Privacy policy

In order to comply with our obligations pursuant to Art. 13 GDPR, this privacy policy will inform you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") that occurs in the provision of our services and within our online offering. This online offering includes, in particular, the required websites and associated functions and content as well as external online presences, such as social network profiles and media.

With regard to the terms used, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

§ 1 Controller

The controller for data processing within the meaning of Art. 13 (1) GDPR is

Trend Shopping Global Ltd.
No.678 Nathan Road, Mong Kok, Kowloon, Hong Kong

Managing Director: Ying Mei Mei Miti

Email: support@hisleeptime.com
Phone: +49 (0) 32 221 098 768

Link to the Imprint

§ 2 Data subjects

Visitors and users of our online offering are affected by the data processing we carry out.

§ 3 Types of data processed

If you simply access our website, i.e. without registering or providing any other information, only the data transmitted to our server by the respective user's browser (so-called "server log files") will be collected. The following data is affected by this:

Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
IP address used
Usage data (e.g. cookies, websites visited, interest in content, access times)
Meta/communication data (e.g. software information, IP/MAC addresses, operating system and browser used).

If the respective user also completes a registration or submits other information, the following data will also be processed:

Inventory data (e.g. personal master data, names, addresses),
Contact data (e.g. e-mail addresses, telephone numbers),
content data (e.g. text entries, photo and video material).

§ 4 Purpose of the processing

The data is processed

to provide the online offering, including its functions and content
to fulfill and process the contractual obligations arising from an order
to respond to contact requests and communication with users
to ensure security measures,
to measure reach,
for marketing purposes
to ensure the permanent functionality of our information technology systems and the technology of our website and
to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

§ 5 Terminology used

Pursuantto Art. 4 No. 1 GDPR, "personal data" means "any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".

According to Art. 4 No. 2 GDPR, "processing" means "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".

According to Art. 4 No. 4 GDPR, "profiling" means "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements".

According to Art. 4 No. 5 GDPR, "pseudonymization" means "the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person".

According to Art. 4 No. 6 GDPR, a "filing system" is "any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis".

According to Art. 4 No. 7 GDPR, "controller" means "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law".

According to Art. 4 No. 8, "processor" is "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller".

"Recipient" according to Art. 4 No. 9 GDPR is "a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party". However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing".

The "IP address" is a combination of numbers assigned to a device by an internet service provider in order to grant the device access to the internet.

§ 6 Legal bases

In accordance with Art. 13 para. 1 lit. c GDPR, we are obliged to inform you of the legal basis of our data processing.

For users from the scope of the General Data Protection Regulation (GDPR), which extends to the European Union (EU) and the European Economic Community (EEC), the following applies with the proviso that no other legal basis is mentioned in the data protection declaration:

6 para. 1 lit. a and Art. 7 GDPR is the legal basis for the processing of data covered by consent.
Art. 6 para. 1 lit. b GDPR is the legal basis for the processing of data for the fulfillment of our owed services, for the implementation of pre-contractual measures and for answering inquiries.
6 para. 1 lit. c GDPR is the legal basis for the processing for the fulfillment of our legal obligations.
Article 6(1)(d) GDPR is the legal basis for the processing of personal data that is necessary in order to protect the vital interests of the data subject or of another natural person.
Article 6(1)(e) GDPR is the legal basis for processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, insofar as this is necessary for this purpose.
Article 6(1)(f) GDPR is the legal basis for processing for the purposes of our legitimate interests.
6 (4) GDPR concerns the processing of data for purposes other than those for which they were collected. Such processing is only possible under the conditions specified here.
Art. 9 para. 2 GDPR places special requirements on the processing of special categories of data (in accordance with Art. 9 para. 1 GDPR).

§ 7 Security measures

To ensure a level of protection appropriate to the risk, we ensure in accordance with

the legal requirements, taking into account the state of the art
the implementation costs, the nature, scope, circumstances and purposes of the processing and
the varying likelihood and severity of the risk to the rights and freedoms of natural persons

for appropriate technical and organizational measures.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by

Controlling physical access to the data,
controlling access to the data,
controlling the input and forwarding of data, ensuring its availability and its separation.

