Privacy policy
We explain how we handle your personal data in this privacy policy. The applicable data protection law, in particular the General Data Protection Regulation (GDPR), shall apply. With the exception of the service providers and third-party vendors we name in this privacy policy, we do not share any data with third parties. If you have any questions, please feel free to contact us.
Content
- Responsible
- General information
- Website hosting
- Cookies, tracking pixels and mobile identifiers
- Contact
- Sweepstakes
- Affiliate links
- Surveys
- Newsletter
- Comments
- Registration for a user account
- Orders and payment processing
- Other third party services
- Profiles in social networks
- Rights of data subjects
Responsible
Responsible for data processing is
The provider is IONOS SE
Elgendorfer Str. 57
56410 Montabaur
General information
For a use of our website is usually neither legally nor contractually required to provide personal data. Insofar as the provision of data is necessary for the conclusion of a contract or the user is obligated to provide personal data, we will inform the user of this circumstance and the consequences of not providing the data in this privacy policy.
Data transfer to third countries
We may use service providers and third parties located in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place, unless the user has consented to the data transfer, on the basis of an adequacy decision of the European Commission (Article 45 GDPR) or we have provided appropriate safeguards to ensure data protection (Article 46 GDPR). Insofar as an adequacy decision of the European Commission exists for the transfer of data to a third country, we refer to this in this privacy policy. In all other respects, users may obtain a copy of the appropriate safeguards, if not already included in the privacy statements of the service providers or third parties, from us.
If we use automated decision-making including profiling, we will inform you in this privacy statement about this circumstance, about the logic involved and the scope and intended effects of such processing. Otherwise, automated decision-making does not take place.
Website hosting
Each time our website is called up, the user’s browser transmits various data. For the duration of the visit to the website, the following data is processed and stored in log files even after the end of the connection:
- Browser type and version used
- Operating system
- Retrieved pages and files
- Amount of data transferred
- Date and time of retrieval
- Provider of the user
- IP address in anonymized form
- Referrer URL
The processing of this data is necessary to deliver the website to the user and to optimize it for his terminal device. The storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are anonymized before being stored in log files.
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to provide the website and improve website security. Log files are automatically deleted after 30 days.
Cookies, tracking pixels and mobile identifiers
On our website, we use technologies to recognize the end device used. These can be cookies, tracking pixels and/or mobile identifiers.
The recognition of a terminal device can basically be done for different purposes. It may be necessary to provide functions of our website, for example to provide a shopping cart. In addition, the aforementioned technologies may be used to track the behavior of users on the site, for example for advertising purposes. We describe separately in this privacy policy which technologies we use in detail and for which purposes.
For a better understanding, we explain below in general how cookies, tracking pixels and mobile identifiers work:
-
Cookies are small text files that contain certain information and are stored on the user’s terminal device. In most cases, this is an identification number that is assigned to a terminal device (cookie ID).
-
A tracking pixel is a transparent graphic file that is embedded on a page and enables log file analysis.
-
A mobile identifier is a unique number (mobile ID) that is stored on a mobile device and can be read by a website.
Cookies may be necessary for our website to function properly. The legal basis for the use of such cookies is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to provide the functions of our website.
We use cookies that are not required for the operation of our website in order to make our offer more user-friendly or to be able to track the use of our website. The legal basis here depends on whether the user’s consent must be obtained or we can invoke a legitimate interest. The user can revoke a given consent at any time, among other things, through the settings in his browser.
The user can prevent and object to the processing of data using cookies by making the appropriate settings in his browser. In case of objection, not all functions of our website may be available. We provide separate information on other options for objecting to the processing of personal data by cookies in this privacy policy. Where appropriate, we will provide links that can be used to object. These are labeled “Opt-Out”.
To obtain and manage consent from our users, we use Borlabs Cookie. This is a plugin for WordPress that does not transmit any personal data to a third-party provider. The following link can be used to make settings for storing cookies on our site: Cookie settings
Contact
In the event of contact, we process the user’s details, date and time for the purpose of processing the inquiry, including any queries.
The legal basis for data processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to respond to the requests of our users. Additional legal basis is Art. 6 para. 1 UAbs. 1 letter b) DSGVO, if the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.
The data will be deleted as soon as the request, including any queries, has been answered. We check at regular intervals, but at least every two years, whether data accrued in connection with contacting us is to be deleted.
Sweepstakes
We offer our users the opportunity to participate in sweepstakes. In doing so, it is possible that we refer to a separate data protection declaration for the processing of the data. Where this is not the case, we process the data provided by the user (e.g. name, e-mail address). This is done in order to be able to carry out the competition, in particular to determine the winner and, if necessary, to notify him. The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter b) DSGVO. The data will not be further processed for other purposes and will be deleted three months after the winner has been determined.
