1) Introduction and Contact Details of the Controller
1.1 We are delighted that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data means any information that can be used to personally identify you.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Therattil Handel UG (limited liability), Frankenweg 23, 61381 Seulberg Friedrichsdorf, Germany, Tel.: +491748830390, E-mail: email@example.com. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.
2) Data collection when visiting our website
During the purely informative use of our website, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called “server log files”). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
The website visited by you
Date and time of the access
Amount of data sent in bytes
Source/reference from which you accessed the page
Operating system used
IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or use of the data. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in case of given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a user-friendly and effective design of the website visit.
You can configure your browser to inform you about the setting of cookies and decide on their acceptance individually, or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be restricted.
4) Contacting us
4.1 When contacting us (e.g. via contact form or email), personal data will be processed solely for the purpose of processing and answering your request and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in answering your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no legal retention obligations.
4.2 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the so-called “Business version” of WhatsApp.
If you contact us via WhatsApp in connection with a specific business transaction (such as a placed order), we will store and use the mobile phone number you use with WhatsApp as well as your first and last name, if provided, in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of processing and answering your request. Based on the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address or email address) in order to assign your request to a specific transaction.
If you use our WhatsApp contact for general inquiries (such as about our range of services, availability, or our website), we will store and use the mobile phone number you use with WhatsApp as well as your first and last name, if provided, in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in providing the requested information efficiently and in a timely manner.
Your data will always be used only for the purpose of answering your request via WhatsApp. There is no disclosure to third parties.
Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transmits telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. We use a mobile device for operating our WhatsApp Business account, in whose address book only the WhatsApp contact data of those users who have also contacted us via WhatsApp are stored.
5) Data processing when opening a customer account
According to Art. 6 para. 1 lit. b GDPR, personal data is collected and processed to the extent necessary if you provide us with such data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website.
Deletion of your customer account is possible at any time and can be requested by sending a message to the address of the responsible party mentioned above. After deleting your customer account, your data will be deleted if all contracts related to it have been fully processed, there are no legal retention periods, and we have no legitimate interest in further storage.
6) Use of customer data for direct advertising
Notification of product availability via email
For temporarily unavailable items, you can sign up to receive email notifications of product availability. We will send you a one-time email notification about the availability of the item you have selected. The only mandatory information for sending this notification is your email address. Providing additional data is optional and may be used to personalize the notification. We use the double opt-in procedure to send emails, which ensures that you only receive a notification after you have confirmed your consent by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. We will store the IP address entered by your Internet service provider (ISP), as well as the date and time of your registration, in order to be able to trace any potential misuse of your email address at a later time. The data collected from you during registration for our email notification service for product availability will be used strictly for the intended purpose.
You can unsubscribe from availability notifications at any time by sending a corresponding message to the responsible party mentioned at the beginning. After you unsubscribe, your email address will be immediately removed from our distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond the intended purpose, which is legally permitted, and which we will inform you about in this statement.
7) Data processing for order processing
7.1 To the extent necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be forwarded to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b DSGVO.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data (name, address, email address) transmitted by you when placing the order in order to inform you personally in compliance with our legal information obligations in accordance with Art. 6 para. 1 lit. c DSGVO on an appropriate communication channel (e.g. by post or email) about upcoming updates within the legally prescribed period. Your contact data will be strictly used for the purpose of communicating updates owed by us and will only be processed by us to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s), who support us in part or in whole in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
7.2 Disclosure of personal data to shipping service providers
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
In accordance with Art. 6 para. 1 lit. a DSGVO, we will forward your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this during the ordering process. Otherwise, we will only forward the recipient’s name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b DSGVO. The transfer will only be made to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.
Consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the provider.
7.4 Use of payment service providers
7.5 Apple Pay
If you choose the payment method “Apple Pay” of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing will be carried out via the “Apple Pay” function of your iOS, watchOS, or macOS operated device by charging a payment card stored in “Apple Pay”. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you need to enter a code previously set by you and verify it using the “Face ID” or “Touch ID” function of your device.
For the purpose of payment processing, your information provided during the ordering process is transmitted to Apple in encrypted form, along with information about your order. Apple then encrypts this data again with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay for payment processing. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the payment success.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, the Mac and authorization device communicate over an encrypted channel to Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and turn off “Allow Payments on Mac.”
For further information on data protection with Apple Pay, please visit the following website: https://support.apple.com/de-de/HT203027
7.6 Google Pay
If you choose the payment method “Google Pay” of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment processing will be carried out through the “Google Pay” application on your mobile device with at least Android 4.4 (“KitKat”) and NFC function, by charging a payment card stored in Google Pay or a verified payment system (e.g. PayPal). For authorizing a payment via Google Pay exceeding €25, unlocking your mobile device with the respective verification measure (such as facial recognition, password, fingerprint, or pattern) is required.
For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, will be transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a transaction number assigned once to the originating website to verify a completed payment. This transaction number does not contain any information about the actual payment data of your payment methods stored in Google Pay, but is created and transmitted as a unique, valid numerical token. In all transactions via Google Pay, Google merely acts as an intermediary for processing the payment. The execution of the transaction is carried out solely between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Google reserves the right to collect, store, and analyze certain transaction-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and any associated offer with the transaction.
According to Google, this processing is carried out solely on the basis of Art. 6 para. 1 lit. f GDPR, based on the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with further information collected and stored by Google when using other Google services.