In addition, we have created procedures that guarantee the exercise of data subject rights, deletion of data and response to data threats.

§ 8 Cooperation with processors, joint controllers and third parties

For certain services, it is necessary in the course of our data processing to disclose the data to other persons (usually companies), i.e. to transfer data to them or otherwise grant them access to the data. These companies are, on the one hand, processors or joint controllers and, on the other hand, third parties such as payment service providers. Such disclosure only takes place on the basis of a legal permission or obligation, consent by the user or on the basis of our legitimate interests, which exist, for example, in the use of agents or web hosts. Such a legitimate interest also exists in particular in the processing of data for administrative purposes.

In the event that we make data accessible to other companies in our group of companies (by disclosure, transmission or granting access in any other form), this is done in particular for administrative purposes. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. In addition, access may also be based on a legal requirement.

§ 9 Transfers of data to third countries

Disclosure, transfer or other access to data to a person (this also includes a company) in a third country (i.e. outside the EU, EEA or the Swiss Confederation) takes place if the legal requirements are met. This applies in particular to processing for the fulfillment of our contractual or pre-contractual obligations. Otherwise, the processing must be based on your consent, a legal obligation or our legitimate interests. We are also obliged to ensure the necessary minimum standards in this constellation. We only process or have data processed in third countries with a recognized level of data protection and the contractual obligation through so-called standard data protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

§ 10 Rights of the data subjects

You have the right to request information about whether data concerning you is being processed. In addition, you have the right to further information and to receive a copy of the data in accordance with the legal requirements.

You have the right to have data concerning you completed and to have inaccurate data concerning you rectified.

In accordance with the legal requirements, you have a right to the immediate deletion of the data concerning you. Alternatively, you have the right to restrict the processing of the data in accordance with the legal requirements. (see also right to object)

In accordance with the legal requirements, you have the right to demand the provision of the data concerning you that you have made available to us and may also demand its transmission to other controllers.

You have the right to lodge a complaint with the competent supervisory authority.

§ 11 Right of revocation

You can revoke your consent at any time with effect for the future.

§ 12 Right to object

_____________________________________________

You have the right to object to the future processing of data concerning you in accordance with the statutory provisions. In particular, the objection may also be directed against processing for direct marketing purposes.

_____________________________________________

§ 13 Cookies

Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Information is stored in cookies that is generated in connection with the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we obtain direct knowledge of your identity.

We use cookies to make our website more user-friendly and secure.

There are different types of cookies. Please note that not all of the cookies listed here may be used when you visit our website. If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, ask for your consent.

1 Necessary cookies

These are cookies that are required so that you can navigate our website and use the basic functions of the website, such as the assignment of anonymous session IDs to bundle several related queries to a server.

2 Performance cookies

Performance cookies are used to improve the user-friendliness of a website and thus the user experience. Performance cookies collect information about how our websites are used, e.g. the Internet browser and operating system used, the domain name of the website from which you came, the number of visits, average time spent on the site and pages viewed. These cookies do not store any information that allows the user to be personally identified. The information collected with the help of cookies is aggregated and therefore anonymous.

3 Analysis cookies

We use analysis cookies to improve the user-friendliness of our website. Analysis cookies enable us to determine how our website is used and, for example, which preferences and search terms are used to access it.

4Advertising cookies

We use advertising cookies to offer you more targeted and relevant content. They are also used to measure and control the effectiveness of advertising campaigns. Marketing cookies register whether a website is visited and what content is used. This information may be shared with third parties, such as advertisers, and is often linked to third-party site functionalities (third-party cookies).

5 Social media cookies

Social media cookies are set by social networks. For example, you can register on our site using the login data of a social network.

6 How can I delete cookies or disable tracking?

You can either delete individual cookies or remove the entire cookie inventory via your browser settings. Under "Help" or "Settings" in your browser, you should find information on how to manage your cookies.

