Privacy policy
Protecting your privacy is very important to us. Below we will provide you with detailed information on how we handle your data. The Schokobold team is, of course, available to answer any questions you may have.
1. ACCESS DATA AND HOSTING
You can visit our websites without providing any personal information. Whenever a webpage is accessed, the web server automatically stores a so-called server log file, which includes the name of the requested file, your IP address, date and time of the access, transferred data volume, and the requesting provider (access data) and documents the access. These access data are evaluated solely for the purpose of ensuring a trouble-free operation of the website and for improving our offer. This serves to safeguard our predominant legitimate interests in a correct presentation of our offer within the scope of a balancing of interests according to Art. 6 (1) sentence 1 lit. f GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.
2. DATA PROCESSING FOR CONTRACT PROCESSING AND CONTACTING
2.1 DATA PROCESSING FOR CONTRACT PROCESSING
For the purpose of contract processing according to Art. 6 (1) sentence 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because in these cases, we require the data for contract processing and cannot send the order without providing it. The data to be collected is apparent from the respective input forms.
Further information on the processing of your data, in particular on its disclosure to our service providers for the purpose of order, payment, and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after the expiry of the retention periods under tax and commercial law according to Art. 6 (1) sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and about which we will inform you in this statement.
2.2 CUSTOMER ACCOUNT
If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and storing your data for further future orders on our website. The deletion of your customer account is possible at any time and can either be done by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data for further purposes that are legally permitted and about which we will inform you in this declaration.
2.3 CONTACT
This section outlines how personal data is processed for the purpose of handling customer inquiries. The company collects personal data, such as name and email address, that customers voluntarily provide when contacting the company via email or contact form. Mandatory fields are marked as such because the company requires this data to process the inquiry. Once the inquiry is complete, the personal data is deleted unless the customer explicitly consents to further use of their data or the company reserves the right to further use the data, which is legally allowed and explained in this privacy policy. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
3. DATA PROCESSING FOR THE PURPOSE OF SHIPPING
To fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we will forward your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of the ordered goods.
4. DATEN PROCESSING FOR THE PURPOSE OF PAYMENT PROCESSING
When processing payments in our online store, we work with the following partners: technical service providers, banks, payment service providers.
4.1 DATA PROCESSING FOR TRANSACTION PROCESSING
Depending on the selected payment method, we disclose the necessary data for processing the payment transaction to our technical service providers who work on our behalf as contract processors, or to the designated credit institutions or selected payment service providers, to the extent necessary for processing the payment. This is necessary for the fulfillment of the contract in accordance with Art. 6 (1) sentence 1 lit. b GDPR. In some cases, the payment service providers themselves collect the data required for processing the payment, for example on their own website or through a technical integration in the ordering process. In this regard, the data protection declaration of the respective payment service provider applies. If you have any questions regarding our partners for payment processing and the basis of our cooperation with them, please contact us using the contact information provided in this privacy policy.
4.2 DATA PROCESSING FOR THE PURPOSES OF FRAUD PREVENTION AND OPTIMIZATION OF OUR PAYMENT PROCESSES
If necessary, we may provide our service providers with additional data that they may use as our contract processors, together with the data necessary for processing payments, for the purposes of fraud prevention and optimization of our payment processes (e.g. invoicing, processing of contested payments, support of accounting). This serves to safeguard our predominant legitimate interests in protecting ourselves against fraud and in efficient payment management, in accordance with Art. 6 (1) sentence 1 lit. f GDPR, based on a balancing of interests.
5. ADVERTISING BY EMAIL
EMAIL NEWSLETTER WITH REGISTRATION
If you subscribe to our newsletter, we use the data required for this or separately communicated by you to send you our email newsletter regularly based on your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or via a link provided in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use your data beyond this, which is legally permitted and about which we inform you in this statement.
6. COOKIES AND OTHER TECHNOLOGIES
GENERAL INFORMATION
In order to make the visit to our website attractive and to enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).
We use such technologies that are strictly necessary for the use of certain functions of our website (e.g. shopping cart function). Through these technologies, IP address, time of visit, device and browser information as well as information on your use of our website (e.g. information on the content of the shopping cart) are collected and processed. This serves within the scope of a balancing of interests overriding legitimate interests in an optimized presentation of our offer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
You can find the cookie settings for your browser at the following links: Microsoft Edge™ [https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies] / Safari™ [https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14] / Chrome™ [https://support.google.com/chrome/answer/95647?hl=de&hlrm=en] / Firefox™ [https://support.mozilla.org/de/products/firefox/protect-your-privacy/cookies] / Opera™ [https://help.opera.com/de/latest/web-preferences/#cookies]
If you have consented to the use of technologies pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the data protection declaration.
7. INTEGRATION OF TRUSTED SHOPS TRUSTBADGE/OTHER WIDGETS
Trusted Shops widgets (such as the Trusted Shops Trustbadge) are integrated into this website to display Trusted Shops services (such as quality seals and collected reviews) and to offer Trusted Shops products to buyers after a purchase.
This serves to protect our overriding legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the advertised services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (Trusted Shops), with whom we are jointly responsible for data protection in accordance with Art. 26 GDPR. As part of these data protection guidelines, we will inform you about the essential contractual content in accordance with Art. 26 para. 2 GDPR.
