DATA PROTECTION

Notes on data processing

We (hereinafter: "company", "we" or "us") would like to inform you (hereinafter: "you", "visitor" or "customer") about the data processing and -storage and at the same time comply with the legal obligations, in particular those arising from the European General Data Protection Regulation (hereinafter: GDPR).

Our data protection information applies in particular to our website and our presence on social media platforms (e.g. Instagram, TikTok or Facebook).

With this data protection notice, we inform you transparently about the type, scope, purpose, duration and legal basis of the processing of personal data when using our website within the meaning of Art. 13 and 14 DSGVO. Personal data is all data that can be related to you personally, e.g. IP address, name, address, GPS data, telephone number, e-mail address and user behavior. Explanations of other GDPR terms can be found in the "Definitions" section.

Our data protection information can be called up, saved and printed out at any time at https://glavara.com/datenschutz .

For better clarity and transparency, we have structured the content for you as follows:

1. General information

1.1. Responsible for data processing i.S. of Art. 4 No. 7 DSGVO

1.2. Relevant legal bases

1.3. Data subject rights

1.4. Data security/ SSL encryption

1.5. Duration of storage of personal data

1.6. Disclosure of personal data to third parties

1.7. Data processing and transmission to third countries

2. Cookies

3. Provision of our website

3.1. Log files/ hosting

3.2. Content Delivery System

3.3. Cookie Consent Tool - GDPR Legal Cookie

4. Contact

5. Data processing when performing contractual obligations/contractual relationships

5.1. Customer Account

5.2. Transfer of personal data to shipping service providers

5.3. Payment processing via PayPal Plus

5.4. Payment processing via Shopify Payments

5.5. Payment processing via Apple Pay

5.6. Payment processing via Klarna

6. Goods availability notification by e-mail

7. Newsletter

7.1. Newsletter Tracking – Klaviyo

7.2. Newsletter Tracking - Shopify Mail

8. Web Analytics and Marketing Services

8.1. General information about Google services

8.2. Google Analytics

8.3. Google Ads and Google Conversion Ranking

8.4. Google Tag Manager

9. Data protection information for our Facebook fan page and Facebook Insights

9.1. Facebook Custom Audiences

10. TikTok Profile and TikTok Analysis Tools

11. Plugins and integration of content from external service providers

11.1. Google Maps

11.2. Google reCAPTCHA service

12. Definitions

13. Actuality and changes to this data protection declaration

1. General information

1.1 Responsible for data processing i.S. of Art. 4 No.7 GDPR

Name: Leman Suna male

Street: Kettengasse 3

postal code city: 50678 Cologne

Tel: +49 (0) 15203812705

Email: glavaraofficial@gmailcom

The contact person for data protection is Ms. Leman Suna Männchen.

1.2 Relevant legal bases

The legal bases of the GDPR (EU Regulation 2016/679) primarily form the legal basis for the processing of personal data. This is available at https://eur-lex.europa.eu/legal- content/DE/TXT/?uri=celex%3A32016R0679.

We process your personal data according to the following legal bases of the GDPR:

Art. 6 paragraph 1 sentence 1 lit. a GDPR: Based on your consent to the processing of your personal data for the fulfillment of a specific purpose, e.g. when registering for our newsletter.
Art. 6 Paragraph 1 S.1 lit. b GDPR: The processing of your data is necessary within the scope of pre-contractual obligations and the fulfillment of the contract. Example: Processing your order in our web shop, payment processing via service providers, shipping processing via an external shipping service provider.
Art. 6 paragraph 1 sentence 1 lit. c GDPR: Due to the existence of a legal obligation. We may be required by law to store and process your data. E.g.: Tax law storage obligations, legal documentation obligation of granted consents to data processing.
Art. 6 Paragraph 1 Sentence 1 lit. f GDPR: For the protection of our legitimate interests, which do not restrict your fundamental rights and which outweigh your interests. Example: Security measures to protect our website, customer-friendly design of our website.

The processing can also be based on several of the aforementioned legal bases. You will be informed about the specific legal bases in the corresponding sections.

In addition to the regulations of the GDPR at EU level, national data protection regulations of member states can also apply due to specification clauses. In Germany, these include in particular:

Federal Data Protection Act (BDSG), e.g. with special regulations on the rights of data subjects, available at https://www.gesetze-im-internet.de/bdsg_2018/
Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG), in particular Section 25 with regulations regarding the storage of cookies on end devices, available at https://www.gesetze-im-internet.de/ttdsg/

1.3 Rights of data subjects

According to the GDPR, you as a data subject have the following rights in relation to your personal data:

Right to information,
Right to rectification or erasure,
Right to restriction of processing,
Right to data portability,
Right of withdrawal,

If you have given your consent to the processing of your personal data, you can revoke this at any time. Such a revocation affects the admissibility of the processing of your personal data after you have given it to us. The admissibility of the processing of your data up to the time of your revocation remains unaffected.

Right to object,

You can object to the data processing that takes place on the basis of a weighing of interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. e or lit. f GDPR.This is particularly the case if the processing is not required to fulfill a contract with you. Unless it is an objection to direct advertising, we ask that you explain the reasons why we do not use your data as we do when exercising such an objection are to be processed. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 GDPR.

The data protection supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information

North Rhine-Westphalia

PO Box 20 04 44

40102 Dusseldorf

Tel.: 0211/38424-0
Fax: 0211/38424-999
Email: poststelle@ldi.nrw.de

1.4 Data security/ TSL encryption

To access our website, we use the widespread TSL (Transport Socket Layer) method in conjunction with the highest level of encryption supported by your web browser. This is usually a 256-bit encryption. You can tell whether the data is being transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your web browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.

1.5 Duration of storage of personal data

In our data protection information you will find information on the duration of the storage of your personal data and the point in time at which the data will be blocked or deleted.

If no express storage period is specified for the respective data processing, the personal data will be stored until the purpose has been achieved or the legal basis for storage no longer applies, unless further storage is required by statutory provisions to which we are subject (e.g. retention periods under tax law ( § 147 AO) or commercial law (§ 257 HGB)). The storage period of personal data for verification and documentation obligations is generally 3 years. If the purpose of the data processing is achieved beforehand, the personal data will be blocked and deleted after the legal obligations have expired.

1.6 Transfer of personal data

As part of the processing of your personal data, the data may be transmitted and disclosed to natural or legal persons (companies), authorities, institutions or other bodies. Recipients include, for example, IT service providers, payment service providers, banks, tax consultants, lawyers, collection agencies or tax authorities. Your data can also be transmitted within our group of companies.

If we use external service providers to process your data, they are carefully selected, are bound by our instructions and are subject to regular checks. In certain cases, we and the external service provider may be jointly responsible for data processing result. Your data can also be collected by external service providers on their own responsibility.

You will receive more detailed information when you enter your personal data and below in the context of this data protection notice.

1.7 Data processing and transmission to third countries

The processing or transmission can also take place in so-called third countries, i.e. in countries outside the European Economic Area (EEA). This is the case, for example, if the recipient's company headquarters or server location is located there. Third countries are e.g. the USA, but also Great Britain.

According to Art. 44 GDPR, a level of protection comparable to the GDPR should be guaranteed when personal data is processed or transmitted to a third country.

The European Commission has certified that some third countries (e.g. Switzerland, Canada, Argentina, Israel) have an adequate level of data protection through so-called adequacy decisions according to Art. 45 GDPR. You can access a list of these third countries and the adequacy decisions at: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html) .