In addition, you can find information and instructions on how to delete these cookies or block their storage in advance, depending on your browser provider, under the following links:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
Opera: http://www.opera.com/de/help
Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE

You can also individually manage the cookies of many companies and functions that are used for advertising. To do this, use the corresponding user tools that have been created as part of self-regulation programs in many countries, e.g. the US site http://optout.aboutads.info/ or the EU site Your Online Choices http://www.youronlinechoices.com.

Most browsers also offer a so-called "do-not-track function", with which you can indicate that you do not wish to be "tracked" by websites. If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be tracked for the purpose of behavior-based advertising and the like. Information and instructions on how to edit this function can be found under the following links, depending on your browser provider:

Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt
Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track
Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
Opera: http://help.opera.com/Windows/12.10/de/notrack.html
Safari: https://support.apple.com/kb/PH21416?locale=de_DE

§ 14 Deletion of data

In accordance with the legal requirements, we delete the data collected by us or restrict its processing.

We delete the data stored by us as soon as the purpose on which the storage is based has ceased to exist and there are no statutory retention obligations to the contrary and no deviating provisions have been made in this privacy policy.

If the data is not deleted because it is required for other, legally permissible purposes (e.g. storage for commercial or tax law reasons), its processing will be restricted. In this case, the data is processed exclusively for this purpose and is otherwise blocked.

§ 15 Changes to the privacy policy

Legal innovations or changes to the data processing carried out by us may make it necessary to adapt this data protection declaration. For this reason, we ask you to regularly inquire about the content of our privacy policy. If a change requires your cooperation (e.g. consent) or other individual notification, you will be informed by us in an appropriate form.

§ 16 Processing for business purposes

We also process contract data (e.g. subject matter of the contract, term, date of conclusion) and payment data (e.g. account number) of our customers, interested parties and business partners in order to provide contractual services and other services. These include, in particular, services, customer care, marketing, advertising and market research.

§ 17 Online store and customer account

When users place orders on our platform, we process their data in order to enable them to select, save and order the selected products and services, as well as their payment and delivery or execution.

In particular, this involves inventory data, communication data, contract data and payment data. The data subjects are our customers, interested parties and other business partners.

The purpose of the processing is to provide contractual services as part of the operation of an online store, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and the items accessed. In addition, we use permanent cookies to store the login status.

Data processing is carried out on the one hand to fulfill our services and carry out contractual measures (e.g. enabling the execution of order transactions between users), and on the other hand to comply with legal regulations (e.g. legally required archiving of business transactions for commercial and tax purposes).

The information marked as required is necessary for the establishment and fulfillment of the contract.

Data is only passed on to third parties within the scope of delivery and payment, within the scope of legal permissions and obligations, as well as on the basis of our legitimate interests, which we expressly inform you about in this data protection declaration. Examples of this include, in particular, disclosures to legal and tax advisors, financial institutions, freight companies and authorities.

Our users are offered the opportunity to create a user account. This enables them in particular to view their orders and access further services, such as canceling an order or preparing a return. Users are informed of the mandatory information required for registration.

The accounts we create are non-public and cannot be indexed by search engines. In the event of termination of such an account by the user, the data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons.

All data collected as part of the customer account will be retained until its deletion with subsequent archiving in the event of a legal obligation or our legitimate interests. This is the case, for example, in the event of legal disputes.

It is the responsibility of the user to save the data before the end of the contract in the event of termination.

We store the IP address used by you during registration, during subsequent logins and when using our online services, as well as the time of the respective user action. This storage takes place on the basis of our legitimate interests in protecting users from misuse and other unauthorized use. This data is not passed on to third parties. This does not apply if this is necessary to pursue our legal claims as a legitimate interest or if there is a legal obligation to do so.

After expiry of the statutory warranty rights or other contractual rights or obligations, such as payment claims or performance obligations from contracts, the data collected and stored by us will be deleted. The necessity of storing the data is reviewed every three years. In the case of retention due to legal archiving obligations, the data will be destroyed after this obligation expires.

We use the following online store providers:

Shopify International Limited, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, Website: https://shopify.comPrivacy policy: https://www.shopify.com/legal/privacy

§ 18 Administration, financial accounting, office organization, contact management

We process data as part of the performance of administrative tasks and the organization of our business, financial accounting and compliance with legal obligations, such as archiving.

