Free shipping for orders over 35,00 € (in Germany)
Delivery by Christmas can no longer be guaranteed! Free shipping from 35.00 € (GER)
Go to homepage
Go to homepage
Show all categories Privacy Policy Back

Privacy policy

Responsible party:

Li-iL GmbH Arzneimittel Arzneibäder
Leipziger Straße 300
01139 Dresden Germany

Phone +49-(0) 351-894120
Fax +49-(0) 351-8941226
E-mail: info@li-il.com

You can reach our data protection officer, Johann Mellem, at +49-(0) 351 / 8941235, datenschutz@li-il.com or via our postal address with the addition "the data protection officer".

1. Scope of application and legal basis

(1) This privacy policy explains the type, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content.

(2) With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

(3) The term "user" includes all categories of data subjects affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offering (hereinafter also referred to as "you" etc. in addition to users).

(4) The personal data of users processed in the context of this online offering includes

  • Inventory data (e.g. names and addresses of customers, other delivery addresses),
  • Contact data (e.g. e-mail address, telephone number),
  • Contract data (e.g. services utilised or products purchased, payment information),
  • Usage data (e.g. the websites of our online offering visited, interest in our services and products),
  • Content data (e.g. entries in the contact form, comments) and
  • Technical data (e.g. IP addresses, device information)

(5) The processing of users' personal data is carried out in particular for the following purposes:

  • Provision of the online offering, its content and functions
  • Provision of our contractual services and services,
  • Customer care,
  • Answering contact enquiries and communicating with users,
  • Marketing and
  • Security of the online offering

(6) We only process users' personal data in compliance with the relevant data protection regulations. This means that user data will only be processed if we are legally authorised to do so. This is particularly the case if the data processing is required to fulfil our contractual services (e.g. to process orders and purchase orders) and our online services or is required by law, if the user has given their consent or on the basis of our legitimate interests. Legitimate interests include the analysis, optimisation, security and economic operation of our online services.

(7) We would like to point out that the legal basis for consent is Art. 6 para. 1 sentence 1 lit. a) and Art. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures is Art. 6 para. 1 sentence 1 lit. b) GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 sentence 1 lit. c) GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 sentence 1 lit. f) GDPR.

(8) The storage of information in the user's terminal equipment or access to information that is already stored in the user's terminal equipment is also only permitted if it is covered by one of the justifications in Section 25 TDDDG. These are in particular Section 25 (1) TDDDG, if the user has consented on the basis of clear and comprehensive information, or Section 25 (2) No. 2 TTDDG, if the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

2. Security measures

(1) We take appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk. This is intended to protect the data processed by us, in particular against accidental or intentional manipulation, loss, deletion or unauthorised access by third parties. The security measures also include the encrypted transmission of data between your browser and our server.

(2) In addition, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and a response to the jeopardisation of data.

3. Transfer of data to third parties and third-party providers

(1) If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal authorisation. This applies, for example, to the transfer of data to third parties in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR, if this is necessary for the fulfilment of the contract (e.g. for the purpose of shipping the goods or processing the purchase price payment), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). Depending on which payment service provider you have selected in the ordering process, we will pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us in order to process payments. In some cases, the selected payment service providers also collect this data themselves if you wish to create or have created an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. The terms and conditions and data protection information of the respective payment service provider, which can be accessed on the respective websites or transaction applications, apply.

(2) If we process data in a third country (i.e. outside the European Union or the European Economic Area) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if the special requirements of Art. 44 et seq. GDPR are met. The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https: //ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). The European Commission has issued the so-called EU-US Data Privacy Framework for the transfer of personal data to the USA. The list of certified companies as well as further information on the Data Privacy Framework can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, data protection can be adequately guaranteed by other measures. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 para. 1, 2 lit. c GDPR, certificates, recognised codes of conduct or through express consent in individual cases. We will inform you about the respective details of the transfer at the relevant points below.

