top of page
Logo_cloc_klitzeklein.jpg

Privacy-
Policy

1. DATA PROTECTION AT A GLANCE

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice regarding the Responsible Party" in this privacy policy.

How do we collect your data?

On one hand, your data is collected by you providing it to us. This may, for example, involve data that you enter into a contact form. Other data is collected automatically or after your consent when you visit the website via our IT systems. This primarily consists of technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

A portion of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to receive information about the origin, recipient, and purpose of your stored personal data free of charge. You also have a right to demand the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to demand the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When visiting this website, your surfing behavior may be statistically evaluated. This occurs primarily through the use of so-called analysis programs. Detailed information regarding these analysis programs can be found in the following privacy policy.

2. HOSTING

External Hosting

Our website is hosted via the platform Wix.com Ltd., Namal 40, 6350671 Tel Aviv, Israel. Wix stores the personal data of website visitors on servers in various regions, including the European Union, Israel, and the USA.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) (f) GDPR). If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (formerly TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) as defined by the TDDDG. This consent can be revoked at any time.

Our host(s) will process your data only to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data.

Order processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. GENERAL INFORMATION AND MANDATORY INFORMATION

Privacy protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data consists of data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the Internet (e.g., when communicating via email) can have security gaps. Complete protection of data against access by third parties is not possible.

Note regarding the responsible body

The party responsible for data processing on this website is:

Stefan Dassel Hans-Carossa-Straße 2 82131 Stockdorf Germany Phone: +49 160 944 26 460 Email: hallo@cloc.de

The responsible party (controller) is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, provided that special categories of data pursuant to Art. 9 (1) GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) (a) GDPR. Insofar as you have consented to the storage of cookies or to access to information in your terminal device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TDDDG (formerly TTDSG).

Consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6 (1) (c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer.

Stefan Dassel
Hans-Carossa-Straße 2
82131 Stockdorf
Germany
Phone: +49 160 944 26 460
Email: hallo@cloc.de

Recipients of personal data

As part of our business activities, we cooperate with various external bodies. In some cases, this also requires the transfer of personal data to these external entities. We only pass on personal data to external bodies if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., passing on data to tax authorities), if we have a legitimate interest pursuant to Art. 6 (1) (f) GDPR in passing it on, or if another legal basis permits the transfer of data.

When using processors, we only pass on the personal data of our customers on the basis of a valid contract for data processing. In the case of joint processing, a contract for joint processing is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR CONCERNED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in the fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data. To do so, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the audit, you have the right to request the restriction of the processing of your personal data.

  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

  • If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data—aside from its storage—may only be processed with your consent or for the assertion, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL- or TLS-Incryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to transmit your payment data (e.g., account number for direct debit authorization) after the conclusion of a contract with costs, this data is required for payment processing.

Payment transactions via common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Objection to advertising emails

The use of contact data published within the scope of the mandatory legal notice (Impressumspflicht) for the purpose of sending advertising and information materials that have not been expressly requested is hereby prohibited. The operators of these pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as via spam emails.

4. DATA COLLECTION ON THIS WEBSITE

Cookies

Our website uses so-called "cookies." Cookies are small data packets that do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored until you delete them yourself or your web browser performs an automatic deletion.

Types and Functions of Cookies

  • First-Party vs. Third-Party: Cookies can be set by us (First-Party) or by third-party companies (Third-Party). Third-party cookies enable the integration of specific services from external providers (e.g., payment processing services).

  • Technical Necessity: Many cookies are technically necessary for website functions (e.g., shopping cart features or video playback).

  • Analysis and Advertising: Other cookies may be used to evaluate user behavior or for marketing purposes.

Legal Basis

  • Necessary Cookies: Cookies required for electronic communication or requested functions (e.g., shopping cart) are stored based on Art. 6 (1) (f) GDPR, unless another legal basis is specified. The operator has a legitimate interest in storing these for the technically error-free and optimized provision of services.

  • Consent-based Cookies: If consent was requested for cookies or similar recognition technologies, processing is based exclusively on Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG (formerly TTDSG). Consent can be revoked at any time.

Managing Cookies

You can configure your browser to:

  1. Inform you about the setting of cookies.

  2. Allow cookies only in individual cases.

  3. Exclude cookies for specific cases or generally.

  4. Activate the automatic deletion of cookies when closing the browser.

[!IMPORTANT] If cookies are deactivated, the functionality of this website may be limited. For details on the specific cookies and services used on this site, please refer to the further sections of this privacy policy.

