Privacy policy

last updated: 2026-01

 

Table of Content

1. Definitions
2. Information on the person responsible for data processing & contact
3. Links to third party websites
4. Rights of the data subject
5. Transfer of your data; recipients
6. Data processing operations
6.1 Processing operations website or online store
6.1.1 Processing of traffic data; server log files
6.1.2 Contacting; Contact sheet
6.1.3 Newsletter
6.1.4 Functional third-party integrations
6.1.5 Orders in the online store; customer account
6.1.6 Product evaluation
6.1.7 Payment processing
6.1.8 Shipping and printing of products
6.1.9 Creating invoices and order confirmations
6.1.10 Regulatory retention and documentation requirements
7. Storage technologies and consent form
7.1 Cookies
7.2 Local Storage; Session Storage
7.3 Consent form
7.4 Tracking-Pixel
8. Third-party services
8.1 Common notes
8.2 Overview and brief presentation
8.3 Individual third-party services
8.3.1 Meta Pixel
8.3.2 Shopify

 

Term	Explanation	Determination
Person in charge	Natural or legal person or other entity that exercises the decisive influence on data processing and in return is subject to obligations under data protection law.	Art 4 Z 7 GDPR Art 24 GDPR
Processor	External service provider that processes data on behalf of the controller and is contractually bound by the controller's instructions. The service provider acts as an extension of the data controller.	Art 4 Z 8 GDPR Art 28 GDPR
Recipient	In principle, any natural or legal person or other body outside the organization of the controller to whom data from the controller's area of responsibility is disclosed.	Art 4 Z 9 GDPR
Legal bases	The bases provided by law, which create an authorization to lawfully process personal data of data subjects.	Art 6 para 1 GDPR
Third country transfer	The transfer of personal data to countries outside the EU/EEA, thereby removing them from the exclusive control of the GDPR through connecting factors to the respective legal order, by means of disclosure to a recipient that is either (i) established in a third country or (ii) operates data-processing servers.	Chapter V GDPR
Adequacy Resolution	A decision by the EU Commission which certifies that a third country has an adequate level of data protection, thereby allowing for the free flow of data without additional restrictions.	Art 45 GDPR
Appropriate safeguards	Appropriate safeguards are various instruments that allow data transfers to a third country for which no adequacy decision exists. To the extent that we base data transfers on suitable safeguards, you have the possibility in each case to obtain a copy thereof by contacting us via the contact options below.	Art 46 GDPR

2. Information on the person responsible for data processing & contact

Responsible in the sense of Art 4 Z 7 GDPR:	Contact:
Individual Entrepreneur Werner Mathias Bundschuh TIN: 300456192 Georgia, Tbilisi City, Gldani massif, Micro/District III, Building 80	E-Mail: 21rebel.store@pm.me Tel: +995 599 57 10 45

3. Links

We use links to third-party sites on our website and within this privacy policy. If you click on one of these links, you will be forwarded directly to the respective page. For the website operators, the only thing that is apparent is that you have accessed via our website. Please note, however, that the fact of accessing such a site exposes you to a new processing of your data in the sphere of influence of the respective third party! Accordingly, we generally refer to the separate data protection statements of these websites.

4. Rights of the data subject

You have the following rights at any time with regard to your personal data processed by us, which can be exercised free of charge by notifying one of the contact options listed under section 2 and will be answered as soon as possible, but in any case within one (1) month (restrictions are possible in certain exceptional cases, for example in the event of threatened impairment of the rights of third parties):

Access to and further information about specifically processed personal data (right of access, Art 15 GDPR);
Correction of incomplete or inaccurate data that has been recorded or has become inaccurate (right to rectification, Art 16 GDPR);
Deletion of data that (i) are not necessary for the purposes indicated, (ii) are processed unlawfully, (iii) must be deleted due to a legal obligation or an objection (right to erasure, Art 17 GDPR);
Temporary restriction of processing under certain conditions (right to restriction, Art 18 GDPR);
Revocation at any time of consent (for the definition of the term see section 6) to the processing of your data; please note, however, that a revocation does not retroactively render past processing activities based on the consent concerned inadmissible - it only has an effect for the future (right of revocation, Art 7 3 GDPR);
Objection to processing of your data on the basis of our legitimate interest (for the definition of the term, see section 6) on grounds relating to your particular situation, as well as objection at any time to processing of your data for direct marketing purposes (right to object; Art 21 para 1-2 GDPR);
Transfer of your personal data, which we process for the performance of a contract or on the basis of your consent (see point 6 in each case), in a common machine-readable format to you or directly to another controller (right to data portability, Art 20 GDPR);
Right to lodge a complaint about the processing of your personal data by us with the competent supervisory authority:

• EU residents: Your national Data Protection Authority (DPA)

• Georgia residents: Personal Data Protection Service (dataprotection.ge).

