Privacy Policy

Access Data and Hosting
Hosting Content Delivery Network
Data Processing for Contract Processing and for Contacting
2.1 Data Processing for Contract Processing
2.2 Customer Account
2.3 Contacting
Data processing for the purpose of shipping processing
Data transfer to shipping service providers for the purpose of shipping announcements
Data processing for payment processing
4.1 Data processing for transaction processing
4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes
4.3 Credit check
4.4 Identity and creditworthiness check when selecting Klarna payment services
4.5 Identity and creditworthiness check when selecting purchase on account via PayPal and Ratepay
4.6 Installment payment option
4.7 Use of debt collection service providers
Advertising by e-mail, post, telephone
5.1 E-mail newsletter with registration, newsletter tracking with separate consent
5.2 Newsletter dispatch
5.3 Sending review requests by e-mail
5.4 Postal advertising and your right to object

5.5 Telephone advertising
6. Cookies and other technologies
      6.1 General information
      6.2 Use of Usercentric's consent management platform to manage consent
7. Use of cookies and other technologies
      7.1 Use of Adobe services
7.2 Use of Adobe Fonts
      7.3 Use of Google services
      7.4 Use of Facebook services
8. Integration of the Trusted Shop Trustbadge/ other widgets
     8.1 Data processing when integrating the Trustbadge/ other widgets
     8.2 Data processing after completion of the order
9.Our online presence on Facebook (by Meta), X (formerly: Twitter), Instagram (by Meta), YouTube, Pinterest, LinkedIn, Xing
10. Contact options and your rights
    10.1 Your rights
    10.2 Contact options
EU – U.S. Data Privacy Framework Addendum

Thank you for your interest in our online shop. Protecting your privacy is very important to us. Below we provide you with detailed information about the handling of your data. The processing of your data is carried out based on the GDPR and in accordance with § 165 (3) TKG (Austria).

1. Access data and hosting

You can visit our websites without providing any information about yourself. Every time a website is accessed, the web server only automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. These access data are evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. This serves to safeguard our legitimate interests, which outweigh the legitimate interests in the context of a balancing of interests, in a correct presentation of our offer in accordance with Art. 6 (1) sentence 1 lit. f GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in the forms provided for this purpose on this website are processed on its servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details described in this Privacy Policy.

Content Delivery Network

For a shorter loading time, we use a so-called content delivery network ("CDN") for some offers. With this service, content, e.g. large media files, is delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on standard data protection clauses of the European Commission. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details described in this Privacy Policy.

2. Data processing for contract processing and for contacting you

2.1 Data processing for contract processing

For contract processing (including enquiries about and processing of any existing warranty and service disruption claims as well as any statutory update obligations) in accordance with Art. 6 (1) sentence 1 (b) GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as in these cases we absolutely need the data for the processing of the contract, and we cannot send the order without providing it. The data collected can be seen from the respective input forms.

Further information on the processing of your data, on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After the contract has been fully executed, your data will be restricted for further processing and deleted after the expiry of the retention periods under tax and commercial law in accordance with Art. 6 (1) sentence 1 (c) GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 (a) GDPR or we reserve the right to use your data beyond this, which is permitted by law and which we inform you about in this Notice.

Erp

For order and contract processing, we use merchandise management systems from external service providers. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details described in this Privacy Policy.

2.2 Customer Account

Insofar as you have given your consent to this in accordance with Art. 6 (1) sentence 1 (a) GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and to store your data for further future orders on our website. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After the deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 (a) GDPR or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

2.3 Contacting us

In the context of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 (1) sentence 1 (b) GDPR if you voluntarily provide it to us when contacting us (e.g. via contact form, live chat tool or e-mail). Mandatory fields are marked as such, as in these cases we absolutely need the data to process your contact. The data collected can be seen from the respective input forms. After your request has been fully processed, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 (a) GDPR or we reserve the right to use data beyond this that is permitted by law and about which we inform you in this statement.

Live chat tool WhatsApp

For customer communication, we use the live chat tool of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"). This serves to safeguard our legitimate interests in effective and improved customer communication in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, which prevails in the context of a balancing of interests. WhatsApp works for us on our behalf. The phone numbers we store on our mobile device are automatically processed on servers of Meta companies with their headquarters at 1601 Willow Road, Menlo Park, California 94025, USA. Only phone numbers of customers who have previously contacted us via WhatsApp and have therefore already accepted WhatsApp's terms of use and data protection are stored.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution: USA, Israel, United Kingdom.

