Privacy Policy
This English translation is provided for convenience. In case of discrepancies, the German version of this Privacy Policy shall prevail.
We are delighted by your interest in our website – and thus in our company. Protecting your individual rights and freedoms matters to us; we use your data only for the purposes intended. Because it is important to us that you always know to what extent we collect, use, and, where applicable, transfer your data to third parties, the following provides comprehensive information about how we process the personal data we collect from you or store about you. Visiting our website is generally possible without providing (personal) data; should there be exceptions for selected services, we will explain them in the following chapters. In processing personal data, we strictly comply with the provisions of the EU General Data Protection Regulation (GDPR/DSGVO) and any other data-protection-relevant requirements.
1. Data protection at a glance
General information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy listed below this text.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Note on the Controller” in this Privacy Policy. Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Note on the Controller” in this Privacy Policy.
How do we collect your data?
Your data is collected, on the one hand, by you providing it to us. This can be, for example, data that you enter into a contact form.
Other data is collected automatically or after your consent when you visit the website by our IT systems. This is primarily technical data (e.g., internet browser, operating system, or the time the page was accessed). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior or for marketing and communication purposes. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other order-related inquiries.
What rights do you have regarding your data?
You have the right, at any time, to obtain information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the rectification or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. In addition, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time with regard to this and other questions on the subject of data protection.
Analytics tools and tools from third parties
When you visit this website, your surfing behavior may be statistically evaluated. This happens primarily with so-called analytics programs. Detailed information about these analytics programs can be found in the following Privacy Policy.
2. Hosting
We host the content of our website with the following provider:
External hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Our host(s) will process your data only to the extent necessary to fulfill its performance obligations.
We have concluded a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR with the host used. This ensures that the processing of personal data is carried out exclusively in accordance with our instructions and that all data protection requirements are complied with.
We use the following host(s):
Linuxwerkstatt GmbH
Auf den Kellern 14
55437 Appenheim
3. General notes and mandatory information
Data protection
When you use this website, various personal data is collected. “Personal data” is all information relating to an identified or identifiable natural person within the meaning of Art. 4 No. 1 GDPR. We process this data in accordance with the applicable data protection laws, in particular the GDPR and the German Federal Data Protection Act (BDSG).
We would like to point out that data transmission over the internet (e.g., communication by email) may have security gaps. Complete protection of data against access by third parties is not possible.
Note on the Controller
The controller responsible for data processing on this website is:
Andreas Zimmer, Jacob Sloth
Phone: +49 6171 632 232
Email: privacy@wovena.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage duration
Unless a more specific storage period is specified in this Privacy Policy, your personal data will remain with us until the purpose for the data processing ceases to apply. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion takes place after these reasons no longer apply.
General information on the legal bases for data processing on this website
We may process personal data only if one of the following legal bases applies:
| Legal basis | GDPR provision |
|---|---|
| Informed consent | Art. 6(1)(a) |
| Performance of a contract | Art. 6(1)(b) |
| Taking steps prior to entering into a contract | Art. 6(1)(b) |
| Compliance with legal obligations | Art. 6(1)(c) |
| Protection of vital interests | Art. 6(1)(d) |
| Safeguarding our legitimate interests | Art. 6(1)(f) |
The specific legal bases applicable in individual cases are indicated in the following sections of this Privacy Policy.
Notice on data transfers to data-protection-unsafe third countries and transfers to U.S. companies not certified under the DPF
We use, among other things, tools from companies based in third countries that are not deemed secure under data protection law, as well as U.S. tools whose providers are not certified under the EU-U.S. Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We point out that in data-protection-unsafe third countries, a level of data protection comparable to that in the EU cannot be guaranteed.
We point out that the USA, as a secure third country, generally has a level of data protection comparable to that of the EU. A data transfer to the USA is therefore permissible if the recipient has certification under the “EU-U.S. Data Privacy Framework” (DPF) or provides appropriate additional safeguards. Information on transfers to third countries, including the recipients of the data, can be found in this Privacy Policy.