We would like to point out that the European Court of Justice (ECJ, 16.7.2020 - C-311/18 "Schrems II") has declared the adequacy decision of the EU Commission on the EU-US Privacy Shield to be invalid. Therefore, data transfers to the USA cannot be based on the Privacy Shield.

In the absence of an adequacy decision, appropriate safeguards must be put in place to protect the data subject to compensate for the lack of data protection in a third country. Art. 44 ff. GDPR contains a catalog of legal measures to ensure appropriate guarantees.

To ensure an appropriate level of data protection, the European Commission has published, among other things, so-called Standard Contractual Clauses (Standard Contractual Clauses), which are based on an implementation decision of the EU Commission. These templates contain suitable guarantees within the meaning of Art. 46 Para. 1 S.1 lit d GDPR. With the inclusion of the standard data protection clauses in contractual agreements, the contracting parties undertake to comply with European data protection standards when processing personal data, even if the data is stored, processed and managed in third countries. The decision and the corresponding standard contractual clauses are available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

We will inform you about the details in the respective sections of this data protection notice.

2. Cookies

We use so-called cookies on our website. These are data sets that are created when you visit our website and are stored on your end device (laptop, tablet, smartphone, etc.). When you visit our website again, the information in the data records is sent back to the server and then evaluated. Information is stored in cookies that results in in connection with the specifically used end device.However, this does not mean that we are immediately aware of your identity

Storage of and access to information according to the TTDSG:
Basically, your consent is required for the storage of cookies on your end device according to Section 25 (1) TTDSG. Consent is not required if this is absolutely necessary for the provision of a telemedia service that you have expressly requested, Section 25 (2) No. 2 TTDSG. This affects the core components (e.g. our web shop) as well as calling up functions (e.g. payment function of the web shop). Cookies are to be regarded as technically necessary if certain components or functions of our website cannot be executed when they are omitted.

With regard to their function, a distinction is made between cookies:

Technically necessary cookies: These cookies are absolutely necessary to display the website, to provide and use basic functions and to ensure a high security standard. No information about you will be processed for marketing purposes. Examples:

Shopping cart cookie to save the products selected in our web shop;
Cookies that are always deleted after closing a browser (so-called session cookies);
Cookies for security measures, such as cookies that recognize repeated failed login attempts and thus protect against identity theft;
Cookies for storing essential preferences for the use of our website (e.g. language selection, country of website access);
User input cookies for the temporary storage of user input.

Non-necessary cookies: These include advertising cookies, targeting cookies, integration of content and services from third-party providers. These are used, for example, to integrate interest-based advertising and third-party services on our website or to measure the reach or success of these integrated offers.

Processing of personal data according to the GDPR:
If personal data (e.g. IP address) is processed with and/or after the storage of cookies, the specifications of the GDPR apply to this processing to comply with In particular, the data processing takes place on the basis of a legal basis in accordance with Article 6 (1) sentence 1 lit. a – f GDPR (see section: Relevant legal bases).

Storage duration:
When it comes to storage duration, a distinction is made between session cookies and permanent cookies. Session cookies are deleted again as soon as you close your web browser. Permanent cookies are stored beyond the individual session. These cookies automatically recognize when a website is called up again via your web browser and process the stored data. These cookies are automatically deleted after a defined period of time.

Objection options:
Most web browsers automatically accept cookies. However, you can configure your web browser in such a way that no cookies are stored on your end device or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

You can restrict or completely prevent the setting of cookies in your browser settings.If cookies have already been set, you can have them automatically deleted when you close the browser window. You can find out how to delete cookies in the most common web browsers and change the cookie settings here:

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-erfernen

Apple Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

General information on consent:
If you have expressly consented to the use of cookies, personal data will be stored and processed in accordance with Article 6 Paragraph 1 Sentence 1 lit a GDPR and Section 25 (1) TTDSG. This applies in particular to the use of advertising or targeting cookies. You can revoke this consent at any time.

You can use our Cookie Consent Tool to make settings for your cookie preferences (see also the Cookie Consent Tool section). I.e. With the exception of technically necessary cookies, you can prevent the use of individual or all cookies or revoke your consent. For more information, see this link: https://gdpr-legal-cookie.myshopify.com/pages/datenschutzerklarung

3. Provision of our website

3.1. Log files/ hosting

When you visit our website, the web browser you use automatically sends information to the servers on which our website is hosted. The following information is temporarily stored in so-called log files:

IP address of the requesting device,
Date and time of access,
Name and URL of the retrieved file (referrer URL),
Browser used and, if applicable, the operating system of your end device and the name of your access provider.

The IP address is pseudo-anonymized at server level before it is stored in the log files.

The data processed includes platform data necessary for the provision of platform functionality and customer service as described in Shopify's privacy policy (https://www.shopify.com/legal/privacy).

Service providers/services:
The contents of our website are stored on the server systems (host server) of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada (hereinafter Shopify) and hosted by the Irish subsidiary Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter Shopify).

Order data processing:
Shopify processes the personal data on our behalf on the basis of a data processing agreement. For this purpose, Shopify has added a data processing addendum to the general terms and conditions, which we have accepted for using the services. Shopify processes the personal data on our behalf. In order to fulfill these purposes, your personal data may be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. be transmitted.

The Data Processing Agreement is available at: https://www.shopify.com/legal/dpa

Purpose:
The processing of this personal data serves to display and provide our website, to ensure the security and stability of the website and for administrative purposes

Legal basis(s):
The storage of and access to information on the end device used takes place in accordance with § 25 Para. 2 No. 2 TTDSG. This is technically necessary to make our website available.

According to Article 6 paragraph 1 sentence 1 lit. f GDPR, we have a legitimate interest in data processing for the display and provision of our website, to ensure the security and stability of the website.

Data processing and transmission to third countries:
According to Shopify, it has structured its data streams in such a way that data transmission within Europe is primarily to Shopify's Irish subsidiary (https://help.shopify.com/de/manual/your-account/privacy/GDPR/gdpr-faq#agrees-shopify-standard-contractual-clauses).

In the case of direct transmission of your data to Shopify Inc. in Canada, compliance with an appropriate level of data protection is determined by an adequacy decision by the European Commission. This decision of the European Commission ensures that a third country (i.e. a country not bound by the GDPR) offers an adequate level of protection for personal data. For more information, see: https://ec.europa.eu/info/law/law-topic/data-protection/international- dimension-data-protection/adequacy-decisions_en

You can find more information about Shopify's data protection at: https://www.shopify.de/legal/datenschutz

3.2. Content Delivery Network (CDN)

A content delivery network (CDN) is used for our website, which delivers the web content to the respective end device when our website is accessed. A CDN shortens the loading times of web content (e.g. Java Script libraries, fonts, HTML, CSS or image files), since the files are transferred via fast, local or underutilized servers. Your IP address, among other things, is transmitted for the delivery of the content.

Service providers/services:
Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Data processing and transmission to third countries:
We would like to point out that the provider operates servers in the EU. However, it cannot be ruled out that servers outside the EU will also be used for data processing. With regard to the transfer of personal data from the EU to the USA, Cloudfare uses standard data protection clauses. The standard data protection clauses are intended to ensure an appropriate level of data protection in accordance with the requirements of the GDPR for data transmission to the USA or other third countries outside the EU: https://www.cloudflare.com/privacypolicy/ Cloudfare is committed to protecting your personal information and not sharing it with third parties.

