Privacy policy
1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when you use our website. Personal data is any information that can be used to personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is [EllaCork]. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser’s address bar.
2) DATA COLLECTION WHEN VISITING OUR WEBSITE
If you use our website for purely informational purposes, i.e., you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary to display the website to you:
-
The website you visited
-
Date and time of access
-
Amount of data sent in bytes
-
Source/referrer from which you accessed the page
-
Browser used
-
Operating system used
-
IP address used (possibly in anonymized form)
The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.
3) COOKIES
To make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of your browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a predefined period, which may vary depending on the cookie.
In some cases, cookies are used to simplify the order process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the execution of the contract or
in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
We may cooperate with advertising partners who help us make our online offer more interesting for you. For this purpose, cookies from partner companies (third-party cookies) may also be stored on your hard drive when you visit our website. If we work with the aforementioned advertising partners, you will be individually and separately informed about the use of such cookies and the extent of the data collected in the following paragraphs.
Please note that you can set your browser to inform you about the setting of cookies and to allow you to decide individually whether to accept them or to exclude the acceptance of cookies for specific cases or in general. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find this information for the respective browsers at the following links:
-
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
-
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
-
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
-
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) CONTACTING US
When contacting us (e.g., via contact form or email), personal data is collected. The specific data collected in the case of a contact form is evident from the respective form. This data is stored and used solely for the purpose of responding to your inquiry or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after your request has been fully processed, provided it can be inferred from the circumstances that the relevant matter has been conclusively resolved and no legal retention obligations prevent deletion.
5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING
In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed if you provide it to us for the purpose of contract execution or opening a customer account. The specific data collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the address of the controller mentioned above. We store and use the data you provide to process the contract. After the contract has been fully executed or your customer account has been deleted, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes permitted by law, about which we inform you in this policy.
6) USE OF YOUR DATA FOR DIRECT MARKETING
6.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required to send the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an email newsletter if you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation email asking you to confirm your subscription by clicking a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When you register for the newsletter, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration to trace any possible misuse of your email address at a later time. The data collected when registering for the newsletter is used exclusively for promotional purposes through the newsletter. You can unsubscribe from the newsletter at any time via the link provided in each newsletter or by sending a message to the controller mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and which we inform you about in this statement.
6.2 Sending Email Newsletters to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. We do not require separate consent from you for this. Data processing in this case is based solely on our legitimate interest in personalized direct marketing pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, no emails will be sent. You have the right to object to the use of your email address for marketing purposes at any time with future effect by notifying the controller mentioned above. You will only incur transmission costs according to basic rates. After receiving your objection, the use of your email address for advertising purposes will be immediately discontinued.
7) DATA PROCESSING FOR ORDER HANDLING
7.1
The personal data collected by us will be passed on to the transport company commissioned with the delivery, to the extent necessary for the delivery of the goods. We will pass your payment data to the credit institution commissioned with the payment processing, insofar as this is necessary for handling the payment. If we use payment service providers, we will inform you explicitly below. The legal basis for the transfer of data is Art. 6(1)(b) GDPR.
7.2 Use of Payment Service Providers
- PayPal
If you choose to pay via PayPal, credit card via PayPal, direct debit via PayPal, or — if offered — “purchase on account” or “installment payment” via PayPal, we will forward your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) as part of the payment processing. The data transfer takes place in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or — if offered — “purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6(1)(f) GDPR based on PayPal's legitimate interest in determining your solvency. The result of the credit check, in regard to the statistical probability of payment default, is used by PayPal to decide whether to provide the respective payment method. The credit check may include score values (so-called score values), which are calculated on the basis of a scientifically recognized mathematical-statistical procedure. Among other data, address data may be included in the calculation of score values.
Further information on data protection, including the credit agencies used, can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You may object to the processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- SOFORT
If you select the “SOFORT” payment method, payment is processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”), to whom we transmit the information you provided during the order process along with details of your order in accordance with Art. 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The data is shared exclusively for the purpose of payment processing with SOFORT and only to the extent necessary for this purpose.
You can find further information about SOFORT’s privacy policy at:
https://www.klarna.com/sofort/datenschutz
8) CONTACTING YOU FOR A REVIEW REMINDER
Own review reminder (not sent via a customer review system)
We use your email address to send a one-time reminder to submit a review of your order through the review system we use, provided you have given us your explicit consent to do so during or after placing your order in accordance with Art. 6(1)(a) GDPR.
You can revoke your consent at any time by sending a message to the data controller.
9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS
9.1 Facebook Plugins with Shariff Solution
We use social plugins (“plugins”) of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), on our website.
To increase the protection of your data when visiting our website, these buttons are not integrated as active plugins but only as HTML links. This ensures that no connection to Facebook's servers is established when a page on our website containing such buttons is accessed. Only when you click the button will a new browser window open and load the Facebook page, where you can interact with the plugins (after logging in, if necessary).
Facebook Inc., based in the USA, is certified under the EU-U.S. Privacy Shield agreement, which ensures compliance with the level of data protection applicable in the EU.