CookieFirst

Our website uses CookieFirst to obtain your consent for the storage of certain cookies on your end device or for the use of certain technologies and to document this in a data protection-compliant manner. The provider of this technology is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands (hereinafter referred to as "CookieFirst").

How it Works

When you enter our website, a connection is established to CookieFirst's servers to obtain your consent and other declarations regarding cookie use. CookieFirst then stores a cookie in your browser to be able to assign the consents granted or their revocation to you. In this process, the following data is processed and integrated into CookieFirst:

  • IP address (anonymized)

  • User Agent of the browser and operating system

  • URL from which the consent was given

Data Retention and Third Parties

The data collected in this way is stored until you request us to delete it, delete the CookieFirst cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

CookieFirst transmits personal data to third-party providers. These include:

  • CDN based in Slovenia

  • IP Geolocation based in Romania

  • Hosting via OVH in Germany and France

Legal Basis

The use of CookieFirst is carried out to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.

Server-Log-Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser transmits to us automatically. This information includes:

  • Browser type and browser version

  • Operating system used

  • Referrer URL (the previously visited page)

  • Hostname of the accessing computer

  • Time of the server request

  • IP address

This data is not merged with other data sources.

Legal Basis

The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website—for this purpose, the server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

Legal Basis for Processing

The processing of this data is based on:

  • Art. 6 (1) (b) GDPR: If your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures.

  • Art. 6 (1) (f) GDPR: In all other cases, based on our legitimate interest in the effective processing of requests addressed to us.

  • Art. 6 (1) (a) GDPR: If consent was requested; this consent can be revoked at any time.

Storage Duration

The data you enter in the contact form remains with us until:

  • You request us to delete it.

  • You revoke your consent to the storage.

  • The purpose for storing the data no longer applies (e.g., after processing of your inquiry has been completed).

Mandatory statutory provisions—in particular retention periods—remain unaffected.

Inquiry per E-Mail, Phone oder Fax

If you contact us by email, telephone, or fax, your inquiry—including all resulting personal data (name, inquiry)—will be stored and processed by us for the purpose of processing your request. We do not pass this data on without your consent.

Legal Basis for Processing

The processing of this data is based on the following:

  • Art. 6 (1) (b) GDPR: If your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.

  • Art. 6 (1) (f) GDPR: In all other cases, based on our legitimate interest in the effective processing of inquiries addressed to us.

  • Art. 6 (1) (a) GDPR: If consent was requested; this consent can be revoked at any time.

Storage Duration

The data you send to us via contact requests remains with us until:

  • You request us to delete it.

  • You revoke your consent to storage.

  • The purpose for storing the data no longer applies (e.g., after your request has been fully processed).

Mandatory statutory provisions—in particular statutory retention periods—remain unaffected.

5. ANALYSIS TOOLS AND EVALUATION

Google Tag Manager

We use the Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Functionality

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies into our website.

  • No Profiling: The Tag Manager itself does not create user profiles, store cookies, or perform its own analyses.

  • Management Tool: Its sole purpose is to manage and deploy the tools integrated through it.

  • IP Address: However, the Google Tag Manager does collect your IP address, which may also be transmitted to Google's parent company in the United States.

Legal Basis

The use of the Google Tag Manager is based on:

  • Art. 6 (1) (f) GDPR: The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on their website.

  • Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG: If corresponding consent was requested (e.g., for the storage of cookies or access to information on the user's end device like device fingerprinting). This consent is revocable at any time.

Data Privacy Framework

The company is certified under the "EU-US Data Privacy Framework" (DPF). This agreement between the European Union and the USA is designed to ensure compliance with European data protection standards for data processing in the USA.

Detailed certification information can be found here: Data Privacy Framework Participant Search

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Analysis of User Behavior

Google Analytics allows the website operator to analyze the behavior of website visitors. This provides the operator with various usage data, such as:

  • Page views and duration of visit.

  • Operating systems used.

  • The origin of the user.

This data is assigned to the respective end device of the user. No assignment to a specific User ID takes place. Furthermore, we can record your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies for data analysis.

Technologies and Data Transfer

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

Legal Basis and Revocation

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may revoke your consent at any time.

Data Transfer to the USA

Data transfer to the USA is based on the Standard Contractual Clauses (SCCs) of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/

Furthermore, the company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company commits to upholding these standards.

More information can be found at: Data Privacy Framework Participant Search

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Order processing

We have entered into a Data Processing Agreement (DPA) with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce-Tracking

This website uses the "E-commerce Tracking" function of Google Analytics. With the help of E-commerce Tracking, the website operator can analyze the purchasing behavior of website visitors to improve online marketing campaigns.