Affiliate links
We participate in affiliate programs. This means that we set links to partner companies. If a user clicks on such an affiliate link, we may receive a commission. In this case, it is necessary to assign the user’s activities on the pages of the partner company to our offer. This is done through the link or in other ways, for example, through cookies. The accruing data are processed exclusively for this purpose.
Insofar as we obtain the consent of the user, Art. 6 para. 1 UAbs. 1 letter a) DSGVO is the legal basis for the processing. The legal basis for the rest is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is the financing of our offer.
The processed data will be deleted as soon as they are no longer necessary to settle the commission.
Surveys
We conduct online surveys on our website. We want to learn more about the interests of our users in order to improve our offer as well as our products and services. It is possible that we inform about the related processing of data in a separate privacy policy, which then takes precedence.
If the survey is not personalized, i.e. if neither an individual link for participation is issued nor the user provides personal data, only the data that is generally generated during the use of the website is processed. In the case of a personalized survey, we use the information entered by the user to remind him/her if he/she has not completed the survey and to exclude multiple participation. We do not store responses together with data via which the user can be identified. Based on the responses, we create anonymous evaluations.
Insofar as we obtain the consent of the user, Art. 6 para. 1 UAbs. 1 letter a) DSGVO the legal basis of the processing. For the rest, it is based on Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to improve our offer as well as our products and services.
Newsletter
Users have the option to sign up for newsletters on our site. In doing so, we process the data entered during registration in order to be able to send a confirmation email to the user’s email address. After confirmation, we process the data to be able to send newsletters. For the purpose of personalization, we may also process the user’s name if the user has provided it.
With the registration date and time as well as the IP address of the user are stored to be able to prove an entry. We continue to process this data after deregistration for verification purposes and delete it after three years at the end of the year.
To improve our content, we measure how successful our newsletters are, for example, how often users open them and which links are clicked. For this purpose, e-mails contain a tracking pixel. We do not track the activities of individual users.
The legal basis for the processing is the consent of the user according to Art. 6 para. 1 UAbs. 1 letter a) DSGVO. For the rest, the processing is carried out according to Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Legitimate interests on our part are the sending of newsletters, the personalized addressing of the user and the proof that the user has registered for the newsletter.
Mailjet
The website https://dreiseelenkristall.de/ uses Mailjet to send newsletters. The provider is Mailjet SAS, 13-13 bis, Rue de l’Aubrac – 75012 Paris, France. Mailjet is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter will be stored on Mailjet’s servers in the EU.
Our newsletters sent with Mailjet enable us to analyze the behavior of newsletter recipients. Among other things, it is possible to analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis by Mailjet newsletters can be found at: mailjet.de/funktion/tracking-tools.
Mailjet also enables us to divide newsletter recipients into different categories (“segmentation”). The newsletter recipients can be subdivided according to the data provided during registration. In this way, the newsletters can be better adapted to the respective target groups.
For detailed information on the functions of Mailjet, please refer to the following link: mailjet.com/function.
The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not wish to be analyzed by Mailjet, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and Mailjet’s servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
For more information, please refer to Mailjet’s information on “Security and data protection” at mailjet.com/security-data-protection and Mailjet’s privacy policy at mailjet.com/privacy-policy.
Comments
On our website, we give users the opportunity to leave their own comments. When a comment is submitted to us, we process the user’s information. To protect against misuse of the comment function (e.g. through spam or criminal content), we also process the date, time and IP address of the user.
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to be able to offer the comment function and to protect ourselves from misuse.
Registration for a user account
Users can register for our offer on our website. In this context, we process the data entered during registration. We have the e-mail address confirmed by sending a link (double opt-in) to prevent misuse of the registration function. Furthermore, we process the date and time and the IP address of the user for this purpose. For verification purposes, we also process the date, time and IP address of the user when the confirmation link is clicked.
The data will be deleted with the deletion of the user account after three years at the end of the year, unless there is a longer legal obligation to retain the data.
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 lit. a) DSGVO, insofar as we obtain the consent of the user. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is based on Art. 6 para. 1 UAbs. 1 lit. b) GDPR. The legal basis for the rest is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to enable users to access our offer requiring registration, to protect ourselves against misuse of the registration function and to be able to prove proper registration. After the deletion of the user account, our legitimate interest is furthermore the defense against possible claims.
Orders and payment processing
When an order is placed in our online store, we process the data provided when the order is placed, e.g. name, bank details or payment details, in order to process the order. We only pass on payment data to our payment service providers if this is necessary to process the payment.
