Data protection

Data protection policy Theia-Candle.com

Contents :

1. Person responsible and content of the data protection policy
2. Contact person
3. Your rights
4. Data Security
5. Getting in touch
6. Use of your data for marketing purposes
6.1 Centralized data storage and analysis in the CRM system
6.2 Email Marketing and Newsletter
7. Disclosure to third parties and possibility of access by third parties
8. Transborder data communication
9. Retention periods
10. Special provisions relating to our website - Log data
11.Cookies
12. Google Site Search / Google Custom Search Engine
13. Tracking and web analytics tools
13.1 General Tracking Information
13.2 Google Analytics
14. Social Media
14.1 Social media profiles
14.2 Social Media Plugins
15. Online advertising and targeting
15.1 General provisions
15.2 Google Ads
16. Use of our chat function
17. Opening a customer account
18. Ordering Products
19. Online payment processing
20. Ratings and Reviews

1. Person responsible and content of the data protection policy
We, Theia Candle, Rue du Carré d'Amont 18A - 1893 Muraz - Switzerland are the operators of the website www.theia-candle.com and, unless otherwise stated, are responsible for the data processing described in this privacy policy Datas.
Please see the information below to find out what personal data we collect from you and the purposes for using it. With regard to data protection, we are primarily guided by the requirements of the Swiss Data Protection Act, in particular the Federal Data Protection Act (LPD) and the General Data Protection Regulation (GDPR) of the EU, whose provisions may apply in individual cases.
Please keep in mind that the information below will be reviewed and changed from time to time. We therefore recommend that you consult this data protection policy regularly. In addition, the applicable data protection provisions provide that other companies are responsible for the processing of the individual data listed below or are jointly responsible with us. Therefore, in this case, the information of these providers is also decisive.

2. Contact person
If you have any questions about data protection or wish to exercise your rights in this regard, please contact our contact person by sending an e-mail to:
Email: info@theia-candle.com
You can contact our data protection officer within the EU:
by mail: Raphaël TATTEGRAIN - Theia Candle - Rue du Carré d'Amont 18A - 1893 Muraz - Switzerland
by email: info@theia-candle.com

3. Your rights
Subject to the fulfillment of legal requirements, you as a data subject have the following rights:
Right to information : You have the right to request free access to your personal data stored by us at any time if we process it. This gives you the opportunity to check what personal data we are processing about you and to confirm that we are using it in accordance with applicable data protection regulations.
Right of rectification : You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the rectifications made, unless this is impossible or involves a disproportionate effort.

Right to erasure : You have the right to have your personal data erased in certain circumstances. In special cases, for example in the case of statutory retention requirements, the right to erasure may be waived. In this case, if the conditions are met, the data may be blocked instead of deleted.
Right to restriction of processing : You have the right to request the restriction of the processing of your
personal data.
Right to data portability : You have the right to receive from us the personal data that you have communicated to us, free of charge and in a readable format.
Right of opposition : You can object to data processing at any time, in particular in the context of direct marketing (eg advertising e-mails).
Right of withdrawal : In principle, you have the right to withdraw your consent at any time.
However, processing activities based on past consent will not become unlawful following your withdrawal.
To exercise these rights, please send us an email at the following address: info@theia-candle.com

Right of appeal : You have the right to lodge a complaint with a competent supervisory authority,
for example against the way your personal data is processed.

4. Data Security
We implement adequate technical and organizational security measures to protect the personal data stored by us against loss and unlawful processing, i.e. unauthorized access by third parties. Our employees and the service providers commissioned by us are bound by rules of confidentiality and data protection. In addition, these individuals only have access to personal data to the extent necessary to perform their activities.
Our security measures are constantly adapted according to technological developments.
However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot guarantee the absolute security of the information thus transmitted.