Collected Data

During this process, information such as the following is recorded:

  • Orders placed

  • Average order values

  • Shipping costs

  • Time elapsed from viewing a product to its purchase

This data can be aggregated by Google under a Transaction ID, which is assigned to the respective user or their specific device.

Google Ads

The website operator uses Google Ads, an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

How Google Ads Works

Google Ads allows us to display advertisements in the Google search engine or on third-party websites based on the following:

  • Keyword Targeting: Ads are displayed when users enter specific search terms into Google.

  • Target Group Targeting: Targeted advertisements are displayed based on user data available to Google (e.g., location data and interests).

As the website operator, we can quantitatively evaluate this data by analyzing, for example, which search terms led to the display of our ads and how many clicks resulted from those ads.

Legal Basis and Revocation

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may revoke your consent at any time.

Data Transfer to the USA

Data transfer to the USA is supported by the Standard Contractual Clauses (SCCs) of the EU Commission. Details can be found here:

The company is also certified under the "EU-US Data Privacy Framework" (DPF). This agreement between the EU and the USA ensures compliance with European data protection standards for data processing in the USA.

For more information, please visit the provider's DPF profile: Data Privacy Framework Participant Detail

Google Conversion-Tracking

This website uses Google Conversion Tracking, provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose of Processing

Google Conversion Tracking allows both Google and us to recognize whether a user has performed specific actions. For example, we can evaluate:

  • Which buttons on our website were clicked and how often.

  • Which products were viewed or purchased most frequently.

This information is used to create conversion statistics. We receive the total number of users who clicked on our ads and the actions they took. However, we do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

Legal Basis and Revocation

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You may revoke your consent at any time.

Data Privacy and Frameworks

The company is certified under the "EU-US Data Privacy Framework" (DPF). This agreement ensures that European data protection standards are maintained during data processing in the USA.

Newsletter data

If you wish to receive the newsletter offered on our website, we require an email address and information that allows us to verify that you are the owner of the address provided and that you agree to receive the newsletter. No further data is collected, or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

Legal Basis and Revocation

The processing of the data entered into the newsletter registration form is based exclusively on your consent (Art. 6 (1) (a) GDPR). You can revoke your consent to the storage of your data and email address, as well as their use for sending the newsletter, at any time—for example, via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage Duration

  • Active Subscription: Data deposited for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe.

  • After Unsubscribing: Once you unsubscribe or the purpose no longer applies, your data will be deleted from the distribution list.

  • Operator Discretion: We reserve the right to delete or block email addresses from our distribution list at our own discretion based on our legitimate interest (Art. 6 (1) (f) GDPR).

The Blacklist

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings.

  • Purpose: This data is used solely for this purpose and is not merged with other data.

  • Legal Basis: This serves both your interest and our legitimate interest in complying with legal requirements for sending newsletters (Art. 6 (1) (f) GDPR).

  • Duration: Storage in the blacklist is not limited in time.

[!NOTE] You may object to this storage if your interests outweigh our legitimate interest. Data stored by us for other purposes remains unaffected by these provisions.

7. ECOMMERCE & PAYMENT PROCESSORS

Processing of customer and contract data

We collect, process, and use personal customer and contract data to establish, structure the content of, and modify our contractual relationships.

Usage and Contract Data

  • Purpose: We collect and process personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to use the service or for billing purposes.

  • Legal Basis: The basis for this processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Data Retention

The collected customer data will be deleted upon completion of the order or termination of the business relationship, provided that no legal obligations require further storage.

[!NOTE] Mandatory statutory retention periods (e.g., under tax or commercial law) remain unaffected by these deletion practices. In such cases, the data is blocked until the retention periods expire and then deleted.

Data transfer during contract conclusion for online shops, retailers and shipping companies

When you purchase products via our website, processing is carried out through the shop system provided by Wix.com Ltd., Namal 40, 6350671 Tel Aviv, Israel.

Data Processing by Wix

In this context, personal data required for your order and contract execution—such as your name, address, email address, and payment details—are processed by Wix and stored on their servers.

Key Information regarding Wix

  • Purpose: The processing is necessary to manage your orders, handle shipping, and facilitate the technical operation of the online shop.

  • Data Security: Wix provides the infrastructure to ensure a secure transaction environment for your purchases.

As Wix is based in Israel, it is important to note that Israel is recognized by the European Commission as a country with an adequate level of data protection (Adequacy Decision), ensuring that your personal data is handled in accordance with standards comparable to the GDPR.