The adequacy decisions for the USA are considered the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in these countries: Singapore.
For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on these safeguards: European Commission Standard Data Protection Clauses

3. Data processing for the purpose of shipping processing

To fulfil the contract in accordance with Art. 6 (1) sentence 1 (b) GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details described in this Privacy Policy.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they take over the shipping for us (drop shipping). These are considered shipping service providers within the meaning of this privacy policy.

Disclosure of data to shipping service providers for the purpose of shipping announcements

If you have given us your express consent to this during or after your order, we will pass on your e-mail address and telephone number to the selected shipping service provider in accordance with Art. 6 (1) sentence 1 (a) GDPR so that they can contact you for the purpose of announcing or coordinating delivery before delivery.
The consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data you have provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details described in this Privacy Policy.

DHL Paket GmbH
Strassenweg 10
53113 Bonn
Germany

General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 - 7
DE-36286 Neuenstein
Germany

4. Data processing for payment processing

When processing payments in our online store, we work together with the following partners: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the payment method selected, we pass on the data necessary for the processing of the payment transaction to our technical service providers who work for us in the context of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for the processing of the payment. This serves the performance of the contract in accordance with Art. 6 (1) sentence 1 (b) GDPR. In some cases, the payment service providers collect the data required for the processing of the payment themselves, e.g. on their own website or via technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
If you have any questions about our payment processing partners and the basis of our cooperation with them, please contact us using the contact details described in this Privacy Policy.

4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes

We may provide our service providers with additional data that they use, together with the data necessary to process the payment, as our processors for the purpose of fraud prevention and the optimization of our payment processes (e.g. invoicing, processing disputed payments, accounting support). In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, this serves to safeguard our legitimate interests in our protection against fraud and efficient payment management, which outweigh the legitimate interests in the context of a balancing of interests.

4.3 Credit check

If we make advance payments (in the case of purchase on account), we obtain an identity and credit report from service companies specializing in this area (credit agencies). For this purpose, we transmit your personal data required for a credit check to:

Creditreform Boniversum GmbH
Hammfelddamm 13
41460 Neuss
Germany

This serves to safeguard our legitimate interests, which prevail in the context of a balancing of interests, in accordance with Art. 6 (1) sentence 1 (f) GDPR in assessing the creditworthiness and willingness to pay of our potential customers in advance of the conclusion of the contract and thus avoiding loss of purchase price, and is necessary for the conclusion of the contract in accordance with Art. 22 (2) (a) GDPR. Appropriate measures to protect your rights, freedoms and legitimate interests will be considered. You can express your point of view and challenge the decision by contacting us at the contact option described in this Privacy Policy. After the contract has been fully executed, your data processed for this purpose will be deleted, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

4.4 Identity and credit check when selecting Klarna payment services

Klarna Direct Debit, purchase on account via Klarna, Klarna Installment Purchase
If you opt for the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as Klarna), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR that we may transmit the data necessary for the processing of the payment and an identity and creditworthiness check to Klarna. In Germany, the credit agencies mentioned in Klarna's privacy policy can be used for identity and credit checks. Klarna uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact details listed in this privacy policy. As a result, we may no longer be able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time vis-à-vis Klarna.

4.5 Identity and credit check when selecting purchase on account via PayPal and Ratepay

If you opt for the payment method purchase on account (offered via Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (hereinafter referred to as Ratepay) and PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter referred to as PayPal)), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, that we may transmit the data necessary for the processing of the payment and an identity and credit check to Ratepay. In Germany, the credit agencies mentioned in Ratepay's privacy policy can be used for identity and creditworthiness checks. Ratepay uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact details listed in this privacy policy. As a result, we may no longer be able to offer you certain payment options. Additional information on data protection at PayPal can be found here.