Further information on data protection with Google Pay can be found at the following internet address:
On this website, one or more online payment methods are available from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden. If you choose a payment method from the provider where you make a payment in advance (such as credit card payment), your payment details (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be disclosed to the provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will only be disclosed to the provider for the purpose of payment processing and to the extent necessary for this purpose.
If you choose a payment method where the provider makes the payment in advance (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data on an alternative payment method) during the order process.
To protect our legitimate interest in determining the solvency of our customers, we will transmit this data to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. Based on the personal data provided by you as well as further data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment method selected by you can be granted in view of payment and/or default risks.
In order to make the decision within the scope of the application review, identity and credit information from the following credit agencies may be included in addition to provider-specific criteria in accordance with Art. 6 para. 1 lit. f GDPR:
The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data is one of the factors taken into account in the calculation of the score values, among other things.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of the payment.
On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you select a payment method from the provider that requires you to make a payment in advance (such as credit card payment), your payment details (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order will be disclosed to the provider in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be shared for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider makes a payment in advance (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data on an alternative payment method) during the ordering process.
To protect our legitimate interest in determining the solvency of our customers, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the selected payment option can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are incorporated into the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, address data are included in the calculation of the score values, but not exclusively.
You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of the payment.
8) Web analytics services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which allows us to analyze your use of our website.
By default, when you visit the website, Google (Universal) Analytics sets cookies that collect certain information and store it as small text snippets on your device. This information includes your IP address, which is, however, truncated by Google to exclude direct identification of individuals.
The information is transmitted to and processed by Google’s servers, and may be transferred to Google LLC based in the USA.
Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website and internet use. The IP address transmitted to Google Analytics by your browser will not be associated with any other data held by Google. The data collected through Google (Universal) Analytics is stored for a period of two months and then deleted.
All the above-described processing, including the setting of cookies on your device, will only occur if you have given us your express consent under Art. 6 (1) (a) GDPR.
If you do not consent to the use of Google (Universal) Analytics during your visit to our website, it will not be used. You may revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website.
We have entered into a data processing agreement with Google that ensures the protection of data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, Google relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the level of data protection in Europe.
Further legal information on Google (Universal) Analytics, including a copy of the above-mentioned standard contractual clauses, can be found at https://policies.google.com/privacy?hl=en&gl=en and https://policies.google.com/technologies/partner-sites
Google (Universal) Analytics uses the special feature “demographic characteristics” to create statistics about the age, gender, and interests of website visitors. This is done through the analysis of advertisements and third-party information. This allows for the identification of target groups for marketing activities. However, the collected data cannot be attributed to any specific individual and will be deleted after being stored for a period of two months.
As an extension to Google (Universal) Analytics, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, subject to your consent to use Google Analytics under Art. 6 (1) (a) GDPR, Google can analyze your cross-device usage behavior and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the “Personalized advertising” feature in your Google account settings. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=en
As an extension to Google (Universal) Analytics, the “UserIDs” function can be used on this website. If you have consented to the use of Google (Universal) Analytics in accordance with Art. 6 para. 1 lit. a GDPR, have created an account on this website, and logged in with this account on different devices, your activities, including conversions, can be analyzed across devices.
9) Site functionalities
9.1 – Google Web Fonts
This site uses web fonts provided by the following provider for a consistent display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When a page is accessed, your browser loads the required web fonts into your browser cache to display text and fonts correctly and establishes a direct connection to the provider’s servers. Certain browser information, including your IP address, is transmitted to the provider.
Data may also be transferred to: Google LLC, USA.
The processing of personal data in connection with the provider of the fonts is only carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the “cookie consent tool” provided on the website. If your browser does not support web fonts, a default font will be used from your computer.
For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
9.2 – hCaptcha
On this website, we use the CAPTCHA service of the following provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA.
The service checks whether input is made by a natural person or by abusive automated processing and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not an automated bot, Cloudflare Turnstile collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this for evaluation to the provider’s servers.
The legal basis is our legitimate interest in determining individual responsibility on the Internet and preventing abuse and spam in accordance with Art. 6 Para. 1 lit. f GDPR.
We have concluded a contract for order processing with the provider, which ensures the protection of data of our site visitors and prohibits unauthorized disclosure to third parties.
For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
10) Tools and Miscellaneous
This website uses an online map service provided by Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for displaying interactive (land) maps to visually represent geographic information. By using this service, our location will be displayed to you and any directions will be made easier.
When you access the subpages where Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to servers of Google and stored there. This may also result in transmission to servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account that you are logged in to or whether a user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
Where legally required, we have obtained your consent in accordance with Art. 6 para. 1 lit. a GDPR for the above-described processing of your data. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the above-described option to make an objection.
11) Rights of the data subject
11.1 The applicable data protection law grants you, as the data subject, the following rights (rights to information and intervention) in relation to the processing of your personal data by the controller. Please refer to the legal basis provided for each of these rights for the conditions under which they may be exercised:
Right to information according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure (right to be forgotten) according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to notification according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw consent at any time according to Art. 7(3) GDPR;
Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING, WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING AT ANY TIME. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
12) The duration of storage of personal data
The duration of storage of personal data depends on the respective legal basis, the purpose of processing, and – if applicable – also on the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data based on explicit consent pursuant to Art. 6 (1) lit. a GDPR, the data in question will be stored until you revoke your consent.
If there are statutory retention periods for data processed on the basis of Art. 6 (1) lit. b GDPR in the context of contractual or contractual-like obligations, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for contract fulfillment or initiation and/or there is no legitimate interest on our part in further storage.
When processing personal data based on Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.
Unless otherwise stated in the specific processing situations in this statement, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.