5. Transfer of your data; recipients

In order to perform the processing activities listed in this Privacy Policy, your personal data will be transferred or disclosed to the following recipients:
Within our organization, only those employees have access to your data who absolutely need this access to fulfill your or our corresponding obligations.
Furthermore, commissioned processors receive your data insofar as they require the data (or an access option) for the provision of their respective services.
In the context of our website, the following processors used by us may receive access to your data:
Pandectes OÜ, Harju maakond, Kuusalu vald, Pudisoo küla, Männimäe 1, 74626, Estonia (as provider of our cookie consent solution, cf. section 7.3);
Printful, Inc., 11025 Westlake Dr., Charlotte, NC 28273, USA (as our service provider used for shipping and printing products, cf. section 6.1.8);
FORSBERG+two ApS, Havesvinget 15, 2950 Vedbæk, Denmark (as our service provider used for the creation of invoices and order confirmations, cf. section 6.1.9);
Loox Online Ltd, 7 Jabotinsky St, Ramat Gan 52520, Israel (as our service provider used for the realization of product evaluations, cf. section 6.1.6);
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449, Luxembourg (as our service provider used for payment processing, cf. section 6.1.7);
the third-party providers outlined under section 8 within the scope of their service provision:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (cf. section 8.3.1);
Shopify International Ltd, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland (cf. section 8.3.2).
In addition, we transfer your data to independent data controllers if this is necessary, we are legally obligated to do so or you have consented accordingly. These may be, for example, payment providers that you commission during the ordering process.

6. Data processing operations

This section describes the specific data processing operations that may occur when you access and use our website. We will inform you about the essential elements of each processing activity, which are (1) type and scope (when and how), (2) purpose (why) and (3) duration of the storage of your data (how long).

In addition, we will inform you about the legal basis we use to justify the respective processing of your data within the meaning of the GDPR. The following table provides you with an initial overview of the legal bases that we specifically use in this regard:

Basis	Explanation	Determination
Consent	Before carrying out the respective processing activity, you have given us consent for the specific case, which authorizes us to process your data. (For the right to revoke consent once given at any time, see section 4).	Art 6 para 1 lit a GDPR
Contract fulfillment	The processing of your data is necessary to fulfill a contract concluded with you or to take pre-contractual measures, which are carried out at your request.	Art 6 para 1 lit b GDPR
Legal obligation	The processing of your data is necessary to comply with a legal obligation to which we are subject.	Art 6 para 1 lit c GDPR
Legitimate interests	The processing of your data is (i) necessary to protect our legitimate interests or the legitimate interests of a third party and we have (ii) weighed your potentially conflicting interests, fundamental rights as well as fundamental freedoms accordingly. (For the right to object to interest-based data processing based on your particular situation, please see section 4).	Art 6 para 1 lit f GDPR

6.1 Processing operations website or online store

6.1.1 Processing of traffic data; server log files

1. Type and scope of data processing: You can visit our website without having to provide any personal information. However, from a purely technical point of view, certain data, so-called "traffic data", are transmitted when you visit any website, which may also be transmitted to integrated third-party services (see section 8) and in their entirety represent the digital fingerprint that you leave behind in the course of your online activities. If this fingerprint is evaluated and used to draw certain conclusions about you or your terminal device, this is referred to as browser fingerprinting.
   In the given context, the following categories of traffic data can be distinguished, which are (or can be) transmitted to the server to which the request is directed to provide the website or a specific file:
   

   i. Implicit traffic data (automatic, forced and unsolicited transmission):

   • IP address used;

   • User agent (browser type/version, operating system);

   • Page accessed (URL);

   • Page from which the user came (referrer);

   • Time of access;

   • language setting.

   ii. Explicit traffic data (transmission, if provided for in the code of the respective service):

   • Screen resolution;

   • color depth;

   • Time zone;

   • Touchscreen support;

   • Browser Plugins.