4.6 Installment option

When selecting the instalment payment option and granting the necessary data protection consent in accordance with Art. 6 (1) sentence 1 (a) GDPR, personal data (first name, last name, address, email, telephone number, date of birth, IP address, gender) will be processed together with data required for transaction processing (product, invoice amount, due dates, total amount, invoice number, taxes, currency, order date and time of order) for the purposes of processing this Payment method transmitted to our partner PayPal (Europe) S. à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg.
In order to check the identity or creditworthiness of the customer, our partner carries out queries and information on publicly accessible databases and credit reference agencies. The providers from whom information and, if applicable, creditworthiness information are obtained on the basis of mathematical-statistical procedures, as well as further details on the processing of your data after transmission to our partner PayPal (Europe) S. à r.l. et Cie, S.C.A., please refer to their privacy policy, which can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
The information received on the statistical probability of non-payment will be used by our partner PayPal (Europe) S. à r.l. et Cie, S.C.A. for a balanced decision on the establishment, implementation or termination of the contractual relationship. You can express your point of view and contest the decision by contacting our partner PayPal (Europe) S. à r.l. et Cie, S.C.A. The consent to the transfer of data given by consent during the ordering process can be revoked at any time with effect for the future, even without giving reasons.

4.7 Use of debt collection service providers

We will pass on your data to a commissioned debt collection service provider (Creditreform Dortmund Scharf GmbH & Co. KG, Phoenixseestr. 4, 44263 Dortmund, Germany) if our payment claim has not been paid despite a previous reminder. In this case, the claim is collected directly by the debt collection service provider. This serves the fulfilment of the contract in accordance with Art. 6 (1) sentence 1 (b) GDPR as well as the safeguarding of our legitimate interests, which prevail in the context of a balancing of interests, in an effective assertion or enforcement of our payment claim in accordance with Art. 6 (1) sentence 1 (f) GDPR.

5. Advertising by e-mail, post, telephone

5.1 E-mail newsletter with registration, newsletter tracking with separate consent

If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent in accordance with Art. 6 (1) sentence 1 (a) GDPR. You can unsubscribe from the newsletter at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 (a) GDPR or we reserve the right to use data beyond this law, which is permitted by law and about which we inform you in this statement.

If you have also given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR to analyze our newsletters, we will also analyze your handling of our newsletter by measuring, storing and evaluating open rates and click-through rates for the purpose of designing future newsletter campaigns ("newsletter tracking").

For this evaluation, the e-mails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular

the page from which the page was requested (so-called referrer URL),
the date and time of the call,
the description of the type of web browser used,
the IP address of the requesting computer,
the e-mail address,
the date and time of registration and confirmation

and the single-pixel technologies with your email address or IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.
You can unsubscribe from newsletter tracking at any time and can be done either by sending a message to the described contact option or via a link provided for this purpose in the newsletter.
The information will be stored for as long as you have subscribed to the newsletter.

5.2 Newsletter dispatch

The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details described in this Privacy Policy.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution: USA, Canada.

The adequacy decisions for the USA are considered the basis for the transfer to third countries, provided that the respective service provider is certified. Until certification by our service providers, the data transfer will continue to be based on this basis: Standard Data Protection Clauses of the European Commission.

Our service providers are located and/or use servers in these countries: India. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on these guarantees: European Commission Standard Data Protection Clauses.

5.3 Sending review requests by e-mail

If you have given us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to ask us to submit a rating of your order via the rating system we use. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the review request. After revoking your consent, we will delete your e-mail address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 (a) GDPR or we reserve the right to use your data beyond this that is permitted by law and about which we inform you in this statement.

The review requests may also be sent by our service provider of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops").

In the context of sending review requests, we receive information on the respective status from Trusted Shops (e.g. whether the review request has been sent and whether it has been received). This is done in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to fulfill our legitimate interest in receiving information about the review invitations to make optimizations based on this if necessary, as well as to fulfill the legitimate interest of Trusted Shops in being able to offer this service.

We are jointly responsible for sending review requests and for collecting and displaying rating and status information together with Trusted Shops.

Within the framework of the joint responsibility between us and Trusted Shops, please contact Trusted Shops for data protection issues and to assert your rights, whose contact details can be found here. Further information on data protection can be found at the following link here. Regardless of this, you can always contact us using the contact option described in this privacy policy. If necessary, your request will then be forwarded to the other controller for an answer.

5.4 Postal advertising and your right to object

In addition, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send you interesting offers and information about our products by post. This serves to safeguard our legitimate interests, which outweigh the legitimate interests in addressing our customers in an advertising manner in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to the contact option described in this privacy policy. After your consent has been revoked, we will delete your address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 (a) GDPR or we reserve the right to use your data beyond this law, which is permitted by law and about which we inform you in this statement.