This data is the same data that we process to provide our contractual services. This processing is carried out in accordance with Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR.

Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.

We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We generally store this mainly company-related data permanently.

§ 19 Business analyses and market research

We analyze the data available to us, in particular that relating to business transactions, contracts and inquiries, in order to operate our business economically. In doing so, we also try to recognize market trends and the wishes of our contractual partners and users (marketing, market research). For these purposes, we process in particular inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6 para. 1 lit. f. GDPR are processed by us. As part of the processing, we can, for example, compare the details of registered users within their profiles with the services they have used.

The analyses carried out are designed to increase user-friendliness and business efficiency and to optimize our offer. The analyses are carried out exclusively for our own purposes and are not disclosed externally, unless they are anonymous analyses with summarized values.

The persons affected by these measures include our contractual partners, interested parties, customers, visitors and users of our online offering.

If such analyses or profiles are personal, they are deleted or anonymized when the user gives notice. Otherwise, this happens after two years from the conclusion of the contract. Furthermore, the overall business analyses and general trend determinations are created anonymously where possible.

§ 20 Participation in affiliate partner programs

As part of our online offer, we use industry-standard tracking measures insofar as these are necessary for the operation of the affiliate system.

The legal basis for this measure is the protection of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, in particular the interest in the analysis, optimization and economic operation of our online offer.

The services offered by us or our contractual partners are also advertised and linked on other websites. On the one hand, there are so-called affiliate systems, which are based on the fact that the operator of the respective website receives a commission as soon as a user clicks on an affiliate link and then takes up the respective offer. There are also so-called "after-buy systems" in which, for example, links or third-party services are offered after a contract has been concluded.

In order to check whether users who express an interest in our offer by clicking on such an affiliate link or who have expressed an interest in an offer within our online presence actually take advantage of it, it is necessary for our online offer that we track the surfing behavior of our users. This can be achieved by adding certain values to the affiliate links and our offers. On the one hand, this can be done by adding a component to the link that contains such tracking information or in other ways, such as by setting a cookie.

The tracking information includes in particular

the source website (referrer),
point in time,
an online identifier of the operator of the website on which the affiliate link was located,
an online identifier of the respective offer,
an online identifier of the user and
tracking-specific values (e.g. advertising material ID, partner ID and categorizations).

The user's online identifier used here only contains pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or email addresses.

The identifier is only used to determine whether the same user who clicked on an affiliate link or was interested in an offer within our online presence actually took up the offer, i.e. generally concluded a contract with the provider. However, we and the partner company usually have the online identifier together with other user data, which means that the identifier is to be regarded as personal. This is necessary because only through this procedure can the partner company inform us whether the user has taken up the offer and whether we have to pay the agreed commission.

§ 21 Registration function

Users have the option of creating a user account. During the registration required for this, the necessary mandatory information is provided to the users. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the user account. In particular, login information (name, password and an email address) is collected and processed. All data entered during registration is used for the use of the user account and the associated purposes.

Our users may receive information by e-mail that is relevant to the user account. This may concern technical changes, for example.

If a user account is terminated by the user, their data relating to the user account will be deleted, subject to a statutory retention obligation. It is the responsibility of users to back up their data before the end of the contract in the event of termination. We are entitled to permanently delete all user data stored during the term of the contract.

In addition, we store the IP address and the time of the respective user action as part of the registration and login function. This is done on the basis of our legitimate interests as well as those of the user, as this is intended to ensure protection against misuse and other unauthorized use. This data is not passed on to third parties unless this is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c. GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.

We use the following provider for this:

Shopify International Limited, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, Website: https://shopify.comPrivacy policy: https://www.shopify.com/legal/privacy

§ 22 Making contact

When contacting us, which is possible via contact form, e-mail, telephone, fax or social media, the user's details are processed for the purpose of processing and handling the contact request. The legal basis with regard to contractual/pre-contractual relationships results from Art. 6 para. 1 lit. b. GDPR. With regard to other inquiries, Art. 6 para. 1 lit. f. GDPR is relevant. The information provided by users is generally stored in a customer relationship management system ("CRM system") or comparable inquiry organization.