5. Getting in touch
Any contact via our addresses and contact channels (e.g. e-mail, telephone or contact form) involves the processing of your personal data. The processing relates to the data that you make available to us, e.g. ex. the name of your company, your name, your function, your e-mail address or your telephone number and your question. Additionally, the time of receipt of the request is recorded. Mandatory information is marked with an asterisk (*) in the contact forms.

We process this data exclusively for the purpose of executing your request (e.g. providing product information, assisting you in performing contracts such as returning products, providing feedback on improving our service , etc.). The legal basis for this data processing is our legitimate interest in fulfilling your request within the meaning of Article 6(1)(f) EU GDPR or, if this relates to the conclusion or the execution of a contract, to the implementation of the necessary measures within the meaning of Article 6, paragraph 1, letter b) of the EU GDPR.

6. Use of your data for marketing purposes
6.1 Centralized data storage and analysis in the CRM system
If it is clearly possible to link the data to your person, we will save and link the data referred to in this data protection policy, i.e. in particular your contact details, your contract data and your surfing behavior on our websites in a centralized database. This will allow us to effectively manage customer data, adequately respond to your concerns, efficiently provide you with requested services and perform related contracts. The legal basis for this data processing is our legitimate interest in the efficient management of user data within the meaning of Article 6 (1) (f) of the EU GDPR.
We evaluate this data in order to develop our ranges according to your needs and to display and offer the most relevant information and offers possible. We also use methods to anticipate your potential interests and future orders based on your use of our website. The legal basis for this data processing is our legitimate interest in implementing marketing measures within the meaning of Article 6 (1) (f) of the EU GDPR.

6.2 Email Marketing and Newsletter
If you register for our newsletter by e-mail (eg when opening or in your customer account), the following data will be collected. Mandatory information is marked with an asterisk (*) in the registration form:

  • E-mail address
  • Title
  • First and last name

In order to prevent misuse and to ensure that the holder of an e-mail address has given his effective consent himself, we use the so-called "double opt-in" for registration. After registration, you will receive an email from us containing a confirmation link. To validate your subscription to the newsletter, you must click on this link. If you do not click on the confirmation link within the time limit, your data will be deleted and our newsletter will not be sent to the address indicated.

By registering, you consent to the processing of this data in order to receive information about our company, our offers in the field of candle creation as well as the associated Théia product ranges. You may also receive invitations to participate in sweepstakes or to review any of the aforementioned products or services. Collecting the title and name allows us to check whether the registration corresponds to a customer account that already exists and to personalize the content of the e-mails. The connection to the customer account helps us to make the offers and the content of the newsletter more relevant to you and better suited to your potential needs.

We use your data to send you emails until you withdraw your consent.
Withdrawal is possible at any time, in particular via the unsubscribe link present in all our marketing e-mails.

Our marketing emails may contain a web beacon, 1x1 pixel (tracking pixel) or similar technical aids. A web beacon is an invisible graphic file that is linked to the user ID of the person subscribed to the newsletter concerned. For each marketing email sent, we receive information about the addresses that have not yet received the email, the addresses to which it has been sent and the addresses for which the sending has failed. We also see which addresses opened the email, for how long, and which links recipients clicked on. Finally, we receive information about addresses that have unsubscribed. We use this data for statistical purposes and to optimize advertising emails in terms of frequency, timing, structure and content. This allows us to better adapt the information and offers offered in our e-mails to the individual interests of their recipients.

The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set your email software settings to not display HTML code in messages if it is not already. default case. Consult the support sections of your email software to find out how to configure this setting, e.g.
ex. here for Microsoft Outlook.

By registering for the newsletter, you also agree to the statistical evaluation of user behavior for the purpose of optimizing and tailoring this publication. The legal basis for this processing is consent within the meaning of Article 6(1)(a) EU GDPR.
We use email marketing software Email from Shopify Inc 126 York St. Ottawa ON K1N 5T5 - Canada for marketing emails. Therefore, your data will be stored in a database belonging to Shopify Inc, which will allow the latter to access your data if necessary for the provision of the software and for the assistance provided within the framework of its use. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) EU GDPR to use the services of third-party providers.

