1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data is all data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Mareia. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line.
2) DATA COLLECTION WHEN VISITING OUR WEBSITE
When you use our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you: our visited website, date and time of access, amount of data sent in bytes, source/reference from which you accessed the page, browser used, operating system used, IP address used (if applicable: in anonymised form).
Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.
3) COOKIES
To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
Some of the cookies serve to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). Where individual cookies implemented by us also process personal data, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
We may work with advertising partners who help us make our online offering more interesting for you. For this purpose, cookies from partner companies may also be stored on your hard drive when you visit our website (third-party cookies). If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in the paragraphs below.
Please note that you can set your browser to inform you about the setting of cookies and to decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser. You can find these for the respective browsers at the following links: Internet Explorer, Firefox, Chrome, Safari, Opera.
Please note that if you do not accept cookies, the functionality of our website may be restricted.
4) CONTACT
When you contact us (e.g. via contact form or email), personal data is collected. The data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your enquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your enquiry, which is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no statutory retention obligations to the contrary.
5) DATA PROCESSING FOR OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING
In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be carried out by sending a message to the controller's address mentioned above. We store and use the data provided by you for contract processing. After the contract has been fully processed or your customer account has been deleted, your data will be blocked in consideration of commercial and tax retention periods and deleted after the expiry of these periods, unless you have expressly consented to further use of your data or we have reserved the right to further use of data permitted by law, about which we inform you below.
6) USE OF YOUR DATA FOR DIRECT MARKETING
6.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further optional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter if you have expressly confirmed that you consent to the sending of newsletters. We will then send you a confirmation email asking you to confirm by clicking on a corresponding link that you wish to receive newsletters in the future.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. When registering for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us when registering for the newsletter is used exclusively for the purpose of advertising via the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we have reserved the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.
6.2 Sending the email newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for similar goods or services to those already purchased from our range. We do not need to obtain separate consent from you for this. The data processing is based solely on our legitimate interest in personalised direct advertising in accordance with Art. 6(1)(f) GDPR. If you have initially objected to the use of your email address for this purpose, we will not send any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the controller named at the beginning. Only transmission costs at basic rates will be incurred. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
7) DATA PROCESSING FOR ORDER PROCESSING
7.1 The personal data we collect will be passed on to the transport company commissioned with the delivery as part of contract processing, insofar as this is necessary for the delivery of the goods. Your payment data will be passed on to the commissioned credit institution as part of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for passing on the data is Art. 6(1)(b) GDPR.
7.2 Use of payment service providers
PayPal: When paying via PayPal, credit card via PayPal, direct debit via PayPal or — if offered — "purchase on account" or "instalment payment" via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") as part of payment processing. The transfer is carried out in accordance with Art. 6(1)(b) GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or — if offered — "purchase on account" or "instalment payment" via PayPal. For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
SOFORT: When selecting the payment method "SOFORT", payment processing is carried out via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"). The data transfer is made exclusively for the purpose of payment processing. For further information, see: https://www.klarna.com/sofort/datenschutz
8) CONTACT FOR REVIEW REMINDER
We use your email address for a one-time reminder to submit a review of your order for the rating system we use, provided you have given us your express consent to do so during or after your order in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time by sending a message to the controller responsible for data processing.
