PRIVACY POLICY

The person responsible within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Ecom Brands GmbH
Jonas Tank
Rödingsmarkt 31-33
20459 Hamburg
Phone: 040-716 68 954
Email: support@ecom-brands.de

We are pleased that you are interested in our website. The protection of your privacy is very important to us. Below we provide you with detailed information about how we handle your data on our websites.

1. Storage of access data in server log files and hosting

You can visit our websites without providing any personal information. Each time you access a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access.
This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our offering. In accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, this serves to safeguard our legitimate interests in a correct presentation of our offering, which prevail within the framework of a balancing of interests. All access data is deleted no later than seven days after the end of your visit to the site.

hosting services provided by a third party

To provide our online presence, we use services from web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.

The legal basis for data processing is Art. 6 para. 1 f) GDPR our overriding legitimate interest in providing our website.

For our hosting, we use Shopify Inc., 150 Elgin St., 8th Fl., Ottawa, ON K2P 1L4, Canada ("Shopify"). It is possible that data will also be transferred to the Shopify Inc. servers in Canada.
There is an adequacy decision by the EU Commission for data transfers to Canada.

2. Data collection and use for contract processing and when opening a customer account

We collect personal data when you voluntarily provide it to us as part of your order, when contacting us (e.g. via contact form or email) or when opening a customer account. Mandatory fields are marked as such because in these cases we absolutely need the data to process the contract or to process your contact or opening the customer account and you cannot complete the order and/or open the account or send the contact without providing this data. Which data is collected can be seen from the respective input forms. We use the data you provide in accordance with Art. 6 Paragraph 1 Clause 1 Letter b of GDPR to process the contract and process your inquiries. After the contract has been fully processed or your customer account has been deleted, your data will be restricted for further processing and deleted after the tax and commercial retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we inform you in this declaration. You can delete your customer account at any time by sending a message to the contact option described below or using a function provided for this purpose in your customer account.

3. Data transfer for contract fulfillment

In order to fulfil the contract in accordance with Art. 6 Paragraph 1 Clause 1 Letter b of GDPR, we pass your data on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. We use YouSellWeSend GmbH as our logistics service provider. YouSellWeSend GmbH provides logistics services on our behalf. For this purpose, we transmit your name and recipient address, your email address, telephone number, customer reference number, the name of the invoice recipient and the invoice address to YouSellWeSend GmbH. YouSellWeSend GmbH is contractually obliged to use this data only for the purpose described above and in accordance with our instructions. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, payment service providers commissioned by us or to the selected payment service for the processing of payments. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider using your access data during the ordering process. The data protection declaration of the respective payment service provider applies in this respect.
For customer support purposes, we use software-as-a-service solutions from companies based in a country outside the European Union. The data is not transferred to the companies themselves, but is only processed in the corresponding software solutions exclusively by our employees. Personal data is only transferred to this company if it is necessary to fulfill the contract. Solutions from the providers Zendesk, Inc, 1019 Market Street, 6th Floor, San Francisco, California 94103 and Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (www.google.de), both of which have their headquarters in the USA and have been certified under the EU-US Privacy Shield, are used. Current certificates can be viewed HERE . Based on this agreement between the USA and the European Commission, the latter has determined an appropriate level of data protection for companies certified under the Privacy Shield.

4. E-mail newsletter

In order to provide you with regular information about our company and offers, we offer to send you an email newsletter. When you register for the newsletter, we process the data you entered when registering (email address and other voluntary information). To prevent misuse, after you register, we will send you an email asking you to confirm your registration (double opt-in procedure). In order to be able to prove that the registration process was carried out in accordance with the law, your registration is logged. This includes the time of registration and confirmation as well as your IP address.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 a) GDPR. The data processing in connection with the sending of the confirmation email for your registration and the associated data logging is carried out in accordance with Art. 6 para. 1 f) GDPR due to our legitimate interest in proving your proper registration.

If you give us your consent, we will also evaluate whether you have opened the newsletter and your scrolling and clicking behavior in the newsletter. This is done for the purpose of tailoring our newsletter to your interests and improving the content of our newsletter. The legal basis for the analysis of the newsletter is your consent in accordance with Art. 6 para. 1 a) GDPR.

To send the newsletter, we use a service provider to whom we transmit the aforementioned data.

The data is transferred to the servers of the following service provider in the USA: Klaviyo Inc., 60 South Street, Suite 910, Boston Massachusetts, USA (“Klaviyo”). There is no adequacy decision by the EU Commission for data transfers to the USA. Klaviyo ensures an appropriate level of data protection through the EU standard contractual clauses. A copy of the relevant EU standard contractual clauses will be made available upon request.

5. Contact requests & contact options

If you contact us via the contact form or email, the data you provide will be used to process your request. Providing the data is necessary to process and answer your request - without providing it, we cannot answer your request or can only answer it to a limited extent.
The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.

contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the application and in the event of follow-up questions. We will not pass on this data without further consent.
Your data will be deleted if your request has been conclusively answered and there are no statutory retention periods that prevent deletion, such as in the case of any subsequent contract processing.

