1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Kulka & Vogel GbR, Erkrather Str. 401, 40231 Düsseldorf, Germany, E-Mail: [email protected]. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When You Visit Our Website

2.1 When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the moment of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• Screen resolutions
• IP address used (anonymized)

Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

Hetzner

Our website is hosted using Hetzner Germany’s infrastructure (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen). For more details, visit Hetzner’s privacy policy: https://www.hetzner.com/legal/privacy-policy.

The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDG. Consent can be revoked at any time.

An data processing agreement has been concluded with Hetzner.

Cloudflare

We use a content delivery network offered by the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA. For more details, visit Cloudflare’s privacy policy: https://www.cloudflare.com/de-de/privacypolicy/.

This service enables us to deliver large media files such as graphics, page content or scripts faster via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) point f GDPR. We have concluded an order processing agreement with the provider, ensuring the protection of our site visitors’ data and prohibiting unauthorised disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Content Management & E-Commerce 

We use WordPress and WooCommerce, both of which are owned and developed by Automattic Inc., as our Content Management System (CMS) and eCommerce tool stack. For more information about their privacy policies, please visit: https://automattic.com/privacy/. These open-source solutions are hosted and operated locally by us, ensuring that we have full control over how your personal data is handled. They use personal information and cookies to achieve their functionality. You can find more details about the use of cookies and other storage mechanisms in the sections below.

WordPress

Our website is built and managed using WordPress, a widely used content management system (CMS). WordPress may collect certain data automatically, such as IP addresses, browser type, and access times, through the use of cookies, which help improve the performance and security of our website, while it is important to note, that Wordpress runs locally on our server. Additionally, we may employ various plugins that extend the functionality of WordPress. These plugins might collect additional data for features such as analytics, performance optimization, security, and user experience improvements.

The data collected via WordPress and its plugins is processed to maintain and optimize the functionality of our website, ensure security (such as preventing unauthorized access or attacks), and analyze performance to improve the user experience.

WooCommerce

Our website uses WooCommerce, an open-source eCommerce platform that allows us to provide you with the ability to browse and purchase products or services online. WooCommerce is integrated into our WordPress website, and while WooCommerce itself does not collect personal data beyond what is necessary for the functioning of its core services, it facilitates the collection of personal information during the checkout and account creation process. Below, we outline how WooCommerce collects, processes, and stores data, and how it interacts with other services.

When you place an order through our website using WooCommerce, we collect the following types of personal data, which are necessary to process and fulfill your order:

Personal Identifiable Information (PII): This includes your name, billing address, shipping address, email address, and phone number. These details are necessary for processing your order, issuing invoices, and contacting you about the order if needed.

Order Information: This includes details of the products you have purchased, the purchase date, and the payment status.

Payment Information: Depending on the payment method selected (e.g., credit card, PayPal, cryptocurrency), WooCommerce collects payment-related details, such as partial credit card information or transaction ID. WooCommerce does not store full payment card details on our servers, as we use third-party payment gateways (see more below).

The processing of this data is carried out under Art. 6(1)(b) GDPR (necessary for the performance of a contract). This means we collect and process this information solely for the purposes of fulfilling your purchase or responding to your inquiries related to the services you request.

5) Data Processing When Opening a Customer Account and for Contract Processing

Pursuant to Art. 6 (1) point b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed and no legitimate interest on our part in the continued storage exists.

6) Processing of Data for the Purpose of Order Handling

6.1 Insofar as necessary for the processing of the contract for payment purposes, the personal data collected by us will be passed on to the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally by suitable means of communication (e.g. by post or e-mail) about upcoming updates within the legally stipulated period of time within the framework of our statutory duty to inform pursuant to Art. 6 Para. 1 lit. c GDPR. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.

In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information. Data that is processed on the provider’s end, which can happen after initiating a purchase with them, is out of our range if influence. Therefore the customer is responsible to make sure they are comfortable with their data processing.

6.2 Use of Payment Service Providers 

• Paypal

Online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. For more details, visit PayPal’s privacy policy: https://www.paypal.com/us/legalhub/privacy-full.

If you select a payment method of the provider for which you make an advance payment, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.

When selecting a payment method of the provider with which the provider makes advance payments, you will also be asked to provide certain personal data (first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, if applicable data on alternative means of payment) during the ordering process.

In order to safeguard our legitimate interest in determining the solvency of our customers, this data is passed on to the provider by us for the purpose of a credit check in accordance with Art. 6 (1) point f GDPR. On the basis of the personal data provided by you as well as further data (such as shopping cart, invoice total, order history, payment history), the provider checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

• Stripe

Online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. For more information, please visit Stripe’s privacy policy: https://stripe.com/gb/privacy.