7. Disclosure to third parties and possibility of access by third parties
Without the support of other companies, we would not be able to offer our offers in the desired form. We must therefore communicate to these companies some of your personal data in order to be able to use their services. This communication takes place to the extent necessary to perform the contract you have requested. This is, for example, a communication to logistics or transport companies that deliver the desired products, or to manufacturers with whom you can assert a warranty claim. The legal basis for these communications is the need to perform the contract within the meaning of Article 6 (1) (b) of the EU GDPR.
The data is also communicated to selected service providers, only to the extent necessary for the provision of the service. In addition, various third-party service providers are explicitly covered by this data protection policy, for example in the parts relating to marketing. These include, for example, IT service providers (eg software solution providers), advertising agencies and consulting firms. The legal basis of this
communication is our legitimate interest in procuring services from third parties within the meaning of Article 6(1)(f) EU GDPR. In addition, your data may be communicated, in particular to authorities, legal advisers or collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to assert rights arising from our relationship with YOU. Data may also be shared if another company intends to acquire all or part of our business and such sharing is necessary to perform due diligence checks or to complete the transaction. The legal basis for this communication is our legitimate interest in protecting our rights and complying with our obligations or in order to transfer certain of our activities within the meaning of Article 6 (1) (f) of the EU GDPR.

8. Transborder data communication
We also reserve the right to communicate your personal data to third parties located abroad if this is necessary to carry out the data processing provided for in this data protection policy (see in particular points 12 to 15). Of course, the legal provisions relating to the communication of personal data to third parties are respected. If the country in question does not have an adequate level of data protection, we guarantee, by concluding contractual arrangements with these companies, that your data is adequately protected.

9. Retention periods
We retain personal data only for the period necessary to carry out the processing described in this data protection policy and based on our legitimate interest. With regard to contract data, the storage is covered by statutory retention requirements. The rules that oblige us to keep the data result from the provisions in terms of accounting and tax regulations. According to these regulations, commercial communications, concluded contracts and accounting documents must be kept for a period of 10 years. If we no longer need this data to perform the services on your behalf, the data will be blocked. Thus, the data may only be used if this is necessary to meet our retention obligations or to defend and assert our legal interests. The data will be deleted as soon as there is no longer any obligation to keep them or any legitimate interest in doing so.

10. Special Provisions Relating to Our Website - Logging Data
When you visit our website, the servers of our web host Shopify Inc 126 York St. Ottawa ON K1N 5T5 - Canada temporarily store each access in a log file (referred to as a "log file"). The data below are recorded without your intervention and stored by us until their automatic deletion:
  • the IP address of the requesting computer,
  • the date and time of access,
  • the name and URL of the file consulted,
  • the website from which the access was made, possibly with the search term used,
  • your computer's operating system and the browser you use (including type, version and language settings),
  • the type of device in case of access by mobile phone,
  • the city or region from which the access took place,
  • the name of your internet service provider.

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring long-term system security and stability and analyzing errors and performance, and allow us to optimize our website (see also the last elements of point 13).

In the event of an attack affecting the network infrastructure of the website or in the event of suspicion of unauthorized or improper use of the website, the IP address and other data are evaluated for the purposes of explanation and defense and, if necessary, in the context of legal proceedings for the purposes of identification and in the context of civil and criminal actions brought against the users concerned.
For the purposes described above, we have a legitimate interest in data processing within the meaning of Article 6 (1) (f) of the EU GDPR.
Finally, we use cookies and applications and tools based on the use of cookies when you visit our website. In this context, the data described herein may also be processed. You will find more detailed information on this in the following sections of this data protection policy, in particular in point 11.