   The above-mentioned implicit traffic data is stored by us in so-called server log Files.

   
   

2. Legal basis and purpose: The purpose of the general transmission of traffic data is to establish the requested connection. The purpose of storing implicit traffic data in server log files is to establish and maintain the technical security of our website and, if necessary, to improve its quality. The processing is based on our legitimate interest (Art 6 para 1 lit f of the GDPR; for the "right to object" see section 4), which is to achieve the aforementioned purposes.

3. Storage period: Server log files are generally only stored for short periods of time and deleted as soon as they are no longer necessary to achieve the above-mentioned purposes.

6.1.2 Contacting; Contact sheet

1. Type and scope of data processing: When contacting us via one of the contact options listed within this privacy policy or on our website (esp. in the legal notice), the information you provide will be processed for the purpose of handling the contact request and its processing. The processing of your data is necessary to process and respond to your request, as otherwise we would not have the opportunity to contact you.

1. Legal basis and purpose: The purpose of this data processing is to enable us to exchange information with users of the website. We answer your inquiries on the basis of our legitimate interest (Art 6 para 1 lit f of the GDPR; for the "right to object" see section 4) in a functioning contact system as a prerequisite for the provision of any services. If your request relates to an existing contractual relationship with you or you are interested in concluding a contract, the data will be processed for the purpose of implementing the contract or taking pre-contractual measures upon request (Art 6 para 1 lit b GDPR).

2. Storage period: We will delete your inquiry(s) and your contact data if your inquiry has been finally answered. Your data will generally be stored for 3 years and deleted within 6 months after expiry of this period, provided that you do not send us any follow-up requests or we need to process the data for other purposes.

6.1.3 Newsletter

1. Type and scope of data processing: On our website, you have the option of registering for our newsletter by providing the data visible in the registration template (in particular your e-mail address); any voluntary information is indicated as such. The newsletter informs you about news concerning our company; it is sent exclusively to e-mail addresses provided by interested parties themselves. In the event that you no longer wish to receive the newsletter, you can unsubscribe (revoke your consent) at any time by sending a message to the contact address listed under point 2 or by clicking on the unsubscribe link at the end of each newsletter.
   In order to be able to check the effectiveness and reach of our advertising measures, we carry out statistical evaluations of our newsletters. In this way, we can check, for example, whether a newsletter message was opened or which links were clicked on particularly often or obtain insight into the technical deliverability of our newsletter. In addition, we can see whether certain predefined actions were carried out after opening/clicking (conversion rate).
   We use the newsletter service of Shopify for the delivery as well as the collection of statistical evaluations (see section 8.3.2). For this purpose, your disclosed personal data is stored on servers of the service provider in order to be able to offer you our newsletter to the extent presented here. Shopify acts in this context as our order processor in the sense of Art 28 GDPR.
   
   
2. Legal basis and purpose: The above data is processed for the purpose of direct advertising in the form of a newsletter and is necessary to be able to send the newsletter. Under no circumstances will a newsletter or other electronic advertising be sent without your prior consent (Art 6 para 1 lit a GDPR; for the "right of withdrawal" see section 4), which we obtain on our website. Subsequently, we will send you an e-mail to the specified e-mail address, which you can use to confirm your registration. Any evaluation of the performance of our newsletter is based on our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object" see section 4) to compile newsletter statistics in a cost-efficient way that is easy to handle and effective from a marketing point of view.
   
   
3. Storage period: The data collected for the purpose of sending the newsletter will be deleted within 6 months after any unsubscription, provided that there are no statutory retention periods to the contrary and the data is not also permissibly processed for other purposes. Statistical data generated with regard to the evaluation of our newsletter will only be used to create overall statistics of the newsletter performance and will not be stored in a personal form that would allow an assignment to a specific data subject.

6.1.4 Functional third-party integrations

1. Type and scope of data processing: Within the framework of the website, additional processing operations may be initiated by integrating third-party software, each of which fulfills certain functions. The individual integrations and their functional purpose are presented in an overview under section 8.3; additional information can be found in the detailed descriptions in the subsections.

2. Legal basis and purpose: Within the scope of the functional scope of the respective service, we use the collected data for the purposes stated in each case in order to expand our offering, make it more attractive and/or make it more effective. The legal basis for this will be stated accordingly in the course of the presentation of the respective service.