Legal basis(s):
The storage of and access to information on the end device used takes place in accordance with § 25 Para. 2 No. 2 TTDSG. This is technically necessary to make our website available.

The legal basis for data processing is Art. 6 (1) (f) GDPR.The legitimate interest consists in the error-free functioning of the website, as well as in the interest of an appealing and fast presentation as well as a secure and optimized provision of our website

Special possibility of objection:
If you want to avoid the execution of Java scripts altogether, you can install a Java script blocker in your internet browser.

More information on the provider's data protection can be found at: https://www.cloudflare.com/privacypolicy/

3.3 Cookie Consent Tool - GDPR Legal Cookie

When you visit our website, a so-called "cookie-banner" is displayed due to the integration of a corresponding JavaScript code . This offers the possibility of giving express consent for cookies/services that require consent. The cookie content tool ensures that cookies/services that require your consent are only loaded after you have given your consent. The cookie consent tool also sets a technically necessary cookie, which saves your cookie preferences for visiting our website again. For this purpose, an individual user ID, the language, the time and your cookie preferences are stored on the server side and by means of a cookie on the end device based on the consent given. Personal user data is not processed here.

Service provider/services:
We use the cookie consent tool GDPR Legal Cookie from beeclever.

Purpose:
Obtaining effective consent from our website visitors for cookies that require consent and cookie-based applications.

Legal basis(s):
Information is stored on the end device used in accordance with Section 25 (2) No. 2 TTDSG. For the provision of the telemedia service (website) you have expressly requested, the cookies set are technically required for the collection and documentation of cookie settings.

The legal basis for the processing of data that is processed in the context of obtaining consent is Article 6 (1) sentence 1 lit. c GDPR. We are legally obliged to be able to prove that you have given your consent to the measurement process, Art. 7 Para. 1 DSGVO.

Storage period:
The cookies are stored until you revoke your consent. At the latest until the respective cookie expires. The storage period of the respective cookies is specified in the cookie consent tool: which you can access here:

https://gdpr-legal-cookie.myshopify.com/pages/datenschutzerklarung

4. Contact

As a visitor to our website, you have various options for contacting us:

Contact form on website
Email glavaraofficial@gmail.com
By telephone on +49 (0) 15203812705
Postal via Kettengasse 3, 50672 Cologne

When you contact us, the data you provide voluntarily (time of contact, telephone number, IP address if applicable, name, e-mail address, address data, details of your request) will be stored and processed to process your request.

In this context, the data can be stored and processed via an e-mail service provider, our CRM software (Customer Relationship Management) or our host provider.

Purpose:
The purpose of data processing is to process and answer your request

Legal basis(s):
The legal basis is Article 6 Paragraph 1 Sentence 1 lit.

In addition, data processing can be based on the legal basis of Article 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to offer interested parties and our customers various contact options, as well as quick availability for answering requests.

Storage period:
Your data will be deleted after the purpose has been achieved and your contact request has been processed. This depends on the circumstances that indicate that your request has been finally processed and that there are no legal storage obligations to prevent deletion. If there is no longer a legal reason for storage, the data will be deleted.

5. Data processing when fulfilling contractual obligations

We process personal data as part of the initiation, conclusion and implementation of contractual relationships via our website.

These include the following data categories:

Inventory data: such as first name, last name, date of birth
Contact details: email address, phone number
Contract data: Information about orders placed, billing and delivery address
Payment data: Invoice and payment data

Purpose/legal basis(s):
The legal basis is Article 6 Paragraph 1 Sentence 1 lit. provide them voluntarily and consent to the data processing.

The legal basis can also be Art. 6 (1) sentence 1 lit. b GDPR. The data processing is necessary for the provision of our (pre-) contractual obligations, our contractual obligations and the processing of any warranty claims from these contractual relationships.

5.1. Customer account

You can create a customer account in our web shop. The required personal data must be provided during the registration process. You can only access it by entering your user name and the associated password.

During the registration process, your IP address and the time of your activity on our website will be saved.

To complete the registration, you must "activate" your customer account. To protect against data misuse, you will receive an e-mail with an activation link to the e-mail address used during registration (double opt-in procedure). The successful creation of your customer account will then be sent to you by e-mail. If the customer account is not activated within 7 days, your data will be automatically deleted. You can save certain personal data in your customer account. You can view and change the information at any time after registration.

Purpose:
As a registered customer, you can easily and conveniently place orders in our web shop, since you can store the data required for the ordering process. Your customer account allows you to view your orders and save or change your contact details.

For the use of your data stored in the customer account for advertising purposes (e.g.newsletter dispatch) we will always obtain your additional express consent

Legal basis(s):
The legal basis is Article 6 Paragraph 1 Sentence 1 lit consent to customer accounts. According to Article 6 Paragraph 1 Clause 1 Letter b GDPR, the data processing is necessary for the performance of our (pre-)contractual obligations, in particular for the performance of our contractual obligations and the processing of any warranty claims of our customers. According to Article 6 Paragraph 1 Clause 1 Letter c GDPR, since data processing is based on our legitimate interest in protection against unauthorized use.

Storage period:
If you are no longer interested in your customer account, you can cancel it at any time. In the event that the customer account is terminated, we will delete the data stored there immediately, unless there are commercial or tax reasons or other mandatory statutory provisions i.S. of Art. 6 Para. 1 Clause 1. lit. c GDPR. For this reason, you are responsible for backing up your data stored in the customer account in good time before the end of the contract in the event of termination.

5.2. Transfer of personal data to shipping service providers

For the delivery of your order, we work together with the transport service provider DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn (hereinafter "DHL"): For shipping processing, the passed on the following data for delivery or to announce it:

Inventory data: like first name, last name
Contact details: email address for tracking/delivery status notification, postal address

Legal basis(s):
The legal basis for data transfer or processing is Article 6 (1) (b) GDPR. The data will only be passed on if this is necessary for the delivery of the goods.

5.3. Payment processing via PayPal Plus

When processing payments, you can use the services of the payment service provider PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: PayPal). If you select a payment option offered by PayPal, you will be forwarded to a PayPal website as part of your order and your data will be automatically transmitted to PayPal. This shows you that you are leaving our website and accessing external content. The collection, use and storage of your data there is solely the responsibility of PayPal as the site operator.

The transmitted personal data is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data that is necessary for payment processing. Personal data related to the respective order are also required to process the purchase contract.

Automated decision-making:
It is possible that PayPal may also transmit this personal data to credit reporting agencies. This transmission takes place for the purposes of identity and creditworthiness checks. We have no influence on this decision-making and only receive the result as to whether the payment has been made.

Responsibility:
PayPal does not act on our behalf, but processes the personal data under its own responsibility. There is no order processing i.S. of Art. 4 No.8 GDPR It cannot be ruled out that PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of the customer.

Purpose:
The transmission of data is suitable for facilitating payment processing and preventing fraud.

Legal basis(s):
The legal basis for the transfer of data is your consent in accordance with Article 6 (1) (a) GDPR. We have a legitimate interest according to Article 6 Paragraph 1 Letter f GDPR to offer our customers an alternative to payment via bank transfer and thus enable a quick and secure alternative for contract processing. In this context, we pass on the personal data to PayPal, as this is required to fulfill the contract, Art. 6 Para. 1 lit b. GDPR.