(3) If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

4. Collection of access data and log files

(1) We, or our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. This data is technically necessary to display the respective website to you and to ensure stability and security. The access data includes the IP address of the requesting computer, the date and time of access, the name and URL of the retrieved file, the website from which the access was made (referrer URL), the browser used and, if applicable, the operating system of the user's computer and the name of the requesting access provider.

(2) The log file information is created in anonymised form and stored for a maximum of seven days (the IP address for one day only) for the purpose of evaluating system security and stability as well as for security reasons (e.g. to investigate any misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

(3) The hosting services are provided as part of processing on our behalf by the service provider ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf (website: https: //all-inkl.com/; privacy policy: https: //all-inkl.com/datenschutzinformationen/).

5. Provision of contractual services

(1) We process inventory data, contact data, contract data and content data for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract, so that you cannot complete the order without providing them, for example.

(2) Users can optionally create a user account in which they can view their orders, among other things. As part of the registration process, users will be provided with the required mandatory information. If users cancel their user account (by e-mail to info@li-il.com or shop@dresdner-essenz.com), this data relating to the user account will be deleted within one week, unless further storage is required by law, in particular for commercial or tax law reasons pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR.

(3) In the context of orders, we store the IP address of the user and the time of the order. This data is stored on the basis of our legitimate interests as well as those of the user in protection against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 S. 1 lit. c) GDPR. The stored data will be deleted after 7 days. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

(4) After complete fulfilment of the contract and after expiry of statutory warranty and comparable obligations, i.e. generally after four years, your data will be deleted with the exception of data that must be retained for legal archiving reasons on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR (e.g. for tax purposes usually ten years), your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The data in the customer account will remain until it is deleted.

6. Contacting us

When contacting us (via contact form, via enquiry form about our products or by e-mail), the user's details (your e-mail address, your name, the content of the message and, if applicable, your telephone number or other voluntarily provided data) are processed to process the contact enquiry and its handling in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR (in the context of pre-contractual/contractual relationships) or, in the case of other enquiries, on the basis of our legitimate interest in providing you with a good service in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. The aforementioned data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Otherwise, the statutory retention obligations apply.

7. Product reviews

If you are registered, you can leave reviews of our products in our online shop. Your review will be published with the name you provide for the respective product. We recommend that you use a pseudonym instead of your real name. We also collect your email address. We need this in order to contact you, e.g. to confirm the submission of your review or if a third party should object to your contribution as unlawful. The legal basis is Art. 6 para. 1 sentence 1 lit. b) and f) GDPR. Your review will be checked before publication and will not be authorised in the event of obvious illegality. We also reserve the right to delete reviews, e.g. if they are objected to by third parties as unlawful. You can request the deletion of your reviews at any time using our contact details.

8. Newsletter

(1) The following information explains the content of our newsletter as well as the registration and dispatch procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

(2) We only send email newsletters with advertising information with the consent of the recipient or with legal authorisation. Our newsletters contain information about our products and services, promotions and our company.

(3) Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's email addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any misuse of your personal data. This is done on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

(4) To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, you can enter your first and/or last name in the newsletter to address you personally.

(5) The newsletter is sent via the "Brevo" mailing service, a marketing platform of Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (website: https: //www.brevo.com/de/; privacy policy: https: //www.brevo.com/de/legal/privacypolicy/). Brevo supports us in the administration, design and dispatch of our newsletter and offers us analysis functions that we use to optimise and statistically evaluate our newsletter. Brevo acts as a processor in accordance with Art. 28 GDPR and a corresponding contract for order processing has been concluded. Data processing takes place on servers within the European Union.

(6) Our newsletters contain so-called "tracking pixels". A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. This allows the success or failure of online marketing campaigns to be statistically analysed. The embedded tracking pixel is used to collect technical information, such as information about the browser and your system, as well as your IP address and the time of access. This information is used for the technical improvement of the newsletter based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, we do not endeavour to observe individual users. Rather, the analyses are used to recognise the reading habits of users and to adapt the content to them or to send different content according to the interests of the users.

(7) The newsletter is sent and success is measured on the basis of the recipient's consent in accordance with Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG.