3. Storage period: We store the generated data within the framework of the specifications and possibilities of the respective service for as long as they are required for the fulfillment of the respective processing purpose.

6.1.5 Orders in the online store; customer account

1. Type and scope of data processing: If you have decided to purchase products in our online store, you must provide certain information in the ordering process so that we can process the purchase contract concluded with you. You can create a customer account for this purpose, but it is also possible to place an order as a guest without a customer account. Required information is marked accordingly in each case; if necessary, you can provide us with certain information voluntarily.

2. Legal basis and purpose: The processing of your data within the scope of and for the purpose of handling the order process serves the purpose that we can pursue our business activities and provide our online store offer. It is necessary for the fulfillment of the purchase contract concluded with you (Art 6 para 1 lit b GDPR). Additional data processing in the context of the creation of a customer account is based on our legitimate interest (Art 6 para 1 lit f GDPR) to be able to offer you a service corresponding to the usually expected features of an online store and to facilitate ordering processes for you and is carried out for this purpose (for the "right to object" see section 4).

3. Storage period: The data collected to carry out the order process will be stored by us for 6 months, until the end of the business transaction and then deleted again, provided that no follow-up contact has occurred in the meantime. Data processed in the context of a customer account will be stored for the duration of the existence of the customer account, in the case of completely inactive accounts, however, for a maximum period of 3 years. However, you can also independently request deletion of your customer account from us at any time. Longer storage periods for certain data may arise in this context, in particular due to legal retention periods (see section 6.1.10), or due to pending legal claims.

6.1.6 Product evaluation

1. Type and scope of data processing: As part of our website, we offer you the opportunity to rate individual products. In order to prevent misleading reviews and to establish a connection with an existing customer and thus verify whether you have actually purchased a particular product, it is necessary that you provide your first name, e-mail address and optionally your last name before submitting your review. Optionally, you also have the possibility to upload a photo. Your comment will be published together with your first name and, if applicable, the photo uploaded by you on the respective product page. The storage of your data is necessary to enable us to verify your rating in order to prevent misuse of the rating function.
   We use Loox Online Ltd, 7 Jabotinsky St, Ramat Gan 52520, Israel, as a processor to implement the rating function. The associated third country transfer of your data is based on the adequacy decision of the EU Commission within the meaning of Art 45 GDPR, which certifies that Israel has an adequate level of data protection.
   
   

2. Legal basis and purpose: The purpose of processing your data is to enable customers and interested parties to form an improved opinion about our products by allowing buyers to share and publish their personal experiences. We process your data on the basis of your consent (Art 6 para 1 lit a GDPR; for the "right of revocation" see section 4), which you give by sending your review.

3. Storage period: Your data is generally stored by us and it remains published in our online store as long as the respective product page is available. If a submitted rating is no longer necessary (e.g. due to the removal of a product from the online store) or if the removal is necessary for other reasons (e.g. after a complaint), your data will be deleted immediately. However, you can request us to delete a rating once it has been submitted at any time.

6.1.7 Payment processing

1. Type and scope of data processing: In the course of payment, you have the option to choose a payment method. For this, the processing of your data is necessary. For payment processing on the website, we use PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449, Luxembourg as a processor.
   PayPal may use subprocessors including entities in the USA. Any resulting transfer of your data to the USA is based on the EU-US Data Protection Framework (DPF) adequacy decision (Art 45 GDPR) – see PayPal's certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNnZAAU&status=Active.
   
   
2. Legal basis and purpose: The processing of your data serves the purpose that we can process orders. It is necessary for the fulfillment of the purchase contract concluded with you (Art 6 para 1 lit b GDPR).
   
   
3. Storage period: The data collected for the execution of the payment transaction will be stored by us for 6 months and then deleted again, provided that no follow-up contact has occurred in the meantime. Data processed in the context of a customer account will be stored for the duration of the existence of the customer account, in the case of completely inactive accounts, however, for a maximum period of 3 years. However, you can also independently request deletion of your customer account from us at any time. Longer storage periods for certain data may arise in this context, in particular due to legal retention periods (see section 6.1.10), or due to pending legal claims.

6.1.8 Shipping and printing of products

1. Type and scope of data processing: For orders, the processing of your data is required in particular to enable the shipping and printing of the products. For this purpose, we use Printful: Print on Demand of Printful, Inc., 11025 Westlake Dr., Charlotte, NC 28273, USA, which acts as our order processor. The basis for the associated third country transfer of your data to the USA are standard data protection clauses of the EU Commission (Art 46 para. 2 lit c GDPR) in accordance with Implementing Decision (EU) 2021/914 as suitable guarantees, a copy of which we will provide you with on request.