We delete the data obtained with regard to the request if it is no longer required. The necessity is reviewed every two years. Otherwise, the statutory archiving obligations apply.

§ 23 Newsletter

The following is information on the content of our newsletter, the registration, dispatch and statistical evaluation procedure and your rights of objection.

By subscribing to our newsletter, you simultaneously declare your consent to receiving it and to the procedures explained.

Content of the newsletter:

We only send newsletters in the form of e-mails and other electronic notifications with advertising information with the prior consent of the recipient or legal permission.

If the content of the newsletter is specifically described when registering for the newsletter, it is decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.

Double opt-in and logging:

Registration for our newsletter takes place in a so-called double opt-in procedure.

This means that a message is sent to the e-mail address you have provided, in which confirmation of the registration is requested by clicking on a specific link. This confirmation is necessary so that users can only register with e-mail addresses that they can access themselves and not misuse third-party e-mail addresses.

In order to be able to prove the registration process in accordance with the legal requirements, every registration for the newsletter is logged. For this purpose, the time of registration and confirmation as well as the user's IP address are recorded.

In addition, changes to your data stored by the mailing service provider are recorded.

Registration data:

To subscribe to our newsletter, it is sufficient to provide your e-mail address. In order to be able to address you personally in the newsletter, we ask you to provide an additional name.

Legal basis:

The legal admissibility of sending newsletters results from the above-mentioned consent by the respective recipient in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with Art. 6 para. 1 lt. f. GDPR in conjunction with § 7 para. 3 UWG.

The logging of the registration process is based on the protection of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

These interests consist in the establishment and maintenance of a user-friendly and secure newsletter system for business purposes, which also enables us to prove consent.

Cancellation/revocation:

You have the right to cancel our newsletter service at any time. By doing so, you revoke your consent at the same time. You will find a link to unsubscribe from our newsletter at the end of each newsletter. In order to be able to prove that consent has been given but later revoked, we are entitled to store the unsubscribed e-mail addresses for up to three years after revocation on the basis of our legitimate interests. This data is processed exclusively for the purpose of a possible defense against claims. If you confirm the former existence of consent, you have the option of submitting an individual request for deletion at any time.

We use the following provider for this purpose:

Mailchimp: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Website: https://mailchimp.com/Privacy policy: https://mailchimp.com/legal/privacy/

§ 24 Hosting and e-mail dispatch

We use external hosting services for the operation of our online services. This concerns

Infrastructure and platform services
Computing capacity, storage space and database services,
e-mail dispatch services and
security services and technical maintenance services.

As part of the exercise of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (conclusion of order processing contract), the following data in particular is processed by us or our hosting provider:

Inventory and contact data,
content data and contract data as well as
usage, meta and communication data.

This data processing concerns our customers as well as interested parties and visitors to our online offering.

We use the following web hosting providers:

Shopify International Limited, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, Website: https://shopify.comData protection declaration: https://www.shopify.com/legal/privacy

§ 25 Use of external payment service providers

As part of our service and product, we offer effective and secure payment options via third-party providers.

If you select a specific service provider as a payment option during the ordering process, your data will be automatically transmitted to the respective payment service provider. By selecting one of these payment options, you consent to the transfer of personal data required to process the invoice or installment purchase or for identity and credit checks.

The personal data transmitted is usually first name, surname, address, date of birth, gender, email address, IP address, telephone number, cell phone number and other data required to process an invoice or installment purchase. Personal data relating to the respective order is also required to process the corresponding contract.

The transmission of the data is intended in particular for identity verification, payment administration and fraud prevention.

Payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer you to the terms and conditions of the individual payment providers if you wish to assert your rights. However, if you have any problems, you are welcome to contact us first.

