Privacy policy

Controller responsible for data processing:
André Wunsch
Udestedter Str. 46A
99198 Ollendorf near Erfurt
Germany
Email: hello@prestaify.com

Phone: +49 (0) 30-9391-2917

We appreciate your interest in our online shop. Protecting your privacy is important to us. Below you will find detailed information about how we handle your data.

1. Access Data and Hosting

You can visit our website without providing any personal information. Each time a page is accessed, the web server automatically stores a server log file containing information such as the name of the requested file, your IP address, date and time of access, data volume transferred, and the requesting provider. This access data is evaluated solely to ensure smooth operation of the site and to improve our offerings. This serves our legitimate interests in the accurate presentation of our services as assessed under a balancing of interests pursuant to Art. 6(1)(1)(f) GDPR. All access data is deleted no later than seven days after your visit.

Hosting

Hosting and website display services are partly provided by service providers acting as data processors on our behalf. Unless otherwise stated in this privacy policy, all access data and data collected through forms on this website are processed on their servers. If you have questions about our service providers and the basis of our relationship with them, please use the contact details provided in this privacy policy.

2. Data Processing for Contract Fulfillment and Contact

2.1 Data Processing for Contract Fulfillment

For the purpose of fulfilling contracts (including handling warranty and performance claims, as well as any statutory update obligations) pursuant to Art. 6(1)(1)(b) GDPR, we collect personal data that you voluntarily provide during the ordering process. Required fields are marked as such, as this data is necessary to process your order and we are unable to complete it without these details. The data collected is indicated in the respective input forms.

Further information about how your data is processed — in particular its transfer to service providers for order, payment, and shipping fulfillment — can be found in the following sections of this privacy policy. Once the contract has been fully fulfilled, your data will be restricted from further processing and deleted upon expiry of the applicable tax and commercial retention periods pursuant to Art. 6(1)(1)(c) GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(1)(a) GDPR or we reserve the right to use your data beyond that scope in a manner permitted by law and described in this policy.

2.2 Customer Account

If you have given your consent pursuant to Art. 6(1)(1)(a) GDPR by choosing to create a customer account, we use your data for the purpose of opening the account and storing your details for future orders on our website. You may delete your customer account at any time by contacting us through the means described in this privacy policy or via the relevant function within your account. Upon deletion, your data will be erased unless you have expressly consented to further use or we are entitled to retain it under applicable law as described in this policy.

2.3 Contact

When you contact us (e.g., via contact form or email), we collect the personal data you voluntarily provide in order to process your inquiry, pursuant to Art. 6(1)(1)(b) GDPR. Required fields are marked accordingly. Once your inquiry has been fully resolved, your data will be deleted unless you have consented to further use or we are permitted to retain it under applicable law.

3. Data Processing for Shipping

For the purpose of fulfilling the contract pursuant to Art. 6(1)(1)(b) GDPR, we share your data with the shipping service provider responsible for delivery, to the extent necessary to deliver the ordered goods.

Sharing Data with Shipping Providers for Delivery Notifications

If you have given us your express consent during or after your order, we will share your email address with the selected shipping provider so they can contact you prior to delivery for the purpose of coordinating the shipment, pursuant to Art. 6(1)(1)(a) GDPR.
You may withdraw this consent at any time by contacting us through the means described in this policy or directly with the shipping provider at the address below. Upon withdrawal, we will delete your data provided for this purpose unless you have consented to further use or we are entitled to retain it.

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

4. Data Processing for Payment

When processing payments in our online shop, we work with the following partners: technical service providers, financial institutions, and payment processors.

4.1 Transaction Processing

Depending on the payment method selected, we share the data required to process the payment transaction with our technical service providers acting as data processors, or with the relevant financial institution or payment processor, to the extent necessary to complete the payment. This serves contract fulfillment pursuant to Art. 6(1)(1)(b) GDPR. Some payment providers collect the required data themselves, e.g., on their own website or via a technical integration in the checkout process. In such cases, their own privacy policy applies.
If you have questions about our payment partners, please use the contact details in this privacy policy.

4.2 Fraud Prevention and Payment Optimization

Where applicable, we may share additional data with our service providers, which they use together with the payment-related data — as our data processors — for the purposes of fraud prevention and optimizing our payment processes (e.g., invoicing, handling disputed payments, accounting support). This is based on our legitimate interests in protection against fraud and efficient payment management pursuant to Art. 6(1)(1)(f) GDPR.

