PRIVACY POLICY

Table of contents

• data protection
• Automatic data storage
• cookies
• storage of personal data
• Rights under the General Data Protection Regulation
• Google Analytics
• TLS encryption with https
• Newsletter Privacy Policy
• SMS privacy policy
• Embedded Social Media Elements Privacy Policy
• Facebook Pixel
• Instagram privacy policy
• Klarna Checkout Privacy Policy
• Sofortüberweisung privacy policy
• Stripe Privacy Policy

data protection

We have written this privacy statement (version 01.01.1970-121453272) to provide you with the information you need in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 to explain what information we collect, how we use data and what choices you have as a visitor to this website.

Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible.

Automatic data storage

Nowadays, when you visit websites, certain information is automatically created and stored, including on this website.

When you visit our website like you are doing now, our web server (the computer on which this website is stored) automatically saves data such as

• the address (URL) of the accessed website
• browser and browser version
• the operating system used
• the address (URL) of the previously visited page (referrer URL)
• the hostname and IP address of the device from which access is made
• date and time

in files (web server log files).

As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass this data on, but cannot rule out that this data will be viewed if illegal behavior occurs.

cookies

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

What exactly are cookies?

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are saved on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser sends the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malware". Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152121453272-9
Purpose of use: differentiation of website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly explain the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages and only later goes to the checkout. These cookies do not delete the shopping cart, even if the user closes their browser window.

Purposeful cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website in different browsers.

Targeted cookies
These cookies improve user experience. For example, entered locations, font sizes or form data are saved.

advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you will be asked which of these types of cookies you would like to accept. And of course, this decision will also be saved in a cookie.

How can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

If you do not want cookies at all, you can set up your browser so that it always informs you when a cookie is about to be placed. This way you can decide for each individual cookie whether you want to accept the cookie or not. The procedure varies depending on the browser. The best thing to do is to search for instructions on Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

What about my data protection?

The so-called "Cookie Directive" has been in place since 2009. It states that the storage of cookies requires your consent. However, there are still very different reactions to these guidelines within the EU countries. In Austria, however, this directive was implemented in Section 96 Paragraph 3 of the Telecommunications Act (TKG).

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265 , the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

storage of personal data

Personal data that you send to us electronically on this website, such as name, email address, address or other personal information when submitting a form or comments in the blog, will be used by us together with the time and IP address only for the specified purpose, stored securely and not passed on to third parties.

We therefore only use your personal data to communicate with those visitors who expressly request contact and to process the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data will be viewed in the event of illegal behavior.

If you send us personal data by email - outside of this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by email.

Rights under the General Data Protection Regulation

According to the provisions of the GDPR and the Austrian Data Protection Act (DSG) basically the following rights:

• Right to rectification (Article 16 GDPR)
• Right to erasure (“right to be forgotten”) (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to notification – obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object (Article 21 GDPR)
• Right not to be subjected to a decision based solely on automated processing, including profiling (Article 22 GDPR)

If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority, which in Austria is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/ find.

Use of Google Analytics

We use Google Analytics to analyze website usage. The data obtained is used to optimize our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data on website usage on our behalf and contractually undertakes to take measures to ensure the security and confidentiality of the data processed.

During your visit to the website, the following data is recorded:

• pages visited
• Orders including sales and ordered products
• The achievement of "website goals" (e.g. contact requests and newsletter registrations)
• Your behavior on the pages (e.g. time spent, clicks, scrolling behavior)
• Your approximate location (country and city)
• Your IP address (in shortened form so that no clear assignment is possible)
• Technical information such as browser, internet provider, device and screen resolution
• Source of your visit (i.e. which website or advertising medium you came to us from)

Personal data such as name, address or contact details are never transferred to Google Analytics.

This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.

Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future website visits.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

If you do not agree to the collection, you can prevent this by installing the Browser add-ons to deactivate Google Analytics prevent or by rejecting cookies via our cookie settings dialog.

Source: traffic3.net

TLS encryption with https

We use https to transmit data securely over the Internet (data protection through technology design Article 25 Paragraph 1 GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the top left of the browser and the use of the https scheme (instead of http) as part of our Internet address.

Newsletter Privacy Policy

If you sign up for our newsletter, you transmit the personal data mentioned above and give us the right to contact you by email. We use the data stored when you sign up for the newsletter exclusively for our newsletter and do not pass it on.

If you unsubscribe from the newsletter – you will find the link for this at the bottom of every newsletter – we will delete all data that was saved when you registered for the newsletter.

SMS Marketing Privacy Policy

If you register for our SMS marketing, you will send us your telephone number and give us the right to inform you about offers, news and promotions via SMS. We use the data stored as part of the registration for SMS marketing exclusively for sending SMS messages and do not pass this on to third parties.

If you unsubscribe from SMS marketing – you can do this at any time by clicking on the unsubscribe link – we will delete all data stored in connection with your registration for SMS marketing.

Embedded Social Media Elements Privacy Policy

We integrate elements from social media services on our website to display images, videos and texts.
By visiting pages that display these elements, data is transferred from your browser to the respective social media service and stored there. We have no access to this data.
The following links take you to the pages of the respective social media services where it is explained how they handle your data:

• Instagram - Privacy Policy: https://help.instagram.com/519522125107875
• The Google privacy policy applies to YouTube: https://policies.google.com/privacy?hl=de
• Facebook data policy: https://www.facebook.com/about/privacy
• Twitter Privacy Policy: https://twitter.com/de/privacy

Facebook Pixel

In our online offering we use the so-called "Facebook pixel" from the social network Facebook in the extended data matching mode. This pixel is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (hereinafter "Facebook").

After a user has explicitly consented, when they click on an ad placed by us on Facebook, an addition via the Facebook pixel is added to the URL of our linked page. This URL parameter is then stored as a cookie in the user's browser, which is set by our linked page itself. In addition, this cookie records specific customer data, such as email addresses, which we collect in connection with actions such as purchases, account registrations or registrations on our website linked to the Facebook ad (extended data matching). The Facebook pixel reads this cookie and enables the transfer of data, including specific customer data, to Facebook.

The Facebook pixel with advanced data matching enables Facebook to precisely determine the visitors to our online offering as a target group for displaying ads, also known as "Facebook Ads". We therefore use the Facebook pixel with advanced data matching to display our Facebook ads only for those Facebook users who have shown interest in our online offering or who have certain characteristics that we transmit to Facebook (so-called "custom audiences"), such as interests in certain topics or products that are determined based on the websites visited. By using the Facebook pixel with advanced data matching, we want to ensure that our Facebook ads correspond to the potential interests of users and are not perceived as annoying. In this way, we can continue to analyze the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users are redirected to our website after clicking on a Facebook ad (so-called "conversion"). Compared to the standard version of the Facebook pixel, the enhanced matching feature helps us more accurately measure the effectiveness of our advertising campaigns by capturing more attributed conversions.

All transmitted data is stored and processed by Facebook, which can be linked to the respective user profile. Facebook can use this data for its own advertising purposes in accordance with its privacy policy ( https://www.facebook.com/about/privacy/ ) and also make it available to partners for the purpose of placing ads on and outside of Facebook.

These processing operations are carried out exclusively with your explicit consent in accordance with Article 6 paragraph 1 letter a of the General Data Protection Regulation (GDPR).

The information generated by Facebook is usually transferred to a Facebook server and stored there. It may also be transferred to servers of Meta Platforms Inc. in the USA. You can revoke your consent at any time with effect for the future by deactivating the service using the "Cookie Consent Tool" provided on the website.

Instagram privacy policy

We have integrated Instagram functions into our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Facebook Inc. since 2012 and is one of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit websites on our website that have an integrated Instagram function, data is transmitted to, stored and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

Below we want to give you a more detailed insight into why Instagram collects data, what data it is and how you can largely control the data processing. Since Instagram belongs to Facebook Inc., we get our information from the Instagram guidelines on the one hand, but also from the Facebook data guidelines themselves on the other.

What is Instagram?

Instagram is one of the most popular social media networks in the world. Instagram combines the advantages of a blog with the advantages of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to "Insta" (as many users casually call the platform), edit them with various filters and also share them on other social networks. And if you don't want to be active yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course we have also responded to this boom. We want you to feel as comfortable as possible on our website. That's why it's a matter of course for us to present our content in a varied way. The embedded Instagram functions allow us to enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful for personalized advertising on Facebook. This means that our advertisements are only shown to people who are really interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We get aggregated statistics and thus more insight into your wishes and interests. It is important to note that these reports do not identify you personally.

What data does Instagram store?

If you come across one of our pages that has Instagram functions (such as Instagram images or plug-ins) built in, your browser automatically connects to Instagram's servers. Data is sent to Instagram, stored and processed, regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see and how you use our services. The date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook differentiates between customer data and event data. We assume that this is also the case with Instagram. Customer data includes names, addresses, telephone numbers and IP addresses. These customer data will only be transmitted to Instagram if they have been "hashed" beforehand. Hashing means that a data set is converted into a character string. This allows the contact details to be encrypted. The "event data" mentioned above is also transmitted. Facebook - and consequently Instagram - understands "event data" to mean data about your user behavior. It can also happen that contact details are combined with event data. The contact details collected are compared with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually placed in your browser. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that data processing on Instagram works in the same way as on Facebook. This means: if you have an Instagram account or www.instagram.com Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. This data is deleted or anonymized after 90 days at the latest (after comparison). Although we have looked intensively into Instagram's data processing, we cannot say exactly which data Instagram collects and stores.

Below we show you the cookies that are set in your browser at least when you click on an Instagram function (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose of use: This cookie is most likely set for security reasons to prevent requests from being forged. However, we were unable to find out more details.
Expiration date: after one year

Name: mid
Value: “”
Purpose of use: Instagram sets this cookie to optimize its own services and offers on and off Instagram. The cookie sets a unique user ID.
Expiration date: after the end of the session

Name: fbsr_121453272124024
Value: not specified
Purpose of use: This cookie stores the log-in request for users of the Instagram app.
Expiration date: after the end of the session

Name: rur
Value: ATN
Purpose of use: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe121453272”
Purpose of use: This cookie is used for Instagram’s marketing purposes.
Expiration date: after the end of the session

Note: We cannot claim to be complete here. Which cookies are set in an individual case depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between the Facebook companies, with external partners, and with people you connect with around the world. Data processing is carried out in compliance with its own data policy. Your data is distributed across Facebook servers around the world, partly for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to information, portability, correction and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how to delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and click on "Help Center." This will take you to the company's website. On the website, click on "Manage Account" and then "Delete Your Account."

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and will not be deleted.

As mentioned above, Instagram primarily stores your data via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, the management always works a little differently. Here we show you the instructions for the most important browsers.

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

You can also set up your browser so that you are always informed when a cookie is to be placed. You can then always decide individually whether you want to accept the cookie or not.

Instagram is a subsidiary of Facebook Inc. and Facebook is an active participant in the EU-US Privacy Shield Framework. This framework ensures correct data transfer between the USA and the European Union. https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC learn more about it. We have tried to give you the most important information about data processing by Instagram. On https://help.instagram.com/519522125107875
you can learn more about Instagram's data policies.

Klarna Checkout Privacy Policy

We use the online payment system Klarna Checkout from the Swedish company Klarna Bank AB on our website. Klarna Bank has its headquarters at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose to use this service, personal data will be sent to Klarna, stored and processed, among other things. In this privacy policy, we would like to give you an overview of the data processing by Klarna.

What is Klarna Checkout?

Klarna Checkout is a payment system for orders in an online shop. The user selects the payment method and Klarna Checkout takes over the entire payment process. Once a user has made a payment via the checkout system and entered the relevant data, future online purchases can be made even faster and easier. The Klarna system then recognizes the existing customer as soon as the email address and postcode are entered.

Why do we use Klarna Checkout for our website?

Our goal with our website and our integrated online shop is to offer you the best possible service. In addition to the overall experience on the website and our offers, this also includes smooth, fast and secure payment processing for your orders. To ensure this, we use the Klarna Checkout payment system.

What data is stored by Klarna Checkout?

As soon as you choose the Klarna payment service and pay using the Klarna Checkout payment method, you also transmit personal data to the company. On the Klarna Checkout page, technical data such as browser type, operating system, our Internet address, date and time, language settings, time zone settings and IP address are collected from you and transmitted to Klarna's servers and stored there. This data is stored even if you have not yet completed an order.

If you order a product or service through our shop, you must enter your personal data in the fields provided. This data is processed by Klarna for payment processing. The following personal data (as well as general product information) may be stored and processed by Klarna for credit and identity checks:

• Contact information: name, date of birth, national ID number, title, billing and shipping address, email address, telephone number, nationality or salary.
• Payment information such as credit card details or your account number
• Product information such as tracking number, type of item and price of the product

There is also data that can be collected optionally, provided you consciously decide to do so. These include political, religious or ideological beliefs or various health data.

In addition to the data mentioned above, Klarna may also collect data on the goods or services you buy or order, either itself or through third parties (such as us or public databases). This may include, for example, the shipment number or the type of item ordered, but also information about your creditworthiness, your income or credit approvals. Klarna may also pass on your personal data to service providers such as software providers, data storage providers or us as a retailer.

When data is automatically entered into a form, cookies are always involved. If you do not want to use this function, you can deactivate these cookies at any time. Further down in the text you will find instructions on how to delete, deactivate or manage cookies in your browser. Our tests have shown that Klarna does not set any cookies directly. If you choose the payment method "Klarna Sofort" and click on "Order", you will be redirected to the Sofort website. After successful payment, you will be taken to our thank you page. There, sofort.com sets the following cookie:

Name : SOFUEB
Value: e8cipp378mdscn9e17kajlfhv7121453272-4
Purpose of use: This cookie stores your session ID.
Expiration date: after ending the browser session

How long and where is the data stored?

Klarna endeavors to only store your data within the EU or the European Economic Area (EEA). However, it can also happen that data is transferred outside the EU/EEA. If this happens, Klarna ensures that data protection is in line with the GDPR, that the third country has an adequacy decision by the European Union or that the country has the US Privacy Shield certificate. The data is always stored for as long as Klarna needs it for the processing purpose.

How can I delete my data or prevent data storage?

You can withdraw your consent for Klarna to process personal data at any time. You also always have the right to information, correction and deletion of your personal data. To do so, you simply need to contact the company or the company's data protection team by email at datenschutz@klarna.de Contact us. Via the Klarna website "My data protection request" You can also contact Klarna directly.

You can delete, disable or manage cookies that Klarna may use for its functions in your browser. This works in different ways depending on which browser you use. The following instructions show how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

We hope we have given you a good overview of data processing by Klarna. If you would like to learn more about how your data is handled, we recommend that you read Klarna’s privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy .

Sofortüberweisung privacy policy

On our website we offer the payment method "Sofortüberweisung" from the company Sofort GmbH for cashless payment. Sofort GmbH has belonged to the Swedish company Klarna since 2014, but has its headquarters in Germany, Theresienhöhe 12, 80339 Munich.

If you choose this payment method, personal data will be transmitted to Sofort GmbH or Klarna, stored and processed there. This privacy policy text provides you with an overview of data processing by Sofort GmbH.

What is an “instant transfer”?

Sofortüberweisung is an online payment system that allows you to place an order via online banking. The payment processing is carried out by Sofort GmbH and we immediately receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. Only a few banks do not yet support this payment method.

Why do we use “Sofortüberweisung” on our website?

Our goal with our website and our integrated online shop is to offer you the best possible service. In addition to the overall experience on the website and our offers, this also includes smooth, fast and secure payment processing for your orders. To ensure this, we use "Sofortüberweisung" as a payment system.

What data is stored by “Sofortüberweisung”?

If you make an instant transfer using the Sofort/Klarna service, data such as name, account number, bank code, subject, amount and date are stored on the company's servers. We also receive this information via the payment confirmation.

As part of the account coverage check, Sofort GmbH checks whether your account balance and overdraft facility cover the payment amount. In some cases, it is also checked whether instant transfers have been successfully carried out in the last 30 days. In addition, your user identification (such as authorization number or contract number) is collected and stored in abbreviated (“hashed”) form and your IP address. For SEPA transfers, BIC and IBAN are also stored.

According to the company, no other personal data (such as account balances, sales data, credit limit, account lists, mobile phone number, authentication certificates, security codes or PIN/TAN) are collected, stored or passed on to third parties.