5.5 Telephone advertising

Insofar as you have given your consent to this in accordance with Art. 6 (1) sentence 1 (a) GDPR, we use the data required for this or separately communicated by you for our own advertising purposes, e.g. to inform you about interesting offers and our products. You can withdraw your consent at any time either by sending a message to the contact method described in this Privacy Policy or by verbal communication at each call. After revocation, we will delete your telephone number, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this law, which is permitted by law and about which we inform you in this statement.

6. Cookies and other technologies

6.1 General Information

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (persistent cookies).

When using our online offerings, we use technologies that are necessary to be able to provide the tele media service expressly requested. The storage of information in your device or access to information that is already stored in your device does not require consent in this respect.
For non-essential functions, storing information in your device or accessing information already stored in your device requires your consent. We would like to point out that if you do not give your consent, parts of the website may not be able to be used without restrictions. Your consent, if any, will remain in force until you adjust or reset the respective settings in your device.

Any downstream data processing through cookies and other technologies

We use technologies that are necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies collect and process IP addresses, time of visit, device and browser information as well as information about your use of our website (e.g. information about the contents of the shopping cart). In the context of a balancing of interests, this serves overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

We also use technologies to comply with the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy. We may also use technologies that are not individually listed in this Privacy Policy. You can find more information about these technologies, including the respective legal basis for data processing, on the Usercentrics platform. You can reach this by clicking on the fingerprint button in the bottom right or left corner of the page.

What types of cookies are used?

Necessary cookies
These cookies are necessary to enable the operation of our website. These include, for example: Cookies that allow you to log in to the customer area or add something to your shopping cart.

Cookie settings

The cookie settings for your browser can be found at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
If you have consented to the use of the technologies in accordance with Art. 6 (1) sentence 1 (a) GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy. Alternatively, you can click on the fingerprint button in the bottom right or left corner of the page. If you do not accept cookies, the functionality of our website may be limited.

6.2 Using Usercentric's Consent Management Platform to Manage Consent

On our website, we use the Usercentrics Consent Management Platform ("Usercentrics") to inform you about the cookies and other technologies we use on our website, as well as to obtain, manage and document your consent, if required by law, to the processing of your personal data through these technologies. This is necessary in accordance with Art. 6 (1) sentence 1 (c) GDPR to comply with our legal obligation under Art. 7 (1) GDPR to be able to prove your consent to the processing of your personal data, to which we are subject. Usercentrics is a service of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes your data on our behalf. When you visit our website, the Usersentrics web server stores a so-called server log file, which also contains your anonymized IP address, date and time of visit, device and browser information as well as information about your consent behavior. Your data will be deleted after three years, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) sentence 1 (a) GDPR or we reserve the right to use data beyond this period that is permitted by law and about which we inform you in this statement.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution: USA.

The adequacy decisions for the USA are considered the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.

7. Use of cookies and other technologies

We use the following cookies and other third-party technologies on our website. Unless otherwise stated for the individual technologies, this is done based on your consent in accordance with Art. 6 (1) sentence 1 (a) GDPR. After the purpose has ceased to exist and we have ceased to use the respective technology, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. For more information on opt-out options, please see the "Cookies and other technologies" section. For more information, including the basis of how we work with each vendor, please refer to each technology. If you have any questions about the providers and the basis of our cooperation with them, please contact us using the contact details described in this privacy policy.

7.1 Use of Adobe Services

We use the following technologies from Adobe Systems, Software Ireland Limited, Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland ("Adobe"). The information automatically collected by Adobe technologies about your use of our website is usually transmitted to and stored on a server of Adobe, Inc., 345 Park Avenue San Jose, CA 95110-2704, USA. If your IP address is collected via Adobe technologies, it will be shortened or completely replaced by a generic IP address by activating appropriate settings before it is stored on Adobe's servers.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution: USA.

The adequacy decisions for the USA are considered the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on standard data protection clauses of the European Commission.

7.2 Adobe Fonts

To ensure the uniform presentation of the content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Adobe Fonts", transmitted to Adobe and then processed by Adobe. We have no influence on this subsequent data processing. Data processing is carried out based on an agreement between joint controllers in accordance with Art. 26 GDPR.

7.3 Use of Google services

We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your use of our website is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Unless otherwise stated for individual technologies, data processing is carried out based on an agreement concluded for the respective technology between joint controllers in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on standard data protection clauses of the European Commission.