4.3 Identity and Credit Checks for Invoice Payment via PayPal and Ratepay

If you choose to pay by invoice (offered through Ratepay GmbH, Franklinstraße 28–29, 10587 Berlin ("Ratepay") and PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg ("PayPal")), we will ask for your consent pursuant to Art. 6(1)(1)(a) GDPR to transmit the data necessary for payment processing and for an identity and credit check to Ratepay. In Germany, credit agencies specified in Ratepay's privacy policy may be used for this purpose. The information obtained about the statistical probability of payment default is used by Ratepay to make a balanced decision on whether to enter into, perform, or terminate the contract. You may withdraw your consent at any time by contacting us through the means described in this policy; this may result in certain payment options no longer being available to you. For additional privacy information about PayPal, please click here.

5. Email Marketing

5.1 Email Newsletter and Newsletter Tracking (with Separate Consent)

If you subscribe to our newsletter, we will use the data provided — or separately shared by you — to send you our newsletter on a regular basis, based on your consent pursuant to Art. 6(1)(1)(a) GDPR. You may unsubscribe at any time by contacting us through the means described below or via the unsubscribe link included in every newsletter. Upon unsubscription, your email address will be removed from the recipient list unless you have consented to further use or we are permitted to retain it under applicable law.

If you have additionally consented pursuant to Art. 6(1)(1)(a) GDPR to the analysis of our newsletters, we will analyze your engagement with our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of improving future newsletter campaigns ("newsletter tracking").

For this analysis, emails may contain single-pixel technologies (e.g., web beacons or tracking pixels) stored on our website. For evaluation purposes, we link the following "newsletter data" in particular:

The referring URL
Date and time of access
Browser type and version
IP address of the requesting device
Email address
Date and time of registration and confirmation

These are linked to your email address or IP address and, where applicable, an individual ID. Links within the newsletter may also contain this ID.

You may opt out of newsletter tracking at any time by contacting us or via the relevant link in the newsletter. Data is stored for as long as you remain subscribed to the newsletter.

5.2 Newsletter Dispatch

The newsletter may also be sent by our service providers acting as data processors on our behalf. For questions about our service providers, please use the contact details in this privacy policy.

The newsletter and the newsletter tracking described above may also be handled by our service providers as part of data processing on our behalf. For questions about our service providers and the basis of our relationship with them, please use the contact details in this privacy policy.

Our service providers are located in and/or use servers in the following countries for which the European Commission has issued an adequacy decision: USA.

The adequacy decision for the USA serves as the legal basis for third-country transfers, provided the respective provider is certified. Until certification is confirmed by our service providers, data transfers continue to be based on the EU Commission's Standard Contractual Clauses.

6. Cookies and Other Technologies

6.1 General Information

To make our website appealing and to enable certain features, we use technologies including cookies on various pages. Cookies are small text files automatically stored on your device. Some cookies are deleted at the end of your browser session (session cookies); others remain on your device and allow us to recognize your browser on your next visit (persistent cookies).

Privacy on end devices
For our online offering, we use strictly necessary technologies to provide the service you have explicitly requested. Storing or accessing information on your device for these purposes does not require your consent.

For non-essential functions, storing or accessing information on your device does require your consent. Please note that declining consent may limit the availability of certain parts of the website. Consents you have given remain in effect until you adjust or reset the relevant settings on your device.

Subsequent data processing through cookies and other technologies
We use technologies that are strictly necessary for certain features of our website (e.g., the shopping cart). These technologies collect and process your IP address, time of visit, device and browser information, and information about your use of our website (e.g., cart contents). This serves our legitimate interests in the optimized presentation of our offering pursuant to Art. 6(1)(1)(f) GDPR.

We also use technologies to fulfill legal obligations (e.g., to document consent to the processing of personal data) as well as for web analytics and online marketing. Further information, including the applicable legal basis for each processing activity, can be found in the following sections of this privacy policy.

Cookie settings for your browser can be found at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of these technologies pursuant to Art. 6(1)(1)(a) GDPR, you may withdraw your consent at any time by contacting us through the means described in this privacy policy. Alternatively, you can visit: https://www.cookiebot.com/en/. Please note that declining cookies may limit the functionality of our website.

6.2 Third-Country Data Transfers

We use technologies from service providers on our website whose registered offices and/or server locations may be in third countries outside the EU or EEA. Where no adequacy decision has been issued by the EU Commission for the relevant country, an adequate level of data protection must be ensured through other appropriate safeguards.

