applicability of a right of rectification, erasure or restriction of processing, objection to processing, complaints to supervisory bodies, the source of your data (if this was not collected from you), the presence of automated decision-making, including profiling and significant information on the logic involved, and the scope and intended effects of the data processing in question, as well as your right of rectification, and what guarantees apply in respect of your data being forwarded to third countries, as per Article 46 of the GDPR;
  • Right to rectification as per Article 16 of the GDPR: You have the right to rectify data that is inaccurate about you immediately, and/or to complete data we hold which is incomplete;
  • "Right to be forgotten" as per Article 17 of the GDPR: You have the right to demand that your personal data is deleted, if the conditions set out in Article 17, Section 1 of the GDPR are met. This right however does not apply, in particular, if data processing is required for the exercise of the right to free expression and right to information, in order to fulfil a legal obligation, on the grounds of the public interest, or in order to assert, exercise or defend a person's rights:
  • Right to restrict processing of data as per Article 18 of the GDPR: You have the right to demand that processing of your personal data be restricted, as long as the accuracy of the data you are contesting can be verified, if you decline for your data to be deleted on the grounds of impermissible data processing, and, instead, demand that its processing be restricted, should you require your data to assert, exercise or defend your rights, after we no longer require the data in question for the purpose for which it was collected, or if you have lodged an objection based on your specific circumstances, unless it has been established that our legitimate grounds outweigh yours;
  • Right of rectification as per Article 19 of the GDPR: If you have asserted your right, vis-a-vis the data controller, to rectify, erase or restrict processing of data, then they are obligated to notify each recipient to whom the personal data has been disclosed, of its rectification or deletion or restriction of its processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed as to who these recipients are.
  • Right to data portability as per Article 20 of the GDPR: You have the right to obtain your personal data, which you have provided us with, in a structured, accessible and machine-readable format, or to demand that this be sent to another designated person, insofar as this is technically feasible:
  • Right to withdraw consent as per Article 7, Section 3 of the GDPR: You have the right, at any time, to withdraw, with future effect, consent you have given for your data to be processed. In the case of consent being withdrawn, we will immediately delete the data in question, insofar as there is no legal basis for further processing of the data without your consent. In the case of consent being withdrawn, this does not affect the legality of the data having been processed prior to consent having been withdrawn:
  • Right to complain as per Article 77 of the GDPR: If you are of the view that your personal data has been processed in violation of the GDPR, you have the right - irrespective of any other administrative or legal proceedings - to lodge a complaint with a supervisory body, in particular in the Member State where you are resident, where you work or where the offence allegedly took place.

15.2 RIGHT OF OBJECTION

IF, IN THE CONTEXT OF WEIGHING UP COMPETING INTERESTS, WE PROCESS YOUR DATA BASED ON A PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT, AT ANY TIME, FOR REASONS BASED ON YOUR PERSONAL CIRCUMSTANCES, TO FILE AN OBJECTION TO YOUR DATA BEING PROCESSED WITH FUTURE EFFECT.
 IF YOU MAKE USE OF THIS RIGHT, WE WILL CEASE TO PROCESS THE DATA OF THE AFFECTED PERSON, HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESS YOUR DATA, IF WE CAN PROVE COMPELLING, DEFENSIBLE GROUNDS FOR PROCESSING IT, WHICH OUTWEIGH YOUR INTERESTS, BASIC RIGHTS AND BASIC FREEDOMS, OR IF PROCESSING THE DATA SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING A PERSON'S RIGHTS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT, AT ANY TIME, TO FILE AN OBJECTION TO THE RELEVANT PERSONAL DATA BEING PROCESSED FOR THE PURPOSE OF THIS KIND OF MARKETING. YOU CAN EXERCISE YOUR RIGHT OF OBJECTION IN THE MANNER DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL CEASE PROCESSING THE DATA AFFECTED FOR THE PURPOSES OF DIRECT MARKETING.

16) Retention period for personal data

The retention period for personal data depends on the relevant legal basis, the purpose for which they are processed, and - if applicable - any additional period of retention on statutory grounds (e.g. retention periods due to trade and tax legislation).

When personal data is processed based on express consent, as per Article 6, Section 1, Letter a of the GDPR, this data is retained until the affected person withdraws their consent.

If there are statutory retention periods for data processed in the context of contractual or similar obligations, on the basis of Article 6, Section 1, Letter b of the GDPR, then the data in question is routinely deleted once the retention periods have expired, provided that the data is not required for implementing or setting up a contract, and/or, from our side, that there is no longer a legitimate interest in it being stored for a further period of time.

In the case of data processing on the basis of Article 6, Section 1, Letter f of the GDPR, this data is stored as long as the affected party does not exercise their right of objection as per Article 21, Section 1 of the GDPR, unless we can prove that there are compelling, defensible grounds which outweigh the interests, rights and freedoms of the affected person, or if processing of the data can be used to assert, exercise or defend a person's rights.

When processing personal data for the purpose of direct marketing on the basis of Article 6, Section 1, Letter f of the GDPR, the data in question is saved as long as the affected party does not exercise their right of objection as per Article 21, Section 2 of the GDPR.

Unless otherwise specified elsewhere in the present Declaration, in respect of specific instances of data processing, any other personal data which has been saved will be deleted if it is no longer required for the purposes for which it was collected or otherwise processed.