Recipients of personal data
In the course of our business activities, we work with various external entities. In some cases, this also requires the transfer of personal data to these external entities. We only pass on personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest pursuant to Art. 6(1)(f) GDPR in the transfer, or if another legal basis permits the data transfer. When using processors, we transfer personal data of our customers only on the basis of a valid data processing agreement. In the case of joint processing, a joint-controller agreement is concluded.
Rights of data subjects
The General Data Protection Regulation (GDPR) guarantees each data subject certain rights regarding their personal data. These include:
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases as well as to direct advertising (Art. 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, AT ANY TIME AND ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR RELEVANT PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
The supervisory authority responsible for us: The Hessian Commissioner for Data Protection and Freedom of Information.
Right to data portability
You have the right to have data that we process on the basis of your consent or in performance of a contract transmitted to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Access, rectification and deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectification or deletion of this data. In addition, you have the right to request the restriction of the processing of your personal data.
You can contact us at any time regarding this. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
- If you have objected pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from being stored – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to marketing emails
The use of contact data published within the scope of the legal notice obligation to send unsolicited advertising and information materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails. Your data is processed in accordance with the GDPR. Legal bases: Art. 6(1)(a), (b), (c), (f) GDPR; Section 25 TDDDG (in the case of consent to cookies).
4. Data collection on this website
When you visit our website for the first time, a consent banner appears in your browser window. Here you have the option to accept the use of necessary and optional cookies or to reject the use of optional cookies. Necessary cookies cannot be rejected via the consent banner, as their use is possible even without explicit consent. However, you can set your internet browser to generally prevent the storage of cookies on your device. You can also choose a setting where you are asked each time whether you agree to cookies being set. You can also delete cookies that have already been set at any time.
If you delete all cookies on your device, you will be treated as a new visitor upon a later page visit and the consent banner will be displayed to you again. Please note that in doing so, revocation or opt-out cookies that have already been set will also be deleted, so that you will have to re-declare any revocations or objections already made. It may also happen that disabling cookies in general can lead to functional restrictions of our website.
We use the consent management tool from Shopware (cookie banner or consent banner) on our website to capture and manage consents and any revocations. We use the tool on the basis of Art. 6(1) sentence 1(f) GDPR (to document your consent status) and Art. 6(1)(c) GDPR (legal obligation to prove your consent).
You can revoke consent once given at any time or adjust your selection of cookies via your browser settings. Please follow the instructions in our cookie notes.
Collection of general data and information
As soon as you visit our website, some general data and technical information is collected by our web server – as shown in the table below:
| Data collected | Purpose of collection |
|---|---|
| Browser types and versions used | Correct display of page content |
| Operating system used, visitor origin (referrer, e.g., Google), subpages clicked | Optimization of our website content and our advertising |
| Date and time of access to the website as well as IP address and internet service provider of the visitor | Ensuring the permanent functionality of our IT systems (to operate the website) and preventing misuse |
| Other data and information for averting danger in the event of attacks | Provision of relevant information to law enforcement authorities in the event of a cyberattack |
This data is not merged with other data sources.
The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this, the server log files must be collected.
Cookies
Our web pages use so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after you leave. Persistent cookies remain stored on your device until you delete them yourself or your web browser performs an automatic deletion.
Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g., cookies for processing payment services).
Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions desired by you (e.g., for the shopping cart function), or to optimize the website (e.g., cookies to measure web audience) (“necessary cookies”) are stored on the basis of Art. 6(1)(f) GDPR in conjunction with Section 25(2) No. 2 TDDDG, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies was requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent can be revoked at any time.
You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, as well as to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. You can see which cookies and services are used on this website in this Privacy Policy.
Contact form
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
Data is not passed on to third parties and/or to a third country, nor is it planned.
The processing of this data is based on Art. 6(1)(b) GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested; consent can be revoked at any time.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
There is no obligation to provide personal data, and there are no consequences if the required data is not provided. Without providing the data marked as required, it may not be possible to process your inquiry.
