Privacy policy

General

Your personal data within the meaning of Art. 4 No. 1 GDPR (e.g. name, address, email address, payment details) will only be processed by us in accordance with the provisions of German data protection law and taking into account the European General Data Protection Regulation (GDPR). The following regulations inform you about the type, scope and purpose of the collection, processing and use of personal data.

The processing of personal data within the meaning of Art. 4 No. 2 GDPR is lawful in accordance with Art. 6 GDPR if one of the following conditions applies:

a) the data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes;
b) the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract at the data subject's request;
c) the processing is necessary for compliance with a legal obligation to which the controller is subject;
d) the processing is necessary to protect the vital interests of the data subject or another natural person;
e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data outweigh them, in particular if the data subject is a child acts.

The processing of special personal data (e.g. health data, biometric data, sexual orientation, religion, trade union membership) within the meaning of Art. 9 Para. 1 GDPR is lawful, in particular according to Art. 9 Para. 2 GDPR, if one of the following conditions applies:

– there is express consent from the person;

– the processing is for the assertion, exercise or defense of

Legal claims or actions of the courts in the context of their judicial activity.

There is no automatic decision-making or profiling regarding personal data within the meaning of Art. 22 GDPR.

The operator ensures the security of the data in accordance with Art. 32 GDPR, taking into account the principle of proportionality, through appropriate technical measures.

If, contrary to expectations, a breach of data protection occurs, the responsible supervisory authority will be notified in accordance with Art. 33 GDPR, as well as the data subject in accordance with Art. 34 GDPR.

 

scope

This data protection declaration only applies to our websites. If you are redirected to other sites via links on our pages, please inform yourself there about how your data is handled.

 

Duration of data storage

The duration of storage of the data you transfer depends on the legal retention requirements. According to commercial and tax laws, invoice data must be retained for up to 10 years.

 

Transfer of data to third parties

Data transmitted when contacting us will only be passed on to third parties (Article 4 No. 10 GDPR) if:

  1. a) you have given your express consent to this in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR,
  2. b) the disclosure in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  3. c) in the event that there is a legal obligation for the transfer in accordance with Article 6 Paragraph 1 Sentence 1 Letter c GDPR, as well as
  4. d) this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR

 

Responsible person within the meaning of the GDPR

The person responsible within the meaning of the General Data Protection Regulation (GDPR), as well as other data protection laws applicable in the European Union and other provisions of a data protection nature is:

Maximilian Bendel
Dorfstrasse 65
41540 Dormagen

E-Mail: info@spaacks.com

 

Cookies

We use cookies on our site. These are small files that your browser creates automatically and that are stored on your device (PC, laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we receive direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after you leave our site. In addition, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically be recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time. The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all functions of our website.

 

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type/ browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP Address

We cannot assign this data to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use. A contract for order processing has been concluded with our hoster.

 

Registration

Registration is required to fully use the functions of our website. The registration data is collected through your relevant entries and used for the specifically stated purpose in accordance with your consent (Art. 6 I S. 1 a GDPR).

 

Google Webfonts

External fonts, Google Fonts, are used on these websites. Google Fonts is a service provided by Google Inc. (“Google”). These web fonts are integrated via a server call, usually a Google server in the USA. This sends information to the server about which of our websites you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. The legality of the use results from Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR. Further information can be found in Google's data protection information, which you can access here:

https://www.google.com/fonts#AboutPlace:about

 

Comment function / rating function

If you use the comment function in the blog or the rating function in the shop on our website, the time of creation, your chosen pseudonym and temporarily your IP address will also be stored in addition to these contributions. This is done so that we can protect our rights in the event of illegal content. If you wish, you can also save your name and email address for future posts by checking the box. The lawfulness of the processing results from your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR.

 

Social-Media Links

We have our own social media pages for third-party providers that can be reached via links from this website. By using the links, you can access the respective third-party websites (e.g. Facebook, Twitter, Google+) and share our content. There is no data transfer when you access our website. As soon as you have accessed the third-party website, you are responsible for the respective third-party provider, so that their data protection declaration and their statements on data use also apply. We have no influence on this, but in order to avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a corresponding link so that usage profiles cannot be created by the third-party provider simply by using the link.

 

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" as well as installment payments via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. as part of the payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal as well as installment payments via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). To the extent that score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

Billbee

The order is processed by the provider Billbee from Billbee GmbH, Paulinenstrasse 54, 32756 Detmold. Name, address and, if applicable, other personal data will be passed on to Billbee exclusively for the purpose of processing the online order in accordance with Article 6 Paragraph 1 Letter b of the GDPR. Your data will only be passed on to the extent that this is actually necessary to process the order. The legality of the use results from Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR. Details about data protection at Billbee and Billbee's data protection declaration can be found here:

https://www.billbee.io/datenschutz/

 

Newsletter

On our site we offer you the opportunity to subscribe to our newsletter. With this newsletter we provide regular information about our offers. In order to receive our newsletter, you need a valid email address. We will check the email address you entered to see whether you are actually the owner of the email address provided or whose owner is authorized to receive the newsletter. When you register for our newsletter, we will save your IP address and the date and time of your registration. This serves as a safeguard on our part in the event that a third party misuses your email address and subscribes to our newsletter without your knowledge. We do not collect any further data. The data collected in this way is used exclusively to receive our newsletter. The legality of the use results from Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR. You can cancel your subscription to this newsletter at any time. You can find details about this in the confirmation email and each individual newsletter.