Revocation options:
You have the option of revoking your consent to PayPal's handling of personal data at any time. We would like to point out that a revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing.

Regardless of this, you also have the right of withdrawal from us in accordance with the GDPR, see the section entitled Rights of data subjects.

More information can be found in PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

5.4. Payment processing via Shopify Payments

We also use the payment service from Shopify Payments, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2 (hereinafter "Shopify Payments") for uncomplicated and secure payment processing. The available payment methods of the payment service provider Shopify Payments will be displayed to you as part of the purchase process. The technical processing of the payment is carried out by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as "Stripe Payments").

In order to carry out the payment process, the information you provide during the ordering process will be transmitted to Stripe Payments. This includes name, address, account number, IBAN, BIC, credit card number, invoice amount. Personal data related to the respective order (invoice amount, transaction number, etc.) are required to process the payment transaction.

Purpose:
The transmission of data is suitable for facilitating payment processing and preventing fraud.

By selecting this payment option, you agree to the transmission of personal data required for payment processing.

Legal basis(s):
The legal basis for the transfer of data is your consent in accordance with Article 6 (1) (a) GDPR. Our legitimate interest according to Art. 6 Para. 1 lit. f GDPR lies in offering our customers an alternative to payment via bank transfer and thus enabling a faster and more secure conclusion of the contract.

You have the option to revoke your consent to the handling of personal data from Shopify Payments and Stripe Payments at any time.We would like to point out that a revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing

You can find more information on data protection at: https://www.shopify.com/legal/privacy and https:// stripe.com/de/privacy.

5.5. Payment processing via Apple Pay

You can also select the Apple Pay payment method from Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (hereinafter "Apple") for payment in our online shop. In this case, the payment process takes place via the Apple Pay function of your Apple device (operating system macOS, iOS or watchOS). Apple has various authentication and security mechanisms (code entry, verification using "Face ID" or "Touch ID") in the hardware or to release and debit the stored payment card Integrated software of your Apple device.

During the payment process with Apple Pay, we do not receive the actual details of the credit card on file. Instead, a device account number is generated for the stored card and sent to us. This is a randomly generated 16-digit pseudo credit card number. The device account number is transmitted to the associated bank network and assigned to the stored credit card data. We then receive approval for the transaction and send the amount to be paid and your ID to the Apple device you are using. To complete the payment process, you must complete the process by entering a code, verification via "Face ID"- or "Touch ID" - function confirm.

Neither the credit card number nor any other sensitive data is transmitted to us during the entire payment process. In particular, we only receive the Device Account Number and confirmation from the bank that this is linked to a valid card.

According to Apple, the card data required for Apple Pay is not stored on the device or on Apple's servers. The actual card number is therefore not visible to any of the parties involved in a transaction.

Purpose:
The transmission of data is suitable for facilitating payment processing and preventing fraud.

By selecting this payment option, you agree to the transmission of personal data required for payment processing.

Data processing and transmission to third countries:
Apple also processes data in the USA, among other places. With regard to the transfer of personal data from the EU to the USA, Apple claims to use the standard contractual clauses approved by the EU Commission (Article 46 (2) and (3) GDPR). The standard data protection clauses are intended to ensure an appropriate level of data protection in accordance with the provisions of the GDPR for data transmission to the USA or other third countries outside the EU.

Further information on data protection with Apple Pay is available at: https://support.apple.com/de-de/HT203027

5.6.Payment processing via Klarna

We offer you the Klarna payment service from Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna") for payment processing

For payment processing, your personal data from the ordering process (first and last name, street, house number, postal code, city, e-mail address and telephone number) will be transmitted to Klarna. Data about your order (e.g. item, delivery method, invoice amount and IP address) will also be passed on to Klarna for the completion of the payment process.

Automated decision-making:
It is possible that Klarna may also transmit this personal data to credit reporting agencies. This transmission takes place for the purposes of identity and creditworthiness checks. We have no influence on this decision-making and only receive the result whether the payment has been made.

The credit check can be based on probability values (so-called score values). With the data received, a statistical probability of non-payment can be calculated on the basis of a recognized statistical method. Klarna reserves the right to use this information to decide on the establishment, implementation or termination of the contractual relationship.

You can find information about the forwarding of your data to credit agencies at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

Purpose:
The transmission of data is suitable for facilitating payment processing and preventing fraud.

You can withdraw your consent at any time by notifying us or Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.

Your personal data will be processed and stored in accordance with the applicable data protection regulations and Klarna's data protection regulations for users in Germany. Klarna's data protection regulations can be found at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

6. Goods availability notification by email

In the event that an item is not directly available in our web shop, we offer you the option of being notified by e-mail as soon as the item is available again in our range.

You can register for our e-mail notification service. You will receive an e-mail from us when the item in question is available.

When registering, you must enter your email address. Providing further data is voluntary and is used, for example, to be able to address you personally. We store your IP address, the date and time of registration for the notification service and your other voluntary information.

To activate the notification, we will then send you an email with a confirmation link.Only after clicking on this link will you receive the availability notification by e-mail to this e-mail address

Purpose:
The data processing is suitable for informing interested customers about the availability of certain items in our web shop.

Legal basis(s):
The legal basis for the transfer of data is your consent in accordance with Article 6 (1) (a) GDPR.

Revocation option:
You can unsubscribe from the e-mail notification service at any time by sending an e-mail to glavaraofficial@gmail.com. If you unsubscribe, your e-mail address will be deleted immediately from the e-mail distribution list, insofar as we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7. Newsletter

You can register for our newsletter on our website. If you register for our newsletter, we, or an external service provider commissioned by us, can process the following information (including personal data):

Contact details (e.g. email address, phone number)
Inventory data (e.g. name, address data)
Usage data (e.g. date and time of registration, access times, page views, information on content interests)
Metadata (e.g.: IP address, device information, language settings)
Action data (e.g.: registration, updates, unsubscribe from the newsletter)

Entering your e-mail address is generally sufficient to register for our newsletter. If necessary, we ask you to provide further information that enables a personal address in the newsletter or information that is specifically required for the respective newsletter campaign.

Purpose/legal basis(s):
When registering for the newsletter, you agree to the processing of your personal data in accordance with Article 6 Paragraph 1 Sentence 1 lit. In the case of direct marketing, we can send existing customers advertising for similar products or services that were advertised without prior consent in accordance with Section 7 (3) UWG.

Your explicit consent to the processing of measurement data (e.g. click rates or opening rates) is also required. The legal basis for the processing of cookie and measurement data is your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR. The purpose of processing the cookie and measurement data (success measurement) is to be able to track the success and reach of our newsletter.

In the event that consent is not required, the newsletter will be sent on the basis of the legitimate interest in professional customer communication and sales promotion with direct marketing, as well as the prevention of misuse of our newsletter in accordance with Article 6 Para. 1 S.1 lit. f GDPR. We also have a legitimate interest in documenting the consent you have given in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR.

Right of withdrawal:

You have the right to revoke your consent at any time with effect for the future and to unsubscribe from the newsletter. You can revoke your consent simply by clicking on the link provided for this purpose in our newsletter. You can communicate your right of withdrawal of consent at any time to our contact details above, preferably by email to glavaraofficial@gmail.com.