11.Cookies
Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are associated with identification numbers that allow your browser to be recognized and the information contained in the cookie to be read.
Cookies help, among other things, to make your visit to our website easier, more pleasant and more relevant. We use cookies for various purposes which are necessary for your intended use of our website, i.e. which are “technically necessary”. For example, we use cookies that allow us to identify you as a registered user after you log in without you having to log in again when navigating between different sub-pages. The shopping cart and checkout functionality also relies on the use of cookies. In addition, cookies also perform other technical functions necessary for the operation of the website, such as so-called "load balancing", i.e. the distribution of the performance load of the site on different web servers in order to relieve the servers. Cookies are also used for security purposes, for example to prevent unauthorized publication of certain content. Finally, we use cookies as part of the design and programming of our website, for example to allow downloading of scripts or codes.
The legal basis for this processing is our legitimate interest in providing a user-friendly and up-to-date website within the meaning of Article 6(1)(f) EU GDPR. Most Internet browsers automatically accept cookies. However, when you access our website, we ask you to accept certain cookies that we use and which are not necessary for the technical operation of our site, in particular when using third-party cookies for marketing purposes. . You can use the buttons located in the cookie banner to make the settings you want. The cookie banner and the following sections of this data protection policy provide information on the services and data processing associated with individual cookies.
You can also configure your browser so that no cookies are stored on your computer or that a message is systematically displayed when you receive a new cookie.
On the following pages you will find explanations on how you can configure the processing of cookies in the targeted browsers.

Disabling cookies may impede your use of certain features of our website.

12. Google SiteSearch / Google Custom Search Engine
This website uses the Google SiteSearch/Google Custom Search Engine tool of Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). This tool enables us to provide you with an effective search function on our website.
If you use our search fields, your browser will be able to transmit the log file data (including the IP address) listed under point 10 as well as the search term entered to Google, provided that Java Script is installed in your browser. If you wish to prevent the transmission of data, you can deactivate Java Script in the browser settings (usually in the “Privacy” menu). Please keep in mind that in this case the search function and other functions of the website may be impaired.
The legal basis for this data processing is our legitimate interest in providing an efficient website search function within the meaning of Article 6(1)(f) EU GDPR.

For information on further data processing by Google, please see Google's data protection policy: https://policies.google.com/privacy?hl=en.

13. Tracking and web analytics tools
13.1 General Tracking Information
We use the web analytics services listed below with the aim of designing a website that meets your needs and continuously optimizing it. In this context, pseudonymised user profiles are created and cookies are used (please also note point 11). The information generated by the cookie about your use of this website is usually transferred to a server of the service provider, where it is stored and processed together with the log file data listed in point 10. Information may also be transferred to servers located abroad, e.g. ex. in the United States (see point 8, in particular on the guarantees provided).

During our data processing, we receive, among other things, the following information:

  • navigational path a visitor followed on our site (including content viewed and products selected or purchased),
  • duration of the visit to the site or sub-page,
  • sub-page on which the website is located,
  • country, region or city from which the access takes place,
  • end device (type, version, color depth, resolution, browser window width and height) and
  • returning visitor or new visitor.

The provider will use this information to evaluate the use of the website, to compile reports on the activity recorded on the website on our behalf and to provide other services relating to the activity on the website and the use of the Internet for market research and needs-based site design. In relation to this processing, we and the Suppliers may be considered to some extent joint controllers under applicable data protection law. The legal basis for this data processing using the following tools is your consent within the meaning of Article 6 (1) (a) of the EU GDPR. You can withdraw your consent or refuse processing at any time by refusing or disabling the relevant cookies in your web browser settings (see point 11) or by using the service-specific options described below.
For the further processing of the data by the respective provider as (solely) responsible under the applicable data protection legislation, in particular the possible transfer of this information to third parties such as authorities referred to in the legislations national, please consult the respective data protection information of the provider.

