1.1 What is personal data

Personal data are details that disclose or can disclose the identity of the user. We adhere to the principle of data minimization. Collection of personal data is avoided as much as possible.

1.2 Handling of personal data

Personal data is used exclusively for the establishment, content design, execution, or processing of the contractual relationship (Art. 6 I S. 1 b GDPR).

Furthermore, personal data is only processed if we have obtained your consent (Art. 6 I S. 1 a GDPR) or if it concerns data whose processing is necessary for our legitimate interests and the balancing of interests shows that no overriding interests, fundamental rights, or freedoms on your part oppose this (Art. 6 I S. 1 f GDPR).

We may use processors to process your personal data, with whom we have concluded a contract for order processing as required; however, personal data will generally not be passed on to third parties beyond this.

Data is only passed on to the shipping company commissioned with delivery to the extent necessary for the delivery of ordered goods. For payment processing, the necessary payment data is passed on to the credit institution commissioned with the payment and, if applicable, the commissioned and chosen payment service provider.

The processing of your personal data takes place in the EU as well as in countries deemed safe or adequate by the EU. If the processing of personal data occurs in the USA, care is taken to ensure that the services we use are certified under the “Data Privacy Framework.”

1.3 Usage data

General technical information is collected when visiting the website. This includes the IP address used, time, duration of the visit, browser type, and possibly the referring page. These usage data are technically recorded in a log file and may be used and stored for the purpose of statistical evaluation of this website. There is no linking of this usage data with your other personal data.

1.4 Registration data

Registration is required for the comprehensive use of the functions of our website. The registration data is collected through your corresponding entries and used for the specifically stated purpose according to your consent (Art. 6 I S. 1 a GDPR).

1.5 Duration of storage

We store your personal data after the purpose for which the data was collected has ended only as long as required by legal (especially tax) regulations.

2.1 Information

You can request information from us as to whether we process personal data about you, and if this is the case, you have the right to information about this personal data and the further information specified in Art. 15 GDPR.

2.2 Right to rectification

You have the right to correct inaccurate personal data concerning you and can request the completion of incomplete personal data in accordance with Art. 16 GDPR.

2.3 Right to deletion

You have the right to demand from us that the personal data concerning you be deleted without delay. We are obliged to delete it immediately, especially if one of the following reasons applies:

Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.You revoke your consent on which the processing of your data was based, and there is no other legal basis for the processing.Your data was processed unlawfully.

The right to deletion does not exist insofar as your personal data is necessary for asserting, exercising, or defending our legal claims.

2.4 Right to restriction of processing

You have the right to request from us the restriction of the processing of your personal data if:

• you dispute the accuracy of the data and we are therefore verifying the accuracy,
• the processing is unlawful and you refuse deletion and instead request restriction of use
• we no longer need the data, but you require it for asserting, exercising, or defending legal claims,
• You have objected to the processing of your data, and it is not yet determined whether our legitimate reasons override your reasons.

2.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided the processing is based on consent or a contract and the processing is carried out by us using automated procedures.

2.6 Right of withdrawal

Insofar as the processing of your personal data is based on consent, you have the right to revoke this consent at any time.

2.7 General Information and Right to Complain

Exercising your aforementioned rights is generally free of charge for you. You have the right to directly contact the supervisory authority responsible for us, the state data protection officer, in case of complaints.

3.1 Data security

All data on our website is protected against loss, destruction, access, alteration, and dissemination by technical and organizational measures.

3.2 Sessions and cookies

To operate the website, we use cookies or server-side sessions in which data can be stored. We ensure that no personal data from sessions or through cookies is used without your explicit consent and that cookies are only used if technically necessary for the website (e.g., spam protection for contact forms, shopping cart function) and thus the balance shows that there are no overriding interests on your part (Art. 6 I S. 1 f GDPR) or you have given explicit consent. After your explicit consent, we use cookies to personalize content and ads, provide social media features, and analyze access to our website. With your consent, we may share information about your use of our website with our partners for social media, advertising, and analytics. Our partners may possibly combine this information with other data they already have about you. Below you will find the domain, name, and duration of the cookies used only based on your consent:

First-party cookies
Domain: kraftwunder.com / Name: cookielawinfo-checkbox-non-necessary / Duration: 1 year
Domain: kraftwunder.com / Name: cookielawinfo-checkbox-necessary / Duration: 1 year

Third-party cookies
Domain: .doubleclick.net / Name: IDE / Duration: until 2022-10-04
Domain: .youtube.com / Name: VISITOR_INFO1_LIVE / Duration: until 2022-03-08
Domain: .youtube.com / Name: YSC / Duration: Session

We use the following social media platforms for corporate representation and communication (explicit reference is made to the linked privacy policies and opt-out options below).

Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.youronlinechoices.com/

Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Privacy Policy and Opt-Out: https://help.instagram.com/

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy Policy: https://policies.google.com/privacy

These social media platforms may process personal data outside the EU; in this respect, we refer to the above privacy policies of the social media platforms. The respective social media platforms may create usage profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your device in which your usage behavior is saved. If you have an account on the respective social media platform and are logged in, your usage behavior can even be stored independently of the device. Your usage profile can be used, for example, to place advertisements that presumably correspond to your interests.