The personal data will be processed and stored until the consent is revoked or the purpose has been achieved. In order to exercise our legitimate interest in the documentation of a previously given consent, we store the e-mail address for up to three years after exercising your right of withdrawal. In this case, processing is limited to the purpose of providing evidence.

Personal data can be deleted at any time if the previous consent is confirmed at the same time.

A separate revocation of the processing of cookie and measurement data is not possible. In this case, the consent to the entire newsletter dispatch must be revoked or objected to.

Right to object:

If the processing of your data is not covered by your consent, you have the right to object. You can send or inform us of your objection at any time (e.g. by email to glavaraofficial@gmail.com).

If the objection is to apply permanently for the future, the e-mail address will be entered in a so-called blacklist for this purpose in order to prevent renewed registration and use of the newsletter.

We can commission an external service provider to send the newsletter. In the following section you will find further information on the service provider and data processing.

7.1. Newsletter tracking - Klaviyo

We use the Klaviyo service from the provider Klaviyo, 125 Summer St, Boston, MA 02110, for sending and evaluating newsletter campaigns, automated e-mail dispatch or follow-up e-mails. USA (hereinafter: Klaviyo).

Klaviyo stores the data transmitted during the newsletter registration. Among other things, the IP address and the date of entry are saved as proof of your registration. Your data will be entered in so-called mailing lists. In addition, your e-mail address, your name, location-related and demographic information (language, location) are processed and stored.

This information is used by Klaviyo to send e-mails and to enable Klaviyo services such as evaluating newsletter campaigns. Klaviyo also uses the transmitted data to improve its own services. For example, Klaviyo can technically optimize the newsletter dispatch or determine the regional user numbers.

E-mails sent via Klaviyo may contain so-called"web beacons" (invisible pixel files). These invisible pixel files are included in the e-mails and are retrieved from Klaviyo's servers when the e-mail is opened. It is therefore possible to analyze user reactions to our newsletter. For example, Klaviyo can recognize whether a newsletter was opened, the time the e-mail was opened and whether the links contained were clicked on. This data can be used to create usage profiles. This data is stored and processed by Klaviyo on their servers.

Order data processing:
Klaviyo processes personal data on our behalf. We have therefore concluded an order processing contract in accordance with Art. 28 GDPR. Klaviyo undertakes to process the personal data only in accordance with our instructions. Klaviyo's data processing terms, which correspond to the Standard Contractual Clauses, can be found at https://www.klaviyo.com/legal/dpa.

Purpose:
We use Klaviyo's services to send, analyze and evaluate our newsletters. Based on the statistical survey and evaluation of the results provided by Klaviyo, we can Adjust future mailing to relevant content and targeted advertising and our.

Data processing and transmission to third countries:
Klaviyo has its headquarters in the USA (third country) and stores the data on US servers. Klaviyo uses so-called standard contractual clauses according to Art. 46 Para. 2 and Para. 3 DSGVO as the basis for data processing or data transfer to a third country. The standard contractual clauses of the EU Commission have been integrated as an addendum on data processing, which automatically becomes part of the terms of use.

Legal basis(s):
The storage of and access to information on the end device used is based on your express consent in accordance with Section 25 (1) TTDSG.

The legal basis for the processing of personal data required for the technical provision of the newsletter to you, as well as for the processing of cookie and measurement data, is your consent in accordance with Article 6 (1) (a) GDPR. In addition, the newsletter is sent on the basis of the legitimate interest in professional customer communication and sales promotion with direct marketing in accordance with Article 6 (1) sentence 1 lit. f GDPR.

Revocation option:
You can revoke your consent at any time by clicking on the link provided for this purpose in our newsletter. In addition, you are entitled to the revocation options stated in this data protection notice (see Klaviyo newsletter dispatch). If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

For more information, see Klaviyo's privacy policy at: https://www.klaviyo.com/privacy

7.2. Shopify Email

We use Shopify Email, a newsletter delivery service from Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, to send our email newsletter , Ireland (hereinafter: Shopify International Limited).

The purpose of the data processing is the dispatch and the statistical evaluation of the newsletter campaigns. The aim is to adapt future newsletter campaigns to the interests of our customers. The purpose of processing the pseudonymised measurement data is to be able to track the success and reach of our newsletter campaigns. In this way we receive information as to whether you open a newsletter message and, if so, which links you click on and get to our website. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system).

The data is only collected in pseudonymised form and is not linked to your other personal data; Shopify excludes any direct personal reference.

Data processing and transmission to third countries:
When you register for our newsletter, the personal data you provide will be transmitted to Shopify International Limited. As part of the aforementioned services by Shopify International Limited, data can also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada as part of further processing on behalf of Shopify. In this case of data transmission to Shopify Inc.in Canada, the appropriate level of data protection is guaranteed by the adequacy decision of the European Commission

Legal basis(s):
The storage of and access to information on the end device used is based on your express consent in accordance with Section 25 (1) TTDSG.

In addition, Shopify International Limited can use this data in accordance with Art. 6 (1) (f) GDPR itself based on its own legitimate interest in optimizing the services offered and for market research purposes. However, Shopify International Limited does not use the data of our newsletter subscribers to contact you itself or to pass the data on to third parties.

Revocation option:
You can revoke your consent at any time by clicking on the link provided for this purpose in our newsletter. In addition, you are entitled to the revocation options stated in this data protection notice (see xxx newsletter dispatch). If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

You can view Shopify International Limited's privacy policy here: https://www.shopify.de/legal/datenschutz

8. Web analytics and marketing services

8.1. General note on Google services

On our website we use various web analysis services from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, and the subsidiary Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ( successornd "Google").

Processed data:
Google collects and processes personal data due to the integration of Google services. According to Google's own statements, data such as the IP address, log data, location-related information, application numbers, cookies and similar technologies are processed. Google can create user profiles based on the stored data and evaluate them for marketing purposes, market research and the optimization and design of its own services. Information on the cookies provided can be found at: https://policies.google.com/technologies/types.

Data processing and transmission to third countries:
Google's parent company has its headquarters in the USA (third country) and also stores data on US servers. Google uses so-called standard contractual clauses according to Art. 46 Para. 2 and Para. 3 DSGVO as a basis for data processing or data transfer to a third country. The standard contractual clauses of the EU Commission integrate provisions on data processing, which are part of the terms of use. You can find more information about the standard contractual clauses at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data- protection/standard-contractual-clauses -scc/standard-contractual-clauses-international-transfers_de and under https://business.safety.google/adsprocessorterms/

We would like to point out that if you visit our website and log in to your Google account at the same time, Google can add the processed information to your account depending on your account settings and process it as personal data. You can link this data directly prevent this by logging out of your Google account before visiting our website.

You can find information about data protection settings at Google at: https://safety.google/privacy/privacy- controls/

Below you will find further information on the Google services used.

8.2. Google Analytics

We use the web tracking tool Google Analytics from Google on our website. Google Analytics uses cookies and web beacons (invisible pixel files), which are stored on your end device. Google processes the information collected on our behalf in order to evaluate your user behavior on our website and to compile reports on website activity. The purpose of our use of the tool is to enable the analysis of your user interactions on the website and to improve our offer through the statistics and reports obtained.

Google also uses the information to provide us with other services related to website activity and internet usage. The purpose is to analyze the usage behavior on our website and to continuously make our website and our offer more user-friendly and to improve them.

