Privacy policy

Privacy Policy

Responsible for data processing:
Gerwig Lupp
Birkenhain 33
15806 Zossen

Email: gerwig.lupp@ast-germany.com

We are pleased about your interest in our online store. Protecting your privacy is very important to us. Below, we provide detailed information about how your data is handled.

1. Access data and hosting

You can visit our websites without providing any personal information. Whenever a website is accessed, the web server merely automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of retrieval, the transmitted data volume, and the requesting provider (access data) and documents the retrieval. This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the website and improving our offerings. This serves to safeguard our legitimate interests in a correct presentation of our offerings in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. All access data is deleted no later than thirty days after the end of your website visit.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of data processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please refer to the contact options provided in this privacy policy.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: Canada, New Zealand, Japan, United Kingdom, USA.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. Until our service providers achieve certification, data transfers will continue to be based on this foundation: Standard Contractual Clauses of the European Commission.

Our service providers are located and/or use servers in these countries: Australia, India, Singapore.
For these countries, no adequacy decision from the European Commission exists. Our cooperation with them is based on these guarantees: Standard Contractual Clauses of the European Commission.

2. Data processing for contract execution and contacting

2.1 Data processing for contract execution

For the purpose of contract execution (including inquiries and processing of any warranty or performance issues, as well as any statutory update obligations), we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as we require this data to process the contract and cannot complete your order without it. The data collected is evident from the respective input forms.

Further information about the processing of your data, especially regarding disclosure to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. Once the contract has been fully executed, your data will be restricted for further processing and deleted after the retention periods under tax and commercial law have expired, unless you have explicitly consented to the further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to process your data beyond this, which is permitted by law and about which we inform you in this policy.

2.2 Customer account

If you have provided your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by opting to open a customer account, we use your data for the purpose of opening the account and storing your data for further future orders on our website. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a designated function in the customer account. After deleting your customer account, your data will be deleted unless you have explicitly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to process your data beyond this, which is permitted by law and about which we inform you in this policy.

2.3 Contacting us

In the context of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide it to us during your contact with us (e.g., via a contact form, live chat tool, or email). Mandatory fields are marked as such because we need this data to process your contact request. The data collected is evident from the respective input forms. Once your inquiry has been fully processed, your data will be deleted unless you have explicitly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to process your data beyond this, which is permitted by law and about which we inform you in this policy.

Live chat tool WhatsApp

To facilitate customer communication, we use the live chat tool of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"). This serves our legitimate interest in an effective and improved customer communication in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. WhatsApp acts as a processor on our behalf. The phone numbers stored on our mobile devices are automatically processed on servers of Meta companies headquartered at 1601 Willow Road, Menlo Park, California 94025, USA. Only phone numbers of customers who have previously contacted us via WhatsApp and have therefore already agreed to WhatsApp’s usage and privacy terms are stored.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Israel, United Kingdom.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in these countries: Singapore. For these countries, no adequacy decision from the European Commission exists. Our cooperation with them is based on these guarantees: Standard Contractual Clauses of the European Commission.

3. Data processing for shipping

To fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we disclose your data to the shipping service provider entrusted with delivery, to the extent necessary to deliver ordered goods. If you have questions about our service providers and the basis of our cooperation with them, please refer to the contact options provided in this privacy policy.

Data transfer to shipping providers for delivery notifications

If you have provided us with your explicit consent to do so during or after your order, we will share your email address and telephone number with the selected shipping provider based on this consent, so they can contact you for delivery notifications or coordination purposes in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You may revoke your consent at any time by sending a message to the contact details mentioned in this privacy policy or directly to the shipping provider using the contact address provided below. Upon revocation, we will delete the data you have provided for this purpose unless you have explicitly consented to its further use in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use your data for other purposes, as permitted by law and disclosed in this privacy policy. For any questions about our service providers and the basis of our cooperation with them, please contact us using the details provided in this privacy policy.

General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 - 7
DE-36286 Neuenstein
Germany

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

4. Data processing for payment transactions

For processing payments in our online shop, we collaborate with the following partners: technical service providers, credit institutions, and payment service providers.

4.1 Data processing for transaction handling

Depending on the chosen payment method, we pass the necessary data for processing the payment transaction to our technical service providers, who operate as processors on our behalf, or to the credit institutions or payment service providers selected to complete the payment. This serves to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. Some payment service providers collect the required payment data themselves, e.g., on their own website or via a technical integration in the ordering process. In these cases, the privacy policy of the respective payment service provider applies.
If you have questions about our payment processing partners and the basis of our collaboration with them, please contact us using the details provided in this privacy policy.