For details on how Facebook collects, processes, and uses your data, and your rights and settings to protect your privacy, please see Facebook's privacy policy:
https://www.facebook.com/policy.php
9.2 Google+ Plugins with Shariff Solution
We use social plugins of the Google+ social network, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on our website.
As with Facebook, these buttons are integrated using only HTML links to increase data protection. This prevents a direct connection to Google’s servers when the page is loaded. Only when you click the button will a browser window open and access Google+, where you can interact with the plugins after logging in.
Google LLC is also certified under the EU-U.S. Privacy Shield agreement.
For details on how Google collects, processes, and uses your data, and how to protect your privacy, please refer to Google's privacy policy:
https://www.google.com/intl/de/policies/privacy/
9.3 Instagram Plugin with Shariff Solution
Our website also uses plugins of the online service Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”).
As with the other plugins, Instagram buttons are only integrated as HTML links to protect your data. Thus, when a page with such a button is accessed, no connection to Instagram's servers is made. A connection is only established when the button is clicked, opening a browser window to Instagram (login may be required), where you can interact with the plugin.
Instagram LLC is certified under the EU-U.S. Privacy Shield agreement.
For details on how Instagram collects, processes, and uses your data, and your privacy settings, please consult Instagram’s privacy policy:
https://help.instagram.com/155833707900388/
10) ONLINE MARKETING
10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“DoubleClick”).
DoubleClick uses cookies to serve ads relevant to users, improve campaign performance reports, or prevent users from seeing the same ads multiple times. Google uses a cookie ID to track which ads are displayed in which browser, thereby preventing duplicate ads. This processing is based on our legitimate interest in optimally marketing our website in accordance with Art. 6(1)(f) GDPR.
Additionally, DoubleClick may track conversions using cookie IDs, for example, when a user views a DoubleClick ad and later purchases something from the advertiser’s site using the same browser. According to Google, DoubleClick cookies do not contain personal data.
When using this tool, your browser automatically establishes a connection to Google’s servers. We have no control over the scope and further use of the data collected by Google, but to our knowledge: by integrating DoubleClick, Google learns that you have accessed a particular part of our site or clicked on one of our ads. If you are registered with a Google service, your visit may be linked to your account. Even if you are not registered or logged in, Google may still obtain and store your IP address.
If you wish to opt out of this tracking, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com:
https://www.google.de/settings/ads
This setting will be erased if you delete your cookies. Alternatively, you can manage cookie preferences via the Digital Advertising Alliance at:
http://www.aboutads.info/
or set your browser to notify you when cookies are being used and allow you to accept or refuse them individually. Please note that disabling cookies may limit the functionality of our website.
Google LLC is certified under the EU-U.S. Privacy Shield agreement.
More information on DoubleClick's privacy practices is available at:
https://www.google.de/policies/privacy/
10.2 Use of Google AdWords Conversion Tracking
This website uses the Google AdWords online advertising program and, as part of it, conversion tracking provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We use Google AdWords to promote our products via ads on external websites and to analyze the effectiveness of our campaigns. This helps us tailor our advertising to your interests and evaluate advertising performance fairly.
A conversion tracking cookie is placed when a user clicks on a Google AdWords ad. These cookies are small text files stored on your device and generally expire after 30 days. They are not used to identify individuals personally. If a user visits certain pages of this website while the cookie is still valid, Google and we can recognize that the user clicked the ad and was redirected to the page.
Each AdWords customer receives a unique cookie, preventing tracking across different AdWords clients’ websites. The information collected using the conversion cookie is used to compile statistics for AdWords advertisers. Advertisers know how many users clicked their ads and were redirected to a conversion-tagged page, but they do not receive information that can personally identify users.
If you do not wish to participate in tracking, you can disable the Google Conversion Tracking cookie in your browser settings. You will then not be included in conversion statistics. We use Google AdWords based on our legitimate interest in targeted advertising as per Art. 6(1)(f) GDPR.
Google LLC is certified under the EU-U.S. Privacy Shield agreement.
You can find more information on Google’s privacy practices at:
https://www.google.de/policies/privacy/
You can also permanently opt out of cookies for ad preferences by adjusting your browser settings or installing the browser plugin available at:
https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may only be available to a limited extent if you have disabled the use of cookies.
11) WEB ANALYSIS SERVICES
Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called "cookies," text files that are stored on your computer and allow your use of the website to be analyzed. The information generated by the cookie about your use of this website (including the shortened IP address) is generally transmitted to a Google server in the USA and stored there.
This website uses Google Analytics exclusively with the "_anonymizeIp()" extension, which ensures anonymization of the IP address by shortening it and excludes direct personal reference. With this extension, your IP address is shortened by Google within member states of the European Union or in other contracting states of the European Economic Area Agreement. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In these exceptional cases, this processing takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to fully use all functions of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as from processing this data, by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent future data collection by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you will have to click this link again):
Disable Google Analytics
Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. When a page is accessed for the first time, the user is assigned a unique, permanent, and anonymized ID that is set across devices. This allows interaction data from different devices and sessions to be assigned to a single user. The user ID contains no personal data and does not transmit such data to Google.