9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS
9.1 Facebook plugins with Shariff solution
Our website uses so-called social plugins ("plugins") of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). To increase the protection of your data when visiting our website, these buttons are not integrated into the page as unrestricted plugins, but only using an HTML link. When you click on the button, a new browser window opens and calls up the Facebook page where you can interact with the plugins (if necessary after entering your login data). For further information, see: https://www.facebook.com/policy.php
9.2 Google+ plugins as Shariff solution
Our website uses so-called social plugins ("plugins") of the social network Google+, operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The same Shariff integration method applies as described above. For further information, see: https://www.google.com/intl/de/policies/privacy/
9.3 Instagram plugin as Shariff solution
Our website uses so-called social plugins ("plugins") of the online service Instagram, operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram"). The same Shariff integration method applies as described above. For further information, see: https://help.instagram.com/155833707900388/
10) ONLINE MARKETING
10.1 DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick"). DoubleClick uses cookies to serve relevant ads to users, improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Processing is carried out on the basis of our legitimate interest in the optimal marketing of our website in accordance with Art. 6(1)(f) GDPR. For further information, see: https://www.google.de/policies/privacy/
10.2 Use of Google AdWords conversion tracking
This website uses the online advertising programme "Google AdWords" and, within the framework of Google AdWords, the conversion tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to draw attention to our attractive offers on external websites with the help of advertising media. We can determine how successful individual advertising measures are in relation to the data from the advertising campaigns. The cookie for conversion tracking is set when a user clicks on a Google AdWords ad. These cookies lose their validity after 30 days and are not used for personal identification. We use Google AdWords on the basis of our legitimate interest in targeted advertising in accordance with Art. 6(1)(f) GDPR. For further information, see: https://www.google.de/policies/privacy/
11) WEB ANALYTICS SERVICES
Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies" — text files stored on your computer that enable analysis of your use of the website. This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymisation of the IP address by truncation and excludes direct personal identification. Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes. You can prevent the storage of cookies by adjusting your browser software settings. You can also prevent the collection of data generated by the cookie by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de
12) RETARGETING / REMARKETING / RECOMMENDATION ADVERTISING
Facebook Custom Audience via the pixel method
This website uses the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). With express consent, this can be used to track the behaviour of users after they have seen or clicked on a Facebook advertisement. This procedure is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes. The collected data is anonymous for us and does not allow us to draw conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. These processing operations are carried out exclusively upon granting of express consent in accordance with Art. 6(1)(a) GDPR. Consent to the use of the Facebook Pixel may only be given by users who are older than 13 years.
Google AdWords Remarketing
Our website uses the functions of Google AdWords Remarketing to advertise this website in Google search results and on third-party websites. For this purpose, Google sets a cookie in your device's browser, which automatically enables interest-based advertising using a pseudonymous cookie ID based on the pages you have visited. Processing is carried out on the basis of our legitimate interest in the optimal marketing of our website in accordance with Art. 6(1)(f) GDPR. For further information, see: https://www.google.com/policies/technologies/ads/
13) RIGHTS OF THE DATA SUBJECT
13.1 The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) with regard to the processing of your personal data by the controller, about which we inform you below:
Right of access pursuant to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of automated decision-making including profiling, and your right to be informed of the guarantees pursuant to Art. 46 GDPR in the event of your data being transferred to third countries.
Right to rectification pursuant to Art. 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of your incomplete data stored by us.
Right to erasure pursuant to Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17(1) GDPR are met. However, this right does not exist in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request restriction of the processing of your personal data while the accuracy of your data disputed by you is being verified, if you refuse erasure of your data due to unlawful data processing and instead request restriction of the processing of your data, if you need your data for the establishment, exercise or defence of legal claims after we no longer need this data following the achievement of the purpose, or if you have lodged an objection on grounds relating to your particular situation, as long as it has not yet been determined whether our legitimate grounds override yours.
Right to notification pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request transmission to another controller, insofar as this is technically feasible.
Right to withdraw consent pursuant to Art. 7(3) GDPR: You have the right to withdraw consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately, insofar as further processing cannot be based on a legal basis for processing without consent.
Right to lodge a complaint pursuant to Art. 77 GDPR: If you are of the opinion that the processing of your personal data violates the GDPR, you have the right — without prejudice to any other administrative or judicial remedy — to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement.
13.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
14) DURATION OF STORAGE OF PERSONAL DATA
The duration of storage of personal data is determined by the respective statutory retention period (e.g. commercial and tax retention periods). After expiry of the period, the corresponding data is routinely deleted, provided it is no longer necessary for the performance or initiation of a contract and/or there is no longer a legitimate interest on our part in continued storage.