Data protection
1. General
1.1 What is personal data
Personal data is information that reveals or may reveal the identity of the user. We adhere to the principle of data avoidance. As far as possible, the collection of personal data is avoided.
1.2 Handling of personal data
Personal data is used exclusively for the purpose of establishing the contract, structuring the content, implementing or processing the contractual relationship (Art. 6 I S. 1 b GDPR).
In addition, personal data will only be processed if we have received your consent to do so (Art. 6 I S. 1 a GDPR) or if it concerns data whose processing is necessary for our legitimate interests and if the consideration shows that none conflict with overriding interests, fundamental rights or freedoms on your part (Art. 6 I S. 1 f GDPR).
To process your personal data, we can use contract processors with whom we have concluded a contract for order processing if necessary, but will generally not pass on the personal data to third parties.
The data will only be passed on to the shipping company commissioned with the delivery to fulfill the contract, insofar as this is necessary to deliver the ordered goods. In order to process payments, the payment data required for this will be passed on to the credit institution responsible for the payment and, if necessary, to the commissioned and selected payment service provider.
Your personal data will be processed in the EU and in countries deemed safe or appropriate by the EU. If personal data is processed in the USA, we will ensure that the services we use are certified under the “Data Privacy Framework”.
1.3 usage data
When you visit the website, general technical information is collected. These are the IP address used, time, duration of the visit, browser type and, if applicable, the originating page. For technical reasons, this usage data is registered in a log file and can be used and saved for the purpose of statistical analysis of this website. This usage data is not linked to your other personal data.
1.4 registration data
Registration is required to fully use the functions of our website. The registration data is collected through your relevant entries and used for the specifically stated purpose in accordance with your consent (Art. 6 I S. 1 a GDPR).
1.5 Duration of storage
After the purpose for which the data was collected has ended, we will only store your personal data for as long as this is necessary due to legal (particularly tax) regulations.
2. Your rights
2.1 Information
You can request information from us as to whether we process your personal data and, if this is the case, you have the right to information about this personal data and the further information specified in Article 15 GDPR.
2.2 right to rectification
You have the right to correct incorrect personal data concerning you and, in accordance with Art. 16 GDPR, you can request the completion of incomplete personal data.
2.3 right to erasure
You have the right to request that the personal data concerning you be deleted immediately. We are obliged to delete them immediately, especially if one of the following reasons applies:
Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed. You withdraw your consent on which the processing of your data was based and there is no other legal basis for the processing. Your data were processed unlawfully.
The right to deletion does not exist if your personal data is necessary to assert, exercise or defend our legal claims.
2.4 Right to restriction of processing
You have the right to request that we restrict the processing of your personal data if:
- If you dispute the accuracy of the data and we therefore check the accuracy,
- the processing is unlawful and you refuse deletion and instead request restriction of use
- we no longer need the data, but you need it to assert, exercise or defend legal claims,
- You have objected to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.
2.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on your consent or based on a contract and we process it using automated procedures.
2.6 Right of withdrawal
If the processing of your personal data is based on consent, you have the right to revoke this consent at any time.
2.7 General and right of appeal
Exercising your above rights is generally free of charge for you. If you have any complaints, you have the right to contact the supervisory authority responsible for us, the state data protection officer, directly.
3. Data security
3.1 Data security
All data on our website is secured by technical and organizational measures against loss, destruction, access, modification and distribution.
3.2 sessions and cookies
To operate the website, we use cookies or server-side sessions in which data can be stored. We ensure that no personal data is transferred from sessions or through cookies without your express consent and that cookies are only used if this is technically necessary for the website (e.g. spam protection in the contact form, shopping cart function) and therefore the balance shows that there are no predominant ones Your interests conflict with this (Art. 6 I S. 1 f GDPR) or you have given your express consent. With your express consent, we use cookies to personalize content and ads, to provide social media functions and to analyze access to our website. With your consent, we may share information about your use of our website with our social media, advertising and analytics partners. Our partners may be able to combine this information with other data that the partners already have about you. Below you will find the domain, name and duration of the cookies that are only used based on your consent:
site-specific cookies
Domain: kraftwunder.com / Name: cookielawinfo-checkbox-non-necessary / Term: 1 year
Domain: kraftwunder.com / Name: cookielawinfo-checkbox-necessary / Term: 1 year
third-party cookies
Domain: .doubleclick.net / Name: IDE / Term: until 2022-10-04
Domain: .youtube.com / Name: VISITOR_INFO1_LIVE / Duration: until 2022-03-08
Domain: .youtube.com / Name: YSC / Duration: Session
4. Presence on social media platforms
We use the following social media platforms for company representation and communication (express reference is made to the data protection declarations and opt-out options linked below).
Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland)
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.youronlinechoices.com/
Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland)
Privacy policy and opt-out: https://help.instagram.com/
YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland)
Privacy Policy: https://policies.google.com/privacy
These social media platforms may process personal data outside the EU; in this regard, we refer to the above data protection declarations of the social media platforms. The respective social media platforms may be able to create user profiles based on your usage behavior and the resulting interests and actions on your part and store cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior can even be saved regardless of the device. Your usage profile can be used, for example, to place advertisements that presumably match your interests.
We process the personal data exclusively to communicate with you via the social media platform you have chosen and to optimize our online presence and ensure that no interests of yours are affected that outweigh this legitimate interest on our part (Art. 6 I p. 1 f GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, your personal data will also be processed on the basis of this consent (Art. 6 I S. 1 a GDPR).
5. Third-party services
5.1 Social-Media-Links
We have our own social media pages for third-party providers that can be reached via links from this website. By using the links, you will reach the respective third-party websites (e.g. Facebook, Twitter, Instagram). To avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider before using a corresponding link so that usage profiles cannot be created by the third-party provider simply by using the link.
5.2 use of YouTube
This website and the integrated offers contain so-called embeds of videos on YouTube. These enable the connection to YouTube and the videos stored there. YouTube is an offering from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). YouTube can only be used with your consent (Art. 6 I S. 1 a GDPR). No user interests are affected here, which outweigh the technical necessity of integrating the videos (Art. 6 I S. 1 f GDPR). The purpose and scope of data collection and data use by Google as well as your rights and setting options for protection as a YouTube customer can be found in YouTube's data protection information. You can find these at: https://policies.google.com/privacy.
5.3 Google Web Fonts
We use so-called web fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) in order to be able to show you a uniform font on our website. When you access one of our pages, these are automatically saved in your browser cache to enable the desired display. If your browser does not support the web fonts used, a standard font on your computer may be used. This does not affect any user interests that outweigh this technical necessity (Art. 6 I S. 1 f GDPR). You can view Google's privacy policy here: https://www.google.com/policies/privacy/ For more information about Google Web Fonts, see https://developers.google.com/fonts/faq.
5.4 Google DoubleClick
This website uses the online marketing tool DoubleClick (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). DoubleClick uses cookies to show ads that are relevant to users, improve campaign performance reporting, or prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown multiple times. In addition, DoubleClick can use cookie IDs to record conversions that are related to ad requests. This is the case, for example, if a user sees a DoubleClick ad and later visits the advertiser's website using the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on our ad. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address. You can prevent participation in this tracking process by setting the appropriate settings in your browser. We would like to point out that in this case you may not be able to fully use all of the functions of our offer. DoubleClick can only be used with your consent (Art. 6 I S. 1 a GDPR). You can view Google's privacy policy here: https://policies.google.com/privacy.
5.5 Google Analytics
This website uses Google Analytics, a web analysis service from Google, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and uses this web analysis service to collect and store data from which usage profiles are created using pseudonyms become. The usage profiles created in this way are used to evaluate visitor behavior in order to design and improve the offering presented on this website in line with needs. Google Analytics uses so-called “cookies”, small text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. The usage profiles maintained under a pseudonym will not be merged with the user's personal data without the user's express and separately declared consent. Google Analytics can only be used with your consent (Art. 6 I S. 1 a GDPR). You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google using the following link (http://tools.google.com/dlpage/gaoptout?hl=de) download and install the available browser plugin. You can also prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: Disable Google Analytics. You can view Google's data protection information at http://www.google.de/intl/de/policies/privacy/ see. You can find more information about the terms of use at http://www.google.com/analytics/terms/de.html. We would like to point out that Google Analytics on this website has been expanded to include the code “anonymizeIp” to ensure the anonymized collection of IP addresses (so-called IP masking).
5.6 Use of Meta Pixel (formerly Facebook Pixel)
We use the Meta Pixel operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94304, USA (“Meta”). The body responsible for processing the information collected by Meta is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This function allows us to target visitors to this website on Facebook with advertising. For this purpose, personalized and interest-based Facebook ads are displayed when the Facebook pages are visited.
Conversion tracking also allows Meta and its partners to show you advertising outside of Facebook.
The function is made possible on our website by a pixel from Meta, which is implemented on the page. When you visit our website, a direct connection to the Facebook server is established via the pixel if you have agreed to the pixel being set (Art. 6 I S. 1 a GDPR). This means that which of our websites the user has visited is transmitted to the Facebook server. Facebook assigns this information to your personal Facebook user account.
Please note that when using the Meta Pixel, personal data may be transmitted to Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94304, USA.
Further information on the collection and use of data by Meta, your rights in this regard and options for protecting your privacy can be found in Facebook's data protection information at https://www.facebook.com/about/privacy/ .
