Privacy policy

Privacy Policy

Table of Contents

  1. Information on the Collection of Personal Data and Contact Details of the Controller
  2. Data Collection When Visiting Our Website
  3. Contact
  4. Cookies
  5. Data Processing for Order Fulfillment
  6. Data Processing When Opening a Customer Account and for Contract Fulfillment
  7. Web Analysis Services
  8. Rights of the Data Subject
  9. Duration of Storage of Personal Data

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 Thank you for visiting our website. Below, we would like to inform you about the processing of your personal data when using our website. Personal data is generally all data with which you can be personally identified.

1.2 The controller for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:

Yvan Ryan Njeck

Friedensstraße 16 35394 Gießen Germany

Tel.: 01636758494 E-Mail: grablystore@gmail.com.

1.3 To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL or TLS) over HTTPS.

2. Data Collection When Visiting Our Website

When you access our website, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:

  • The website visited by us
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Operating system used
  • Browser used
  • IP address used (if applicable: in anonymized form)

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and maintaining the functionality of our website. There is no disclosure or other use of the data. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. We reserve the right to subsequently check the server log files if there are specific indications of illegal use. The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting data to provide the website, this is the case when the respective session has ended. In the case of storing the data in log files, this is at the latest after seven days. Storage beyond this is possible. In this case, the users' IP addresses are deleted or obfuscated so that assignment of the accessing client is no longer possible. Collecting the data to provide the website and storing the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

3. Contact

If you contact us via the contact form, the data entered in the input mask is transmitted to us and stored. The collected data can be seen from the respective input mask. When contacting us by e-mail, only the data you enter there is transmitted to us.

The data is used exclusively for processing the conversation and your request. The legal basis for processing the data is, if the user's consent is given, Art. 6 para. 1 lit. a) GDPR. The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) GDPR. If the e-mail contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. The data is deleted as soon as it is no longer necessary for the purpose of its collection and provided no statutory retention periods oppose it. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the affected matter has been conclusively clarified. The user has the possibility at any time to revoke their consent to the processing of personal data. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

3.1 WhatsApp Business

Visitors to our website have the option to communicate with us via WhatsApp (a service of Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).

We use the so-called "Business Version" of WhatsApp for this purpose. If you contact us via WhatsApp in connection with a specific contract, we store and use the mobile phone number you used with WhatsApp and – if published and/or transmitted – your first and last name (Art. 6 para. 1 lit. b GDPR) for the purpose of processing your request.

If necessary, you will be prompted to provide further data if this is required to process your request (Art. 6 para. 1 lit. b GDPR).

If the contact via WhatsApp Business is used for general inquiries that do not concern a specific contract, we store and use the mobile phone number you used with WhatsApp and – if published and/or provided – your first and last name (pursuant to Art. 6 para. 1 lit. f GDPR) for the purpose of processing your request.

Our legitimate interest here lies in the short-term answering of questions from our customers or interested parties.

No disclosure of the data to third parties takes place.

WhatsApp Business gains access to the address book of the mobile device used for this purpose. The phone numbers stored there are automatically transmitted to a Facebook server in the USA.

On the mobile device used by us for WhatsApp Business, only the WhatsApp contact details of those users who have already contacted us via WhatsApp are stored.

For data transmissions from the European Economic Area to the USA, WhatsApp relies on standard contractual clauses of the EU Commission. For further details on data processing by WhatsApp, please refer to WhatsApp's privacy notices:

https://www.whatsapp.com/legal/?eea=1#privacy-policy

4. Cookies

Our website uses cookies.

Cookies are text files that are stored on the user's end device. When a user accesses a website, a cookie can be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized again even after a page change. The user data collected through technically necessary cookies is not used to create user profiles. Our legitimate interest in processing the personal data according to Art. 6 para. 1 lit. f) GDPR also lies in the aforementioned purposes.

In addition, our website may use cookies that enable analysis of the users' surfing behavior (so-called Third Party Cookies). Further information on scope, purpose, legal basis, and objection options can be found in the respective sections of the relevant chapter of this privacy policy.

As a user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate, restrict, or delete the transmission of cookies. If you deactivate cookies for our website, some functions of the website may no longer be fully usable. You can prevent the transmission of Flash cookies by changing the Flash Player settings.

Help with settings can be found in the respective help menu of your browser or under the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Some of the cookies used here are deleted again when you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (Third Party Cookies) to recognize your browser on the next visit (persistent cookies). When cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie.

5. Data Processing for Order Fulfillment

5.1 If you wish to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to fulfill your order.

We partially work with external service providers to process your order. For this, we must disclose the necessary personal data to them.

If we commission shipping companies with the delivery of your goods, we disclose your data necessary for delivering the goods to the respective shipping company. For processing payments, we disclose your data to the commissioned financial institution to the extent necessary. If we use payment service providers, you will be informed about this below.

The legal basis for disclosing your data is Art. 6 para. 1 lit. b GDPR.

5.2 To fulfill our contractual obligations, we work with external shipping partners. We disclose your name and delivery address (if necessary, further data) exclusively for the purpose of delivering the ordered goods pursuant to Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.

