Privacy Policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various personal data will be collected. Personal data is data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

But please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third parties cannot be entirely guaranteed.

Note on the responsible body

The responsible body for data processing on this website is:

Spoo-Design - Sandra Lange
Am Sommersberg 2
29308 Winsen (All)
info@spoo-design.de
VAT ID. DE343004329

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

You can contact us here at any time for all questions and your rights in the area of ​​data protection.

1. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

• for confirmation as to whether the relevant data is being processed, for free information about the processed data, for further information about data processing and for copies of the data (cf. also Art. 15 GDPR);

• for the correction or completion of incorrect or incomplete data (cf. also Art. 16 GDPR);

• to the immediate deletion of the data concerning you (see also Art. 17 GDPR), or, alternatively, if further processing is necessary in accordance with Art. 17 Para. 3 GDPR, to restrict processing in accordance with Art. 18 GDPR;

• to receive the data concerning them and provided by them and to transfer this data to other providers / responsible parties (cf. also Art. 20 GDPR);

• to complain to the supervisory authority if they are of the opinion that the data concerning them are being processed by the provider in violation of data protection regulations (cf. also Art. 77 GDPR).

In addition, the Provider is obliged to notify any recipients to whom data has been disclosed by the Provider of any correction or deletion of data or restriction of processing that occurs under Articles 16, 17 para. 1, 18 DSGVO teaching. However, this obligation does not exist insofar as this notification is impossible or disproportionate. Notwithstanding, the user has a right to information about these recipients.

Likewise, according to Art. 21 DSGVO, users and data subjects have the right to object to the future processing of the data concerning them, provided that the data are provided by the provider in accordance with Art. 6 para. 1 lit. f) DSGVO be processed. In particular, an objection to the processing of data for the purpose of direct advertising is permitted.

2. Privacy at a glance

General

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified.

How do we collect your data?

On the one hand, your data is collected when you communicate it to us. This can, for example, be data that you enter in a contact form.

Other data is automatically recorded by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

Storage time

Unless a specific storage period is specified in this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion takes place after these reasons no longer apply.

Information on data transfer to the USA

Tools from companies based in the USA are integrated on our website. When these tools are active, your personal data can be passed on to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses an SSL or. TLS encryption.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa / MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and the lock
Symbol in your browser line.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

3. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can prevent or restrict the installation of cookies by setting your internet browser. You can also delete cookies that have already been saved at any time. The steps and measures required for this, however, depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions you want (e.g. shopping cart function) are stored on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behaviour) are stored, these are treated separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version

• the operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server request

• IP address

These data will not be combined with data from other sources.

The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and the optimization of his website - for this purpose, the server log files must be recorded.

Contact Requests/Contact Possibilities

If you contact us via the contact form or email, the data you provide will be used to process your request. The specification of the data is necessary for processing and answering your request - without providing it, we cannot answer your request, or at least only to a limited extent.

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted, provided that your request has been finally answered and the deletion does not conflict with any statutory storage requirements, such as in the event of subsequent contract execution.

User Contributions, Comments and Ratings

We offer you to post questions, answers, opinions or ratings on our websites, hereinafter referred to as "posts". If you make use of this offer, we will process and publish your contribution, the date and time of submission and the pseudonym you may use.

The legal basis for this is Art. 6 para. 1 lit. a) GDPR. The consent can be withdrawn at any time with effect for the future in accordance with Art. 7 para. 3 DSGVO. For this you only have to inform us about your withdrawal.

In addition, we also process your IP and e-mail address. The IP address is processed because we have a legitimate interest in initiating or supporting further action if your contribution interferes with third party rights and / or otherwise is unlawful.

The legal basis in this case is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the necessary legal defense.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transfer when concluding a contract for online shops, dealers and dispatch of goods, services and digital content

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Article 6 (1) (b) GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures

4. Collection and use of your data in our web shop

If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory information required for processing the contracts is marked separately; further information is voluntary. We process the data you provide to process your order. To do this, we can pass on your payment details to our house bank. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Letter b of the GDPR.

You can voluntarily create a customer account through which we can save your data for future purchases. If you click on the "Save my information and pay faster next time" box after entering your data during the ordering process, the data you have provided will be saved and revocable. You can always delete all other data, including your user account, in the customer area.

We may also process the information you provide to inform you of other interesting products from our portfolio or to send you e-mail with technical information.

Due to commercial and tax law requirements, we are obliged to save your address, payment and order data for a period of ten years. However, as soon as the existing contracts with you have been concluded, we will restrict the processing, i. H. Your data will only be used to comply with legal obligations.

To prevent unauthorized access by third parties to your personal data, especially financial data, the order process is encrypted using TLS technology.

WooCommerce

We have integrated the open source shop system WooCommerce as a plugin on our website. This WooCommerce plugin is based on the content management system WordPress, which is a subsidiary of Automattic Inc. (60 29th Street # 343, San Francisco, CA 94110, USA). The implemented functions send, save and process data to Automattic Inc. In this data protection declaration, we inform you which data is involved, how the network uses this data and how you can manage or prevent data storage.

Which data is saved by WooCommerce?
Information that you actively enter in a text field in our online shop can be collected and saved by WooCommerce or Automattic. So when you register with us or order a product, Automattic can collect, process and save this data. In addition to your email address, name or address, this can also include credit card or billing information. Automattic can then use this information for its own marketing campaigns.