The Trustbadge is provided as part of a joint responsibility by a US-American CDN (Content Delivery Network) provider. An adequate level of data protection is ensured by standard data protection clauses and further contractual measures. You can find further information on data protection by Trusted Shops GmbH here [https://www.trustedshops.de/impressum/#datenschutz].
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of access, transmitted data volume and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The server log file is stored in a security database for the analysis of security incidents and is automatically deleted or anonymized no later than 90 days after creation. This serves our and Trusted Shops' legitimate interest in accordance with Art. 6 (1) sentence 1 lit. f GDPR in preventing abuse and fraud, optimizing our website and offering, and ensuring the smooth operation of the website or Trusted Shops' Trustbadge or other widgets.
Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order, or if you have already registered for the use of their products. This involves an automatic collection of personal data from the order data. Whether you are already registered as a buyer for product use is automatically checked through a neutral parameter, the hashed email address, using a cryptographic one-way function. Before transmission, the email address is converted into this hash value, which Trusted Shops cannot decrypt. After verification for a match, the parameter is automatically deleted.
This is done to verify whether you are already registered for services at Trusted Shops GmbH and is therefore necessary for the fulfilment of our and Trusted Shops' predominant legitimate interests in providing the purchaser protection and transactional evaluation services, respectively, associated with each specific order, pursuant to Art. 6 Para. 1 S. 1 lit. f DSGVO. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will be given the opportunity to do so afterwards. The further processing after registration is also governed by the contractual agreement with Trusted Shops. If you do not register, all transmitted data will be automatically deleted by Trusted Shops and personal reference will no longer be possible.
As part of the joint responsibility between us and Trusted Shops GmbH, please contact Trusted Shops GmbH at their contact information, which can be found here [https://www.trustedshops.de/impressum/#datenschutz], for any privacy concerns and to exercise your rights. You can also contact us directly using the contact information described in this privacy policy. If necessary, your request will be forwarded to the appropriate responsible party. More information on data protection can be found in the following link here [https://www.trustedshops.com/tsdocument/CONSUMER_MEMBERSHIP_TERMS_de.pdf].
As part of the joint responsibility between us and Trusted Shops GmbH, please direct any data protection inquiries and claims regarding your rights preferably to Trusted Shops GmbH, whose contact details can be found here [https://www.trustedshops.de/impressum/#datenschutz]. You can find further information on data protection at the following link [https://www.trustedshops.com/tsdocument/CONSUMER_MEMBERSHIP_TERMS_de.pdf]. However, you can always contact us via the contact information provided in this privacy policy. Your inquiry will be forwarded to the other responsible party for response, if necessary.
8. SOCIAL MEDIA
OUR ONLINE PRESENCE ON FACEBOOK, INSTAGRAM, YOUTUBE, LINKEDIN
If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the social media platforms mentioned above, from which usage profiles are created using pseudonyms. These can be used, for example, to display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. Please refer to the privacy notices of the providers linked below for detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and options for protecting your privacy. If you still need assistance in this regard, you can contact us.
Facebook [https://www.facebook.com/about/privacy/] is an offering of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The information automatically collected by Facebook Ireland about your use of our online presence on Facebook is generally transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. The data processing in the context of visiting a Facebook fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on insights data) can be found here [https://www.facebook.com/legal/terms/information_about_page_insights_data].
Instagram [https://help.instagram.com/519522125107875] is an offer of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The information about your use of our online presence on Instagram, which is automatically collected by Facebook Ireland, is usually transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. The data processing in the context of visiting an Instagram fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on insights data) can be found here [https://www.facebook.com/legal/terms/information_about_page_insights_data].
YouTube [https://policies.google.com/privacy?hl=de] is an offer of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information about your use of our online presence on YouTube, which is automatically collected by Google, is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.
LinkedIn [https://www.linkedin.com/legal/privacy-policy] is an offering of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transferred to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.
9. CONTACT OPTIONS AND YOUR RIGHTS
9.1 YOUR RIGHTS
As the person affected, you have the following rights:
- According to Art. 15 GDPR, the right to obtain information about the personal data processed by us to the extent specified there;
- According to Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personal data stored by us;
- According to Art. 17 GDPR, the right to demand the deletion of your personal data stored by us, unless further processing is necessary
- for the exercise of the right to freedom of expression and information;
- to fulfil a legal obligation;
- for reasons of public interest or
- for the assertion, exercise or defence of legal claims;
- According to Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as
- the accuracy of the data is disputed by you;
- the processing is unlawful, but you reject its deletion;
- we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or
- you have objected to the processing according to Art. 21 GDPR;
- According to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request the transfer to another controller;
- According to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Usually, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Right to object
If we process personal data as explained above to protect our legitimate interests that outweigh other interests, you have the right to object to such processing for the future. If the processing is for the purposes of direct marketing, you can exercise this right at any time as described above. If the processing is for other purposes, you only have the right to object if there are reasons that arise from your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.
9.2 CONTACT OPTIONS
If you have any questions regarding the collection, processing or use of your personal data, require information, correction, restriction or deletion of data, or wish to revoke your consent or object to a specific use of your data, please contact us directly using the contact information provided in our legal notice.