We only use Google Analytics with activated IP anonymization ("anonymize IP"). The information generated by the cookies and web beacons is transmitted to and stored by Google servers, which are also located in the USA. Due to the IP anonymization, your IP address will be shortened and incompletely transmitted by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server and shortened there.

Order processing in accordance with Art. 28 GDPR:

We have concluded the "Order data processing terms for Google advertising products" (Google Ads Data Processing Terms) with Google for order processing in accordance with Article 28 GDPR. The contractual partner is Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland. Google processes the data on our behalf in order to evaluate your use of the website and to provide us with reports on website activity. Google may pass on this information if required by law or if subcontractors process this data on Google's behalf. Within the scope of order processing, Google is entitled to commission third parties. You can access a list of these companies at: https://privacy.google.com/businesses/subprocessors/.

Legal basis(s):
The storage of and access to information on the end device used is based on your express consent in accordance with Section 25 (1) TTDSG.

The legal basis for the processing of personal data described here is your express consent in accordance with Article 6 (1) (a) GDPR. The legal basis for the processing of data that is processed in the context of obtaining consent is Article 6 (1) (c) GDPR.We are legally obliged to be able to prove the consent you have given, Art. 7 Para. 1 DSGVO.

Storage period:
Your personal data will be deleted or made anonymous after 14 months (shortest storage period).

Revocation options:
You can revoke your consent at any time with effect for the future. This is possible by installing the following browser add-on from Google: http://tools.google.com/dlpage/gaoptout?hl=de

You can also revoke your consent to the use of Google Analytics cookies at any time via our cookie consent tool (see the section on cookie consent tool).

You can find more information about Google Analytics and data protection at: http://www.google.de/intl/de/policies/privacy/ and https://privacy.google.com/ businesses/adsservices/

Please also read the general information on data processing and storage by Google (Section 6.1. of this data protection notice).

8.3. Google Ads and Google Conversion Tracking

We use the Google Ads marketing tool and the Google Conversion Tracking analysis tool to evaluate the advertising campaigns. With Google Ads, you can be shown banner ads tailored to your interests to inform you about our products or our company. The advertisements are e.g. recognizable within the search results of the Google search engine by the reference “Advertisement”.

If you see one of our Google ads and click on it, you will be redirected to our website. During this process, a conversion tracking cookie is stored on your end device. Based on the stored cookie, Google and us can see that you have been redirected to our website as a result of the Google advertisement. Likewise, the renewed visit to our website is recognizable for us and Google if the cookie set on the end device has not yet expired. The validity of the cookies expires after one year.

We use Google Ads with the additional application Google Conversion Tracking. This is a tool with which we can check the success of our Google Ads advertising campaigns and optimize future advertising campaigns. For this purpose, the advertisements are provided with a technical precaution, e.g. an ID, with which we can determine how a user interacts after clicking on the advertisements and whether one of our services is actually used. This gives us a statistical evaluation of the success of the ads (total number of users of our ads), which ads are particularly popular and, if necessary, further information about redirects to our offers.

Order processing in accordance with Art. 28 GDPR:
We have signed the "Order data processing conditions for Google advertising products" (Google Ads Data Processing Terms) completed. The contractual partner is Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland. Google processes the data on our behalf in order to evaluate your use of the website and to provide us with reports on website activity. Google may transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. Within the scope of order processing, Google is entitled to commission third parties. You can access a list of these companies at: https://privacy.googlecom/businesses/subprocessors/

Purpose:
By integrating Google Ads, we pursue the purpose of placing interest-based and target group-oriented advertisements.

Legal basis(s):
The storage of and access to information on the end device used is based on your express consent in accordance with Section 25 (1) TTDSG.

The legal basis for the processing of your personal data is your consent in accordance with Article 6 (1) (a) GDPR. You can make the appropriate setting in the cookie content tool used. The legal basis for the processing of data that is processed in the context of obtaining consent is Article 6 (1) (c) GDPR. We are legally obliged to be able to prove that you have given your consent to the measurement process, Art. 7 Para. 1 DSGVO.

You can also find more information at: https://privacy.google.com/businesses/adsservices/.

Please also read the general information on data processing and storage by Google (Section 6.1. of this data protection notice).

8.4. Google Tag Manager

We use the Google Tag Manager as a tag management system on our website. The Tag Manager facilitates the implementation of web analysis tools such as Google Analytics or Google Ads. With this online tool we can centrally integrate and manage tags (e.g. tracking codes, conversion pixel files) on our website. The Google Tag Manager itself does not use cookies and no data is stored. The tags are set for web analysis tools that record your website visit and your interactions on our website. The evaluation of the data itself is not possible with the Google Tag Manager.

Due to the settings in our Google Tag Manager, only anonymous data is transmitted to Google. This is data about our use of Google Tag Manager. As far as we know, Google also uses the data collected in this way (anonymized) for its own purposes. In this respect, we refer to the data protection declaration of Google.

Order processing in accordance with Art. 28 GDPR:
We have signed the "Order data processing conditions for Google advertising products" (Google Ads Data Processing Terms) completed. The contractual partner is Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland. Google processes the data on our behalf in order to evaluate your use of the website and to provide us with reports on website activity. Google may pass on this information if required by law or if subcontractors process this data on Google's behalf. Within the scope of order processing, Google is entitled to commission third parties. You can access a list of these companies at: https://privacy.google.com/businesses/subprocessors/

You can find more information about the Google Tag Manager in the FAQs at: https://www.google.com/intl/de/tagmanager/faq.html .

Please also read the general information on data processing and storage by Google (Section 6.1. of this data protection notice).

9.Facebook fan page and Facebook insights

We have set up a fan page for our company on the Facebook platform (hereinafter: Facebook) of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: Meta Platforms). Meta Platforms provides us with analysis services , Facebook Insights, provides page statistics that give us insights into how Facebook users interact with us and the content associated with us. The statistics are created based on certain events that are logged by the Facebook servers when users interact with pages and the content associated with them.

Events are generated from different data resources:

These can be actions on Facebook (e.g. subscribe or unsubscribe to the page, comment on, share or react to a page post, hide a page post or report it as spam) or
Information about actions, the people who performed the action, and technical information about the browser or app used.

For these purposes, cookies are stored on the end devices of the users, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

According to its own statements, Meta Platforms can process the following personal data in particular:

Device information (e.g. browser type, operating system, language settings, cookie data; see under "Device information" in the Facebook data policy: https://www .facebook.com/policy);
IP address;
Demographic information (e.g. age, gender, country/city);
Events (e.g. marking a page or a post with "Like" or "Unlike", Subscribe to or unsubscribe from the page, comment on, share or react to a page post , hide page post or report as spam, click behavior, page views, see "Things you and others make and provide" in the Facebook data policy: https: //www.facebook.com/policy);
Cookie data and similar technologies (e.g. web beacons).

The scope of the processing of your personal data when you visit our Facebook fan page depends on whether you have a Facebook account and are logged in to Facebook during the visit. If you have a Facebook account, Meta Platforms can assign the data to your account and create corresponding usage profiles about you.

If you have not set up a Facebook account and visit our Facebook fan page, Meta Platforms can also store personal data due to the use of cookies or similar technologies (e.g. web beacons).

You can find a list of the processing of personal data at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Meta Platforms only provides us with Facebook Insights anonymous statistics based on events about the use of our fan page. Based on this data, we cannot identify the specific user of a specific interaction.