5.3 External Service Providers for Order Processing and Fulfillment

  • DHL Fulfilment The order fulfillment is carried out via DHL Home Delivery GmbH, Sträßchensweg 10, 53113 Bonn, under the "Shipping by DHL Fulfilment" option. We disclose your personal data exclusively for the purpose of processing your order and only to the extent necessary pursuant to Art. 6 para. 1 lit. b GDPR to DHL Fulfilment.

5.4 Use of Payment Service Providers

5.5 Apple Pay

When selecting the payment method "Apple Pay" (a service of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), the payment processing is carried out via the "Apple Pay" function of your end device operated with iOS, watchOS, or macOS by charging a payment card you have stored with "Apple Pay."

The security of your transaction is ensured by the hardware and software security features of your device. If a payment is to be approved, it must be released by entering a code and verification using the "Face ID" or "Touch ID" function of your end device.

The information you provided during the ordering process, along with the information about your order, is transmitted in encrypted form to Apple for the purpose of payment processing. This data is then re-encrypted by Apple and transmitted to the payment service provider of the payment card stored in Apple Pay to execute the payment. The encryption ensures that only the website on which the order was placed can access the payment data.

After the payment, Apple sends the device account number and a transaction-specific dynamic security code to the shop website to confirm the payment.

In the described processes, personal data may be processed. In this case, it occurs for the purpose of payment processing pursuant to Art. 6 para. 1 lit. b GDPR.

When using Apple Pay on the iPhone or Apple Watch to complete a purchase you made via Safari on the Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple may process or store data in this process. However, this happens in a format that does not identify your person.

Information on Apple Pay privacy is available here: https://support.apple.com/de-de/HT203027

5.6 bancontact

For payment via "bancontact" through the PayPal Checkout, the payment processing is carried out by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").

Further information on PayPal Checkout can be found in the corresponding passage below.

5.7 blik

For payment via "blik" through the PayPal Checkout, the payment processing is carried out by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").

Further information on PayPal Checkout can be found in the corresponding passage below.

5.8 Google Pay

When selecting the payment method "Google Pay" (a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")), the payment processing is facilitated via the "Google Pay" application on your Android (at least 4.4 "KitKat") operated mobile end device with NFC function. For the payment, one of your payment cards stored with Google Pay or a verified payment system verified there (e.g., PayPal) is charged. To approve a payment via Google Pay of more than 25 EUR, you must first unlock your mobile end device. The information you provided during the order is transmitted to Google for the purpose of payment processing. Google generates a one-time transaction number, which is transmitted to the order website to verify the payment. This transaction number is merely a numeric token that contains no information about your data. The actual transaction is executed between the user and the order website by charging the payment method stored with Google Pay. In the described processes, personal data may be processed. In this case, the processing occurs for the purpose of payment processing pursuant to Art. 6 para. 1 lit. b GDPR.

The terms of use for Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection for Google Pay can be found at the following internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

Further information on Google's data protection can be found here: https://business.safety.google/privacy/

5.9 mybank

For payment via "mybank" through the PayPal Checkout, the payment processing is carried out by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").

Further information on PayPal Checkout can be found in the corresponding passage below.

  • PayPal

When selecting the payment method PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "Buy Now Pay Later" via PayPal, the payment processing is carried out by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

We disclose your personal data to PayPal to the extent necessary pursuant to Art. 6 para. 1 lit. b GDPR. For the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "Buy Now Pay Later" via PayPal, PayPal reserves the right to conduct a credit check. For this, your payment data may be disclosed to credit agencies pursuant to Art. 6 para. 1 lit. f GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). To the extent that score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things but not exclusively, flows into the calculation of the score values. Which further data is collected by PayPal results from PayPal's respective privacy policy. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

5.10 PayPal Checkout

We use PayPal Checkout on this website (PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal")).

PayPal Checkout is an online payment solution from PayPal that handles both PayPal payment methods and local payment methods from third-party providers.

If you select (if offered) the payment methods PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, we disclose your necessary payment data to PayPal for the purpose of payment processing. The disclosure is permissible pursuant to Art. 6 para. 1 lit. b GDPR.

For the payment methods credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check in each case. For this purpose, PayPal may disclose your necessary payment data to credit agencies. The processing is based on Art. 6 para. 1 lit. f GDPR. PayPal has a legitimate interest in determining your ability to pay. You can object to this processing of your data at any time by sending a message to PayPal, although further processing of your personal data by PayPal may still be permissible if necessary for contractual payment processing.

If you select the payment method PayPal invoice purchase, we transmit your payment data initially to PayPal pursuant to Art. 6 para. 1 lit. b GDPR. PayPal then forwards your data to Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin, for payment execution. Ratepay then conducts an identity and credit check in its own name. The legal basis for this is Art. 6 para. 1 lit. f GDPR, the legitimate interest in determining solvency. For this, Ratepay discloses your payment data to credit agencies pursuant to Art. 6 para. 1 lit. f GDPR.