Inquiry by email, telephone or fax
If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested; consent can be revoked at any time.
The data you send to us via contact inquiries will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Processing of customer and contract data
We collect, process, and use personal customer and contract data for the establishment, content arrangement, and amendment of our contractual relationships. We collect, process, and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.
The customer data collected will be deleted after completion of the order or termination of the business relationship and after the expiry of any statutory retention periods. Statutory retention periods remain unaffected.
Data transfer upon contract conclusion for online shops, retailers and shipping of goods
We transfer personal data to third parties only if this is necessary within the scope of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution entrusted with payment processing. No further transfer of data takes place or only if you have expressly agreed to the transfer. Your data will not be passed on to third parties without express consent, e.g., for advertising purposes.
The legal basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Data transfer upon contract conclusion for services and digital content
We transfer personal data to third parties only if this is necessary within the scope of contract processing, for example to the credit institution entrusted with payment processing.
No further transfer of data takes place or only if you have expressly agreed to the transfer. Your data will not be passed on to third parties without express consent, e.g., for advertising purposes.
The legal basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Data processing when opening a customer account
In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required to open the account can be found in the input mask of the corresponding form on our website.
You can delete your customer account at any time by sending an informal email from the address registered to the account to the contact address above. After deletion of your customer account, your personal data will be deleted, provided that all contracts concluded via it have been fully processed, no statutory retention periods (e.g., pursuant to Section 257 of the German Commercial Code (HGB) and Section 147 of the Fiscal Code (AO)) preclude deletion, and we have no legitimate interest in further storage.
Where data has been transmitted to third parties (e.g., payment service providers), they will be informed of the deletion request – insofar as possible.
Deletion requests are generally processed within 30 days.
Encrypted payment transactions on this website
If, after concluding a paid contract, there is an obligation for you to transmit your payment data to us (e.g., account number in the case of a direct debit authorization), these data are required for payment processing.
Payment transactions via the common payment methods are carried out exclusively via an encrypted SSL or TLS connection. With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
5. Social media and marketing tools
Facebook / Meta (Pixel and plugins)
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
An overview of Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE
If the social media element is active, a direct connection between your device and the Facebook server is established. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile.
This allows Facebook to assign the visit to this website to your user account. We point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how Facebook uses it. For more information, please refer to Facebook’s Privacy Policy at: https://de-de.facebook.com/privacy/explanation
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. Any processing by Facebook after the transfer is not part of the joint responsibility. Our mutual obligations have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum
According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for securely implementing the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., access requests) regarding data processed by Facebook directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
https://www.facebook.com/policy.php
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452
Instagram plugin
Functions of the Instagram service are integrated on this website. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
If the social media element is active, a direct connection between your device and the Instagram server is established. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, by clicking the Instagram button you can link the contents of this website to your Instagram profile. This allows Instagram to assign your visit to this website to your user account. We point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how Instagram uses it.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility relates exclusively to the collection of the data and its transfer to Facebook or Instagram. Any processing by Facebook or Instagram after the transfer is not part of the joint responsibility. Our mutual obligations have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for securely implementing the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., access requests) regarding data processed by Facebook or Instagram directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/
https://de-de.facebook.com/help/566994660333381
Further information can be found in Instagram’s Privacy Policy: https://privacycenter.instagram.com/policy/
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452
Pinterest Tag
We use elements of the social network Pinterest on this website, operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you access a page that contains such an element, your browser establishes a direct connection to Pinterest’s servers. This social media element transmits log data to Pinterest’s server in the USA. This log data may include your IP address, the address of the websites you visited that also contain Pinterest features, browser type and settings, date and time of the request, how you use Pinterest, and cookies.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Further information on the purpose, scope, and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in Pinterest’s Privacy Policy: https://policy.pinterest.com/de/privacy-policy
Etsy
Functions and content of the marketplace Etsy may be embedded on our website or there may be a link to our Etsy shop. The provider is Etsy Ireland UC, 66/67 Great Strand Street, Dublin 1, Ireland. Parent company: Etsy Inc., 117 Adams Street, Brooklyn, NY 11201, USA.