Google Analytics

For website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address will be stored on a server located in the EU for the purpose of deriving location data and will then be deleted immediately before the traffic is forwarded to other Google servers for processing. The data processing is carried out based on an agreement on order processing by Google.

For optimizing the marketing of our website, we have activated the data sharing settings for "Google products and services". This allows Google to access the data collected and processed by Google Analytics and then use it to improve Google services. Data sharing with Google under these data sharing settings is based on an additional agreement between controllers. We have no influence on the subsequent data processing by Google.

Google Maps

For the visual representation of geographical information, Google Maps collects data about your use of the Maps functions, in particular the IP address and location data, transmits it to Google and then processes it by Google. We have no influence on this subsequent data processing.

Google Fonts

To ensure the uniform presentation of the content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Google Fonts", transmitted to Google and then processed by Google. We have no influence on this subsequent data processing.

Google Tag Manager

Through Google Tag Manager, we can manage various codes and services on our website. When implementing the individual tags, Google may also process personal data (e.g. IP address, online identifiers (e.g. cookies)). The data processing is carried out based on an agreement on order processing by Google.

By using Google Tag Manager, the integration of different services/technologies can be achieved.
If you do not wish to use individual tracking services and have therefore deactivated them, the deactivation will remain in place for all affected tracking tags that are integrated by Google Tag Manager.

YouTube Video Plugin

To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube Video Plugin in the extended data protection mode we use, transmitted to Google and then processed by Google only when you play a video.

7.4 Use of Facebook services

Use of Facebook Pixel

We use the Facebook Pixel as part of the following technologies of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland"). With Facebook Pixel, data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to the newsletter) are automatically collected and stored, from which user profiles are created using pseudonyms. In the context of the so-called extended data comparison, information is also collected and stored in hashed form for comparison purposes, which can be used to identify individuals (e.g. names, e-mail addresses and telephone numbers). For this purpose, a cookie is automatically set by the Facebook Pixel when you visit our website, which automatically enables your browser to be recognized when visiting other websites by means of a pseudonymous cookie ID. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website use, in particular personalized and group-based advertising.
The information automatically collected by Facebook (by Meta) technologies about your use of our website is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Further information about data processing by Facebook can be found in Facebook's privacy policy (by Meta).
Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decisions for the USA are considered the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on these guarantees: European Commission Standard Data Protection Clauses.

Facebook Analytics

As part of Facebook Business Tools, statistics on visitor activity on our website are created from the data collected by the Facebook Pixel about your use of our website. Data processing is carried out based on an agreement on order processing by Facebook (by Meta). Your analysis serves the optimal presentation and marketing of our website.

Facebook Ads (Ads Manager)

We use Facebook Ads to promote this website on Facebook (by Meta) as well as on other platforms. We determine the parameters of each advertising campaign. Facebook (by Meta) is responsible for the exact implementation, particularly the decision on the placement of the ads with individual users. Unless otherwise specified for the individual technologies, data processing is carried out based on an agreement between joint controllers in accordance with Art. 26 GDPR. Joint responsibility is limited to the collection of the data and its transfer to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.

Based on the statistics generated by Facebook Pixel about visitor activity on our website, we use Facebook Custom Audience to advertise group-based on Facebook (by Meta) by determining the characteristics of each audience. In the context of the extended data comparison (see above) that takes place to determine the respective target group, Facebook (by Meta) acts as our processor.

Based on the pseudonymous cookie ID set by Facebook Pixel and the data collected about your usage behavior on our website, we use Facebook Pixel Remarketing to carry out personalized advertising.

We use Facebook Pixel Conversions to measure your subsequent usage behavior for web analysis and event tracking if you have reached our website via an advertisement from Facebook Ads. Data processing is carried out based on an agreement on order processing by Facebook (by Meta).

8. Integration of the Trusted Shop Trustbadge/ other widgets

If you have given your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, Trusted Shops widgets are integrated on this website for the display of Trusted Shops services (e.g. seals of approval, collected reviews) as well as for the offer of Trusted Shops products for buyers after an order.

The Trustbadge and the services advertised with it are an offer from Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we are jointly responsible for data protection law in accordance with Art. 26 GDPR. Within the framework of this data protection notice, we inform you below about the essential contractual contents in accordance with Art. 26 (2) GDPR.

Within the framework of the joint responsibility between us and Trusted Shops SE, please contact Trusted Shops preferably for data protection questions and to assert your rights using the contact options specified in the data protection information. Regardless of this, however, you can always contact the person responsible for your choice. If necessary, your request will then be forwarded to the other controller for an answer.