Once you have consented, you can object at any time using this opt-out link:
Opt Out: https://www.youronlinechoices.com/
If you do not want Facebook to assign the collected information directly to your Facebook user account, you can edit the function in your account settings at: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings%2F%3Ftab%3Dads#_=_. You must be logged in to Facebook to do this.
Meta Platforms Inc. is certified according to the EU-US Data Privacy Framework, which ensures the GDPR-compliant processing of personal data of EU citizens within the USA.
5.7 Shopify
We created our website with the external service provider Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland) and also host it there. The personal data collected on our website is stored on Shopify's servers and processed, among other places, in the USA. This can be v. a. These include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website. We have concluded an order processing contract with this provider. Shopify will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data. Shopify is used for the purpose of operating the website and in the interest of secure, fast and efficient provision of our online offering by a professional provider. This does not affect any user interests that outweigh the technical necessity of using the service provider (Art. 6 I S. 1 f GDPR). You can view Shopify's privacy policy here: https://www.shopify.com/de/legal/datenschutz
5.8 Payment options
In addition to paying by credit card, it is also possible to pay via PayPal and Klarna:
PayPal (PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (city), Luxembourg)
Data protection: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/
Klarna (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden)
Data protection: https://www.klarna.com/sofort/datenschutz/
Google Pay (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland)
Data protection: https://policies.google.com/privacy?hl=de&gl=de
The following of your data is regularly transmitted to third-party providers for payment processing and processed by them:
• Your email address
• Your address
• Details of your order
• Your IP address
• Bank details
The transmission and processing of your personal data by the payment provider is necessary so that you can make the payment through them. The legal basis for this is Art. 6 I S. 1 b GDPR (processing for the fulfillment of a contract).
5.9 CDN by UNPKG
Our website uses a so-called Content Delivery Network (CDN). A CDN is a network of powerful servers that cache content in different locations around the world. A CDN essentially has two tasks: on the one hand, it should provide content in the shortest possible time and, on the other hand, it should relieve the web host by distributing the data traffic. The legal basis is Art. 6 I S. 1 f GDPR. Data will not be transferred outside the EU or outside a country for which the European Commission has an adequacy decision.
5.10 Trusted Shops
Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g. quality seals, collected reviews) and to offer Trusted Shops products to buyers after an order. The Trustbadge and the services advertised with it are an offer from Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, with which we are jointly responsible for data protection in accordance with Art. 26 GDPR. As part of this data protection information, we will inform you below about the essential contractual contents in accordance with Art. 26 II GDPR.
The trust badge is provided as part of a shared responsibility by a US CDN (content delivery network) provider. An appropriate level of data protection is ensured, among other things, by standard data protection clauses and other contractual measures. Further information on data protection at Trusted Shops AG can be found in their data protection declaration: https://www.trustedshops.de/impressum-datenschutz/
When you access the trust badge, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to you personally. The anonymized data is used in particular for statistical purposes and for error analysis.
After completing your order, your email address, hashed using a one-way cryptographic function, will be transmitted to Trusted Shops AG. The transmission of the hashed email address serves to check whether you are already registered for services with Trusted Shops AG. If this is the case, further processing will take place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will then be given the opportunity to do so for the first time. Further processing after registration is also based on the contractual agreement with Trusted Shops AG. If you do not register, all transmitted data will be automatically deleted by Trusted Shops AG and personal reference will then no longer be possible.
The legal basis for the use of the Trusted Shops functions is our legitimate interest (Art. 6 I S. 1 f GDPR) in enabling an attractive presentation of our services and our offers.
As part of the joint responsibility between us and Trusted Shops AG, if you have any questions about data protection or to assert your rights, please contact Trusted Shops AG using the contact options provided above. Regardless of this, you can always contact the responsible person of your choice. If necessary, your request will then be passed on to the other person responsible for an answer.
5.11 AWS
Our website is hosted by the external service provider Amazon Web Services, AWS for short (operated by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA). The personal information collected on our website is stored on AWS servers. This can be v. a. These include IP addresses, contact details, contract data, website access and other data generated via a website. The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 I S. 1 b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 I S . 1 f GDPR). AWS will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data. AWS also uses a CDN (Content Delivery Network). A CDN is a network of powerful servers that cache content in different locations around the world. A CDN essentially has two tasks: on the one hand, it should provide content in the shortest possible time and, on the other hand, it should relieve the web host by distributing the data traffic. The legal basis is Art. 6 I S. 1 f GDPR.
You can view AWS' privacy policy here: https://aws.amazon.com/de/privacy/
The Amazon data processing conditions, which correspond to the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
6. Contact
To contact us regarding data protection, please feel free to contact us using the contact options below. Responsible person within the meaning of the GDPR:
Nowbody GmbH & Co. KG
Sacrower Allee 46
14476 Potsdam
Email: hello@kraftwunder.com
Telephone: +49(0)3320 150 36 71