If you interact with Etsy via our website (e.g., by clicking shop links or embedded product previews), Etsy may process personal data – e.g., your IP address, browser data, device information, and, where applicable, information about your Etsy account (if you are logged in there).
The use of Etsy is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as cookies or comparable technologies are set by Etsy. Your consent can be revoked at any time.
Please note that when using Etsy, data may also be transferred to so-called third countries, in particular the USA. Etsy Inc. is certified under the EU-U.S. Data Privacy Framework (DPF). This ensures an adequate level of data protection for data transfers to the USA.
Further information on data processing by Etsy can be found in Etsy’s Privacy Policy at: https://www.etsy.com/de/legal/privacy
TikTok
If you interact with Etsy via our website (e.g., by clicking shop links or embedded product previews), Etsy may process personal data – e.g., your IP address, browser data, device information, and, where applicable, information about your Etsy account (if you are logged in there).
When you visit pages with embedded TikTok content or use content captured via the TikTok Pixel, a connection to TikTok servers is established. In doing so, personal data such as your IP address, device information, usage behavior and – if you are logged in to TikTok – your profile may be linked to your visit to this website.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, provided you have consented to processing (e.g., via cookies, pixels, or fingerprinting). This consent can be revoked at any time.
Insofar as personal data is transferred to third countries, in particular to the USA or China, as part of use, this is done only in compliance with appropriate safeguards pursuant to Art. 44 et seq. GDPR, such as Standard Contractual Clauses or – where available – an adequate level of protection.
Further information on data processing by TikTok can be found in TikTok’s Privacy Policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/de
Amazon
Functions and links of the online marketplace Amazon are integrated on our website. The provider is Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg. Parent company: Amazon.com, Inc., 410 Terry Ave. North, Seattle, WA 98109-5210, USA.
If you click on an Amazon link or use an embedded Amazon widget (e.g., product preview or shop link), a direct connection is established between your browser and Amazon’s servers. Amazon may collect personal data, including:
- Your IP address
- Information about the device and browser used
- where applicable, user behavior (e.g., clicks, purchases)
- for Amazon affiliate programs: partner and tracking IDs
If you are logged in to Amazon, Amazon can assign the website visit to your user account.
The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as cookies or similar technologies are used. Consent can be revoked at any time.
Where data is transferred to third countries (e.g., the USA), this is based on the EU Commission’s Standard Contractual Clauses or within the framework of appropriate safeguards pursuant to Art. 44 et seq. GDPR.
Further information can be found in Amazon’s Privacy Notice at: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010
YouTube with enhanced privacy mode
This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our pages on which YouTube is embedded, a connection to YouTube’s servers is established. In this process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, YouTube enables your browsing behavior to be assigned directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalize browsing on YouTube. Ads served in enhanced privacy mode are also not personalized. In enhanced privacy mode, no cookies are set. However, so-called local storage elements are stored in the user’s browser, which, similar to cookies, contain personal data and can be used for recognition. Details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780
Additional data processing operations may be triggered after a YouTube video is activated, over which we have no control.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Further information about data protection at YouTube can be found in their Privacy Policy at: https://policies.google.com/privacy?hl=de
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
6. Analytics and advertising tools
Google services
We use various services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. It is possible that this also involves data transfers to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google is certified under the EU-U.S. Data Privacy Framework and falls under the EU’s adequacy decision for the USA.
Google Analytics
We use the tracking tool Google Analytics by Google on our website. We use Google Analytics to evaluate your use of the website, to compile reports on the activities within this web offering, and to provide other services related to website use, thereby improving user-friendliness.
When Google Analytics is used, interactions of website visitors are primarily recorded and systematically evaluated using cookies.
We use Google Analytics with the “anonymizeIp()” extension. This means that IP addresses are truncated within the member states of the EU or EEA. If data is transferred to Google’s servers in the USA, the full IP address is transmitted and truncated there only in exceptional cases. A direct personal reference is thus generally excluded. In particular, it is no longer possible to assign the data to the computer or device from which the website was accessed.
