Privacy Policy
Privacy Policy
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is Quirin Gerl, quelia, Theodor-Heuss-Str. 48, 74523 Schwäbisch Hall, Germany, Tel.: 015224492692, E-Mail: hallo@quelia.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to subsequently check the server log files if concrete indications point to unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
3.1 Shopify
For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
3.2 Cloudflare
We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission.
4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period of time and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.
If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contacting us
When you contact us (e.g. via contact form or e-mail), personal data is processed - exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.
6) Data processing when opening a customer account
In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent required if you provide it to us when opening a customer account. You can find out which data is required for opening an account from the input mask of the corresponding form on our website.
You can delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deleting your customer account, your data will be deleted, provided that all contracts concluded through it have been fully processed, no legal retention periods conflict and we no longer have a legitimate interest in further storage.
7) Use of customer data for direct marketing
Shopping cart reminders by e-mail
If you abandon your purchase with us before completing the order, you have the option of being reminded once by e-mail of the contents of your virtual shopping cart.
The only mandatory information for sending this reminder is your e-mail address. The provision of further data is voluntary and will be used, if applicable, to address you personally. For sending e-mails, we use the so-called double opt-in procedure, which ensures that you only receive a notification if you have expressly confirmed your consent by clicking on a verification link sent to the specified e-mail address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR for sending a shopping cart reminder. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data collected by us during registration for our e-mail notification service will be used strictly for the intended purpose.
You can unsubscribe from shopping cart reminders at any time by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your e-mail address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further use data that is legally permitted and about which we inform you in this declaration.
8) Data processing for order processing
8.1 Insofar as it is necessary for the fulfillment of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data provided by you when ordering in order to inform you personally within the framework of our legal information obligations in accordance with Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of communicating updates owed by us and will only be processed by us to the extent necessary for the respective information.
For the processing of your order, we also work with the following service provider(s), who support us wholly or partially in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
8.2 Disclosure of personal data to shipping service providers
- DHL
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
We pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before the goods are delivered for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we only pass on the recipient's name and delivery address to the provider. The transfer only takes place if it is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider or to notify of delivery in advance.
The consent can be revoked at any time with effect for the future to the controller named above or to the provider.
8.3 Use of payment service providers
- Apple Pay
If you choose the "Apple Pay" payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your iOS, watchOS or macOS device by charging a payment card stored in "Apple Pay". Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To approve a payment, you must enter a code you have previously set and verify it using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for the purpose of carrying out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".
Further information on data protection at Apple Pay can be found at the following internet address: https://support.apple.com
- Shopify Payments
One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
If you choose a payment method from the provider where you pay in advance (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to this provider in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
9) Web analysis services
Shopify Analytics
This website uses the web analysis service of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
With the help of cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading out end device and browser information), the service collects and stores pseudonymized visitor data, including information about the end device used such as the IP address and browser information, in order to evaluate it for statistical analyses of user behavior on our website and to create pseudonymized usage profiles. This makes it possible, among other things, to evaluate movement patterns (so-called heatmaps), which show the duration of page visits as well as interactions with page content (e.g. text input, scrolling, clicks and mouse-overs). Pseudonymization generally excludes direct personal identifiability. There is no merging with clear data collected elsewhere about your person.
All processing described above, in particular the reading or storage of information on the end device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
We have concluded an order processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.
In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
10) Tools and Other
10.1 Paperwork
For accounting purposes, we use the cloud-based accounting software service of the following provider: odacer Finanzsoftware GmbH, Konrad-Adenauer-Ring 13, 65187 Wiesbaden, Germany
The provider processes incoming and outgoing invoices as well as, if applicable, our company's bank movements in order to automatically record invoices, match them with transactions and generate financial accounting from this in a semi-automated process.
If personal data is processed in this context, the processing is carried out on the basis of our legitimate interest in an efficient organization and documentation of our business processes in accordance with Art. 6 para. 1 lit. f GDPR.
10.2 Cookie Consent Tool
This website uses a "Cookie Consent Tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users in the form of an interactive interface when they access the page, where consent for certain cookies and/or cookie-based applications can be given by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by ticking the box. This ensures that such cookies are only placed on the respective user's device if consent has been given.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this process.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
Another legal basis for the processing is Art. 6 (1) (c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the respective user consent.
Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.
Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
11) Rights of the data subject
11.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) with regard to the processing of your personal data by the controller, whereby reference is made to the stated legal basis for the respective exercise conditions:
- Right to information pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent given pursuant to Art. 7 (3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
12) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).
When personal data is processed on the basis of an express consent pursuant to Art. 6 (1) (a) GDPR, the data concerned is stored until you revoke your consent.
If statutory retention periods exist for data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, this data is routinely deleted after the expiry of the retention periods, provided that it is no longer required for contract fulfilment or contract initiation and/or we no longer have a legitimate interest in further storage.
When personal data is processed on the basis of Art. 6 (1) (f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
When personal data is processed for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.
Unless otherwise stated in other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.