There is also information that Automattic automatically collects from you in so-called server log files: IP address, browser information, preset language setting, date and time of web access

WooCommerce also sets cookies in your browser and uses technologies such as pixel tags (web beacons), for example to clearly identify you as a user and to be able to offer interest-related advertising. WooCommerce uses a number of different cookies that are set depending on the user action. This means that if you place a product in the shopping cart, for example, a cookie is set so that the product remains in the shopping cart when you leave our website and come back at a later point in time.

Order processing via dropshipping

When you order goods from us, it is possible that your order will be sent to you directly from our dealers (dropshipping). To do this, we will pass on your name and delivery address to the sending company. The transfer takes place exclusively for the purpose of the delivery of goods.

The legal basis for data processing is Article 6 (1) (b) GDPR (fulfillment of the contract) and our legitimate interest in the fastest and most effective purchase possible within the meaning of Article 6 (1) (f) GDPR.

We use the following dealers for dropshipping: AliDropship / AliExpress.

5. Payment provider and reseller

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective provider apply to these transactions. The payment service providers are used on the basis of Art. 6 Para. 1 lit. b GDPR (contract processing) as well as in the interest of a smooth, comfortable and secure payment process (Art. 6 Para. 1 lit.f GDPR). Insofar as your consent is requested for certain actions, Art. 6 Para. 1 lit. a GDPR legal basis for data processing; Consents can be revoked at any time for the future.

We use the following payment services / payment service providers on this website:

PAYPAL

The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). Details can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

AMAZON PAY

The provider of this payment service is Amazon Payments Europe sca, 5 Rue Plaetis, L-2338 Luxembourg (hereinafter: “Amazon Payments”). If you choose to pay via Amazon Payments, the payment data you have entered will be transmitted to Amazon Payments and processed separately and directly by Amazon Pay. Further information on data protection can be found in the Amazon Payments data protection declaration at: https://pay.amazon.com/de/help/201751600.

STRIPE

The provider of these payment services is Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin 2. Stripe is PCI DSS certified. Stripe transfers, processes and, if necessary, stores personal data outside the EU. Stripe is subject to the Safe Harbor Agreement. Further information on data protection can be found in Stripe's data protection declaration at: https://stripe.com/de/privacy.

6. Social Media

Social media plugins with Shariff

On our pages plugins are used by social media (eg Facebook, Twitter, Google+, Instagram, Pinterest, XING, LinkedIn, Tumblr).

The plugins can usually be identified by the respective social media logos. To ensure the privacy of our website, we only use these plugins together with the so-called "Shariff" solution. This application prevents the plugins integrated on our website from transferring data to the respective provider when the page is first accessed.

Only when you activate the respective plug-in by clicking the associated button will a direct connection to the provider's server be established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our site with your IP address.
If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign your visit to our website to your user account.

The activation of the plugin constitutes a consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke this consent at any time with effect for the future.

Facebook plugins (Like & Share button)

On our pages plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. The Facebook plugins can be recognized by the Facebook logo or the "Like-Button" ("Like") on our site. An overview of the Facebook plugins can be found here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This enables Facebook to assign your visit to our website to your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by Facebook. You can find more information on this in Facebook's data protection declaration at:
https://de-de.facebook.com/privacy/explanation.

Wenn Sie nicht wünschen, dass Facebook den Besuch unserer Seiten Ihrem Facebook-Nutzerkonto zuordnen kann, loggen Sie sich bitte aus Ihrem Facebook-Benutzerkonto aus.

The use of Facebook plugins is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.

Instagram plugin

Functions of the Instagram service are integrated into our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to our website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram.
The use of the Instagram plugin is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
For more information, see the Instagram Data Protection:
https://instagram.com/about/legal/privacy/.

LinkedIn plugin

Our website uses features of the LinkedIn network. Provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you visit one of our pages that contains LinkedIn functions, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by LinkedIn.

The use of the LinkedIn plug-in is based on Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media.

For more information, see LinkedIn's Privacy Statement at:
https://www.linkedin.com/legal/privacy-policy.

7. Newsletter

Newsletterdata

To the one offered on our website Newsletter you can register using our form. We use the so-called double opt-in procedure. Here, a confirmation email will first be sent to your specified email address with the request for confirmation. The registration only becomes effective if you click on the activation link contained in the confirmation email. We use the data you have transferred to us exclusively for sending the Newsletters that may contain information or an offer.

For shipping our Newsletters we use the shipping service provider The Newsletter Plugin, Web Agile Sas di Fietta Roberto. The Newsletter You can find plug-in data protection provisions at https: //www.thenewsletterplugin.com/documentation/subscription/gdpr-compliancy/ or https://www.iubenda.com/privacy-policy/7794079. This shipping service provider is used on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR and an order processing contract in accordance with Article 28 (3) sentence 1 GDPR.

You can give your consent to the storage of the data and its use for Newsletter- Revoke shipping at any time, e.g. via the unsubscribe link in Newsletter.

8. Plugins and Tools

Google Web Fonts

We use Google Fonts on our website to display external fonts. It is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

In order to enable the representation of certain writings in our Internet appearance, a connection to the Google server in the USA is set up when calling our Internet appearance.

Legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.

Google can determine from which website your request has been sent and to which IP address the presentation of the font is to be transmitted by the connection to Google established when our website is called up.

Google offers below

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

Further information, in particular on the possibilities of preventing the use of data.

9. Up-to-dateness and changes to this data protection declaration

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to change this data protection declaration. The current data protection declaration can be accessed at any time on this website https: //spoo-design.de / data protection declaration / can be accessed and printed out by you.