The following data is processed through the use of Google Analytics:
- 3 bytes of the IP address of the system used by the website visitor (anonymized IP address),
- the page visited,
- the page from which the user accessed our website (referrer),
- the subpages accessed from the website,
- the time spent on the website,
- the frequency with which the website is accessed.
- Postal code
- User IDs
- IP address
- Client user agent (the browser and operating system you use)
- Click IDs
- Browser ID
- Product IDs
- Advertising ID
- Facebook login ID
Google Tag Manager
We use Google Tag Manager to manage and bundle our Google services and third-party providers on an online presence. Tags are small code elements on an online presence that, among other things, help measure visitor numbers and behavior, capture the impact of online advertising and social channels, use remarketing and audience targeting, and test and optimize online presences.
Google Display Network (GDN)
Our website uses features of the Google Display Network (GDN), an advertising network of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Ads are placed on third-party websites that match your usage behavior and interests (contextual and interest-based advertising).
To place and optimize ads and to re-engage website visitors (remarketing), Google uses cookies or similar technologies. The information generated about your use of this website (e.g., pages visited, time spent, interactions) may be transmitted to and stored on Google servers.
This processing takes place only with your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, provided you have given this via our consent banner. Consent can be revoked at any time.
Google may combine the data collected in this way with other information from your Google account if you are logged in to Google and have enabled this linking in your Google account.
Google is certified under the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of data protection for transfers to the USA.
Further information can be found at: https://policies.google.com/technologies/ads
Legal basis and revocation
The use of cookies or comparable technologies set by Google takes place with your consent on the basis of Section 25(1) sentence 1 TDDDG. The legal basis for data processing under the aforementioned Google services is your prior consent pursuant to Art. 6(1)(a) GDPR.
You can revoke your consent at any time with effect for the future by adjusting your preferences in our consent banner.
Meta Pixel (formerly Facebook Pixel)
We use the “Custom Audiences” service of Meta Platforms, Inc. as part of usage-based online advertising (1601 S. California Avenue, Palo Alto, CA 94304, USA). For this purpose, we define target groups of users in the Facebook Ads Manager based on certain characteristics, who subsequently receive advertisements within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided by the use of Facebook. If a user clicks on an advertisement and then lands on our website, Facebook receives the information via the Facebook Pixel embedded on our website that the user clicked on the advertising banner. As a rule, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set. This records information about your activities on our website (e.g., surfing behavior, pages visited, etc.). Your IP address is also stored and used for the geographical placement of advertising. Facebook Custom Audiences via the customer list as well as the “advanced matching” function are not used by us.
The data is deleted no later than after 720 days.
Your data may be processed in the USA and transferred there, i.e., to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45(1) GDPR on the basis of the EU-U.S. Data Privacy Framework. The provider has certified under the EU-U.S. Data Privacy Framework and thus undertaken to comply with the EU level of data protection.
Facebook’s Privacy Policy can be found here: https://www.facebook.com/policy.php
You can object to collection via the Facebook Pixel and the use of your data here: https://www.facebook.com/settings?tab=ads
The legal basis for this data processing is your consent pursuant to Art. 6(1) sentence 1(a) GDPR and/or Section 25(1) TDDDG. You can revoke your consent at any time with effect for the future by opening the cookie settings in the footer and changing your selection there.
Meta Conversion API
We use the tracking tool Meta Conversion API from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
This is a data interface through which we transmit data about your behavior on our website to Meta for analysis. This enables us to display advertisements to you that match your user behavior on our website.
In connection with the Conversion API we use the following data:
- Email address
- Telephone number
- Gender
- Date of birth
- First and last name
- City, state/province and country
We transmit the data to Meta. In doing so, the data is also transferred to Meta in the USA.
Meta is certified under the EU-U.S. Data Privacy Framework and thus falls under the EU’s adequacy decision for the USA.
The use of cookies or comparable technologies set by Meta takes place with your consent on the basis of Section 25(1) sentence 1 TDDDG. The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR.