6. Use of data for payment processing

We use external payment service providers via whose platforms the users and we can carry out payment transactions (e.g., each with a link to the privacy policy, Paypal ( https://www.paypal.com/de/webapps/mpp/ua/privacy-full ), Klarna ( https://www.klarna.com/de/datenschutz /), Giropay ( https://www.giropay.de/rechtliches/datenschutz-agb/ ), Visa ( https://www.visa.de/datenschutz ), Mastercard ( https://www.mastercard.de/de-de/datenschutz.html ), American Express ( https://www.americanexpress.com/de/content/privacy-policy-statement.html )

As part of the fulfillment of contracts, we use payment service providers on the basis of Art. 6 (1) (b) GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, amount and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information confirming or rejecting the payment. The payment service providers may transmit the data to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. For this purpose, we refer to the terms and conditions and data protection notices of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and to assert revocation, information and other rights of those affected.

7. Cookies and web analysis

In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to safeguard our legitimate interests in an optimized presentation of our offer in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, which predominate in the context of a balancing of interests. Cookies are small text files that are automatically saved on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (persistent cookies). You can find out how long they are stored for in the overview in the cookie settings of your web browser. You can set your browser so that you are informed when cookies are set and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.
You can find these for the respective browsers under the following links:
Cookie settings in Internet Explorer™
Cookie settings in Safari™
Cookie settings in Chrome™
Cookie settings in Firefox™
Cookie settings in Opera™
If you do not accept cookies, the functionality of our website may be limited.

8. SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you send to us cannot be read by third parties.

9. Use of Google (Universal) Analytics for web analysis

This website uses Google (Universal) Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (www.google.de), to analyze the website. This serves to protect our legitimate interests in an optimized presentation of our offering in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, which predominate in the context of a balancing of interests. Google (Universal) Analytics uses methods such as cookies to analyze your use of the website. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is generally not merged with other data held by Google. Once the purpose no longer applies and we no longer use Google Analytics, the data collected in this context will be deleted.
Google Inc. is headquartered in the USA and is certified under the EU-US Privacy Shield. You can find a current certificate at: List of companies in the US-EU Privacy Shield . You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set that prevents the collection of your data on future visits to this website: Deactivate Google Analytics
This website uses the "demographic characteristics" function of Google Analytics. This enables reports to be created that contain information about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the "Objection to data collection" section.
We have concluded a contract for order data processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
For more information on how Google Analytics handles user data, see Google’s privacy policy: Google’s privacy policies

10. Google reCAPTCHA

To protect against misuse of our web forms and against spam, we use the Google reCAPTCHA service in some forms on this website. Google reCAPTCHA is an offer from Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. ( www.google.de ). By checking a manual input, this service prevents automated software (so-called bots) from carrying out abusive activities on the website. In accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, this serves to safeguard our legitimate interests, which prevail in the context of a balancing of interests, in protecting our website against misuse and in ensuring that our online presence is displayed without disruption.

Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, to perform the check, using methods such as cookies that enable an analysis of your use of the website. The automatically collected information about your use of this website, including your IP address, is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA. Personal data from the input fields of the respective form is not read or stored.

To the extent that information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined an appropriate level of data protection for companies certified under the Privacy Shield.

You can prevent Google from collecting the data generated by JavaScript or cookies and relating to your use of the website (including your IP address) and from processing this data by Google by disabling JavaScript execution or cookies in your browser settings. Please note that this may limit the functionality of our website for your use. You can find more information about Google's privacy policy here .

11. Use of Google Webfonts

In order to display our content correctly and graphically appealing across all browsers, we use “Google Web Fonts” from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) to display fonts on this website.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/ .

12. Use of Google Maps

We use Google Maps on this website. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.
For more information about data processing by Google, please see the Google privacy policy: https://policies.google.com/privacy . There you can also change your personal data protection settings in the data protection center.

Detailed instructions on how to manage your own data in connection with Google products can be found here: https://www.dataliberation.org

When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is assigned directly to your account.

If you do not want to be assigned to your Google profile, you must log out of Google before activating the button. Google saves your data as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

The provider does not currently offer any option for a simple opt-out or for blocking data transfer. If you want to prevent your activities on our website from being tracked, please revoke your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website or may only be able to use it to a limited extent.

13. Advertising via marketing networks

Use of Google Adwords Conversion

We use Google Adwords to draw attention to our attractive offers using advertising materials (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. In doing so, we are pursuing the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will save a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually saved as analysis values ​​for this cookie.
These cookies enable Google to recognize your Internet browser. If a user visits certain pages on an Adwords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be tracked across Adwords customers' websites. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users based on this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through the use of this tool by Google and therefore inform you according to our current level of knowledge: By integrating AdWords Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and save your IP address.