We process personal data exclusively for communication with you via the social media platform you have chosen and to optimize our online presence, ensuring that no interests on your part are affected that outweigh this legitimate interest on our part (Art. 6 I S. 1 f GDPR). If you have already given the respective operator of the social media platform an effective consent to the corresponding data processing, the processing of your personal data also takes place on the basis of this consent (Art. 6 I S. 1 a GDPR).

5.1 Social Media Links

We have our own social media pages with the third-party providers accessible via links from this website. By using the links, you will be directed to the respective third-party websites (e.g., Facebook, Twitter, Instagram). To avoid unnecessary data sharing, we recommend logging out of the respective third-party provider before using a corresponding link, so that usage profiles may not already be created by the third party simply through the use of the link.

5.2 Use of YouTube

This website and the integrated offerings contain so-called embeddings of videos on YouTube. These enable the connection to YouTube and the videos stored there. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The use of YouTube only takes place with your consent (Art. 6 I S. 1 a GDPR). No interests of the users are affected here that outweigh this technical necessity of embedding the videos (Art. 6 I S. 1 f GDPR). Please refer to YouTube's privacy policy for the purpose and scope of data collection and data use by Google as well as your rights and settings options to protect yourself as a YouTube customer. You can find it at: https://policies.google.com/privacy.

5.3 Google Web Fonts

We use so-called web fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to display a uniform font on our website. These are automatically stored in your browser cache when you visit one of our pages to enable the desired display. If your browser does not support the web fonts used, a standard font from your computer may be used. No user interests are affected here that outweigh this technical necessity (Art. 6 I S. 1 f GDPR). You can view Google's privacy policy here: https://www.google.com/policies/privacy/ For more information on Google Web Fonts, please visit https://developers.google.com/fonts/faq.

5.4 Google DoubleClick

This website uses the online marketing tool DoubleClick (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). DoubleClick uses cookies to display relevant ads to users, improve reports on campaign performance, or to prevent a user from seeing the same ads multiple times. Through a cookie ID, Google records which ads are shown in which browser and can thus prevent them from being shown multiple times. Furthermore, DoubleClick can use cookie IDs to track so-called conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain personal information. Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on the ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider obtains and stores your IP address. You can prevent participation in this tracking procedure by adjusting your browser settings accordingly. We point out that in this case you may not be able to use all functions of our offer fully. The use of DoubleClick is only with your consent (Art. 6 I S. 1 a GDPR). You can view Google's privacy policy here: https://policies.google.com/privacy.

5.5 Google Analytics

This website uses Google Analytics, a web analytics service from Google, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), and collects and stores data via this web analytics service, from which usage profiles are created using pseudonyms. The usage profiles created in this way serve to analyze visitor behavior in order to design and improve the offerings presented on this website according to demand. Google Analytics uses so-called "cookies," small text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, however, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within Google Analytics is not merged with other data from Google. Also, usage profiles maintained under a pseudonym are not merged with personal data about the user without the user's explicit and separately declared consent. The use of Google Analytics takes place only with your consent (Art. 6 I S. 1 a GDPR). You can prevent the storage of cookies by adjusting your browser software accordingly; however, we point out that in this case you may not be able to use all functions of this website fully. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by using the link below (http://tools.google.com/dlpage/gaoptout?hl=de) download and install the available browser plugin. You can also prevent the collection of your data by Google Analytics by clicking the following link. An opt-out cookie will be set that prevents the collection of your data on future visits to this website: Disable Google Analytics. Google's privacy policy can be found at http://www.google.de/intl/de/policies/privacy/ view. More information about the terms of use can be found at http://www.google.com/analytics/terms/de.html. We point out that on this website Google Analytics has been extended with the code "anonymizeIp" to ensure anonymized collection of IP addresses (so-called IP masking).

5.6 Use of Meta Pixel (formerly Facebook Pixel)

We use the Meta Pixel operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94304, USA ("Meta"). The entity responsible for processing the information collected by Meta is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This function allows us to target visitors of this website with advertising on Facebook. For this purpose, personalized and interest-based Facebook ads are displayed when Facebook pages are visited.

Conversion tracking also allows Meta and its partners to show you advertising outside of Facebook.

The function is enabled on our website by a pixel from Meta, which is implemented on the page. When you visit our website, a direct connection to the Facebook server is established via the pixel if you have consented to the pixel being set (Art. 6 I S. 1 a GDPR). This transmits to the Facebook server which of our internet pages the user has visited. Facebook assigns this information to your personal Facebook user account.

Please note that when using the Meta Pixel, personal data may be transmitted to Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94304, USA.

More information about the collection and use of data by Meta, your related rights, and options to protect your privacy can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy/ .