You can revoke your consent to data processing by Meta Pixel for our web domain at any time with effect for the future by adjusting your preferences in our consent banner.
TradeDoubler
Our website uses services of the affiliate network TradeDoubler, an offering by TradeDoubler AB, Birger Jarlsgatan 57 A, 113 56 Stockholm, Sweden.
If you click links or advertising banners embedded as part of the TradeDoubler partner program, a tracking cookie is placed on your device to make the origin of the order traceable. TradeDoubler can thus recognize that you clicked the link on our website and subsequently carried out a defined action (e.g., purchase).
The following data may be processed:
- Your IP address (truncated),
- device and browser used,
- time of the click,
- pseudonymized tracking IDs (e.g., for commission determination).
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as you have consented to the use of cookies. Consent can be revoked at any time via the cookie settings.
TradeDoubler processes personal data exclusively within the EU or the EEA. Further information on data protection at TradeDoubler can be found at: https://www.tradedoubler.com/de/privacy-policy
7. Newsletter
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke the consent given to store the data, the email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of the processing already carried out remains unaffected by the revocation.
The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose ceases to exist. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.
Data that has been stored by us for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will be used only for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage takes place until your express objection or the expiry of the period.
CleverReach
To contact you or to sign up for the newsletter, we require your email address and, if applicable, further details. With the website relaunch in February 2024, Taunus Textildruck Zimmer GmbH & Co. KG (Wovena) uses the service provider CleverReach for sending circulars and the teachers’ newsletter. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede. CleverReach is a service that can organize and analyze newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g., email address) is stored on CleverReach’s servers in Germany or Ireland.
Newsletters we send with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients opened the newsletter message and how often which link in the newsletter was clicked. With the so-called conversion tracking, it can also be analyzed whether a pre-defined action (e.g., purchase of a product on our website) took place after clicking the link in the newsletter.
Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
Data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The lawfulness of the processing already carried out remains unaffected by the revocation.
If you do not want analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter. The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe and will be deleted from both our servers and CleverReach’s servers after you unsubscribe. Data stored by us for other purposes remains unaffected. For more details, please refer to CleverReach’s Privacy Policy: https://www.cleverreach.com/de/datenschutz/. Haus der Geschichte has concluded a data processing agreement with CleverReach.
You can revoke the consent given to store the data, the email address, and its use for sending the newsletter at any time, e.g., via the “unsubscribe” link in the newsletter. The lawfulness of the processing up to that point remains unaffected.
8. Payment Service Providers
8.1 PayPal
We use PayPal as a payment service provider to process payments in our online shop. For customers within the European Union, the provider is:
22-24 Boulevard Royal
L-2449 Luxembourg
If you choose PayPal as your payment method, the data required for payment processing will be transmitted to PayPal. Depending on the selected payment method, this may include in particular:
- First and last name
- Email address
- Billing and delivery address
- Order details
- Payment amount and currency
- Transaction or payment reference
- IP address and device-related information, where applicable
The processing of this data is carried out for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR (performance of a contract) and for the prevention of fraud. Where required, processing may also take place to comply with legal obligations pursuant to Art. 6(1)(c) GDPR (e.g., anti-money laundering regulations).
PayPal may carry out a credit assessment. For this purpose, probability values (so-called score values) may be calculated, which may include address data among other factors. Further information on this can be found in PayPal’s privacy policy.
If you maintain a PayPal account or use additional PayPal services, PayPal acts as an independent controller within the meaning of the GDPR with regard to this data processing.
Data transfers to third countries (in particular the United States) cannot be excluded. In such cases, PayPal ensures appropriate safeguards in accordance with Art. 44 et seq. GDPR, in particular by concluding EU Standard Contractual Clauses or relying on an adequacy decision of the European Commission where applicable.