You can prevent participation in this tracking process in several ways:

- by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any advertisements from third parties;

- by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain »www.googleadservices.com«, www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies;

- by deactivating interest-based advertisements from providers who are part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies;

- by permanently deactivating it in your browsers Firefox, Internet Explorer or Google Chrome under the link www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of this offer to their full extent.
The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. f GDPR.


Further information on data protection at Google can be found here: https://business.safety.google/privacy/ www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html .
Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://thenai.org/ . Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework .

Google AdWords Remarketing

We use Google Adwords to advertise this website in Google search results and on third-party websites. When you visit our website, Google sets a so-called remarketing cookie, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. This serves to protect our legitimate interests in the optimal marketing of our website, which prevail within the framework of a balancing of interests, in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Once the purpose no longer applies and we no longer use Google AdWords Remarketing, the data collected in this context will be deleted.
Any further data processing will only take place if you have given Google your consent to link your web and app browsing history to your Google account and to use information from your Google account to personalize ads that you see on the web. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google will temporarily link your personal data to Google Analytics data to create target groups.
Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (www.google.de), has its headquarters in the USA and is certified under the EU-US Privacy Shield. Current certificates can be viewed HERE . Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.
You can deactivate the remarketing cookie via this link . You can also find out more about the use of cookies and make settings for this at the Digital Advertising Alliance .

14. Social Media PlugIns

Use of social plugins from Facebook, Google, Twitter, Instagram, WhatsApp and Pinterest

Our website uses so-called social plugins (“plugins”) from social networks. When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page on our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider (possibly in the USA) and stored there. If you are logged in to one of the services, the providers can directly assign the visit to our website to your profile in the respective social network. If you interact with the plugins, for example by pressing the “Like” or “Share” button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network and displayed to your contacts there.
This serves to safeguard our legitimate interests in the optimal marketing of our offer, which prevail within the framework of a balancing of interests, in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
The purpose and scope of data collection and the further processing and use of the data by the providers as well as a contact option and your related rights and setting options to protect your privacy can be found in the data protection information of the providers:

- Provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. View Facebook's privacy policy

- Twitter: Provider Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. View Twitter's privacy policy

- Google+: Provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. View Google's privacy policy

- Instagram: Provider Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. View Instagram's privacy policy

- Pinterest: Provider Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA. View Pinterest's privacy policy

- TikTok: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland View TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de

- WhatsApp: Provider WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA. View WhatsApp's privacy policy

If you do not want the social networks to assign the data collected via our website directly to your profile in the respective service, you must log out of the relevant service before visiting our website. You can also completely prevent the loading of the plugins with add-ons for your browser, e.g. with the script blocker "NoScript" ( https://noscript.net/ ).

15. Youtube Video Plugins

This website includes content from third-party providers. This content is provided by Google Inc. ("Provider"). YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
For videos from YouTube that are embedded on our site, the extended data protection setting is activated. This means that no information from website visitors is collected and stored on YouTube unless they play the video. The integration of the videos serves to protect our legitimate interests in the optimal marketing of our offer, which prevail within the framework of a balancing of interests, in accordance with Art. 6 Para. 1 Clause 1 Letter f of GDPR.
For the purpose and scope of data collection and the further processing and use of the data by the providers as well as your rights and setting options to protect your privacy, please refer to Google's privacy policy.

16. Contact options and your rights

You can exercise the following rights at any time using the contact details of our data protection officer:

- pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;

- in accordance with Art. 16 GDPR, you have the right to immediately request the rectification of inaccurate or incomplete personal data stored by us;

- in accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless further processing is necessary: ​​to exercise the right to freedom of expression and information; to fulfil a legal obligation; for reasons of public interest or to assert, exercise or defend legal claims;

- pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data if: you contest the accuracy of the data; the processing is unlawful but you refuse to delete it; we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR;

- in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller;

- in accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or of our company headquarters.


If you have any questions about the collection, processing or use of your personal data, information, correction, blocking or deletion of data, as well as revocation of consent granted or objection to a specific use of data, please contact us directly using the contact details in our legal notice. You can also use the contact details provided there to receive appropriate forms on request so that you can enforce your rights with us as described above.

You can contact a supervisory authority at any time with a complaint, for example the competent supervisory authority in the federal state in which you reside or the authority responsible for us as the controller.

A list of supervisory authorities (for the non-public sector) with addresses can be found here .

17. Right of objection

If we process personal data as described above to protect our legitimate interests, which predominate in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are reasons that arise from your particular situation.
After exercising your right of objection, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
This does not apply if the processing is carried out for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.

If you have any questions about data protection, please send us an email or contact the person responsible for data protection directly:

Ecom Brands GmbH
Jonas Tank
Rödingsmarkt 31-33
20459 Hamburg
Phone: 040-716 68 954
Email: support@ecom-brands.de