Payment

To process payments, Wix utilizes various payment service providers depending on the payment method you select. Your payment data may be transmitted directly to the respective provider. The payment services integrated into Wix include, but are not limited to:

  • Wix Payments

  • PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg)

  • Klarna (Klarna Bank AB, Sweden)

  • Other local payment providers, depending on region and availability.

Legal Basis for Processing

The transfer of your data is carried out on the following legal bases:

  • Art. 6 (1) (b) GDPR: For the fulfillment of a contract.

  • Art. 6 (1) (f) GDPR: Our legitimate interest in providing a secure and efficient payment process.

  • Art. 6 (1) (a) GDPR: Where explicit consent has been obtained.

Privacy Policies of Providers

For more detailed information on how these providers handle your data, please refer to their respective privacy policies:

8. ORDER PROCESSING AND CUSTOMER COMMUNICATION

As part of the order processing, we process the personal data you provide during the purchase transaction. This includes, in particular:

  • First and last name

  • Delivery and billing address

  • Email address

  • Telephone number (optional, e.g., for shipping notifications)

  • Ordered products

  • Payment information (see the "Payment Providers" section)

Purpose and Legal Basis

We process this data to execute your order, facilitate shipping, and handle any inquiries or service requests.

The legal basis for this processing is Art. 6 (1) (b) GDPR (performance of a contract).

Customer communication

To handle your order or address questions regarding products, delivery status, or returns, we generally contact you via email.

Purpose of Communication

This communication is conducted exclusively for the purposes of:

  • Contract fulfillment (e.g., order confirmations, shipping updates).

  • Customer support (e.g., answering product inquiries or managing returns).

Legal Basis

The legal basis for this processing is Art. 6 (1) (b) GDPR, which permits the processing of data necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Storage duration

We store the data relevant for contract processing for as long as is necessary to carry out the contractual relationship.

Retention Periods

Beyond the active duration of the contract, data is stored in accordance with statutory retention obligations (e.g., as required by the German Commercial Code (HGB) and the German Tax Code (AO)).

As a rule, these periods are:

  • 6 years (for business correspondence and documents related to commercial transactions).

  • 10 years (for accounting records, books, and documents relevant for taxation).

Once these legal periods have expired, the data is deleted in accordance with data protection regulations.

9. OWN SERVICES

Handling of applicant data

We offer you the opportunity to apply for a position with us (e.g., via email, post, or via our online application form). Below, we inform you about the scope, purpose, and use of the personal data collected during the application process.

Our Commitment

We assure you that the collection, processing, and use of your data:

  • Is conducted in strict compliance with applicable data protection laws and all other legal regulations.

  • Ensures your data is treated with utmost confidentiality.

Process Overview

This information applies to all methods of submission, whether digital or physical. By submitting an application, you provide us with personal information that we use solely to evaluate your suitability for a position within our company.

[!IMPORTANT] For specific details regarding storage duration, legal bases, and your rights in the application process, please refer to the preceding sections of this privacy policy.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship.

Legal Basis

The processing is based on the following legal foundations:

  • Section 26 BDSG (German Federal Data Protection Act): Initiation of an employment relationship.

  • Art. 6 (1) (b) GDPR: General initiation of a contract.

  • Art. 6 (1) (a) GDPR: Provided you have given explicit consent (which can be revoked at any time).

Data Sharing and Storage

  • Internal Disclosure: Your personal data will only be passed on within our company to individuals involved in processing your application.

  • Successful Applications: If your application is successful, the data submitted will be stored in our data processing systems for the purpose of carrying out the employment relationship, based on Section 26 BDSG and Art. 6 (1) (b) GDPR.

Data retention period

If we are unable to make you a job offer, if you reject an offer, or if you withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months after the conclusion of the application process (rejection or withdrawal).

Retention for Legitimate Interests

This storage is based on our legitimate interests (Art. 6 (1) (f) GDPR) and serves primarily as evidence in the event of a legal dispute (e.g., claims under the General Act on Equal Treatment - AGG).

  • Deletion: After this 6-month period, electronic data is deleted and physical application documents are destroyed.

  • Extension for Legal Disputes: If it is evident that the data will be required after the 6-month period (e.g., due to an imminent or pending legal dispute), deletion will only take place once the purpose for further storage no longer applies.

Extended Storage

A longer retention period may occur in the following cases:

  1. Consent: You have given express consent for longer storage (e.g., inclusion in a talent pool) pursuant to Art. 6 (1) (a) GDPR.

  2. Statutory Obligations: Legal retention requirements prevent the immediate deletion of the data.

bottom of page