Joint responsibility according to Art.: 26 GDPR:
The personal data are collected by Meta Platforms and us as joint controllers within the meaning of Art. 26 GDPR.We have entered into a joint controllership agreement with Meta Platforms. Available at: (https://www.facebook.com/legal/terms/page_controller_addendum).

In the following we inform you about the essential information agreement in accordance with Article 26 (3) GDPR

Primary responsibility of Meta Platforms:
The agreement stipulates that Meta Platforms assumes the fulfillment of the obligations under the GDPR for data processing:

Fulfillment of information obligations according to Articles 12 and 13 GDPR.
Rights of data subjects (e.g. right to information or right to erasure, objection to data processing
or a revocation of a given consent) according to Art. 15 to 21 DSGVO, as well as the information obligation according to Art. 33 DSGVO and the right to information according to Art. 34 DSGVO can be asserted directly against Meta Platforms.
Meta Platforms takes appropriate technical and organizational measures in accordance with Art. 32 GDPR to ensure the security of the processing.

You can find information on the legal bases and purposes of processing for data processing by Meta Platforms at: https://www.facebook.com/about/privacy/legal_bases.

Despite the agreed primary responsibility of Meta Platforms, you can, of course, assert your data subject rights under the GDPR directly against us. Per the agreement, we will promptly forward data subject requests to Meta Platforms via a form provided.

We are responsible for ensuring that our processing of the Insights data only takes place on a legal basis and to protect our legitimate interests. In addition, you will find the respective information and contact details in the sections "Responsible person according to Art. 4 No. 7 DSGVO" and "Data protection officer".

Purpose/legal basis(s):
The legal basis for the processing of personal data is your consent in accordance with Article 6 (1) (a) GDPR. In addition, we have a legitimate interest in measuring the reach of our advertising campaigns, our posts and other activities as well as our Facebook fan page and optimizing it for the future, Article 6 Paragraph 1 lit. f GDPR. This is also the purpose of the statistical evaluations of the interactions of Facebook users on our Facebook fan page.

Data processing and transmission to third countries:
Meta Platforms also processes and transmits personal data to the USA (third country). To ensure an adequate level of data protection, we have concluded an agreement that contains the standard contractual clauses. The agreement is available at: https://www.facebook.com/legal/EU_data_transfer_addendum;

You can find more information about data protection on the Facebook platform at: https://www.facebook.com/about/privacy;

Information as described in the Facebook privacy policy under "What types of information do we collect?" is available at: https://www.facebook.com/policy.

Information on the use of cookies and similar technologies can be found in the Meta Platforms cookie policy: https://www.facebook.com/policies/cookies/

9.1. Facebook Conversions API

On our website, a Facebook Conversion API is also used as a server-side tracking tool for the aforementioned Meta Platforms events.

Purpose:

By integrating the Facebook Conversion API, we pursue the purpose of switching interest-based and target group-oriented advertisements

Legal basis(s):
The legal basis for the processing of personal data is your consent in accordance with Article 6 (1) (a) GDPR. You can make the appropriate setting in the cookie content tool used. The legal basis for the processing of data that is processed in the context of obtaining consent is Article 6 (1) (c) GDPR. We are legally obliged to be able to prove that you have given your consent to the measurement process, Art. 7 Para. 1 DSGVO.

You can find out more about the data processed by using the Facebook Conversions API at: https://www.facebook.com/about/privacy

9.2. Facebook Custom Audiences

Facebook Custom Audiences is also used on our website as a server-side tracking tool for the aforementioned Meta Platforms events.

Purpose:
Through the integration, we pursue the purpose of placing interest-based and target group-oriented advertisements.

You can find out more about the data processed by using the Facebook Conversions API at: https://www.facebook.com/about/privacy

10. TikTok profile and TikTok analysis tools

We have set up a profile for our company on the TikTok platform from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter: TikTok). References to "TikTok" refer to TikTok Information Technologies UK Limited, with registered office at 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom and TikTok Technology Limited, with registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Both companies act jointly in their capacity as data controllers.

TikTok provides us with so-called "TikTok business products", e.g."Engagement Custom Audiences", "App Activity Custom Audiences" or "Website Traffic Custom Audiences", available. These tools provide us with insights into how users on the TikTok platform and our website interact with us and with the content associated with us to interact. The statistics are generated based on specific events logged by the TikTok servers.

Events means information that TikTok processes and stores in connection with the use of the TikTok advertising tools about people or their devices (including HTTP header information such as user agent, IP address, country, language and information about the web browser or app used), as well as actions that you carry out in relation to advertising campaigns on the TikTok platform. In the case of actions (e.g. clicking on an advertisement, the following actions can be processed and stored as event data:

Actions you take in relation to advertising campaigns on the TikTok platform;
Actions you take outside of the TikTok platform, e.g. B. on our website (or those of third parties) and in apps, including visits to your websites, installation of your apps and purchases of your products.

With the TikTok Custom Audience tool, we are able to place interest-based and target group-oriented advertisements for our customers, profile visitors and potential customers.

TikTok only provides us with the TikTok Business products anonymous statistics based on events about the use of our TikTok profile. Based on this data, we cannot identify the specific user of a specific interaction.

The scope of the processing of your personal data when you visit our website or our TikTok profile depends on whether you have a TikTok profile and are logged in to TikTok during the visit. If you have a TikTok profile, TikTok can assign the data to your profile and create corresponding usage profiles about you. If you have not set up a TikTok profile and call up our TikTok profile, TikTok can also store personal data due to the use of cookies or similar technologies (e.g. web beacons).

When TikTok processes personal data in connection with the provision of TikTok business products, this happens:

as a processor in data processing

when using the Custom Audiences tool;
when using contact details matching;
when using the lead generation tool;

as joint controller at

Collection and transmission of developer data and/or event data by (and to) TikTok;
Measurement and insight reporting.

Joint responsibility according to Art.: 26 GDPR:
The personal data are collected by TikTok and us as joint controllers within the meaning of Art. 26 GDPR. We have entered into a joint controllership agreement with TikTok.You can find a list of the processing of personal data at: (https://adstiktok.com/i18n/official/policy/jurisdiction-specific-terms). The categories of data processed include:

Contact details (such as email, phone numbers);
Content data (such as entries in online forms);
Usage data (such as websites visited, interest in content, access times);
Meta/communication data (such as device information, IP addresses).

In the following we will inform you about the essential information about the agreement in accordance with Article 26 (3) GDPR.

Primary responsibility of TikTok:
The agreement stipulates that TikTok assumes the fulfillment of the obligations under the GDPR for data processing:

Fulfillment of information obligations according to Articles 12 and 13 GDPR.
Rights of data subjects (e.g. right to information or deletion, objection to data processing or revocation of a given consent) according to Art. 15 to 21 DSGVO, as well as the information obligation according to Art. 33 DSGVO and the right to information according to Art. 34 DSGVO can be communicated directly to TikTok can be claimed.
TikTok takes appropriate technical and organizational measures in accordance with Art. 32 GDPR to ensure the security of processing.

You can find information on the legal bases and purposes of data processing by TikTok at: https://www.tiktok.com/legal/report/privacy

Despite the agreed primary responsibility of TikTok, you can of course assert your rights as a data subject under the GDPR directly against us. According to the agreement, we will immediately forward the requests of data subjects to TikTok via a form provided.