Appropriate safeguards in the form of contractually agreed Standard Contractual Clauses issued by the EU Commission or Binding Corporate Rules are generally possible, but require the contracting parties to first assess whether an adequate level of protection can be guaranteed. According to the case law of the Court of Justice of the EU, additional protective measures may be required.

We have generally agreed on the Standard Contractual Clauses issued by the EU Commission with the technology providers we use that process personal data in a third country. Where possible, we also agree on additional safeguards to help ensure adequate data protection in third countries without an adequacy decision.

Notwithstanding all contractual and technical measures, the level of data protection in a third country may not match that of the EU. In such cases, we may ask for your consent pursuant to Art. 49(1)(a) GDPR to transfer your personal data to a third country as part of the cookie consent process.
In particular, there is a risk that local authorities in the third country may gain access to your personal data with insufficient restrictions from a European data protection perspective, that we as the data exporter or you as the data subject may be unaware of this, and/or that you may have limited legal recourse to prevent or challenge such access.

The following countries are currently among the third countries without an adequacy decision from the EU Commission (non-exhaustive list):

China
Russia
Taiwan

Information about which third countries your data may be transferred to can be found in the privacy notices for each tool used and/or the consent management platform (CMP) we employ.

7. Use of Cookies and Other Third-Party Technologies

We use the following cookies and other third-party technologies on our website. Unless otherwise indicated for individual technologies, this is done on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR. Once the purpose no longer applies and we discontinue use of the respective technology, the data collected in this context will be deleted. You may withdraw your consent at any time with future effect. Further information about your withdrawal options can be found in the "Cookies and Other Technologies" section. Additional information, including the basis of our relationship with individual providers, is described under the respective technologies. If you have questions about providers and the basis of our relationship with them, please use the contact details in this privacy policy.

Use of Google Services

We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") described below. Information about your use of our website automatically collected by Google technologies is generally transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Unless otherwise indicated for individual technologies, data processing is based on a joint controller agreement pursuant to Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.

Our service providers are located in and/or use servers in countries outside the EU and EEA for which the European Commission has issued an adequacy decision.

Our service providers are located in and/or use servers in countries outside the EU and EEA for which no adequacy decision from the European Commission exists. Our relationship with them is based on the EU Commission's Standard Contractual Clauses.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which pseudonymous usage profiles are created. Cookies may be used for this purpose. If you visit our website from within the EU, your IP address is stored on an EU-based server to derive location data and is then immediately deleted before traffic is forwarded for further processing on Google's servers. Data processing is based on a data processing agreement with Google.

Google Ads

For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent behavior when you have reached our website via a Google Ads advertisement. Cookies may be used and data may be collected (IP address, time of visit, device and browser information, and information about your use of our website based on events we define, such as page visits or newsletter sign-ups) from which pseudonymous usage profiles are created.

8. Integration of the Trusted Shops Trustbadge and Other Widgets

Where you have given your consent pursuant to Art. 6(1)(1)(a) GDPR, this website integrates Trusted Shops widgets to display Trusted Shops services (e.g., quality seal, collected reviews) and to offer Trusted Shops buyer protection products after a purchase.

The Trustbadge and the services it promotes are offered by Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we are jointly responsible for data protection pursuant to Art. 26 GDPR. We inform you below of the key terms of this arrangement pursuant to Art. 26(2) GDPR.

Within the framework of our joint controllership with Trusted Shops AG, we ask that you address data protection inquiries and exercise your rights primarily through Trusted Shops, using the contact details provided in their privacy information. You may, however, always contact either controller of your choice. Your request will then be forwarded to the other controller for a response if necessary.

8.1 Data Processing When the Trustbadge or Other Widgets Are Loaded

The Trustbadge is delivered via a US-based content delivery network (CDN). An adequate level of data protection is ensured by the EU Commission's adequacy decision for the USA, available here. US-based service providers are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. Where service providers are not DPF-certified, Standard Contractual Clauses have been agreed as an appropriate safeguard.

When the Trustbadge is loaded, the web server automatically stores a server log file containing your IP address, date and time of access, data volume transferred, and the requesting provider. Your IP address is anonymized immediately after collection, so the stored data cannot be linked to your identity. The anonymized data is used primarily for statistical purposes and error analysis.