Once you have given your consent, you can object at any time using this opt-out link:

Opt Out: https://www.youronlinechoices.com/

If you do not want Facebook to directly associate the collected information with your Facebook user account, you can edit the function in your account settings at: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings%2F%3Ftab%3Dads#_=_ You must be logged into Facebook to do this.

Meta Platforms Inc. is certified under the EU-US Data Privacy Framework, ensuring GDPR-compliant processing of personal data of EU citizens within the USA.

5.7 Shopify

We have created our website with the external service provider Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland) and also host it there. The personal data collected on our website is stored on Shopify's servers and processed, among other places, in the USA. This may include IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. We have concluded a contract for order processing with this provider. Shopify will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data. The use of Shopify is for the purpose of operating the website and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider. No interests of the users are affected here that outweigh this technical necessity of using the service provider (Art. 6 I S. 1 f GDPR). You can view Shopify's privacy policy here:  https://www.shopify.com/de/legal/datenschutz   

5.8 Payment options

In addition to payment by credit card, payment by PayPal and Klarna is possible:

PayPal (PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (City), Luxembourg)

Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/

Klarna (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden)

Privacy Policy: https://www.klarna.com/sofort/datenschutz/

Google Pay (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de

The following of your data is regularly transmitted to the third-party providers for payment processing and processed by them:

•              Your email address

•              Your address

•              Details of your order

•              Your IP address

•              Bank details

The transmission and processing of your personal data by the payment provider is necessary for you to make the payment through them. The legal basis for this is Art. 6 I S. 1 b GDPR (processing for the performance of a contract).

5.9 CDN from UNPKG

Our website uses a so-called Content Delivery Network (CDN). A CDN is a network of powerful servers that cache content at various locations around the world. A CDN essentially has two tasks: on the one hand, it should provide content in the shortest possible time, and on the other hand, it should relieve the web host by distributing the data traffic. The legal basis is Art. 6 I sentence 1 f GDPR. No data transfer takes place outside the EU or outside a country for which an adequacy decision by the European Commission exists. 

 5.10 Trusted Shops

To display Trusted Shops services (e.g., trustmark, collected reviews) as well as to offer Trusted Shops products to buyers after an order, Trusted Shops widgets are embedded on this website. The Trustbadge and the services advertised with it are an offer from Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible for data protection under Art. 26 GDPR. We inform you in the following about the essential contractual contents according to Art. 26 II GDPR within the scope of these data protection notices.

The Trustbadge is provided within the framework of joint responsibility by a US-based CDN provider (Content Delivery Network). An adequate level of data protection is ensured, among other things, by standard data protection clauses and other contractual measures. Further information on the data protection of Trusted Shops AG can be found in their privacy policy: https://www.trustedshops.de/impressum-datenschutz/

When the Trustbadge is called, the web server automatically saves a so-called server logfile, which also contains your IP address, date and time of the call, amount of data transferred, and the requesting provider (access data) and documents the call. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to you personally. The anonymized data is used in particular for statistical purposes and error analysis.

After completing the order, your email address hashed by a cryptographic one-way function will be transmitted to Trusted Shops AG. The transmission of the hashed email address serves to verify whether you are already registered for services with Trusted Shops AG. If this is the case, further processing will be carried out in accordance with the contractual agreement made between you and Trusted Shops. If you are not yet registered for the services, you will subsequently have the opportunity to do so for the first time. Further processing after registration is also based on the contractual agreement with Trusted Shops AG. If you do not register, all transmitted data will be automatically deleted by Trusted Shops AG and personal reference will no longer be possible.

The legal basis for using the Trusted Shops functions is our legitimate interest (Art. 6 I S. 1 f GDPR) in enabling an attractive presentation of our service and offers.

Within the framework of the joint responsibility between us and Trusted Shops AG, please preferably contact Trusted Shops AG for data protection questions and to assert your rights using the contact options provided above. Regardless, you can always contact the responsible party of your choice. Your request will then, if necessary, be forwarded to the other responsible party for response.

5.11 AWS

Our website is hosted by the external service provider Amazon Web Services, or AWS for short (operated by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA). The personal data collected on our website is stored on AWS servers. This may include, in particular, IP addresses, contact details, contract data, website accesses, and other data generated through a website. The use of the host is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 I S. 1 b GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 I S. 1 f GDPR). AWS will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data. AWS also uses a CDN (Content Delivery Network). A CDN is a network of powerful servers that cache content at various locations around the world. Essentially, a CDN has two tasks: on the one hand, it should provide content in the shortest possible time, and on the other hand, it should relieve the web host by distributing the data traffic. The legal basis is Art. 6 I S. 1 f GDPR.  

You can view the AWS Privacy Notice here: https://aws.amazon.com/de/privacy/

You can find the Amazon Data Processing Addendum, which complies with the Standard Contractual Clauses, at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

For contact regarding data protection, you are welcome to reach out to us using the following contact options. Responsible party within the meaning of the GDPR:

Nowbody GmbH & Co. KG
Sacrower Allee 46
14476 Potsdam

Email: hello@kraftwunder.com
Phone: +49(0)3320 150 36 71