(8) You can revoke your consent to receive our newsletter at any time. You will find a link to exercise your right of cancellation at the end of each newsletter. A separate cancellation of the performance measurement is unfortunately not possible: in this case, the entire newsletter must be cancelled or the further sending must be objected to. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time.

9. Use of cookies and management with Cookiebot

(1) We use the cookie management service "Cookiebot" from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark within our online offering. Cookiebot helps us to manage and log our users' consent to the use of cookies and similar technologies in accordance with the law. The service enables us to categorise all cookies used and provide you with a detailed overview and control over your cookie settings.

(2) Cookiebot collects your IP address (anonymised) and other technical data, an anonymous, random and encrypted key number and your consent status in order to document your consent to the use of cookies in a legally secure manner and to enable you to manage your cookies.

(3) We use various cookies within our online offering to ensure proper operation, offer functions and analyse the use of our online offering. These are divided into the following categories:

  • Essential cookies: These are absolutely necessary for the operation of our website.
  • Preference cookies: These enable us to store information that influences the behaviour or appearance of our online offering (e.g. preferred language).
  • Statistics cookies: These collect anonymised data about the use of our website and help us to improve it.
  • Marketing cookies: These are used to display adverts that are relevant to you.

You can find a detailed overview of the cookies we use and further information, e.g. on the storage period, in the cookie settings, which can be accessed via the cookie banner or the corresponding link in the footer of our online offer.

(4) The legal basis for cookies that are absolutely necessary to provide you with the expressly requested service is Section 25 (2) No. 2 TDDDG. Any use of cookies that is not absolutely technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent in accordance with Section 25 (1) TDDD in conjunction with Art. 6 (1) sentence 1 TDDG. Art. 6 para. 1 sentence 1 lit. a) GDPR is permitted.

(5) Your consent to the use of cookies is stored via Cookiebot and can be revoked or adjusted by you at any time by accessing the cookie settings via the corresponding link within our online offer. The storage period of cookies varies depending on the type of cookie and is specified in detail in the cookie settings.

10. Google Analytics

(1) We use Google Analytics to analyse the use of our website. Google Analytics collects data about your usage behaviour within our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any personal data. It is used in particular to assign collected information to a specific end device. In addition to user actions, such as page views, clicks, scrolling or the entry of search terms, the time of use, the duration and technical information about the end devices and browsers are stored. This information is used to create pseudonymised user profiles, whereby cookies may also be used.

(2) According to Google, Google Analytics does not log or store individual IP addresses for users from the EU. However, the location is roughly derived from the IP address by recording certain metadata, such as the "city", the "continent", the "country" and the "region". The IP address data is used within the EU exclusively for this geolocalisation derivation before it is immediately deleted. They are not logged, are not accessible and are not used for other purposes. Google receives and processes the user data via domains and servers within the European Union.

(3) The user and technical data collected by Google Analytics is processed for the purpose of measuring reach and improving our online offering, including its user-friendliness. The data collected using cookies and other technologies is generally stored for 24 months and then automatically deleted. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR (in conjunction with § 25 TDDDG regarding the use of cookies). Consent can be revoked at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

(4) The service provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website: https: //marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https: //policies.google.com/privacy; Basis for third country transfer: Data Privacy Framework; Opt-Out: Opt-Out-Plugin: https: //tools.google.com/dlpage/gaoptout?hl=en. Additional information, e.g. on the types of processing and the data processed: https: //privacy.google.com/businesses/adsservices.

11. Google marketing services

(1) We use various marketing and remarketing services ("Google Marketing Services" for short) from Google.

(2) Google Marketing Services allow us to display adverts for and within our online offering in a more targeted manner in order to present users only with adverts that potentially match their interests. If, for example, a user is shown adverts for products that they have been interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address). Google may also combine the aforementioned information with information from other sources. If the user subsequently visits other websites, they can be shown adverts tailored to their interests.

(3) User data is processed pseudonymously as part of Google marketing services. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in relation to cookies within pseudonymised user profiles. This means that, from Google's perspective, the adverts are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.