We use the following external payment providers:

Stripe: Stripe, Inc, 510 Townsend Street, San Francisco, CA 94103, USA; Website: https://stripe.com/dePrivacy policy: https://stripe.com/de/privacy

PayPal: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg; Website: https://www.paypal.com/de/Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Amazon Payments: Amazon Payments Europe s.c.a., 5 Rue Plaetis,2338 Luxembourg, Luxembourg; Website: https://stripe.com/dePrivacy Policy: https://stripe.com/de/privacy

Sofort: Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany; Website: https://www.sofort.de/Privacy Policy: https://www.sofort.de/datenschutz.html

Googe Pay: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website: https://pay.google.com/Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de

Apple Pay: Apple Inc. One Apple Park Way, Cupertino, 95014 California, USA; Website: https://www.apple.com/de/apple-pay/Privacy Policy: https://www.apple.com/de/legal/privacy/

§ 26 Collection of access data and log files

On the basis of the exercise of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR, we or our hosting provider collect data about every access to the server on which this service is located (so-called server log files). This data includes

Name of the website accessed and any specific files,
the date and time of access
amount of data transferred,
Notification of successful retrieval,
Browser type and version, the user's operating system,
referrer URL (the previously visited page),
IP address and
the requesting provider.

For security reasons, log file information is stored for up to seven days and then deleted. This serves in particular to clarify acts of abuse or fraud. If data is suitable as evidence to clarify a matter, it is excluded from deletion until the respective incident has been finally clarified.

§ 27 Google Tag Manager

The Google Tag Manager is used to manage so-called website tags via a single interface, via which, for example, Google Analytics and other Google marketing services can be integrated into our online offering. The Tag Manager only implements the respective tags, i.e. it does not process any personal user data. With regard to the processing of such related data, please refer to the following usage guidelines for Google services: https://www.google.com/intl/de/tagmanager/use-policy.html.

§ 28 Google Analytics

On the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we use the web analysis service Google Analytics, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google uses cookies, which contain information about the use of the online offer by users and are usually transmitted to a Google server in the USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

The information is processed on the basis of our interest in evaluating the use of our online offer and recording the activities within the scope of this offer. In addition, other services associated with the use of this online offer and the use of the Internet are provided. This allows Google to create pseudonymous user profiles from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user's browser will not be merged with other Google data.

In the event that users do not agree to such data processing, it is possible to deactivate the setting of any cookies via the browser settings.

In addition, users can prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link:https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated) are included.

Users' personal data is deleted or anonymized after 14 months.

§ 29 Google Adsense with personalized ads

On the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR, we use the AdSense service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby personal data is processed. This data is generally transferred to a Google server in the USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

The AdSense service makes it possible to integrate advertisements or other offers into our online presence for which we receive remuneration. For this purpose, usage data such as the click on an advertisement and the IP address of the user are processed, whereby the IP address is shortened by the last two digits. User data is therefore processed pseudonymously.

We use Adsense with personalized ads. Google draws conclusions about the interests of users based on the websites they visit or apps they use and the user profiles created in this way. Advertisers use this information to tailor their campaigns to these interests, which is beneficial for users and advertisers alike. For Google, ads are personalized when collected or known data determines or influences the ad selection. This includes previous search queries, activities, website visits, the use of apps, demographic and location information. Specifically, this includes: demographic targeting, targeting on interest categories, remarketing and targeting on customer matching lists and target group lists uploaded to DoubleClick Bid Manager or Campaign Manager.

Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated) are included.

§ 30 Google Adsense with non-personalized ads

On the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR, we use the AdSense service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby personal data is processed. This data is generally transferred to a Google server in the USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

We use Adsense with non-personalized ads. The ads are not displayed on the basis of user profiles. Non-personalized ads are not based on previous user behavior. Contextual information is used for targeting, including rough (e.g. at location level) geographical targeting based on the current location, the content on the current website or app and current search terms. Google prohibits any personalized targeting, including demographic targeting and targeting based on user lists.

§ 31 Google AdWords and conversion measurement

On the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR, we use the online marketing method Google "AdWords" from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby personal data is processed. This data is generally transferred to a Google server in the USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

With the help of Google "AdWords", we can place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products that they have shown an interest in on other online offers, this is referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer.

We also receive an individual "conversion cookie". The information collected with the help of the cookie is used by Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. This means that, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in the USA.