We are responsible for ensuring that our data processing is only carried out on a legal basis and to protect our legitimate interests. In addition, in the sections "Responsible person according to Art. 4 No. 7 DSGVO" and "Data protection officer" you will find the respective information and d contact details.

Purpose/legal basis(s):
The legal basis for the processing of personal data is your consent in accordance with Article 6 (1) (a) GDPR. In addition, we have a legitimate interest in measuring the reach of our advertising campaigns, our contributions and other activities as well as our TikTok profile and optimizing it for the future, Article 6 Paragraph 1 lit. f GDPR. This is also the purpose of the statistical evaluations of the interactions of visitors on our TikTok profile.

Data processing and transmission to third countries:
TikTok also processes and transmits personal data outside the EU to third countries. To ensure an appropriate level of data protection, we have concluded agreements that contain standard contractual clauses. The Agreement is available at: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms

In the case of direct transmission of your data to TikTok Information Technologies UK Limited, compliance with an appropriate level of data protection is determined by an adequacy decision by the European Commission. This decision of the European Commission ensures that a third country (i.e. a country not bound by the GDPR) offers an adequate level of protection for personal data.For more information, see: https://eceuropa.eu/info/law/law-topic/data- protection/international-dimension-data-protection/adequacy-decisions_en

In addition, we ask that you only consent to these tools if you agree to the possible data transfer to the USA or China: An appropriate level of data protection is currently not ensured for the transfer of personal data to the USA or China . Your data may be subject to access by authorities for control and monitoring purposes, against which neither effective legal remedies nor the rights of those affected can be enforced. Therefore, please only consent if you agree to the transfer of your data to third countries.

You can find more information about data protection at TikTok under:

https://www.tiktok.com/legal/report/privacy

11. Other plugins and integration of content from external service providers

We integrate services and content (hereinafter: services) from external service providers into our website. In principle, the required data is retrieved from the servers of the respective service provider when the services are activated or used. The service provider processes your IP address to integrate the content. The IP address is therefore required for the display of this content or functions. We will inform you below about further processing of personal data:

We would like to point out that third-party providers can use so-called pixel tags for statistical or marketing purposes. These are invisible graphics, which are also referred to as "web beacons" . Using these, it is possible to evaluate various information, such as in particular visitor traffic, on this website this pseudonymous information is stored in cookies on your end device and contains technical information about your browser and your operating system, referring websites or visit times as well as other information on the use of our online offer.It is also possible that this information is also linked to such information from other sources

When using the services of third parties, the terms and conditions and the data protection information of the respective provider apply, which can be found on the respective website or the transaction applications.

11.1. Web fonts

For the uniform display of texts and fonts When using web fonts, the fonts displayed on a website are loaded into your Internet browser's cache memory. For this purpose, the Internet browser you are using establishes a connection to external servers to retrieve the web fonts. This can also result in the transmission of personal data to the web font servers. Among other things, the IP address is also transmitted automatically.

Services/service providers:
We integrate the web fonts from Google (hereinafter: Google Fonts) on our website. Google Fonts is delivered via Google servers.

Legal basis(s):
The legal basis for use is Article 6 Paragraph 1 Sentence 1 lit.

The integration is based on our legitimate interests in a technically secure, low-maintenance and efficient display of fonts in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR.

Data processing and transmission to third countries:
The parent company of Google has its headquarters in the USA (third country) and also stores data on US servers Google uses so-called standard contractual clauses according to Art. 46. Para. 2 and Para. 3 GDPR as the basis for data processing or data transfer to a third country. The standard contractual clauses of the EU Commission have been integrated into the provisions on data processing.

Further information on the purpose and scope of data collection, its processing and further information on setting options for data protection: https://policies.google.com/privacy

11.2. Google reCAPTCHA service

We use the Captcha service "reCAPTCHA" from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to check form submissions. So-called Captcha services can recognize whether a form has been entered automatically by a computer program (bots). The processed data includes IP addresses, location information, if applicable, as well as information on operating systems, device information or browser information. Data on visit times on websites and previously accessed websites can also be recorded and processed. There is a possibility that Google's data will be merged with other Google services.

Automated decision-making:
Google automatically determines whether a human input is involved by determining a score value. Only when the entry reaches a certain score value is the entry evaluated positively and sent.

Legal basis(s):
The legal basis for use is Article 6 Paragraph 1 Sentence 1 lit.

Further information on the purpose and scope of data collection, its processing and further information on setting options for data protection: https://policies.google.com/privacy

Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Advertising settings: https://adssettings.google.com/authenticated.

12. Social media platforms and external links

In addition to this website, we also maintain a presence on social media platforms, which you can also access via appropriate links on our website. If you visit such a presence, personal data may be transmitted to the provider of the platform.

Our website also contains references and links to:

Instagram (operator: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Facebook (operator: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
TikTok (operator: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380 Ireland
Pinterest (operator: Pinterest Europe Ltd.Palmerston House, 2nd Floor Fenian Street Dublin 2, Ireland)

This includes:

IP address of the requesting device,
Time and date of access,
Name and URL of the retrieved file (referrer URL),
browser used and, if applicable, the operating system of the end device.

In the event that you are logged in to your personal user account on the respective platform while visiting our website and being forwarded to the social media platform, this process can be assigned to your user account. There is also the possibility that they will process further data and information from you that goes beyond what you have specifically entered in this social network. The purpose and scope of the data collection by the respective platform and the further processing of your data as well as your rights in this regard can be found in the respective provisions of the respective person responsible

Note: We have no influence on the content and design of the websites of external providers. These data protection notices do not apply there.

The purpose and scope of the data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the respective provisions of the respective person responsible, e.g. at:

Instagram: https://www.instagram.com/about/legal/privacy/before-january-19-2013/
Facebook: https://www.facebook.com/help/568137493302217
TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=de
Pinterest: https://policy.pinterest.com/de/privacy-policy

13. Definitions

Our data protection information is based on the following definitions of Art. 4 GDPR:

"Personal data" (Art. 4 No. 1 GDPR) is all information relating to an identified or identifiable natural person ("data subject"). A person can be identified if they can be identified directly or indirectly, in particular by means of an assignment to an identifier such as a name, an identification number, an online identifier, location data or using information about their physical, physiological, genetic, psychological, economic, cultural or social identity characteristics can be identified. The identifiability can also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or sound recordings can also contain personal data).

"Processing" (Art. 4 No. 2 GDPR) is any process in which personal data is handled, whether with or without the help of automated (i.e. technology-supported) processes. In particular, this includes collecting (ie acquiring), recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosing through transmission, distribution or other provision, comparison , the linking, the restriction, the deletion or the destruction of personal data as well as the change of an objective or purpose on which data processing was originally based.

"Responsible person" (Art. 4 No.7 GDPR) is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data

"Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible, in particular in accordance with his instructions , processed (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.

"Third party" (Art. 4 No. 10 GDPR) is any natural or legal person, authority, institution or other body other than the data subject, the person responsible, the processor and the persons who are under the direct responsibility of the controllers or processors are authorized to process the personal data; this also includes other corporate legal entities.

"Consent" (Art. 4 No. 11 GDPR) of the data subject means any voluntarily given, informed and unequivocal expression of will in the specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data.

14. Updating and changing this privacy policy

This data protection declaration is currently valid and has the status March 2022. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://glavara.com/datenschutz .

Recently viewed

DATA PROTECTION

Recently viewed

No more products available for purchase