8.1 Data processing when integrating the Trustbadge/other widgets

The Trustbadge is provided by a US CDN provider (Content Delivery Network). An adequate level of data protection is ensured by an adequacy decision of the EU Commission (available here) or the Swiss Federal Council (available here). Service providers from the USA are usually licensed under the EU-U.S. Data Privacy Framework or Swiss-U.S. Data Privacy Framework (collectively "DPF"). For more information, click here. If service providers are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to you. The anonymized data is used for statistical purposes and for error analysis.

8.2 Data processing after order completion

If you have given your consent, the Trustbadge will access order information stored in your terminal equipment (order total, order number, product purchased, if applicable) and e-mail address after completing your order, and your e-mail address will be hashed using a cryptological one-way function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

This is to check whether you are already registered for Trusted Shops services. If this is the case, further processing will take place in accordance with the contractual agreement made between you and Trusted Shops. If you are not yet registered for the Services or do not give your consent to automatic recognition via the Trustbadge, you will then be given the opportunity to register manually for the use of the Services or to take out the protection within the framework of your existing user contract, if any.

For this purpose, after completing your order, the Trustbadge accesses the following information stored in the terminal equipment you are using for order total, order number and e-mail address. This is necessary so that we can offer you Buyer Protection. The data will only be transmitted to Trusted Shops if you actively decide to take out buyer protection by clicking on the appropriately designated button in the so-called Trustcard. If you decide to use the services, further processing is based on the contractual agreement with Trusted Shops in accordance with Art. 6 (1) (b) GDPR to be able to complete your registration for buyer protection and secure the order and, if necessary, to be able to send you review invitations by e-mail afterwards.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 (1) (f) GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA, Great Britain and Israel). An adequate level of data protection is ensured by an adequacy decision of the EU Commission (available for the USA here, for Israel here and for Great Britain here) or the Swiss Federal Council (further information can be found here). Service providers from the USA are usually certified under the EU-U.S. Data Privacy Framework (DPF). For more information, click here. If service providers are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

9. Social Media

Our online presence on Facebook (by Meta), X (formerly: Twitter), Instagram (by Meta), YouTube, Pinterest, LinkedIn, Xing

Insofar as you have given your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR vis-à-vis the respective social media operator, when you visit our online presences on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which usage profiles will be created using pseudonyms. These can be used, for example, to place advertisements on and off the platforms that are presumed to be of interest to you. Cookies are usually used for this purpose. Detailed information on the processing and use of the data by the respective social media operator as well as a contact option and your rights in this regard and setting options to protect your privacy can be found in the data protection notices of the providers linked below. If you still need help in this regard, you can contact us.

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in the context of a visit to a Facebook (by Meta) fan page is carried out based on an agreement between joint controllers in accordance with Art. 26 GDPR. For more information (Learn about Insights data), click here.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decisions for the USA are considered the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on these guarantees: European Commission Standard Data Protection Clauses.

X is a service offered by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("X"). The information automatically collected by X about your use of our online presence on X is usually transmitted to and stored on a server of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on standard data protection clauses of the European Commission.

Pinterest is a service offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transmitted to and stored on a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on standard data protection clauses of the European Commission.

Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Menlo Park, California 94025, USA and stored there. Data processing in the context of a visit to an Instagram (by Meta) fan page is carried out based on an agreement between joint controllers in accordance with Art. 26 GDPR. For more information (Learn about Insights data), click here.

Our service providers are located and/or use servers in the following countries for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decisions for the USA are considered the basis for the transfer to third countries, provided that the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on these guarantees: European Commission Standard Data Protection Clauses.

YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is usually transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on standard data protection clauses of the European Commission.

LinkedIn is a service offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transmitted to and stored on a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA for which the European Commission and the Swiss Federal Council have determined an adequate level of data protection by resolution.

Our service providers are located and/or use servers in countries outside Switzerland, the EU and the EEA. For these countries, there is no adequacy decision from the European Commission and the Swiss Federal Council. Our cooperation with them is based on standard data protection clauses of the European Commission.