The legal basis for the processing of order data is Art. 6 para. 1 UAbs. 1 letter b) DSGVO. If the user stores their order data in a user account, Art. 6 para. 1 UAbs. 1 lit. a) GDPR is the legal basis. Otherwise, the processing is based on Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest lies in the processing of repayments and the pursuit of claims.
Order and payment data are deleted as soon as they are no longer required for the processing of the order, including the reversal of the payment (e.g. due to a revocation or withdrawal from the contract) and the processing of warranty cases, and no statutory retention obligations exist. In the event that the user has stored their order data in their user account for a repeat order, the data will be deleted together with the user account if it is not required for the processing of a specific order.
Paypal
In the case of payment via PayPal, payment is processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
Google Pay
When paying via Google Pay, the payment is processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Apple Pay
When paying via Apple Pay, the payment is processed by Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.
Stripe
When paying via Stripe, the payment is processed by Stripe Payments Europe Ltd, The One Building, Lower Grand Canal St, Dublin 2, Ireland.
Klarna
When paying via Klarna, the payment is processed by Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.
Other third party services
Hotjar
For statistical analysis of the use of our website and to improve the content, we use the service Hotjar. Provider: Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.
Hotjar makes it possible to statistically evaluate the use of a website. The company evaluates the user’s mouse movements, scrolling movements and keystrokes, as well as the pages viewed and the duration of the visit. Hotjar uses cookies and other technologies to collect data about our users’ behavior and the devices they use. This includes the IP address, which is only stored anonymously. In addition, the size of the display, the type of device, browser information, location information in relation to the country and the preferred language are processed. Hotjar stores this information in a pseudonymized profile.
Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 para. 1 UAbs. 1 letter a) DSGVO. For the rest, it is based on Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to design and improve our website and content in a user-friendly way.
Segment
We use the customer data management and analysis solution Segment.io to record, collect and structure customer data. The provider is Segment.io Inc, 100 California St Suite 700, San Francisco, CA 94111, USA.
Segment.io simplifies the analysis of data by providing an interface. Through them, we may aggregate and share data that we collect through other services mentioned in this Privacy Policy. In addition, Segment.io makes it easier for us to add new services to our website and remove services that are no longer needed. The user’s IP address is transferred to Segment.io when a script is executed by the service. The IP address is only stored in abbreviated form.
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to improve our website and content.
The parent company of Segment.io is Twilio Inc, 645 Harrison Street, Third Floor, San Francisco, CA 94107, USA. Appropriate guarantee in the sense of Art. 46 GDPR are binding internal data protection rules of Twilio, which have been approved by the competent supervisory authority according to Art. 47 GDPR.
Facebook Social Plugins
We integrate content and buttons of the social network Facebook via a plugin on our website. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
In order to load content from Facebook, it is technically necessary to transmit the user’s IP address to the company. If the user is logged in to Facebook, the visit to a page can be assigned to the account.
Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 para. 1 UAbs. 1 letter a) DSGVO. For the rest, it is based on Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest for the integration of Facebook content and buttons is the user-friendly design of our website.
Facebook Social Plugins Privacy Policy
We integrate content and buttons of the social network Instagram via a plugin on our website. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
In order to load content from Instagram, it is technically necessary to transmit the user’s IP address to the company. If the user is logged in to Instagram, the visit to a page can be assigned to the account.
Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 para. 1 UAbs. 1 letter a) DSGVO. For the rest, it is based on Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest for the integration of Instagram content and buttons is the user-friendly design of our website.
In order to load content from X, it is technically necessary to transmit the user’s IP address to the company. If the user is logged in to X, the visit to a page can be assigned to the account.
Gravatar
For a personalization of our website we use Gravatar. Provider: Aut O’Mattic A8C Ireland Ltd, Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.
Posts or comments made by users where they provide their email address are personalized by Gravatar profile pictures. For this purpose only, the hashed email address will be transmitted to Gravatar’s server in order to verify that a Gravatar account exists. In order to provide the service, it is also technically necessary to transmit the user’s IP address.
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is the user-friendly design of our website.
WP Umbrella
We manage this website with the help of the WP Umbrella tool. The provider is Liven Studio at 22 B Rue de la République 69140 Rillieux-la-Pape – France (hereinafter WP Umbrella).
With WP Umbrella, we can monitor the security and performance of our website and create automatic backups, among other things. WP Umbrella therefore has access to all website content, including our databases. WP Umbrella is hosted on the provider’s servers.
The use of WP Umbrella is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective and secure operation of its website(s). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
FontAwesome
This site uses Font Awesome for the uniform display of fonts. Font Awesome is installed locally on the Elementor plugin. A connection to servers of Fonticons, Inc. does not take place.
Further information about Font Awesome can be found in the Font Awesome privacy policy at: https://fontawesome.com/privacy.