13.2 Google Analytics
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) ("Google ").

The above-described data relating to the use of the website meeting the aforementioned purposes (see point 13.1) may be transmitted to the servers of Google LLC in the United States. By activating the IP anonymization feature (“anonymizeIP”) on this website, the IP address can be shortened before transmission to member states of the European Union or to other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there.
Users can prevent the data generated by the cookie and related to the use of the website (including the IP address) from being sent to and processed by Google by downloading and installing a browser plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Please click here for more information on data protection at Google.

14. Social Media
14.1 Social media profiles
We have embedded links to our following social media profiles on our website:

  • Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA;
  • Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA;

If you click on the social media icons, you will automatically be redirected to our respective profile. A direct connection is established between your browser and the server of the respective social network.
It is used to inform the media that you have visited our website from your IP address and clicked on the link.
If you click on a media link while logged into your user account on that network, content from our website may be linked to your profile to allow the media to directly attribute your visit to our website to your account. If you want to avoid this pitfall, you must log out before clicking on the corresponding links. There is always a link between your access to our website and your user account when you connect to the network in question after clicking on the link. The respective provider is responsible under applicable data protection law for the processing of the associated data. Therefore, please note the information on the network's website.
The legal basis for any data processing that could be attributed to us is our legitimate interest in the use and promotion of our social media profiles within the meaning of Article 6(1)(f) GDPR EU.

14.2 Social Media Plugins
You can use social media plug-ins from the following providers on our website:

We use social media plug-ins to make it easier for you to share content from our website. Social media plug-ins help us to increase the visibility of our content on social networks and, in this regard, to improve our marketing operations.
Plugins are deactivated by default on our websites and therefore do not send any data to social networks during a simple visit to our site. To increase data protection, we have integrated the plug-ins in such a way that no connection to network servers can be automatically established. Your browser only establishes a direct connection to the servers of the respective social network when you activate the plug-ins and thus give your consent to the transmission and further processing of data by the social media providers.

The content of the plug-in is transmitted directly from the social network to your browser, which integrates it into the website.
This informs the respective provider that your browser has accessed the corresponding page of our website even if you do not have an account for this social network or are not currently logged in to it. This information (including your IP address) is transmitted directly from your browser to the provider's server (usually in the USA) and stored there. We have no influence on the extent of the data that the provider collects using the plug-in, even if, from the point of view of applicable data protection legislation, we can be considered co- responsible with suppliers to a certain extent.

If you are logged into a social network, this can assign your visit to our website directly to your user account. If you interact with the plug-ins, the corresponding information is sent directly to the provider's server and stored there. Information (eg the fact that you like one of our products) may also be published on the social network and displayed to other users of the media in question. The social network provider may use this information for the purpose of placing advertisements and adapting the respective offer to the needs. To this end, profiles
usage, interests and relationships could be created, for example to evaluate your use of our website in relation to the advertisements shown to you on the social network, to inform other users of the activities you perform on our website and to provide other services related to the use of the social network. The purpose and scope of the data collection as well as the further processing and use of the data by the providers of the social networks as well as your rights in this respect and the setting options for the protection of your privacy can be consulted directly in the data protection information of the respective provider.
If you do not want the social network provider to assign the data collected via our website to your user account, you must log out of the social network before activating the plug-in.
The legal basis for this processing is your consent within the meaning of Article 6(1)(a) EU GDPR. You can withdraw your consent at any time by declaring your wish to withdraw it to the plug-in provider in accordance with the information in its data protection declaration.

15. Online advertising and targeting
15.1 General provisions
We use the services of various companies to bring you interesting offers online. We analyze your user behavior on our website and on the websites of other providers in order to provide you with online advertising tailored to your individual needs.
Most of the technologies for monitoring your user behavior ("tracking") and displaying targeted advertising ("targeting") work with cookies (see also point 11) which make it possible to recognize your browser on different websites. . Depending on the service provider you use, it is also possible that you will be recognized online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you register for a service that you use with several devices.