2. Legal basis and purpose: The processing of your data within the framework and for the handling of the ordering process serves the purpose that we can handle orders. It is necessary for the fulfillment of the purchase contract concluded with you (Art 6 para 1 lit b GDPR).

3. Storage period: The data collected for the execution of the order will be stored by us for 6 months and then deleted again, provided that no follow-up contact has occurred in the meantime. Data processed as part of a customer account will be stored for the duration of the existence of the customer account, but in the case of completely inactive accounts for a maximum period of 3 years. However, you can also independently request deletion of your customer account from us at any time. Longer storage periods for certain data may arise in this context, in particular due to legal retention periods (see section 6.1.10), or due to pending legal claims.

6.1.9 Creating invoices and order confirmations

1. Type and scope of data processing: After placing an order, the processing of your data is necessary to generate invoices and order confirmations. In the course of placing orders on the website, we use the Order Printer Pro solution and we use FORSBERG+two ApS, Havesvinget 15, 2950 Vedbæk, Denmark, as a processor for this purpose.

2. Legal basis and purpose: The processing of your data within the framework and for the handling of the ordering process serves the purpose that we can handle orders. It is necessary for the fulfillment of the purchase contract concluded with you (Art 6 para 1 lit b GDPR).

3. Storage period: The data collected for the creation of invoices and order confirmations will be stored by us for 7 years and then deleted again, provided that no follow-up contact has occurred in the meantime. Data processed in the context of a customer account will be stored for the duration of the existence of the customer account, in the case of completely inactive accounts, however, for a maximum period of 7 years. However, you can also independently request deletion of your customer account from us at any time. Longer storage periods for certain data may arise in this context, in particular due to legal retention periods (see section 6.1.10), or due to pending legal claims.

6.1.10 Regulatory retention and documentation requirements

1. Type and scope of data processing: In principle, we try not to store your personal data longer than absolutely necessary. Nevertheless, we cannot immediately delete certain data processed by you due to legal requirements. This concerns data relating to the billing of services provided via the website, which must be retained by us, among other things, on the basis of retention and documentation periods under tax law and company law.

2. Legal basis and purpose: We process your billing data in this context on the basis of Art 6 para 1 lit c GDPR (legal obligation). The processing of your data on this basis serves the purpose of fulfilling relevant legal obligations (Georgian tax law: 7 years retention).

3. Storage period: Your billing data will generally be stored for a period of seven (7) years due to retention and documentation periods under tax law and company law. If the data is relevant for pending (tax) proceedings, it may be stored for a longer period. Storage periods for certain data that deviate from this may result from other legal requirements.

7.Storage technologies and consent form

We use the following technologies for various purposes on our website. Insofar as information is stored on your terminal device or information stored there is accessed, this is referred to as storage technologies, which are subject to special data protection rules. Insofar as their use is not technically necessary for the maintenance of our website operation, we obtain your prior consent. In addition, we use other technologies for similar purposes and may process data collected in this way using storage technologies. Storage technologies are also used as part of the third-party services described in section 8.

7.1 Cookies

So-called "cookies" are used on our website if you give us your consent (Art 6 para 1 lit a GDPR) (for the "right of revocation" see section 4); if you refuse such consent, we limit the cookie setting to technically necessary cookies that we need to maintain the functionality of our website (see below for this) and use on the basis of our legitimate interest in this regard (Art 6 1 f GDPR; for the "right to object" see section 4), insofar as the processing of personal data occurs in this context.

Cookies are small data sets that are basically managed by your browser on your terminal device and stored there. They are initially placed by a web server and sent back to it as soon as a new connection is established in order to recognize the user and his settings. Your terminal device is assigned a specific identity consisting of numbers and letters.

Cookies can serve various purposes and, for example, help to maintain the functionality of a website in terms of functions and user experience according to the state of the art. The actual content of a specific cookie is always determined by the website that created it.

In any case, cookies contain the following information:

• Designation of the cookie;

• Name of the server from which the cookie originates;

• ID number of the cookie;

• an end date, after which the cookie is automatically deleted.

