Privacy Policy

Privacy Policy

  1. Introduction and Contact Information of the Data Controller 1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data refers to all data that can be used to personally identify you.

1.2 The data controller responsible for the processing of personal data on this website, in accordance with the General Data Protection Regulation (GDPR), is Paul Kunath, Nino Scholl, PN Ecom, Tunnelstraße 12, 71229 Leonberg, Germany, Tel.: +4915234790240, Email: logindaten.pn@gmail.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

  1. Data Collection When Visiting Our Website 2.1 When using our website for informational purposes only, meaning when you do not register or transmit any other information to us, we collect only the data that your browser transmits to the server (so-called "server logfiles"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
  • The website you visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (possibly in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no sharing or other use of the data. However, we reserve the right to review the server logfiles retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller). You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser’s address bar.

  1. Hosting & Content Delivery Network Shopify

For hosting our website and displaying the page content, we use the system provided by the following service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the servers of the provider. We have entered into a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured through an adequacy decision by the European Commission.

  1. Cookies To make the visit to our website more attractive and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device longer and allow saving of site settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in your browser’s cookie settings overview.

Sure, here’s a summary of the privacy policy sections in English:

5) Contact

  • Loox (a review reminder service) is used to process email addresses and customer data, but only with the explicit consent of the data subject under Article 6(1)(a) of the GDPR.
  • Data can be revoked or modified at any time. An Data Processing Agreement with Loox ensures data protection.
  • The EU Commission’s adequacy decision ensures an appropriate level of data protection for data transfers to Israel.

6) Comment Function

  • When using the comment function, in addition to your comment, your name, the time of posting, IP address, and email address will be stored.
  • This data is processed to prevent legal violations (e.g., offensive comments) and is legally based on Articles 6(1)(b) and (f) GDPR.
  • Comments may be deleted if they are reported as unlawful by third parties.

7) Use of Customer Data for Direct Marketing

  • The email newsletter is sent only after the customer has confirmed their subscription through a Double Opt-in process, ensuring they explicitly consent to receiving it.
  • The IP address, date, and time of the subscription are stored to prevent misuse.
  • Unsubscribing from the newsletter is possible at any time, and data will be deleted, unless there are legal retention requirements.

8) Data Processing for Order Fulfillment

  • Order processing: Data such as name, address, and payment details are shared with shipping companies and financial institutions to process the order.
  • Updates for digital products: Customers are notified using their provided contact information regarding updates to digital products, as required by law.
  • Shipping providers: Name, address, and phone number are shared with shipping providers for delivery purposes.
  • Payment providers: Payments via services like Amazon Pay, Apple Pay, Google Pay, PayPal, and Shopify Payments involve sharing payment data to process the transaction.

Further Notes:

  • Payment processors (e.g., Amazon Pay, Google Pay) collect and process personal data during transactions, with data often being encrypted or anonymized to ensure transaction security.
  • Credit checks by PayPal or Shopify Payments may be carried out to verify the customer's ability to pay.

This text ensures that all data processing is carried out in compliance with GDPR regulations and informs the data subject of their rights, particularly concerning revocation and data deletion.

9) Retargeting/Remarketing and Conversion Tracking

Meta Pixel with Advanced Data Matching

  • We use the Meta Pixel service (provided by Meta Platforms Ireland Limited) to enhance the effectiveness of our advertisements on Facebook and Instagram through advanced data matching.
  • When a user clicks on one of our ads on Facebook or Instagram, the URL of the linked page is extended with a parameter. After redirection, a cookie set by our website stores specific customer data, such as email addresses, during actions like purchases or registrations.
  • This data is then sent to Meta for analysis, allowing us to optimize our ads based on users' interests or behaviors (e.g., topics or products they've shown interest in). The data is also used to create Custom Audiences for better targeting.
  • We also track the conversion rate (whether a user proceeds to our website after clicking on an ad) to measure the effectiveness of our ads.
  • All transmitted data is processed by Meta, which may use it for its own advertising purposes, both on and off Facebook.
  • The collection of data via Meta Pixel only occurs if you explicitly consent (Article 6(1)(a) of the GDPR). You can withdraw your consent anytime via the cookie consent tool on our website.
  • A Data Processing Agreement has been signed with Meta to ensure that our visitors' data is protected and not shared unlawfully.
  • Meta may transfer data to the USA, where it is processed in compliance with the EU-US Data Privacy Framework, ensuring an adequate level of protection as per the European Commission's adequacy decision.

10) Tools and Miscellaneous

Cookie Consent Tool

  • This website uses a Cookie Consent Tool to obtain valid user consent for cookies and other cookie-based applications.
  • The tool shows an interactive interface when you first visit the site, allowing you to consent to the use of cookies by ticking checkboxes.
  • Only the cookies for which consent has been provided will be loaded on your device.
  • The tool also sets necessary cookies to remember your preferences, and personal data is generally not processed. However, if personal data is processed (e.g., IP address) for logging cookie preferences, it is done based on our legitimate interest in maintaining a lawful, user-friendly consent management process.
  • For processing, the legal basis is Article 6(1)(f) of the GDPR (legitimate interest) and Article 6(1)(c) (legal obligation).
  • We have signed a Data Processing Agreement with the tool provider to ensure that visitors' data is protected.

11) Data Subject Rights

Rights under Applicable Data Protection Laws

As a data subject, you have the following rights under the GDPR in relation to the processing of your personal data:

  1. Right to Access (Article 15 GDPR)
  2. Right to Rectification (Article 16 GDPR)
  3. Right to Erasure (Article 17 GDPR)
  4. Right to Restrict Processing (Article 18 GDPR)
  5. Right to Notification (Article 19 GDPR)
  6. Right to Data Portability (Article 20 GDPR)
  7. Right to Withdraw Consent (Article 7(3) GDPR)
  8. Right to Lodge a Complaint (Article 77 GDPR)

Right to Object

  • If we process your personal data based on a legitimate interest, you have the right to object at any time, for reasons related to your particular situation, with future effect.
  • If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your rights, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
  • If your personal data is processed for direct marketing purposes, you can object to the processing at any time, and we will stop using your data for such purposes.

12) Duration of Data Storage

  • The duration of storage depends on the legal basis, purpose of processing, and applicable statutory retention periods (e.g., accounting and tax laws).
  1. For consent-based processing (Article 6(1)(a) GDPR): Personal data is stored until you withdraw your consent.
  2. For contractual processing (Article 6(1)(b) GDPR): Data is retained until the contract is fulfilled or until the statutory retention periods (e.g., tax laws) expire.
  3. For legitimate interest-based processing (Article 6(1)(f) GDPR): Data is stored until you exercise your right to object, unless we can provide compelling reasons for the processing that override your rights.
  4. For direct marketing: Personal data is stored until you object to the processing for marketing purposes.

If none of the above conditions apply, stored personal data will be deleted once it is no longer needed for the purposes for which it was collected.

High quality Bodys