 

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the user's origin. Google may summarize this data in a profile that is assigned to the respective user or their device. Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there. The use of this analysis tool is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If appropriate consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be revoked at any time.

 

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

 

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

You can find more information about how Google Analytics handles user data in Google's privacy policy:

https://support.google.com/analytics/answer/6004245?hl=de

 

order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. Demographic characteristics in Google Analytics This website uses the “demographic characteristics” function of Google Analytics to show website visitors appropriate advertisements within the Google advertising network. This allows reports to be created that contain information about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

 

Google Analytics E-Commerce-Tracking

This website uses the “E-Commerce Tracking” function from Google Analytics. With the help of e-commerce tracking, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing a product to purchasing it are recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

 

storage duration

User and event-level data stored by Google that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized after 14 months or deleted. Details can be found at the following link:

https://support.google.com/analytics/answer/7667196?hl=de

 

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available on Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analyzing which search terms led to our advertisements being displayed and how many advertisements led to corresponding clicks. The use of Google Ads is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing its service products as effectively as possible.

 

Facebook Pixel

This website uses Facebook visitor action pixels to measure conversions. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries. This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. As the site operator, we cannot influence this use of data. The use of Facebook pixels is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If appropriate consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be revoked at any time. You can find further information on protecting your privacy in Facebook's data protection information:

https://de-de.facebook.com/about/privacy/

You can also use the “Custom Audiences” remarketing feature in the Ad Settings section at

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

deactivate. To do this you must be logged in to Facebook. If you don't have a Facebook account, you can deactivate Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website:

http://www.youronlinechoices.com/de/praferenzmanagement/

 

Lucky Orange

This website uses the Lucky Orange web analysis service from Lucky Orange LLC, 8665 W 96th St Suite #100, Overland Park, KS 66212, USA, to analyze the use of our website and to regularly improve it. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. The legal basis for the use of Lucky Orange is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Lucky Orange is Privacy Shield certified.

For this evaluation, cookies are stored on your computer and sent to Lucky Orange LLC servers in the USA for evaluation. You can set the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. You can prevent the storage of cookies by setting your browser. It is possible to prevent the use of Lucky Orange by activating an opt-out cookie using the following link:

https://privacy.luckyorange.com/

This website uses Lucky Orange in IP masking mode. This means that IP addresses are shortened and further processed, meaning that any direct personal reference can be ruled out. The IP address transmitted by your browser via Lucky Orange is not combined with other data collected by us. Information from Lucky Orange on data protection can be found at

https://www.luckyorange.com/privacy.php

 

SSL connection / data security

In accordance with the legal regulation according to Section 13 Paragraph 7 TMG, this site uses SSL encryption, which can be recognized by a lock symbol in the address bar of your browser. Transmitted data cannot be read by third parties if SSL encryption is activated. This is usually 256 bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the bottom status bar of your browser. We also use appropriate technical and organizational security measures (TOM) to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

 

User rights

You can request information about the personal data stored about you at any time and free of charge. Your rights also include confirmation, correction, restriction, blocking and deletion of such data and the provision of a copy of the data in a form suitable for transmission, as well as the revocation of consent given and objection. Statutory retention obligations remain unaffected. Your rights arise in particular from the following standards of the GDPR:

  • Article 7 Paragraph 3 – Right to revoke data protection consent
  • Article 12 – Transparent information, communication and modalities for exercising the rights of the data subject
  • Article 13 – Obligation to provide information when collecting personal data from the data subject
  • Article 14 – Obligation to provide information if the personal data have not been collected from the data subject
  • Article 15 – Right of access of the data subject, right to confirmation and provision of a copy of personal data
  • Article 16 – Right to rectification
  • Article 17 – Right to erasure (“right to be forgotten”)
  • Article 18 – Right to restriction of processing
  • Article 19 – Obligation to notify in connection with the rectification or deletion of personal data or the restriction of processing
  • Article 20 – Right to data portability
  • Article 21 – Right to object
  • Article 22 – Right not to be subject to a decision based solely on automated processing, including profiling
  • Article 77 – Right to lodge a complaint with the supervisory authority

To exercise your rights (with the exception of Article 77), please contact the body named under the point “Controller within the meaning of the GDPR”.

 

Supervisory authority:

State Commissioner for Data Protection and Freedom of Information NRW

Kavalleriestr. 2-4

40213 Düsseldorf

Phone: 0211/38424-0

Fax: 0211/38424-10

E-Mail: poststelle@ldi.nrw.de

Homepage: https://www.ldi.nrw.de