Cookies can be distinguished by type and purpose as follows:

• Technically necessary cookies: Technically necessary (also: essential) cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. In many cases, a website cannot function properly without these cookies. Technically necessary cookies are always first-party cookies. These cookies can only be deactivated in your browser settings by rejecting all cookies without exception (see below) and are also legally used on our website without obtaining consent.

• Preference cookies: Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in.

• Statistics cookies: Statistics cookies help website operators understand how visitors interact with websites by collecting and analyzing information anonymously. Such cookies are consequently used to collect information about user behavior. For example, the following information may be stored: sub-pages accessed (duration and frequency); order of pages visited; search terms used that led to a visit to our website; movements of the mouse (scrolling and clicks); country and region of access. The cookies allow us to determine what the user is interested in and thereby adapt the content and functionality of our website to individual user needs.

• Tracking cookies: Tracking cookies are used to track visitors to websites. The intent is to serve ads that are relevant and engaging to the individual user, and therefore more valuable to publishers and third-party advertisers. This is made possible by analyzing your usage behavior, which allows for the appropriate personalization of advertising based on the interests identified as a result.

According to the storage period, a further distinction is made between:

• Session cookies: these cookies are deleted without your intervention as soon as you end your current browser session.

• Persistent cookies: These cookies (e.g. to store your language settings) remain stored on your end device until a predefined expiration date or until you manually remove them.

A further distinction can be made according to the subject of the cookie:

• First-party cookies: such cookies are used by ourselves and are set directly by our website. They are generally not made accessible by browsers across domains, which is why the user can only be recognized by the site from which the cookie originated.

• Third-party cookies: Such cookies are not set by us, but by third parties, especially for advertising purposes (e.g. to track surfing behavior) when you visit our website. This concerns, for example, information about different page views as well as the frequency of the same.

Most browsers accept cookies automatically. For submission and revocation of your possible consent via our consent form, see section 7.3. However, you also have the option to adjust your browser settings so that cookies are either generally rejected or only certain types are permitted (e.g. restriction of the rejection to third-party cookies). However, if you change the cookie settings of your browser, you may no longer be able to use our website to its full extent. You also have the option of deleting all cookies already stored in your end device via the browser settings. This also corresponds to a revocation of your consent (for the "right of revocation" see section 4).

7.2 Local Storage; Session Storage

If you give us your consent (Art. 6 para. 1 lit a GDPR; for the "right of revocation" see section 4), we use the storage capacity of your browser software, e.g. for purposes of improving the usability of our website, its user-friendliness and our offer in general (e.g. to secure your language settings). For this purpose, we use the so-called local storage or session storage to store certain data on your end device, whereby your browser creates the local storage or session storage separately for different domains. Apart from you, only we can access the data that is processed in this context. Insofar as this is technically absolutely necessary to maintain the functionality of our website, certain information may also be stored in the local or session storage of your browser without your consent. Uninvolved third parties are never able to access this information; however, it may be stored on your terminal device by our partners (third-party providers) on our behalf for specific purposes. In contrast to cookies, this method is faster and more secure, as data is not automatically transferred to the respective server with every HTTP request, but is merely stored by your browser software; in addition, the Local Storage or Session Storage each offers up to 5 megabytes of storage volume, while a single cookie can be a maximum of 4096 bytes.

Since the functionalities are similar to cookies, what has been said under section 7.1 applies accordingly. Please note that information in Local Storage has no predefined expiration date (it is comparable to persistent cookies). Information in Session Storage, on the other hand, is only stored for the duration of the respective browser session (they are comparable to session cookies).

For submission and revocation of your possible consent via our consent form, see section 7.3. To manually remove data from the local storage or session storage, works within the framework of the settings of most browsers exactly as with the manual removal of cookies, since cookies are usually combined with other website data within this option (e.g. "cookies and other website data"); in this respect, reference is made to the explanations under section 7.1. If the browser software you use combines cookies and other website data in this way, blocking cookies also blocks access to the local storage or session storage (which can also lead to restrictions on the use of our website). If you deactivate JavaScript, the local storage or session storage can also no longer be used by us, but this can generally lead to considerable restrictions in use.