(4) We use "Google Ads" to advertise our products and services on Google and other websites. With Google Ads conversion tracking, we can track whether users have taken the adverts as an opportunity to interact with them and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users.

(5) We also use "Google Ad Manager" (formerly known as "DoubleClick"), a platform for managing online advertising. Google Ad Manager uses cookies to present you with relevant adverts, limit the number of adverts displayed and measure the effectiveness of campaigns. The information collected by the Ad Manager is pseudonymised and does not contain any personal data.

(6) We have integrated "Google Shopping" within our online offering in order to provide relevant product recommendations in Google search. Google Shopping enables us to synchronise our product catalogue and display product recommendations tailored to your search queries. Cookies are also used here to collect user data in order to improve the relevance of the product adverts.

(7) Furthermore, we can use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services in our online offering. The Tag Manager only implements tags and does not set its own cookies or collect personal data. However, Google Tag Manager triggers other tags that may collect data. However, Google Tag Manager has no access to these processes.

(8) The user and technical data collected by Google Marketing Services is processed for the purpose of advertising, measuring reach and improving our online offering, including its user-friendliness. The data collected using cookies and other technologies is generally stored for 24 months and then automatically deleted. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR (in conjunction with § 25 TDDDG regarding the use of cookies). Consent can be revoked at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

(9) The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website: https: //marketingplatform.google.com/about/; Privacy Policy: https: //policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework; You can specify in the Google ad settings which ads should be displayed to you: https: //adssettings.google.com/. Additional information, e.g. on the types of processing and the data processed: https: //privacy.google.com/businesses/adsservices.

12. Online presence in social networks

(1) We maintain online presences within the social networks of Facebook, Pinterest, YouTube, Instagram and TikTok in order to communicate with our customers and interested parties and to present our products and services.

(2) We would like to point out that there is a possibility that data of users outside the European Union may be processed, which in turn may entail risks, e.g. in the enforcement of users' rights.

(3) User data may be processed for analysis and advertising purposes via the online presences in the aforementioned social networks. It is therefore possible to create anonymous user profiles from the user behaviour and the resulting interests, which in turn are used, for example, to place advertisements within and outside the respective social networks that correspond to the presumed interests of the users. For these purposes, cookies are generally used and stored on the user's end devices, which contain information about the user's usage behaviour and interests. In addition, device-independent data can also be stored in the user profiles. This applies in particular if the users are members of the respective network and are logged in to it.

(4) The maintenance of the online presences in the aforementioned social networks and the associated data processing is based on our legitimate interests (provision of interesting information outside our online offering, further possibility of communication with our customers/prospects) in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. If you are asked by a provider for consent to data processing, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) in conjunction with Art. 7 GDPR. Art. 7 GDPR.

(5) For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer users to the following linked information from the respective providers. There, users can make their requests for information and assert the fulfilment of their data protection rights, as the respective provider has access to the user's data and can take the necessary measures and provide information. Should you as a user nevertheless require our support, please contact us using the contact details provided at the beginning of this privacy policy.

(6) Providers and further information:

(a) Facebook: Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https: //www.facebook.com; Privacy Policy: https: //www.facebook.com/about/privacy; Basis for third country transfers: EU-US Data Privacy Framework. Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data from visitors to our Facebook page. This data includes information about the types of content that users view or interact with, or the actions they take, as well as technical data. Facebook also collects and uses this data to provide analytics services, known as "Page Insights", for Facebook page operators, including us, so that they can gain insights into how people interact with their pages and the content associated with them. There is a special agreement between us and Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can contact Facebook directly with regard to their rights, e.g. to information or deletion), whereby this does not restrict the rights of users vis-à-vis us (see the information below). Further information can be found in the "Information on Page Insights"(https://www.facebook.com/legal/terms/information_about_page_insights_data).

(b) Pinterest: Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https: //www.pinterest.com; Privacy Policy: https: //policy.pinterest.com/de/privacy-policy.

(c) Instagram: Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https: //www.instagram.com; Privacy Policy: https: //privacycenter.instagram.com/policy/; Basis for third country transfers: Data Privacy Framework.

(d) YouTube: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https: //policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework; Opt-Out: https: //myadcenter.google.com/personalizationoff.

(e) TikTok: Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Website: https: //www.tiktok.com; Privacy Policy: https: //www.tiktok.com/de/privacy-policy.

13. Facebook plugins

(1) We use social plugins ("plugins") from the social network Facebook. This may include, for example, content such as images, videos or texts and buttons with which users can share content from our online offering within Facebook. The list and appearance of Facebook social plugins can be viewed here: https: //developers.facebook.com/docs/plugins/

(2) When a user accesses a function of our website that contains such a plugin, their device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offering. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

(3) By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from their device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymised IP address is stored.

(4) If we ask users for their consent to the use of plugins, the legal basis for data processing is consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). With regard to the use of cookies, please refer to the corresponding section in this privacy policy.

(5) Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Website: https: //www.facebook.com; Privacy Policy: https: //www.facebook.com/privacy/policy/; Basis for third country transfers: Data Privacy Framework.

(6) We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt in the context of a transmission (but not the further processing) of data that Facebook collects or receives in the context of a transmission by means of the plugins and embedding functions for content that is executed within our online offer. The purposes of the processing are the display of content and advertising information that corresponds to the presumed interests of users, the transmission of commercial and transaction-related messages and the improvement of ad delivery and personalisation of functions and content. We have concluded a special agreement with Facebook ("Addendum for Responsible Parties", https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe(https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfil the rights of data subjects. This means that users can, for example, send information or deletion requests directly to Facebook. If Facebook provides us with measured values, analyses and reports that are aggregated and therefore do not contain any information on individual users, this processing is not carried out within the framework of joint responsibility, but on the basis of an order processing contract ("Data Processing Conditions", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Conditions"(https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum).

14. Use of the Facebook visitor interaction pixel

(1) We also use our online offering for Facebook advertising measures. By integrating the so-called "Facebook Pixel", we can display our advertising measures ("Facebook Ads") to users of our online offering and the social network Facebook and measure and evaluate their success ("Conversion Tracking"). This connection between Facebook and our online offering is made technically via the "Facebook Pixel". The legal basis for the processing of the user's data is Art. 6 para. 1 sentence 1 lit. a) GDPR, i.e. the integration only takes place with the user's consent.

(2) Due to the marketing tool used, the user's browser automatically establishes a direct connection with the Facebook server when visiting our online offer. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool. According to information from Facebook, the integration of the Facebook pixel provides Facebook with the information that the user has accessed the corresponding website of our online offering or has clicked on an advert from us. If the user is registered with a Facebook service, Facebook can assign the visit to their account. Even if the user is not registered with Facebook or has not logged in, it is possible for Facebook to find out the user's IP address and other identifying features and use them to create a profile.

(3) We also use the remarketing function "Custom Audiences", which also uses the Facebook pixel to display interest-based adverts. This allows us to show users adverts that are of interest to them in order to make our online offering more interesting and to better market our offering.

(4) The user's consent can be revoked at any time without affecting the permissibility of the processing up to the time of revocation. The easiest way to withdraw consent is via our cookie consent tool. In addition, users logged in to Facebook can object via the provider's function at the following link: www.facebook.com/settings/?tab=ads#.

(5) Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https: //www.facebook.com; Privacy Policy: https: //www.facebook.com/about/privacy; Basis for third country transfers: EU-US Data Privacy Framework.

15. Integration of Shopware 6

We use the e-commerce platform Shopware 6, provided by Shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany, for our online shop. Shopware 6 is used for the technical provision and administration of our online shop. However, data processing takes place exclusively on our servers and no data is transferred to external service providers, unless this is explicitly described in this privacy policy. Data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR for the fulfilment of the contract and on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR due to our legitimate interest in the efficient and user-friendly operation of our online offer.

16. Integration of third-party services and content

(1) On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR), we use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This regularly requires that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.