If you select a payment method of the provider for which you make an advance payment (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.

• Cryptomus

If you choose to pay using Cryptomus, a provider for cryptocurrency payments, your payment will be processed through the Cryptomus platform, which allows for transactions using various cryptocurrencies. By selecting this payment method, you will be redirected to the Cryptomus website or application, where you can complete your payment with the cryptocurrency of your choice. It is necessary to have a cryptocurrency wallet compatible with the Cryptomus platform to make the payment.

Cryptomus is operated by XELTOX ENTERPRISES LTD, 422 RICHARDS STREET, #170 VANCOUVER, BC, CANADA V6B1L4. Visit their privacy policy for more details: https://cryptomus.com/privacy#.

For the purpose of processing the payment, the information you provide during the ordering process, along with details about your order, will be transmitted to Cryptomus. Cryptomus processes this information to carry out the payment transaction and allocate the payment to your order. The cryptocurrency transactions are recorded on the blockchain, providing an additional layer of security and transparency. The processing of your data by Cryptomus is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.

Cryptomus may store certain information about the transaction for accounting purposes and to improve its services. This information can include the time and amount of the transaction but is anonymized so that it does not directly relate to any individual.

For more information on privacy and the terms of use of Cryptomus, please visit their website. Please note that the use of cryptocurrencies and interaction with platforms like Cryptomus can be subject to certain risks, including fluctuations in cryptocurrency value and security risks related to the storage and transmission of cryptocurrencies.

7) Web Analysis Services

Matomo Analytics

We utilize Matomo Analytics to track visitor interactions on our website using a self hosted moldel, where the data will not be transferred to Matomo themselves. The data collected includes information on the pages visited, the date and time of access, the amount of data transferred, referral sources (e.g., the website from which you arrived), the browser and operating system used, as well as the screen resolution. Additionally, your IP address is anonymized before it is stored, ensuring that no personally identifiable information is collected. We also track how long users stay on our website, which helps us better understand engagement levels. For more Information from Matomo’s side, please visit their privacy policy: https://matomo.org/privacy-policy/.

This data is processed for the purposes of website optimization, identifying and resolving technical issues, and conducting overall performance analytics. By analyzing this information, we can ensure that the user experience is continuously improved, and potential errors are swiftly addressed.

The primary purposes of processing this data include improving the website’s functionality and tracking potential errors, as well as analyzing user behavior to better tailor the website to the needs of our visitors.

The processing of this data is based on our legitimate interest in ensuring the ongoing performance and improvement of our website. As per Article 6(1)(f) of the GDPR, legitimate interest forms the basis for this data processing, ensuring that we can enhance the service we provide to our users without infringing on their privacy rights.

Anonymized data is retained for a period that allows us to conduct meaningful analysis and maintain a record of our site’s performance. As a German company adhering to GDPR, we retain anonymized Matomo data for up to 24 months, or for a different period if required by law. After this period, the data will be deleted or further anonymized, ensuring compliance with data protection regulations.

8) Contacting Us

When you contact us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration.

The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary.

9) Rights of the Data Subject

9.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:

• Right of access by the data subject pursuant to Art. 15 GDPR;
• Right to rectification pursuant to Art. 16 GDPR;
• Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;
• Right to restriction of processing pursuant to Art. 18 GDPR;
• Right to be informed pursuant to Art. 19 GDPR;
• Right to data portability pursuant to Art. 20 GDPR;
• Right to withdraw a given consent pursuant to Art. 7 (3) GDPR;
• Right to lodge a complaint pursuant to Art. 77 GDPR.

9.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

10) Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and – if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).

If personal data is processed basis on an express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until the data subject revokes his consent.

If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after expiry of the storage periods if it is no longer necessary for the fulfillment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage.

When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 (1) GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If personal data is processed for the purpose of direct marketing based on Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.

11) Cookies & Storage Items

In order to make your visit to our website more attractive and to enable the use of certain functions, we use storage items and cookies, i.e. small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after the browser is closed (so-called “session cookies”), in other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the duration of the storage in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies set by us, the processing is carried out either in accordance with Art. 6 (1) point b GDPR for the performance of the contract, in accordance with Art. 6 (1) point a GDPR in the case of consent given or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

We use services from third-party partners, such as payment providers, which may set cookies that we cannot directly control. These cookies are set after you have accepted this Privacy Policy and clicked the order button, which either processes your information on our site or redirects you to the payment provider. In these cases, the responsibility for the use of cookies lies with the respective provider, and it is your responsibility to ensure that you are comfortable with how they handle your data before initiating payment.

You can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

We use only necessary cookies and therefore do not collect an opt-in. The functionality and safety of our website will be limited if cookies are not accepted. Below, you will find a detailed list of all cookies and storage items: