Privacy policy
Privacy Policy
The data controller responsible for data processing is:
Lukas Hahn
Paulstraße 36
10557 Berlin
Germany
Email: info@heuteshop.de
We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information on how we handle your data.
1. Access Data and Hosting
You can visit our website without providing any personal information. Each time a website is accessed, the web server automatically saves a "server log file," which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.
This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offer. This serves to protect our legitimate interests in a correct presentation of our offer, which outweigh our interests in the context of a balancing of interests in accordance with Art. 6(1)(1)(f) GDPR. All access data will be deleted no later than thirty days after the end of your visit to the site.
Hosting
The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Canada.
Our service providers are located and/or use servers in the USA and other countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.
2. Data Processing for Contract Execution and Contacting
2.1 Data Processing for Contract Execution
For the purpose of contract execution (including inquiries about and processing of any existing warranty and performance disturbance claims as well as any statutory update obligations) in accordance with Art. 6(1)(1)(b) GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because, in these cases, we absolutely require the data for contract execution and cannot send the order without it. Which data is collected can be seen from the respective input forms.
Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment, and shipping processing, can be found in the following sections of this privacy policy. After full execution of the contract, your data will be restricted for further processing and deleted after the retention periods under tax and commercial law have expired in accordance with Art. 6(1)(1)(c) GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6(1)(1)(a) GDPR or we reserve the right to further data use that is permitted by law and about which we inform you in this statement.
2.2 Customer Account
If you have given your consent in accordance with Art. 6(1)(1)(a) GDPR by choosing to open a customer account, we use your data for the purpose of opening a customer account and for storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account.
2.3 Contacting Us
As part of customer communication, we collect personal data to process your inquiries in accordance with Art. 6(1)(1)(b) GDPR if you voluntarily provide it to us when contacting us (e.g., via contact form or email). Mandatory fields are marked as such. After your request has been fully processed, your data will be deleted unless you have consented to further use.
3. Data Processing for Shipping Purposes
For contract fulfillment in accordance with Art. 6(1)(1)(b) GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. This also applies to the transfer of data to our manufacturers or wholesalers in cases where they handle the shipping for us (drop shipping).
Our service providers are located and/or use servers in these countries: China, India, Serbia, Ukraine, USA. For these countries, there is no adequacy decision by the European Commission. Our cooperation is based on: Standard data protection clauses, approved binding corporate rules, or approved certification mechanisms.
Data transfer to shipping service providers for the purpose of shipping notification
If you have given us your express consent during or after your order, we will pass on your email address and telephone number to the selected shipping service provider in accordance with Art. 6(1)(1)(a) GDPR so that they can contact you before delivery for the purpose of delivery notification or coordination. Consent can be revoked at any time.
Participating shipping partners:
-
GLS Germany
-
UPS Germany
-
Hermes Germany
-
DHL Paket GmbH
-
Deutsche Post
-
DPD Deutschland
4. Data Processing for Payment
4.1 Transaction Processing
Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, commissioned credit institutions, or the selected payment service provider. This serves to fulfill the contract according to Art. 6(1)(1)(b) GDPR.
4.2 Fraud Prevention
Where necessary, we provide our service providers with further data which they use as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, handling contested payments). This serves to protect our legitimate interests in protection against fraud in accordance with Art. 6(1)(1)(f) GDPR.
5. Email Advertising
5.1 Newsletter with Tracking
If you subscribe to our newsletter, we use the data required for this or separately provided by you to regularly send you our email newsletter based on your consent (Art. 6(1)(1)(a) GDPR). We use "newsletter tracking" to analyze opening and click rates. This is done via one-pixel technologies (web beacons/tracking pixels).
5.2 Newsletter Distribution
The newsletter and tracking may be handled by service providers in the USA based on approved codes of conduct.
5.3 Review Requests
If you have given express consent, we use your email address to request a review of your order via our review system.
6. Cookies and Other Technologies
We use cookies (small text files) to make your visit attractive and enable certain functions.
-
Strictly Necessary: Required for the operation of the site (e.g., shopping cart). No consent required.
-
Others: Require your consent. You can adjust your browser settings to refuse cookies (Microsoft Edge™, Safari™, Chrome™, etc.).
7. Third-Party Services
7.1 Google Services
We use services from Google Ireland Ltd. (e.g., Google Analytics, AdSense, Google Ads, reCAPTCHA, Tag Manager, YouTube). Data is usually transferred to Google LLC in the USA. We use IP anonymization for Google Analytics.
7.2 Meta (Facebook) Services
We use the Facebook Pixel and Facebook Ads provided by Meta Platforms Ireland Ltd. This allows us to track user behavior and display personalized ads. Data may be transferred to Meta Platforms, Inc. in the USA.
7.3 Other Providers
We use Hotjar for web analysis and Vimeo for video integration.
8. Social Media
Our website uses Social Buttons (Facebook, Twitter, Instagram, Pinterest, WhatsApp) as HTML links. A connection to the provider's server is only established when you click the button. We also maintain online presences (fan pages) on these platforms.
9. Your Rights and Contact
9.1 Your Rights
As a data subject, you have the following rights:
-
Art. 15 GDPR: Right of access.
-
Art. 16 GDPR: Right to rectification.
-
Art. 17 GDPR: Right to erasure ("right to be forgotten").
-
Art. 18 GDPR: Right to restriction of processing.
-
Art. 20 GDPR: Right to data portability.
-
Art. 21 GDPR: Right to object.
-
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority.
9.2 Contact
For questions regarding the collection, processing, or use of your personal data, please contact us directly using the details provided in our imprint/header.