Sofortüberweisung also uses cookies to make its own service more user-friendly. When you order a product, you will be redirected to the Sofort or Klarna website. After successful payment, you will be redirected to our thank you page. The following three cookies are set here:

Name : SOFUEB
Value: e8cipp378mdscn9e17kajlfhv7121453272-5
Purpose of use: This cookie stores your session ID.
Expiration date: after ending the browser session

Name : User[user_cookie_rules] Value: 1
Purpose of use: This cookie stores your consent to the use of cookies.
Expiration date: after 10 years

Name: _ga
Value: GA1.2.69759879.1589470706
Purpose of use: By default, analytics.js uses the cookie _ga to store the user ID. Basically, it is used to distinguish between website visitors. This is a cookie from Google Analytics.
Expiration date: after 2 years

Note: The cookies listed here do not claim to be complete. It is always possible that Sofortüberweisung also uses other cookies.

How long and where is the data stored?

All data collected is stored within the legal retention period. This period can last between three and ten years.

Klarna/Sofort GmbH tries to store data only within the EU or the European Economic Area (EEA). If data is transferred outside the EU/EEA, data protection must comply with the GDPR, the country must be subject to an adequacy decision by the EU or have the US Privacy Shield certificate.

How can I delete my data or prevent data storage?

You can withdraw your consent for Klarna to process personal data at any time. You also always have the right to information, correction and deletion of your personal data. To do so, you can simply contact the company's data protection team by email at datenschutz@sofort.com.

You can manage, delete or deactivate any cookies that Sofortüberweisung uses in your browser. This works in different ways depending on your preferred browser. The following instructions show how to manage cookies in the most common browsers:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

If you would like to learn more about data processing through the “Sofortüberweisung” of the company Sofort GmbH, we recommend that you read the privacy policy at https://www.sofort.de/datenschutz.html .

Stripe Privacy Policy

We use a payment tool from the American technology company and online payment service Stripe on our website. Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible for customers within the EU. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data required for the payment process will be forwarded to Stripe and stored. In this privacy policy, we give you an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

What is Stripe?

The technology company Stripe offers payment solutions for online payments. With Stripe it is possible to accept credit and debit card payments in our web shop. Stripe handles the entire payment process. A big advantage of Stripe is that you never have to leave our website or shop during the payment process and the payment is processed very quickly.

Why do we use Stripe for our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is valuable and therefore payment processing in particular must work quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe who guarantees secure and fast payment processing.

What data does Stripe store?

If you choose Stripe as your payment method, your personal data will also be transmitted to Stripe and stored there. This is transaction data. This data includes the payment method (i.e. credit card, debit card or account number), bank code, currency, amount and date of payment. During a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. This data is necessary for authentication. In addition to technical data about your device (such as IP address), Stripe may also collect your name, address, telephone number and country for fraud prevention, financial reporting and to be able to fully offer its own services.

Stripe does not sell your data to independent third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be shared with internal departments, a limited number of external Stripe partners, or for legal compliance purposes. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe can set during the payment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456121453272-5
Purpose of use: This cookie appears when you select the payment method. It stores and recognizes whether you access our website via a PC, tablet or smartphone.
Expiration date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9121453272-1
Purpose of use: This cookie is required to complete a credit card transaction. The cookie stores your session ID.
Expiration date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Purpose of use: This cookie also stores your ID and is used for the payment process on our website by Stripe.
Expiry date : after the end of the session

How long and where is the data stored?

Personal data is generally stored for the duration of the service provision. This means that the data is stored until we terminate our cooperation with Stripe. However, in order to fulfill legal and regulatory obligations, Stripe may also store personal data for the duration of the service provision. Since Stripe is a global company, the data can also be stored in any country where Stripe offers services. This means that data can also be stored outside your country, for example in the USA.

How can I delete my data or prevent data storage?

Stripe is still a participant in the EU-US Privacy Shield Framework , which regulated the correct and secure transfer of personal data until July 16, 2020. After the European Court of Justice declared the agreement invalid, the company no longer relies on this agreement, but still acts according to the principles of the Privacy Shield.

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the Stripe team at any time via https://support.stripe.com/contact/email contact us.

You can delete, deactivate or manage cookies that Stripe uses for its functions in your browser. This works in different ways depending on which browser you use. Please note, however, that the payment process may then no longer work. The following instructions show how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

We have now given you a general overview of how Stripe processes and stores data. If you would like to obtain even more detailed information, please see the detailed Stripe privacy policy at https://stripe.com/at/privacy as a good source.

Source: Created with the Data Protection Generator from AdSimple® Webdesign in cooperation with aboutbusiness.at