7.3 Consent form

So that we can ensure that you give us your prior consent for the use of storage technologies, insofar as this is specifically required, a corresponding consent mask appears automatically when you access the website. There you can make your desired settings using the options shown in each case. A necessary cookie is stored on your device to save your selection. Once you have made your selection, you can change it again at any time by calling up the cookie settings again using the corresponding symbol in the bottom left-hand corner of our website. If you do not give us your consent, you may not be able to use certain content on our website. If you do not give us your consent, you may not be able to use certain content on our website.

To ensure that you can give your consent appropriately, we use the cookie consent solution "Pandectes GDPR Compliance", a service of Pandectes OÜ, Kuusalu vald, Pudisoo küla, Männimäe/1, 74626, Estonia. Pandectes OÜ acts as our processor in the sense of Art 28 GDPR.

7.4 Tracking-Pixel

Another possibility, apart from storage technologies, to collect certain user data is through so-called tracking pixels (also: pixel tags or web beacons). These are transparent images that are practically invisible because they consist of only a single pixel. The tracking pixel is located on a server and is loaded as soon as a designated sub-page of our website is called up. They enable us to track the circumstance of a website visit as well as subsequent user activity in order to provide targeted marketing. With the help of the tracking pixel, the following information can generally be retrieved: (i) operating system used; (ii) browser software used; (iii) time a web page was viewed; (iv) user behavior on the web page visited; (v) IP address and approximate location of the user.

Tracking pixels are used on our website on the basis of our legitimate interest (Art 6 para 1 lit f of the GDPR; for the "right to object" see section 4) in a state of the art analysis of accesses; if necessary, we also obtain your prior consent in certain cases (Art 6 para 1 lit a of the GDPR; for the "right to revoke" see section 4). Since it is merely an image loaded from a server, the lifetime of a tracking pixel cannot extend beyond a single browser session. However, information generated by tracking pixels may subsequently be stored using storage technologies (see above).

8.Third-party services

8.1Common notes

Processing Purposes: In order to optimize our website for its intended use and to provide features that are necessary or useful for service delivery or commercially reasonable operation, as well as to provide users with features commonly expected in the course of our business, we use a number of services on our website that are provided by third party vendors and are described below.

Processing Roles: Unless otherwise stated, the respective service providers act as our processors and therefore provide their services on our behalf based on a corresponding agreement. Where applicable, service providers may also use data received as data controllers for their own purposes, in particular to optimize their own offerings. Regardless of their specific role in the processing context, they are in any case considered recipients of certain of your data, as the provision of the respective service on our website requires processing by the associated service provider.

Necessary data processing: Already from a purely technical point of view, certain traffic data is transferred when visiting any website (see already section 6.1.1). Such transmission may also take place to providers of third-party services integrated into the website, insofar as a direct connection to the servers of such third-party providers is or must be established. Any resulting transfer of traffic data to such third-party providers to the extent technically necessary is based on our legitimate interest (Art 6 1 f of the GDPR) in integrating the relevant services into our website with technically reasonable effort (for the "right to object" see section 4).

Insofar as the traffic data is also used for other purposes, in particular on our behalf, in addition to establishing the connection, the additional processing activity is justified separately - the respective legal basis can be found in the brief description of the third-party services under section 8.3 (the same applies with regard to cookies or similar storage or tracking technologies used by numerous services in the sense of section 7).

8.2 Overview and brief presentation

Below you will find a condensed presentation of the services used as well as the essential accompanying legal information.

By clicking on the name of the respective service, you will be taken to the linked privacy policy of the respective provider. Please note, however, that the fact of accessing such a third-party site exposes you to a new processing of your data in the sphere of influence of the respective third-party provider (cf. section 3).

Service & link to privacy policy	Processing	Purpose	Legal basis	Details section
Meta Pixel	Analysis and tracking	Analysis of your usage behavior on our website	Consent (Art 6 para 1 lit a GDPR)
Shopify	In particular Storage/transmission	Processing of personal data in the context of providing the website and webshop	Consent (Art. 6 para. 1 lit a GDPR); contract performance or pre-contractual measure (Art. 6 para. 1 lit b GDPR); predominantly legitimate interest (Art. 6 para. 1 lit f GDPR).