(2) The following presentation provides an overview of third-party providers and their content along with links to their privacy policies, which contain further information on the processing of data and, in some cases, opt-out options:

(a) Google Fonts: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). The font files are hosted on our servers so that no data is transferred to Google.

(b) Google Maps: Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https: //mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy.

(c) Videos from the "YouTube" platform: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https: //www.youtube.com; Privacy Policy: https: //policies.google.com/privacy; Opt-Out: Opt-out plug-in: https: //tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of adverts: https: //myadcenter.google.com/personalizationoff.

(d) Instagram plugins: Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Website: https: //www.instagram.com; Privacy Policy: https: //privacycenter.instagram.com/policy/; Basis for third country transfers: Data Privacy Framework. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt in the context of a transmission (but not the further processing) of data that Instagram collects or receives in the context of a transmission by means of the plugins and embedding functions for content that is executed within our online offer. The purposes of the processing are the display of content and advertising information that corresponds to the presumed interests of users, the transmission of commercial and transaction-related messages and the improvement of ad delivery and personalisation of functions and content. We have concluded a special agreement with Instagram ("Addendum for Responsible Parties", https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Instagram must observe(https://www.facebook.com/legal/terms/data_security_terms) and in which Instagram has agreed to fulfil the rights of data subjects. This means that users can, for example, send information or deletion requests directly to Instagram. If Instagram provides us with measured values, analyses and reports that are aggregated and therefore do not contain any information about individual users, this processing is not carried out within the framework of joint responsibility, but on the basis of an order processing contract ("Data Processing Conditions", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Conditions"(https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum).

(e) Pinterest plugins and content: Service provider: Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https: //www.pinterest.com; Privacy Policy: https: //policy.pinterest.com/de/privacy-policy. You can recognise the Pinterest plugins by the Pinterest logo on our website. When you visit one of our pages that contains such a plugin, a direct connection is established between your browser and the Pinterest server. Pinterest receives the information that you have visited our site and with which IP address. If you are logged into your Pinterest account, Pinterest can associate your visit to our site with your user account. If you interact with the plugins, for example by clicking on the "Pin it" button, the corresponding information is transmitted directly to a Pinterest server and stored there.

(f) Within our online offering, we use the search technology "Doofinder", which is provided by Doofinder S.L., Calle Rufino González 23 to 28037 Madrid, Spain (website: https: //www.doofinder.com/de/; privacy policy: https: //www.doofinder.com/en/privacy-policy). Doofinder enables an optimised search function that offers users of our online offer a better and faster product search. When you use the search function within our online offering, Doofinder processes certain technical information that is required to perform and display the search results. This includes, in particular, search terms entered in the search bar, the IP address (anonymised where possible) and information about the device used, the browser type and its version. The data collected via Doofinder is only stored for as long as is necessary for the purposes of processing or as required by the applicable legal regulations. Data processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in optimising user-friendliness and the search function on our website. We have concluded an order processing contract (Art. 28 GDPR) for data processing by Doofinder.

17. Your rights

(1) Users have the right to request information free of charge about the personal data that we process about them.

(2) Furthermore, users have the right to rectification of inaccurate data, restriction of processing and erasure of their personal data, if applicable, the right to data portability and, in the event of the assumption of unlawful data processing, the right to lodge a complaint with the competent supervisory authority.

(3) Users can also revoke consent with effect for the future.

18. Deletion of data

(1) The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user's data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

(2) In accordance with the legal requirements, data is stored for 6 years in accordance with Section 257 (1) HGB (e.g. for commercial and business letters) and for 10 years in accordance with Section 147 (1) AO (e.g. for commercial books and accounting documents)

19. Right to object

Users can object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against processing for direct marketing purposes.

20. Provision of personal data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it is necessary for a data subject to provide us with personal data that must subsequently be processed by us. There is no obligation to do so. However, failure to provide the personal data would of course mean that the contract with the user could not be concluded.

21. Automated decision-making

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

22. Changes to the privacy policy

Users are requested to inform themselves regularly about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing carried out by us or changes in legislation make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.