You can object to the collection and storage of data via the user ID at any time with effect for the future. To do so, you must deactivate Google Analytics on all systems you use, for example in another browser or on your mobile device.
You can deactivate it using a browser plugin from Google:
https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can click the following link to set an opt-out cookie that will prevent data collection by Google Analytics on this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies, you will have to click this link again):
Disable Google Analytics
Further information on Universal Analytics can be found here:
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376
12) RETARGETING / REMARKETING / RECOMMENDATION ADVERTISING
Facebook Custom Audience via Pixel Method
This website uses the “Facebook Pixel” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). With explicit consent, user behavior can be tracked after users have viewed or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising strategies.
The data collected is anonymous for us, meaning we do not see the personal data of individual users. However, the data is stored and processed by Facebook, which allows it to be linked to a user profile and enables Facebook to use it for its own advertising purposes in accordance with the Facebook Data Usage Policy:
https://www.facebook.com/about/privacy/
This enables Facebook and its partners to display ads on and off Facebook. A cookie may also be stored on your device for this purpose. These processing operations are only carried out if express consent is given in accordance with Art. 6(1)(a) GDPR.
Consent to the use of the Facebook Pixel may only be declared by users who are over 13 years of age. If you are younger, please ask your legal guardians for permission.
Facebook Inc., based in the USA, is certified under the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
To disable the use of cookies on your computer, you can set your internet browser to prevent cookies from being stored in the future or to delete cookies that have already been stored. Disabling all cookies may result in some functions on our website no longer being available. You can also disable the use of cookies by third-party providers such as Facebook on the Digital Advertising Alliance website:
https://www.aboutads.info/choices/
Google AdWords Remarketing
Our website uses the functions of Google AdWords Remarketing, which we use to advertise this website in Google search results and on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, Google places a cookie in your browser, which automatically enables interest-based advertising based on the pages you visit, using a pseudonymous cookie ID. Processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6(1)(f) GDPR.
Further data processing only takes place if you have consented to Google linking your web and app browsing history with your Google account and using information from your Google account to personalize ads you view online. If you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define audience lists for cross-device remarketing. Your personal data is temporarily linked by Google with Google Analytics data for this purpose.
You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plugin available at the following link:
https://www.google.com/settings/ads/onweb/
Alternatively, you can find out more about the setting of cookies and configure preferences on the Digital Advertising Alliance website at:
www.aboutads.info
You can also set your browser to notify you before cookies are set and decide individually whether to accept them or exclude the acceptance of cookies in specific cases or generally. Disabling cookies may limit the functionality of our website.
Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.
Further information and Google’s privacy policy regarding advertising can be found here:
https://www.google.com/policies/technologies/ads/
13) RIGHTS OF THE DATA SUBJECT
13.1 Under applicable data protection law, you have the following comprehensive rights regarding the processing of your personal data by the controller (rights to access and intervention), which we inform you about below:
-
Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data processed by us, including the purposes of processing, categories of personal data processed, recipients or categories of recipients to whom the data has been or will be disclosed, the planned storage period or criteria for determining this period, the existence of rights to rectification, erasure, restriction of processing, objection, the right to lodge a complaint with a supervisory authority, the source of your data (if not collected from you), the existence of automated decision-making including profiling, and—if applicable—meaningful information about the logic involved and the scope and intended effects of such processing, as well as your right to be informed about the safeguards in accordance with Art. 46 GDPR in case your data is transferred to third countries.
-
Right to rectification (Art. 16 GDPR): You have the right to obtain the prompt correction of inaccurate personal data and/or the completion of your incomplete data stored with us.
-
Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data where the conditions of Art. 17(1) GDPR are met. This right does not apply, in particular, when the processing is necessary for exercising freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
-
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data under certain circumstances—e.g., when the accuracy of your data is contested and being verified, when the processing is unlawful but you oppose erasure, when the data is no longer needed for the original purpose but you need it to assert legal claims, or when you have objected and it is not yet clear whether our legitimate grounds override yours.
-
Right to notification (Art. 19 GDPR): If you have exercised your right to rectification, erasure, or restriction of processing, the controller must inform all recipients to whom your personal data was disclosed—unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
-
Right to data portability (Art. 20 GDPR): You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format and to have that data transmitted to another controller, where technically feasible.
-
Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent you have given at any time with future effect. Upon withdrawal, we will delete the affected data unless there is another legal basis for processing. The legality of processing carried out before withdrawal remains unaffected.
-
Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement.
13.2 RIGHT TO OBJECT
If we process your personal data on the basis of our legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time with effect for the future, based on reasons arising from your particular situation.
If you exercise your right to object, we will stop processing the affected data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to such processing.
If you object, we will immediately stop processing your data for direct marketing.
14) DURATION OF PERSONAL DATA STORAGE
The duration of personal data storage depends on statutory retention periods (e.g., commercial or tax-related). After these periods expire, the relevant data is routinely deleted—unless it is still needed for fulfilling or initiating a contract, or if there is a legitimate interest in continued storage.