4.2 Data processing for fraud prevention and payment optimization

In some cases, we provide our service providers with additional data, which they use together with the necessary payment data as our processors for fraud prevention and optimization of our payment processes (e.g., invoicing, handling of disputed payments, support for bookkeeping). This is done in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to safeguard our legitimate interests in fraud protection or efficient payment management.

5. Email marketing

5.1 Email newsletters and tracking with explicit consent

If you subscribe to our newsletter, we use the required or separately provided data to send you our regular email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time by either sending a message to the contact option mentioned below or using a dedicated link in the newsletter. After unsubscribing, we delete your email address from the recipient list unless you have explicitly consented to its further use in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use the data for other purposes, as permitted by law and disclosed in this privacy policy.

If you additionally grant us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR to analyze our newsletters, we will also analyze your interactions with our newsletter by measuring, storing, and evaluating opening rates and click rates for future campaign optimization ("newsletter tracking").

For this evaluation, emails may include one-pixel technologies (e.g., web beacons, tracking pixels) stored on our website. For the evaluations, we link specific "newsletter data," including:

  • The page from which the website was requested (so-called referrer URL),
  • Date and time of access,
  • Description of the browser type used,
  • The IP address of the requesting computer,
  • The email address,
  • Date and time of registration and confirmation

to the one-pixel technologies and your email address or IP address and, if applicable, an individual ID. Links in the newsletter may also contain this ID.

You can opt out of newsletter tracking at any time by sending a message to the contact details mentioned below or using a designated link in the newsletter.

The information is stored as long as you are subscribed to the newsletter.

5.2 Sending review requests via email

If you have explicitly consented to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to request a review of your order via the review system we use. This consent can be revoked at any time by sending a message to the contact option mentioned in this privacy policy or via a link provided in the review request. After revocation, we delete your email address from the recipient list unless you have explicitly consented to its further use in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use the data for other purposes, as permitted by law and disclosed in this privacy policy.

6. Cookies and other technologies

6.1 General information

To make your visit to our website attractive and enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the browser session ends (i.e., after you close your browser). Other cookies remain on your device and enable us to recognize your browser during your next visit (persistent cookies).

Protecting privacy on devices
When using our online offerings, we employ technologies that are strictly necessary to provide the explicitly requested telemedia service. Storing information on your device or accessing information already stored does not require your consent.

For non-essential features, storing information on your device or accessing information already stored requires your consent. Please note that not providing consent may limit the functionality of the website. Your granted consents will remain until you adjust or reset your device settings.

Subsequent data processing through cookies and other technologies

We use such technologies that are essential for utilizing specific functions of our website (e.g., shopping cart functionality). These technologies collect and process IP address, visit time, device, browser information, and information about your website usage (e.g., shopping cart contents). This serves our legitimate interests in optimizing our website display in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

6.2 Consent Manager Platform (CMP)

We use a service for consent management (“Consent Manager Platform (CMP)”) on our website to inform you about the cookies and other technologies we use and to obtain, manage, and document your consent to the processing of your personal data by these technologies where necessary. This is required to fulfill our legal obligation under Art. 7 para. 1 GDPR, which requires us to be able to prove your consent to the processing of your personal data. The Consent Manager Platform (CMP) we use is a service provided by Consentik, 18/11 Thai Ha, 70000 Ha Noi, VN, which processes your data on our behalf.

After you provide your cookie declaration on our website, the web server stores the following data: IP address, device information, browser information, configured language, the accessed website or its URL, date and time of your consent declaration, and information about your consent behavior.

The following technologies are also used to record your consent behavior: Cookies.

This data is stored exclusively on your device, and no personal data is transmitted to the Consent Manager Platform (CMP) provider. Your data is deleted after 7 days unless you explicitly consent to its further use under Art. 6 para. 1 sentence 1 lit. a GDPR, or we reserve the right to use the data for other purposes as permitted by law and disclosed in this privacy policy.

6.3 Information on third-country transfers

We use technologies provided by service providers whose headquarters and/or server locations may be in countries outside the EU or the EEA (“third countries”). If there is no adequacy decision from the EU Commission for such a country, an adequate level of data protection must be ensured through other appropriate safeguards.

Appropriate safeguards include contractual standard data protection clauses issued by the EU Commission or binding internal data protection rules (Binding Corporate Rules). These safeguards typically require a prior review by the contractual parties to ensure that an adequate level of protection can be guaranteed. According to the European Court of Justice (ECJ), additional protective measures may be necessary in some cases.