Further information on data processing by PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
8.2 Stripe (Credit Card Payments)
Where offered, we use Stripe as a payment service provider for processing credit card payments. For customers within the European Union, the provider is:
1 Grand Canal Street Lower
Dublin 2
Ireland
If you choose to pay by credit card, the data required for payment processing will be transmitted to Stripe. This includes in particular:
- First and last name
- Email address
- Billing and delivery address
- Payment amount and currency
- Credit card details (card number, expiry date, security code)
- Transaction data
- IP address and device-related information
The processing of this data is carried out for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR (performance of a contract), as well as for fraud prevention and the security of payment transactions.
Stripe may use automated procedures for fraud prevention and risk assessment. This processing is based on Art. 6(1)(f) GDPR (legitimate interest in preventing payment defaults and misuse) and, where required, Art. 6(1)(c) GDPR (compliance with legal obligations).
Stripe may process personal data in the United States or other third countries. In such cases, Stripe ensures appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular by concluding EU Standard Contractual Clauses or relying on an adequacy decision of the European Commission where applicable.
Further information on data processing by Stripe can be found at: https://stripe.com/de/privacy
9. Applicant data
By submitting or handing over your application, you give your consent for your details to be stored and processed for the duration of the application process and used to contact you during the application process. Without this consent we cannot process your application.
Scope and purpose of data processing
All data that you provide to us via our website or as part of an application will be processed solely for the purpose of conducting the application and selection process and is used solely to assess professional suitability and to contact you. This includes your salutation, first name, last name, address, telephone number, email address, your CV as well as data on your education and qualifications (Art. 6(1)(b) GDPR; Section 26 BDSG). In the context of employment, you are required to provide only the personal data necessary for establishing, conducting, and terminating employment. Otherwise proper HR administration is not possible.
If you yourself disclose “special categories of personal data” within the meaning of Art. 9 GDPR (e.g., a photo revealing ethnic origin, information on severe disability, etc.) in the cover letter or other documents submitted by you during the application process, your consent also relates to this data. However, we wish to evaluate all applicants solely on their qualifications and therefore ask that you avoid such information in your application as far as possible.
Your application documents will be forwarded only to the departments that need them to assess the application and for hiring (HR department, responsible specialist department responsible for the job posting).
Your applicant data will be used exclusively for the application process. To protect your personal data provided to us as part of the application process, we comply with the legal provisions of the GDPR and the Federal Data Protection Act. All necessary technical and organizational security measures are taken to protect your data from loss and misuse. The data and files you transmit will be stored and used exclusively for purposes related to collecting and processing your application.
Storage of your applicant data, right of access and deletion request
By submitting your application, you also give your consent to the storage of your applicant data. 6 months after the conclusion of the application process, your applicant data will be deleted. No separate notification is issued regarding this.
The principles presented also apply in the case of a speculative application, i.e., when you do not apply for a specific position, or if applicant data is sent by post or email.
Review of alternative opportunities
We review every incoming application for further opportunities. Therefore, we may also forward your profile to other departments. If you do not agree with this procedure, you can object at any time.
Your rights
You have the right to request confirmation from us at any time as to whether we are processing personal data about you, and the right of access to this personal data. You also have the right to rectification, deletion, and restriction of data processing, as well as the right to object to the processing of personal data at any time, to revoke your consent to data processing at any time, or to request data portability. Please address all information requests, access requests, revocations, or objections to data processing by email to our data protection officer or to the contact details above. In addition, you have the right to lodge a complaint with a supervisory authority in the event of data protection violations.
10. Plugins and tools
Trusted Shops
We use the services of the following provider for review reminders: Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany
Exclusively on the basis of your express consent pursuant to Art. 6(1)(a) GDPR, we transmit your email address and, where applicable, other customer data to the provider so that they can contact you with a review reminder by email.
You can revoke your consent at any time with effect for the future, either to us or to the provider.
We are jointly responsible with the provider for the processing described above pursuant to Art. 26 GDPR. The agreement on joint responsibility can be viewed here: https://help.etrusted.com/hc/de/articles/23970817960082-Vertrag-%C3%BCber-die-gemeinsame-Verantwortlichkeit-nach-DSGVO