Further information on the use of data by Google, setting and objection options can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated) can be found here.

§ 32 Google Doubleclick

On the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR, we use the online marketing process Google "Doubleclick of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby personal data is processed. This data is generally transferred to a Google server in the USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

With the help of Google "Doubleclick", we can place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.). Double Click is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for and within our online offering in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products that they have shown an interest in on other online offers, this is referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer.

The IP address of the user is also recorded, whereby this is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. Google may also combine the aforementioned information with such information from other sources. If the user subsequently visits other websites, they may be shown advertisements tailored to their presumed interests based on their user profile.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. This means that, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.

§ 33 Facebook pixel, custom audiences and Facebook conversion

Due to our legitimate interests in the analysis, optimization and economic operation of our online offer, we use the so-called "Facebook pixel", which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and whose use processes personal data. This data is generally transferred to a Google server in the USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. For users located outside the EU, Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA is responsible.

The use of a Facebook pixel enables Facebook to select visitors to our online offering as a target group for the display of ads (so-called "Facebook ads").

We then use this Facebook pixel to display the Facebook ads placed by us precisely to those Facebook users who have also expressed an interest in our online offering. In addition, we would also like to address certain target groups that have characteristics such as interests in certain topics or products that are determined with the help of the websites visited. Such characteristics are transmitted by us to Facebook (so-called "Custom Audiences").

The use of the Facebook pixel also helps us to determine how well our Facebook ads were received by potential interested parties. It is very important to us that our ads are not annoying. With the help of the Facebook pixel, we can precisely evaluate the impact of Facebook ads for statistical and market research purposes. In doing so, we check whether the respective user was redirected to our website after clicking on a Facebook ad (so-called "conversion").

The data is processed by Facebook in accordance with Facebook's data usage policy: https://www.facebook.com/policy.

Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.

Every user can object to the collection of data by the Facebook pixel and the use of data to display Facebook ads.

In addition, it is also possible to set exactly which types of ads should be displayed within Facebook. This is done via the page set up by Facebook, following the instructions on the settings for usage-based advertising:https://www.facebook.com/settings?tab=ads.

The settings are platform-independent. They are therefore adopted for all devices used. You can also object to the use of cookies that are used to measure reach and for advertising purposes.

This is done via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) or via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

§ 34 Online presence in social media

We operate online presences on social networks and platforms in order to communicate with their users and inform them about our services.

User data may be processed outside the European Union.

This may entail risks for the respective users. For example, it may be more difficult to enforce users' rights. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

In addition, user data is generally also processed for market research and advertising purposes. For example, user profiles are created from the usage behavior and the resulting interests of the users. These can then be used, for example, for personalized advertisements within and outside the platforms that correspond to the presumed interests of the users.

The technical implementation usually takes place through the use of cookies, which are stored on the user's computer. These contain the surfing behavior of the users, from which their interests can be inferred. It should be noted that data from other devices used by the user can also be stored in the user profiles. This is particularly the case if the users are logged in as members of the respective platforms.

The processing of users' personal data is carried out in the context of our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. In the event that users are requested by the respective platform providers to give their consent to the aforementioned data processing, Art. 6 para. 1 lit. a., Art. 7 GDPR is the legal basis for the processing.

For a detailed description of the respective processing and the opt-out options, please refer to the information provided by the providers linked below.

Requests for information and the assertion of user rights can also be asserted most effectively with the providers themselves, as only they have access to the user's data and can take appropriate measures and provide information directly. If you still need help, we are here to support you.

- Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on joint processing of personal data - Privacy Policy: https://www.facebook.com/about/privacy/, especially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.

- Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) - Privacy Policy:https://policies.google.com/privacyOpt-Out: https://adssettings.google.com/authenticated.

- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.

- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Policy: https://twitter.com/de/privacyOpt-Out: https://twitter.com/personalization.

- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) - Privacy Policy/ Opt-Out: https://about.pinterest.com/de/privacy-policy.

- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy Policy https://www.linkedin.com/legal/privacy-policyOpt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy Policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

Discover the perfection of sleep: 30-day sleep trial!

Privacy policy