8.3 Individual third-party services

8.3.1Meta Pixel

Within our offer, we use the "Meta Pixel", provided that you have given us your consent in advance (Art 6 para 1 lit a GDPR; for the "right of revocation" see section 4). This is a Meta Business Tool for which Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta Ireland") is responsible for data protection in the EEA. The Meta Pixel is embedded in our website as a JavaScript code snippet and enables us to track the activities of website users. Certain actions that a user takes are defined as so-called events and are analyzed with the help of the pixel (in particular, calling up a specific sub-page of our website, so-called button click data); this allows us to measure, for example, the effectiveness of the construction of our website and the effectiveness of our advertisements (conversion tracking). The meta pixel is therefore used for statistical and market research purposes in order to optimize our offer. In particular, targeted advertisements on various meta platforms (e.g. Instagram) are displayed to users who are recognized on our website via the meta pixel (retargeting).

In addition to the defined event data, the Meta Pixel collects your traffic data (see section 6.1.1) as well as a pixel ID and cookie information. This data is exchanged with Meta Ireland. By activating the "Advanced Matching" function, our use of the Meta Pixel and accordingly the exchange of data with Meta Ireland is not limited exclusively to event data; rather, data is enriched with data that is read, in particular, from entries in text fields when you are on our website and is transmitted to Meta Ireland in a hashed (pseudonymized) form together with the associated event data. Tracking takes place by means of tracking pixels and cookies (see section 7).

The data is stored and processed by Meta Ireland on our behalf; Meta's own use of data, in particular for the personalization of functions and content (including advertisements and recommendations), occurs only after the data has been aggregated with data from other advertisers or from other Meta products. The enrichment of event data with data from advanced matching allows us to improve the conversion measurement performed using the Meta Pixel and to better match Meta users in order to make advertising more interesting for users while improving the effectiveness of our advertising campaigns. The hashed (pseudonymized) data from the enhanced matching is immediately deleted in its personal form by Meta Ireland after appropriate linking. Overall, non-personal clusters are formed, which are stored for a longer period of time.

If you have created an account on the social Meta network "Facebook" and are logged in, you can manage your settings for personalization of advertising by Meta here: www.facebook.com/settings?tab=ads. You can also make settings for usage-based online advertising via https://www.youronlinechoices.com/de/praferenzmanagement/?tid=331645673048.

Meta Ireland may use (other) processors to provide services, in particular Meta Platforms Inc (California, USA), which is based in the USA. Any resulting transfer of your data to the legal sphere of the USA is generally based on the adequacy decision of the EU Commission within the meaning of Art 45 GDPR on the "EU-US Data Protection Framework" - you can view the corresponding certification of Meta Platforms Inc at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active.

8.3.2 Shopify

We use the service of Shopify International Ltd, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify International") for the creation and operation of our website and for sending newsletters. Shopify International prepares the framework through its range of services in which we can operate a professional and adapted to the current technical state of the art online store. This includes functions that are necessary for the operation of the online store (e.g. shopping cart, technical processing of the payment process) as well as the analysis services required for an appropriate promotion and presentation of our offer. The collected data is in particular the data provided by you in the context of using our online store as well as information about your terminal device and usage behavior (e.g. data about your interaction behavior with our website).

For this purpose, Shopify International works with cookies (or comparable storage technologies; see section 7), which (in the case of cookies that are not technically necessary) are placed on your terminal device after you have given your consent (Art 6 para 1 lit a GDPR; for the "right of revocation" see section 4). In the context of Shopify International's technically necessary services for us, processing in this regard is based on our legitimate interests (Art 6 (1) (f) GDPR; for the "right to object" see section 4) in a functioning and technically adequate online store. Shopify International acts in this regard as our processor pursuant to Art 28 GDPR. For the exact breakdown of all cookies placed by Shopify International, we refer to the corresponding explanations in the Cookie Policy of Shopify International https://www.shopify.com/legal/cookies for reasons of transparency and correctness.
If applicable, your data may also be transferred to companies affiliated with Shopify International or third-party providers used by Shopify International to provide services. For the relevant transfer of your data by Shopify International to such sub-processors within the meaning of Art 28 4 of the GDPR, please refer to the corresponding presentation of the (core) sub-processors at https://help.shopify.com/en/manual/privacy-and-security/privacy/subprocessors. Any transfer to the parent company Shopify Inc (Ottawa, Canada) in this context is based on the adequacy decision of the EU Commission within the meaning of Art 45 GDPR for commercial organizations in Canada.
You can also find more detailed information on data processing in the Shopify privacy policy at https://www.shopify.com/legal/privacy.

You can also find more detailed information on data processing in the Shopify privacy policy at https://www.shopify.com/legal/privacy/customers.