Xing is a service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

10. Contact options and your rights

10.1 Your rights

As a data subject, you have the following rights:

in accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein.
in accordance with Art. 16 GDPR, the right to immediately request the correction of inaccurate or complete your personal data stored by us.
In accordance with Art. 17 GDPR, the right to demand the deletion of your personal data stored by us, unless further processing is necessary.

to exercise the right to freedom of expression and information.
to comply with a legal obligation.
for reasons of public interest, or
is necessary for the assertion, exercise or defense of legal claims.

in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as

the accuracy of the data is disputed by you.
the processing is unlawful, but you oppose its erasure.
we no longer need the data, but you need it to assert, exercise or defend legal claims, or
you have objected to the processing in accordance with Art. 21 GDPR.

in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.
in accordance with Art. 77 GDPR, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters. A list of EU Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Right to Object
Insofar as we process personal data as explained above to safeguard our legitimate interests, which outweigh the legitimate interests in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you are only entitled to object if there are reasons arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that outweighs your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is carried out for direct marketing purposes. Then we will no longer process your personal data for this purpose.

10.2 Contact options

If you have any questions about the collection, processing or use of your personal data, for information, correction, restriction or deletion of data, as well as for revocation of consents given or objection to a specific use of data, please contact us directly using the contact details in our imprint.

Dortmund Germany Office
16
44149 Dortmund
Germany
+49 151 53 11 43 71
privacy@century-europe.eu

United States Office
1000 Century Blvd.
Oklahoma City, Oklahoma 73110
(405)732-2226
Mike Maloney
mmaloney@centurymartialarts.com

Data Privacy Framework Addendum

EU–U.S. Data Privacy Framework (and UK/Swiss Extensions)

Century, LLC, doing business as Century Martial Arts, (“Century,” “we,” “us,” or “our”) complies with the EU–U.S. Data Privacy Framework (DPF), the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union (EU), United Kingdom (UK), and Switzerland to the United States.
Century has certified to the U.S. Department of Commerce that it adheres to the DPF Principles: Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability.
To learn more about the DPF program and to view our certification, visit the Data Privacy Framework List at: https://www.dataprivacyframework.gov/

Scope & Categories of Data. Century receives personal data from the EU/UK/Switzerland in connection with our e-commerce and B2B operations, including identifiers (e.g., name, contact details), commercial information (e.g., order and return history), and customer support communications. We process this data to fulfill orders and services, provide customer support, operate and secure our sites/systems, perform analytics, manage our relationship with customers and partners, and comply with legal obligations.

Choice. Where required by the DPF Principles, you may opt out of (i) our disclosure of personal data to third parties not acting as our agents, and (ii) our use of personal data for a purpose materially different from the purpose for which it was collected. For sensitive personal data, we will obtain your opt-in consent before such uses or disclosures. To exercise choices, contact us at order@century-europe.eu.

Access. Individuals from the EU/UK/Switzerland may request access to the personal data we hold about them and request that we correct, amend, or delete it where it is inaccurate or processed in violation of the DPF Principles, subject to lawful exceptions. Submit requests to order@century-europe.eu.

Onward Transfer & Liability. When we transfer personal data to a third party acting as our agent/processor, we do so under a contract requiring DPF-equivalent protections and limiting processing to specified purposes. Century remains liable under the DPF Principles for our agents’ processing of EU/UK/Switzerland personal data that is inconsistent with the Principles unless we prove we are not responsible for the event giving rise to the damage.

Independent Dispute Resolution. In compliance with the DPF Principles, Century commits to resolve complaints about our collection or use of your personal data. EU/UK/Swiss individuals with inquiries or complaints should first contact us at privacy@century-europe.eu. We will respond within 45 days.
Century has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your complaint is not resolved through these channels, under certain conditions you may be able to invoke binding arbitration as a residual remedy. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.

Regulatory Oversight. Century is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Public Authority Requests. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law-enforcement requirements. We will challenge requests that are unlawful or overbroad to the extent permitted by law.

Verification & Annual Certification. Century verifies its compliance with the DPF Principles through self-assessment and will re-certify annually with the U.S. Department of Commerce.

HR Data. At this time, Century does not rely on the DPF for transfers of EU/UK/Swiss human resources (HR) data in the context of the employment relationship. If we later include HR data within our DPF scope, we will update this notice to reflect our commitment to cooperate with the competent EU data protection authorities, the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable.

Contact (DPF). Century, LLC, 1000 Century Blvd., Oklahoma City, OK 73110, USA • privacy@century-europe.eu cc mmaloney@centurymartialarts.com

Last updated: September 19, 2025