Google Maps
To be able to display geographical maps, we use Google Maps. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In doing so, it is technically necessary to transfer the user’s IP address to Google. In addition, the company sets various cookies to identify the user and play out personalized advertising.
Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 para. 1 UAbs. 1 letter a) DSGVO. For the rest, it is based on Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is the user-friendly design of our website.
We have concluded a joint responsibility agreement with Google.
Profiles in social networks
We are present in one or more social networks. In detail, these are: Facebook, Instagram or Twitter. When contacting us, we process personal data as described above under contact.
The providers of social networks process data in accordance with their privacy policies, which can be accessed here:
If a user is logged in with his account, the activities on our profile in the respective social network may be assigned to him. This can be done across devices and, if necessary, without a login, for example, using cookies or mobile identifiers. The providers of social networks use the collected data to create pseudonymized user profiles, which they can use in particular to play out personalized advertising.
Rights of data subjects
If personal data of the user is processed, he is a data subject in the sense of the GDPR. Data subjects are entitled to the following rights:
Right of access: The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed. If personal data are processed, the data subject shall have the right to obtain free of charge information as well as a copy of the personal data that are the subject of the processing.
Right to rectification: The data subject has the right to request that inaccurate or incomplete personal data be corrected without undue delay.
Right to erasure: The data subject has the right to request immediate erasure of personal data concerning him or her in accordance with the law.
Right to restriction of processing: The data subject has the right to request restriction of the processing of personal data concerning him or her in accordance with the law.
Right to data portability: The data subject has the right to obtain the personal data concerning him or her in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
Right to object: The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1) of the GDPR. 1 UAbs. 1 lit. e) or f) DSGVO; this also applies to profiling based on these provisions. If personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this shall also apply to profiling insofar as it is related to such direct marketing.
Right of withdrawal: The data subject has the right to withdraw his or her given consent at any time.
Right to complain: The data subject has the right to complain to a supervisory authority.
Status of the privacy policy: February 22, 2024
Segment
We use the customer data management and analysis solution Segment.io to record, collect and structure customer data. The provider is Segment.io Inc, 100 California St Suite 700, San Francisco, CA 94111, USA.
Segment.io simplifies the analysis of data by providing an interface. Through them, we may aggregate and share data that we collect through other services mentioned in this Privacy Policy. In addition, Segment.io makes it easier for us to add new services to our website and remove services that are no longer needed. The user’s IP address is transferred to Segment.io when a script is executed by the service. The IP address is only stored in abbreviated form.
The legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest is to improve our website and content.
The parent company of Segment.io is Twilio Inc, 645 Harrison Street, Third Floor, San Francisco, CA 94107, USA. Appropriate guarantee in the sense of Art. 46 GDPR are binding internal data protection rules of Twilio, which have been approved by the competent supervisory authority according to Art. 47 GDPR.
Ninja Firewall
We have integrated Ninja Firewall on this website. The provider is NinTechNet Limited, Unit 1603, 16th Floor, The L. Plaza 367 – 375 Queen’s Road Central Sheung Wan, Hong Kong (hereinafter referred to as Ninja Firewall).
Ninja Firewall is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, Ninja Firewall records the IP address, request, referrer and time of page access. Ninja Firewall is integrated on our own servers and does not transmit any personal data to the provider of the tool or other third parties.
We have activated IP anonymization in Ninja Firewall so that the tool only records the IP address in abbreviated form.
The use of Ninja Firewall is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks.
Further information about data protection at NinTechNet can be found at: blog.nintechnet.com/ninjafirewall-general-data-protection-regulation-compliance/
The Events Calendar
We use the WordPress plugin The Events Calendar to display upcoming events. To prevent your data from being transferred to external web servers, we have deactivated the optional Google Maps display for the event location. We have also deactivated the comment function.
Modern Tribe is working on a binding privacy policy. Until then, the functions mentioned will remain deactivated.
You can find more information about data protection at The Events Calendar here: https://theeventscalendar.com/privacy-policy/
Spotify
We integrate audio content via Spotify. Provider: Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden.
The Spotify Connect Player and audio content such as music or podcasts are loaded via Spotify’s servers. The user’s IP address is transmitted to Spotify. The company can recognize registered users and then display personalized content if necessary.
To provide the player and for analysis purposes, users can be assigned to an end device via a unique cookie identification number (cookie ID) or an identification number generated by the operating system of a mobile end device (mobile identifier). In addition, other advertising-relevant user data such as browser information, device information, approximate location data and the Internet service provider are processed.
Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 para. 1 UAbs. 1 letter a) DSGVO. For the rest, it is based on Art. 6 para. 1 UAbs. 1 letter f) DSGVO. Our legitimate interest lies in the provision of audio content and an attractive offering for users.