8.2 Data Processing After Order Completion

Where you have given your consent, the Trustbadge accesses order information stored on your device after purchase (order amount, order number, and where applicable the purchased product) as well as your email address, which is hashed using a one-way cryptographic function. The hash value is then transmitted to Trusted Shops together with the order information pursuant to Art. 6(1)(1)(a) GDPR.
This is used to check whether you are already registered for Trusted Shops services. If so, further processing takes place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered or do not consent to automatic recognition via the Trustbadge, you will subsequently have the option to register manually for the services or to activate buyer protection under an existing agreement.

For this purpose, the Trustbadge accesses the following information stored on your device after your order is completed: order amount, order number, and email address. This is necessary for us to offer you buyer protection. Data is only transmitted to Trusted Shops once you actively opt in to buyer protection by clicking the relevant button in the Trustcard. If you choose to use the services, further processing is governed by your contractual agreement with Trusted Shops pursuant to Art. 6(1)(b) GDPR, in order to complete your buyer protection registration, secure the order, and where applicable send you review invitation emails.

Trusted Shops uses service providers for hosting, monitoring, and logging. The legal basis is Art. 6(1)(f) GDPR for the purpose of ensuring reliable operations. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured by EU Commission adequacy decisions, available for the USA here and for Israel here. US-based providers are generally DPF-certified. Further information is available here. Where providers are not DPF-certified, Standard Contractual Clauses have been agreed.

9. Social Media

Our Online Presence on Facebook (by Meta) and Instagram (by Meta)

Where you have given your consent pursuant to Art. 6(1)(1)(a) GDPR to the respective social media operator, visiting our online presence on the social media platforms listed above will result in your data being automatically collected and stored for market research and advertising purposes, from which pseudonymous usage profiles may be created. These may be used to display ads inside and outside the platforms that are likely to match your interests. Cookies are generally used for this purpose. For detailed information about how each social media operator processes and uses your data, as well as your rights and privacy settings, please refer to the privacy notices linked below. If you still need assistance, you are welcome to contact us.

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). Information about your use of our Facebook presence automatically collected by Meta Platforms Ireland is generally transferred to and stored on servers of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in connection with visits to a Facebook Fan Page is based on a joint controller agreement pursuant to Art. 26 GDPR. Further information (including Insights data) is available here.

Our service providers are located in and/or use servers in the following countries for which the European Commission has issued an adequacy decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the legal basis for third-country transfers where the respective provider is certified. Certification is in place.

Our service providers are also located in and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
No adequacy decision from the European Commission exists for these countries. Our relationship with them is based on the following safeguards: EU Commission Standard Contractual Clauses.

Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). Information about your use of our Instagram presence automatically collected by Meta Platforms Ireland is generally transferred to and stored on servers of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in connection with visits to an Instagram Fan Page is based on a joint controller agreement pursuant to Art. 26 GDPR. Further information (including Insights data) is available here.

The adequacy decision for the USA serves as the legal basis for third-country transfers where the respective provider is certified. Certification is in place.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

pursuant to Art. 15 GDPR, the right to request information about the personal data we process about you, to the extent set out therein;
pursuant to Art. 16 GDPR, the right to request the immediate correction of inaccurate or completion of incomplete personal data stored by us;
pursuant to Art. 17 GDPR, the right to request the deletion of personal data stored by us, unless further processing is required:
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation;
- for reasons of public interest; or
- for the establishment, exercise, or defense of legal claims;
pursuant to Art. 18 GDPR, the right to request the restriction of processing of your personal data where:
- you contest the accuracy of the data;
- the processing is unlawful but you oppose erasure;
- we no longer need the data but you require it for the establishment, exercise, or defense of legal claims; or
- you have objected to processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transfer to another controller;
pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. You may generally contact the supervisory authority of your habitual place of residence, place of work, or our place of business.

Right to Object

Where we process personal data on the basis of legitimate interests as described above, you may object to such processing with future effect. If processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. Where processing is carried out for other purposes, your right to object is available only where reasons arising from your particular situation exist.

After you exercise your right to object, we will no longer process your personal data for those purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing serves the establishment, exercise, or defense of legal claims.

This does not apply where processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

10.2 How to Contact Us

For questions about the collection, processing, or use of your personal data, or to request access, correction, restriction, or deletion of data, to withdraw previously given consent, or to object to a specific use of your data, please contact us directly using the contact details in our imprint.

Print this page