In addition to the data already mentioned, which is generated when you visit websites (“log data”, point 10) and when you use cookies (point 11) and which may refer to companies that are part of advertising networks, the following data, in particular, contribute to the selection of advertisements likely to interest you:

  • Information about you that you provide to us when you register or use an advertising partner's service (eg, your gender, age range);
  • User behavior information (e.g., search terms, interactions with advertisements , types of websites visited, products viewed and purchased, newsletters you subscribed to).

We and our service providers use this data to determine whether you belong to the target group we address and take this into account when selecting which advertisements to display. For example, when you visit certain sites after visiting ours, advertisements relating to the products you have consulted may be offered to you ("re-targeting"). Depending on the scope of the data, a user profile can also be created and evaluated automatically. Ads are then selected based on information stored in the profile, such as membership in specific demographic segments or potential interests or behaviors. These advertisements may be presented to you on various channels which, in addition to our website or app (as part of on-site and in-app marketing), also include advertisements served through the online advertising networks we use. , such as Google.

The data can then be evaluated for billing purposes with the service provider and to evaluate the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve subsequent campaigns. It may also include information indicating that an action (eg, visiting certain sections of our website or submitting information) resulted from a specific advertisement. We also receive aggregate reports on advertising activity and information about how users interact with our website and ads from service providers.

The legal basis for this processing is your consent within the meaning of Article 6(1)(a) EU GDPR. You can withdraw your consent at any time by refusing or disabling the relevant cookies in your web browser settings (see point 11). Further methods for blocking advertisements are also offered in the information provided by the respective service provider, e.g. Google .

15.2 Google Ads
This website uses the services of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) for online advertising. For this purpose, Google uses cookies, for example the so-called "DoubleClick" cookies, which allow your browser to be recognized when you visit other websites. The information generated by the cookie about your visit to these websites (including your IP address) is transmitted to a Google server in the USA and stored there (please also refer to point 8). By clicking Here you will find further information on the data protection offered by Google.

The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) EU GDPR. You can withdraw your consent at any time by refusing or disabling the relevant cookies in your web browser settings (see point 11). You will find here other ways to block ads.

16. Use of our chat function
If you contact us by chat, your personal data will be processed. We will process the data made available to us in this way, e.g. ex. the name of your company, your name, your function, your e-mail address and your question. Additionally, the time of receipt of the request is recorded. Mandatory information is marked with an asterisk (*).

We process this data exclusively for the purpose of executing your request (e.g. providing product information, helping to perform contracts such as returning products, entering feedback on improving our service, etc.) .). We use a tool Shopify Inc 126 York St. Ottawa ON K1N 5T5 - Canada to provide you with the chat feature. Therefore, your data will be stored in a database of Shopify Inc, which will allow the latter to access it if necessary to provide the software and the support offered in connection with its use.

The legal basis for this data processing is our legitimate interest in the use of modern communication technologies within the meaning of Article 6(1)(f) EU GDPR or, if this relates to the conclusion or performance of a contract, the implementation of necessary measures within the meaning of Article 6, paragraph 1, letter b of the EU GDPR.

17. Opening a customer account
If you open a customer account on our website, we will collect the following data, the mandatory information being marked with an asterisk (*) in the relevant form:
Main data:
  • Title
  • Name
  • First name
  • Billing and delivery address
  • birthday day
Login data:
  • E-mail address
  • Password
Other data:
  • LANGUAGES
  • Sex

We use personal data to determine your identity and verify that the opening conditions are met. The e-mail address and password together serve as login data and thus ensure that the right person is using the website under your login details. We also need your e-mail address to verify and confirm the opening of the account and for any future communication with you in connection with the execution of the contract. In addition, this data is stored in the customer account for future contract conclusions. To this end, we also allow you to store other account information (e.g. your preferred payment method).
We also use the data to provide an overview of the products ordered and services purchased (see in particular points 18 and 23) and to offer a simple option for managing your personal data and for the purposes of managing our website and relationships contractual, i.e. for the conclusion, content design, execution and modification of the contracts concluded with you via your customer account.
We process information on language and gender in order to provide you with offers on the website that are tailored to your profile or your personal needs, for the statistical recording and evaluation of selected offers and for the optimization of our suggestions and offers.
The legal basis for the processing for the aforementioned purposes is your consent within the meaning of Article 6(1)(a) of the EU GDPR. You can withdraw your consent at any time by deleting the customer account information, deleting your customer account or notifying us of your wish to delete it.
To prevent misuse, you should always treat your login details confidentially and close your browser window when you have finished communicating with us, especially if you share your computer with other people.

