Data protection

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.

Server log files
You can visit our websites without providing any personal information.
Each time you access our website, your internet browser transmits usage data to us or our web host/IT service provider, which is then stored in log files (server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider. This processing is based on Article 6(1)(f) GDPR, as it is in our overriding legitimate interest to ensure the smooth operation of our website and to improve our services.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.

contact

Responsible
Please contact us if you wish.
The controller responsible for data processing is:
Sarah Moritz, Lachenstraße 26, 71101 Schönaich, Germany
+49 176 72097618, s.moritz@neunzehn27.de

Customer initiates contact via email
If you contact us proactively via email, we collect your personal data (name, email address, message text) only to the extent that you provide it. This data processing serves the purpose of processing and responding to your contact request.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Data collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it. The data is processed for the purpose of contacting you.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when images are sent via email
You have the option of sending us pictures via email in connection with ordering a personalized product.
By submitting your images, we may collect your personal data (images of identifiable individuals) only to the extent you provide it. This data processing serves the purpose of creating personalized products. The submitted image serves as a template for the product and is used for this purpose (e.g., T-shirt printing). This processing is based on Article 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data will not be shared with third parties.
We will only use the image you sent us for the purpose of providing our services. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

WhatsApp Business
If you contact us for business purposes via WhatsApp, we use the WhatsApp Business version provided by WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number registered with WhatsApp, your name if provided, and other data to the extent you have made it available. We use a mobile device for this service whose address book contains only data from users who have contacted us via WhatsApp. Therefore, no personal data is shared with WhatsApp without your prior consent to this.
Your data will be transferred by WhatsApp to servers of Meta Platforms Inc. in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. is certified under the TADPF and has thus committed to complying with European data protection principles. If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice regarding a potential purchase, preparing a quote) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) GDPR.
If contact is made for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in providing quick and easy contact options and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We use your personal data only to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Further information on terms of service and data protection when using WhatsApp can be found at https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy .

Customer account Orders

Customer account
When you open a customer account, we collect your personal data to the extent specified there. This data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal. Your customer account will then be deleted.

Collection, processing and transfer of personal data during orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for entering into a contract. Failure to provide this data will result in the contract not being concluded. This processing is based on Article 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data will be shared with, for example, shipping companies, dropshipping and fulfillment providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to the minimum necessary.

Review reminder
After your order, we would like to ask you to rate your purchase. For this purpose, we use your personal data (name, email address, order information), independently of the contract processing, to send you a review reminder by email after your order has been placed, provided you have expressly consented to this. This processing is based on Article 6 Paragraph 1 Letter a of the GDPR with your consent. You can revoke your consent at any time by using the corresponding link in the email or by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its revocation.

Use of the email address for sending newsletters
We use your email address to send you information and offers via newsletter, provided you have expressly consented to this. The data processing serves solely the purpose of promotional communication. For this purpose, we process your email address and, if applicable, other data that you voluntarily provided when subscribing to our newsletter.
The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.
You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list. Despite removal from the mailing list, we may still store your email address on a so-called blacklist to prevent you from receiving newsletter emails from us in the future. This storage is based on Article 6 Paragraph 1 Letter f GDPR, due to our and your legitimate interest in preventing the reuse of your email address for sending our newsletter. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.

Use of email address for availability notifications
We offer a stock availability notification service on our website. If an item is temporarily unavailable, you can enter your email address on the respective product page and be notified by email when it becomes available, provided you have consented to this. You will receive a one-time email notification when the item is available. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the availability notification at any time by contacting us. Your email address will then be removed from the mailing list.

Inventory management

Use of an external merchandise management system
We use an enterprise resource planning (ERP) system for order processing. For this purpose, your personal data collected during the ordering process will be transmitted to Shopify.

The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6 para. 1 lit. b GDPR.

Payment service provider

Using PayPal Express
We use the PayPal Express payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of offering you payment via the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies may also be used for this purpose. These cookies enable the recognition of your browser.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object to this processing of your personal data at any time, on grounds relating to your particular situation.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR. Further information on data processing when using the PayPal Express payment service can be found in the corresponding privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS .

Using PayPal Checkout
We use the PayPal Checkout payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of offering you the option of paying via this service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.

Cookies may be stored that allow your browser to be recognized. The resulting data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.

Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit reference agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, which may incorporate address data, among other factors. Your legitimate interests are protected in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protecting against payment defaults when PayPal provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying PayPal. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.

Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is also based on Article 6(1)(b) GDPR. Local third-party providers may include, for example:

Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)

Purchase on account via PayPal
When paying via invoice, the data required for payment processing is initially transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstrasse 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR. Ratepay may conduct a credit check using mathematical-statistical methods (probability or score values) with credit agencies, following the procedure described above. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6 Paragraph 1 Letter f GDPR, due to our overriding legitimate interest in protecting against payment defaults when Ratepay provides services in advance. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ .

Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

Using Shopify Payments
We use the payment service "Shopify Payments" from Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Payment processing is handled by the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; "Stripe"). The data processing serves the purpose of offering you payment via the Shopify Payments service. By selecting and using a corresponding "Shopify Payments" payment method, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR.
Stripe reserves the right to obtain a credit report, if necessary, based on mathematical-statistical methods using credit reference agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, which incorporate, among other things, address data. Your legitimate interests are taken into account in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protection against payment default when Stripe provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying Stripe. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.
Further information on data processing when using the Shopify Payments service can be found in Shopify's privacy policy at: https://www.shopify.com/de/legal/datenschutz .
Further information on data processing during payment processing via the payment service provider Stripe can be found in Stripe's privacy policy at: https://stripe.com/de/privacy .

Cookies
Our website uses cookies. Cookies are small text files that are stored in or by the internet browser on a user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is visited again.
Cookies are stored on your computer. Therefore, you have full control over their use. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that you may then not be able to fully utilize all the functions of this website.
The links below provide information on how to manage (including disable) cookies in the most common browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09 Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-allow-und-reject Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies
Unless otherwise stated in the privacy policy below, we only use these technically necessary cookies to make our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you navigate to a different page and to offer you services. Some features of our website cannot be offered without the use of cookies. For these features, it is necessary that the browser is recognized even after a page change.
The use of cookies or similar technologies is based on Section 25 Paragraph 2 of the German Telemedia Act (TDDG). The processing of your personal data is based on Article 6 Paragraph 1 Letter f of the GDPR, due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our services.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.

How to use the Shopify Consent tool (Shopify Privacy & Compliance)
We use the “Shopify Privacy & Compliance” consent tool from Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website. Shopify is a company affiliated with Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
This tool allows you to grant consent for data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw previously granted consent. The data processing serves the purpose of obtaining and documenting necessary consents for data processing and thus complying with legal obligations. Cookies may be used for this purpose. User information, including your IP address, is collected and transmitted to Shopify.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.
Further information on data protection at Shopify can be found at https://www.shopify.com/de/legal/datenschutz .

Plug-ins and other

Integration of the Händlerbund member logo
Our website features the Händlerbund member logo (Händlerbund eV, Kohlgartenstraße 11-13, 04315 Leipzig). When you access our website, your browser automatically sends information to the Händlerbund eV server. This information is temporarily stored in a server log file for 7 days. The following information is collected automatically and stored until it is automatically deleted:

IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL),
browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The temporary storage of the IP address by the system is necessary to enable the delivery of the website. For this purpose, the IP address must be stored for the duration of the session. Storage in log files is carried out to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of the IT systems. This data is not stored together with other personal data. The legal basis for data processing is Article 6(1)(f) GDPR.

Data subject rights and storage period

Storage duration
After complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the data subject
Provided the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
Furthermore, pursuant to Article 21 Paragraph 1 GDPR, you have the right to object to processing based on Article 6 Paragraph 1 f GDPR, as well as to processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority
According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart
Tel.: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de

Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.
After an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

Last updated: October 22, 2024

Language

Language

Data protection