We have generally agreed on the standard contractual clauses issued by the EU Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree on additional safeguards to ensure that an adequate level of data protection in third countries is guaranteed even without an adequacy decision.

However, despite all contractual and technical measures, the level of data protection in a third country may not be equivalent to that of the EU. For such cases, we may request your explicit consent under Art. 49 para. 1 lit. a GDPR for the transfer of your personal data to a third country in the context of cookie consent.

This involves the risk that local authorities in third countries may have access rights to your personal data that may not be adequately restricted from a European data protection perspective, and that you as the data subject may not have sufficient legal remedies to oppose such access.

The following countries are considered third countries without an adequacy decision by the EU Commission:

  • China
  • Russia
  • Taiwan

The countries to which your data is transferred can be found in the data protection notices for the respective tool and/or service used for consent management (Consent Manager Platform).

7. Use of cookies and other technologies

We use the following cookies and other technologies from third-party providers on our website. Unless otherwise specified for the individual technologies, this is done based on your consent under Art. 6 para. 1 sentence 1 lit. a GDPR. After the purpose is fulfilled and the use of the respective technology by us ends, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. More information about your revocation options can be found in the section “Cookies and other technologies.” Additional information, including the basis of our cooperation with individual providers, can be found in the respective descriptions. If you have questions about the providers and the basis of our cooperation with them, please contact us using the details provided in this privacy policy.

Use of Google Services

We use the following technologies provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google technologies regarding your use of our website is generally transmitted to and stored on a server operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Unless otherwise specified for individual technologies, data processing occurs based on an agreement between jointly responsible parties under Art. 26 GDPR. Further information about data processing by Google can be found in Google’s privacy policy.

Our service providers are located and/or use servers in countries outside the EU and EEA, for which the European Commission has established an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard contractual clauses of the European Commission.

Use of Wix statistics for web analytics

To analyze website usage, we use technologies provided by Wix Ltd., 40 Nemal St., Tel Aviv 6350671, Israel (“Wix”). Data (IP address, visit time, device, and browser information, location details, and information about your usage of our website) is automatically collected and stored, creating pseudonymized usage profiles. Cookies may be used for this purpose. These pseudonymized usage profiles will not be merged with personal data about the bearer of the pseudonym without separate and explicit consent. Wix acts on our behalf.

Our service providers are located and/or use servers in countries for which the European Commission has issued adequacy decisions, including Israel, the United Kingdom, and the USA.
The adequacy decision for the USA applies if the respective service provider is certified. Certification is available.
Our service providers are also located in countries such as Brazil, Mexico, India, and Ukraine, for which no adequacy decision exists. Our collaboration is based on the standard contractual clauses of the European Union.

Using the Visitor Recording Tool (Visitor Analytics) allows us to create statistics regarding where you have scrolled and what you have clicked on the website. This feature helps us make the website more user-friendly and resolve technical issues.

8. Contact Options and Your Rights

8.1 Your Rights

As a data subject, you have the following rights:

  • Under Art. 15 GDPR, the right to request information about your personal data processed by us to the extent described therein;
  • Under Art. 16 GDPR, the right to request the correction of inaccurate or incomplete personal data stored by us without undue delay;
  • Under Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is required:
    • To exercise the right of freedom of expression and information;
    • To comply with a legal obligation;
    • For reasons of public interest, or
    • To assert, exercise, or defend legal claims;
  • Under Art. 18 GDPR, the right to request the restriction of processing your personal data if:
    • You dispute the accuracy of the data;
    • The processing is unlawful, but you oppose its deletion;
    • We no longer need the data, but you require it to assert, exercise, or defend legal claims, or
    • You have objected to processing under Art. 21 GDPR;
  • Under Art. 20 GDPR, the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller;
  • Under Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Usually, you can contact the supervisory authority at your habitual residence, workplace, or our company headquarters.

Right to Object

If we process your personal data as explained above to protect our legitimate interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is for other purposes, you only have the right to object if there are grounds arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.

The above does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

8.2 Contact Options

If you have any questions about the collection, processing, or use of your personal data, or to request information, correction, restriction, or deletion of data, as well as to withdraw any consent granted or object to a specific use of data, please contact us directly using the contact details provided in our imprint.

Data Protection Officer:
Gerwig Lupp
Birkenhain 33
15806 Zossen
Germany

Email: gerwig.lupp@ast-germany.com