18. Ordering Products
If you order products or book services on our website, we will need various data to fulfill your request. If you do not log in with your customer account (see point 17), we will collect the following data (depending on the product or service), the mandatory information being marked with an asterisk (*) in the corresponding form:

  • Title
  • Name
  • First name
  • Billing and delivery address
  • E-mail address
  • Birthday
  • Phone number

We will use the data to determine your identity before entering into a contract. We will also need your e-mail address to confirm your order and for any future communication with you in connection with the execution of the contract. We store your data together with auxiliary order data (e.g. date, order number, etc.), data on ordered/booked services (e.g. description, price and product characteristics; "product data"), payment data (e.g. selected payment method, payment confirmation and date; see also point 19 ) as well as information necessary for the processing and to the execution of the contract (e.g. return of products, use of services or guarantees, etc.) in our CRM database (see point 6.1) to ensure correct order processing and execution of the contract .
Insofar as this is necessary for the performance of the contract, we also provide the required information to any third-party service providers (eg transport companies).
The legal basis for this processing is the performance of the contract we have concluded with you within the meaning of Article 6(1)(b) EU GDPR.
The transmission of data that is not marked as mandatory is done on a voluntary basis.
We process this data in order to adapt our offer to your personal needs, to facilitate the execution of contracts, to contact you via an alternative communication channel if necessary for the execution of the contract or to record and evaluate statistics to optimize our offers. The legal basis for the processing of this data is your consent within the meaning of Article 6(1)(a) EU GDPR.
You can withdraw your consent at any time by notifying us.

19. Online payment processing
If you purchase services or products on our website against payment, you will have to provide us with other data in addition to the information mentioned in point 18 depending on the products or services in question and the desired method of payment, for example the information of your credit card or the identifier you use to log in to your payment service provider. This information and the fact that you have purchased a product or service from us for the relevant amount and duration is transmitted to the relevant payment service provider (for example, payment solution providers, credit card issuers and acquirers credit cards). Always consult the information of the company concerned, in particular the data protection policy and the general conditions. The legal basis for this communication is the performance of a contract within the meaning of Article 6 (1) (b) of the EU GDPR.

In order to avoid payment problems, the required data, in particular your personal data, may also be communicated to a credit agency for the automatic verification of your creditworthiness. In this context, the credit agency can assign you a note called "score". It is an estimate of the future risk of default, expressed for example as a percentage.
The rating is determined using mathematical and statistical methods and includes credit agency data from other sources. We reserve the right, according to the information received, not to offer you the "invoice" payment method. The legal basis for this processing is our legitimate interest in avoiding payment defaults within the meaning of Art. 6, para. 1, letter f of the EU GDPR.

20. Ratings and Reviews
In order to help other users in their purchase decision and to promote quality (in particular by dealing with negative feedback), you have the opportunity to rate the products ordered on our website. The data that you then make available to us will be processed and published on the website, i.e. in addition to your rating and its time, possibly with the comment that you have attached to your rating or the name that you provided.
The legal basis for the processing is your consent within the meaning of Article 6 (1) (a) of the EU GDPR. You can withdraw your consent at any time by notifying us.
We reserve the right to delete illegal ratings and to contact you in case of suspicion, in order to ask you for an explanation. The legal basis for this processing is our legitimate interest in providing the comment and rating functionality and in preventing misuse when using it within the meaning of Article 6(1)(f) EU GDPR .