Ratepay can access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/

If you select a payment method of a local third-party provider, we initially disclose your payment data to PayPal pursuant to Art. 6 para. 1 lit. b GDPR. PayPal then forwards your payment data to the provider you selected for payment execution (Art. 6 para. 1 lit. b GDPR):

  • iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
  • giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
  • Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
  • bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
  • eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
  • blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
  • Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

Further information can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

5.11 Shop Pay

We use payment via Shop Pay on our website, among others (Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, hereinafter "Shop Pay"). When paying with Shop Pay, personal data from you is collected. The transmission of your data to Shop Pay is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for contract fulfillment) and exclusively to the necessary extent.

You have the option to revoke your consent to data processing at any time, without affecting the lawfulness of data processing that has already taken place in the past.

Further information on Shop Pay data protection: https://www.shopify.com/pay

as well as in the Shop Pay privacy policy at: https://www.shopify.de/legal/datenschutz

  • Shopify Payments We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment processing is carried out via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we disclose the information you provided during the order process along with the information about your order (name, address, account number, bank routing number, possibly credit card number, invoice amount, currency, and transaction number) pursuant to Art. 6 para. 1 lit. b GDPR. The disclosure of your data is made exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary. Further information on Shopify Payments data protection can be found at the following internet address: https://www.shopify.com/legal/privacy Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

6. Data Processing When Opening a Customer Account and for Contract Fulfillment

If you open a customer account with us, personal data is collected and processed pursuant to Art. 6 para. 1 lit. b GDPR. The scope of the data is evident from the input form. The data you enter is stored and used by us for contract fulfillment.

You can delete your customer account at any time. This can be done by sending a message to the controller's address or, if offered, directly in the customer account. In this case, we will also block your data taking into account tax and commercial retention periods and delete it after these periods have expired. Only your consent to permanent storage or a legally permitted further data use by us can oppose this.

7. Web Analysis Services

Shopify Analytics

We use the web analysis service from Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).

To safeguard our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes, pseudonymized visitor data is collected, evaluated, and stored by Shopify, from which pseudonymized usage profiles can be created and evaluated. Shopify uses cookies to recognize the browser and thus enable more accurate determination of statistics. Your IP address is also collected but immediately pseudonymized after collection before storage, so that personal reference is excluded.

The legal basis is Art. 6 para. 1 lit. a GDPR, namely your express consent.

Shopify does not link your IP address with other Shopify data.

To object to data collection and creation of pseudonymized user profiles and the setting of cookies for the future, you can deactivate the use of cookies on your computer in general by configuring your web browser so that no cookies are stored on your computer in the future or already stored cookies are deleted. However, disabling all cookies may result in some functions on our websites no longer being fully usable.

Shopify's privacy policy can also be found at: https://www.shopify.de/legal/datenschutz

8. Rights of the Data Subject

8.1 The applicable data protection law grants you comprehensive rights of the data subject (information and intervention rights) vis-à-vis the controller regarding the processing of your personal data, about which we inform you below:

  • Right of access pursuant to Art. 15 GDPR: You may request from the controller confirmation as to whether personal data concerning you is being processed by the controller. In addition, you have the right to information about the purposes, the categories of personal data, the recipients, the planned duration of storage, and the existence of further rights such as rectification of data or the existence of a right of appeal to a supervisory authority, the origin of your data if not collected from us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to information about safeguards pursuant to Art. 46 GDPR in the event of transfer of your data to third countries;
  • Right to rectification pursuant to Art. 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of your incomplete data stored with us; the rectification or completion must be carried out immediately.
  • Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request restriction of processing of your personal data as long as the accuracy of your data contested by you is verified, if you reject deletion of your data due to unlawful data processing and instead request restriction of processing of your data, if you need your data to assert, exercise, or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have objected on grounds relating to your particular situation as long as it is not yet clear whether our legitimate grounds override; If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been lifted, you will be informed by the controller before the restriction is lifted.
  • Right to erasure pursuant to Art. 17 GDPR: You have the right to immediate erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right to erasure does not exist in particular – non-exclusively – if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
  • Right to notification pursuant to Art. 19 GDPR: If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this is impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
  • Right to data portability pursuant to Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, common, and machine-readable format or to request its transmission to another controller, insofar as this is technically feasible;
  • Right to withdrawal pursuant to Art. 7 para. 3 GDPR:

You have the right to object at any time to the processing of personal data concerning you that is carried out pursuant to Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. You also have the right to withdraw your data protection consent declaration at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on the consent until the withdrawal.

  • Right to lodge a complaint pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

8.2 Right of objection

You have the right to object to the processing of your data at any time with effect for the future if we process your data based on our overriding legitimate interest after a balancing of interests.

If you exercise this right of objection, we will cease processing your data unless overriding compelling legitimate grounds for the cessation or if the further processing serves the establishment or defense of legal claims.

9. Duration of Storage of Personal Data

The duration of storage of personal data depends in each case on statutory retention periods. After their expiration, we routinely delete the data if it is no longer required for contract fulfillment or initiation and/or no legitimate interest on our part in further storage exists.