Privacy Policy

Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data includes all data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website under the General Data Protection Regulation (GDPR) is MS Network und Onlinemarketing UG (haftungsbeschränkt), Windhornsweg 27, 27729 Hambergen, Germany, Email: msnetworkonlinemarketing@magenta.de. The controller is the natural or legal person who determines the purposes and means of the processing of personal data, either alone or jointly with others.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

2) Data Collection When Visiting Our Website
When you use our website for informational purposes only (i.e., without registering or otherwise providing us with information), we collect only the data your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: anonymized)

The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or otherwise used. However, we reserve the right to retrospectively review the server log files if concrete evidence of unlawful use emerges.

3) Hosting & Content Delivery Network
Hosting by Shopify
We use the Shopify International Limited platform, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for hosting and presenting the online shop as part of processing on our behalf. All data collected on our website is processed on Shopify’s servers. In the context of the aforementioned services provided by Shopify, data may also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada; Shopify Data Processing (USA) Inc.; Shopify Payments (USA) Inc.; or Shopify (USA) Inc.

In the case of data transmission to Shopify Inc. in Canada, an adequate level of data protection is ensured by the European Commission's adequacy decision. For more information on Shopify's privacy policy, visit: https://www.shopify.com/legal/privacy.

Further processing on servers other than the ones mentioned above will only occur within the scope described below.

4) Cookies
To make the visit to our website attractive and enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted after the browser is closed (so-called "session cookies"), while others remain on your device for a longer period and enable the storage of page settings (so-called "persistent cookies"). The duration of storage can be found in the overview of cookie settings in your web browser.

If personal data is processed by individual cookies implemented by us, the processing is carried out either in accordance with Art. 6(1)(b) GDPR for the execution of the contract, in accordance with Art. 6(1)(a) GDPR in the case of granted consent, or in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Please note that the functionality of our website may be limited if cookies are not accepted.

5) Contacting Us
When you contact us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose. The legal basis for processing these data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, then an additional legal basis for processing is Art. 6(1)(b) GDPR.

Your data will be deleted once it is evident that the matter in question has been conclusively resolved, provided that no statutory retention obligations apply.

6) Use of Customer Data for Direct Advertising

6.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. The provision of further data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure to ensure that the newsletter is sent only after you have explicitly confirmed your consent to receiving it by clicking a verification link sent to the email address provided.

By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. When registering for the newsletter, we store your IP address as entered by your Internet Service Provider (ISP) as well as the date and time of registration to trace any potential misuse of your email address at a later date.

The data collected during the newsletter registration process is used exclusively for the purpose of sending the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by notifying the responsible party mentioned at the beginning of this document. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve the right to use the data for other purposes as permitted by law, about which we inform you in this declaration.

6.2 Newsletter Distribution via ActiveCampaign
Our email newsletters are sent using the technical services of ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, USA ("ActiveCampaign"), to whom we pass on the data provided during the newsletter registration. This transfer is made in accordance with Art. 6(1)(f) GDPR and is based on our legitimate interest in using a secure, user-friendly, and effective newsletter system.

The data entered by you for the purpose of receiving the newsletter (e.g., email address) is stored on ActiveCampaign's servers in the USA. ActiveCampaign uses this information to send and statistically analyze the newsletters on our behalf. For analysis purposes, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This allows us to determine whether a newsletter was opened and which links were clicked.

Using conversion tracking, it can also be analyzed whether a predefined action (e.g., the purchase of a product on our website) occurred after clicking the link in the newsletter. Additionally, technical information is collected (e.g., time of access, IP address, browser type, and operating system). The data is collected exclusively in pseudonymized form and is not linked with other personal data to prevent direct identification. These data are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the recipients' interests.

If you wish to object to data analysis for statistical purposes, you must unsubscribe from the newsletter.

We have entered into a data processing agreement ("Data Processing Agreement") with ActiveCampaign, which obligates ActiveCampaign to protect our customers' data and not to disclose it to third parties.

You can view ActiveCampaign's privacy policy here: https://www.activecampaign.com/privacy-policy

7) Data Processing for Order Fulfillment

7.1
To fulfill the contract, we transmit personal data to the shipping company entrusted with delivery, insofar as this is necessary for the delivery of the goods. We also transmit payment data to the credit institution commissioned with processing payments, as required for payment handling. The legal basis for this data processing is Art. 6(1)(b) GDPR.

In addition, we collaborate with service providers who support us wholly or partially in the execution of concluded contracts. Certain personal data will be transferred to these service providers as necessary, in accordance with the following information.

7.2
To fulfill our contractual obligations to our customers, we work with external shipping partners. We provide these shipping partners with your name, delivery address, and, if required for delivery, your telephone number, exclusively for the purpose of goods delivery, in accordance with Art. 6(1)(b) GDPR.

7.3 Use of Payment Service Providers (Payment Services)

- Apple Pay
If you choose the payment method "Apple Pay" by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing occurs via the "Apple Pay" function on your iOS, watchOS, or macOS-operated device, debiting a payment card stored in "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify it using the "Face ID" or "Touch ID" feature of your device.
For payment processing, the information you provided during the ordering process, along with details about your order, is forwarded to Apple in encrypted form. Apple encrypts this data again with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay. Encryption ensures that only the website where the purchase was made can access the payment data. Once the payment is made, Apple sends the originating website a device account number and a transaction-specific dynamic security code to confirm the successful payment.
If personal data is processed during the described transfers, it is done solely for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Apple stores anonymized transaction data, including the approximate purchase amount, date, time, and an indication of whether the transaction was completed successfully. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, your Mac and the authorization device communicate through an encrypted channel on Apple's servers. Apple does not process or store this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and deactivate "Allow payments on Mac."
For further information on Apple Pay's privacy policy, visit: https://support.apple.com/de-de/HT203027.

- Google Pay
If you choose the payment method "Google Pay" by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing occurs via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality. Payment is charged to a payment card stored in Google Pay or another verified payment system (e.g., PayPal). Payments exceeding €25 require prior unlocking of your mobile device through the configured verification method (e.g., facial recognition, password, fingerprint, or pattern).
For payment processing, the information provided during the ordering process, along with details about your order, is forwarded to Google. Google then transmits the payment information stored in Google Pay as a one-time transaction number to the originating website to verify the payment. This transaction number contains no real payment data of your stored payment methods in Google Pay but is created and transmitted as a one-time numerical token. For all transactions via Google Pay, Google acts solely as an intermediary for payment processing. The transaction is executed exclusively between the user and the originating website by debiting the payment method stored in Google Pay.
If personal data is processed during the described transfers, it is done solely for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Google reserves the right to collect, store, and evaluate certain transaction-specific information for every transaction made through Google Pay, including the date, time, and amount of the transaction, merchant location and description, a merchant-provided description of the purchased goods or services, photos attached to the transaction, the seller's and buyer's name and email address (or sender and recipient), the payment method used, your description of the transaction purpose, and any offer associated with the transaction.
According to Google, this processing is carried out exclusively under Art. 6(1)(f) GDPR based on Google's legitimate interest in proper accounting, verifying transaction data, and optimizing and maintaining the Google Pay service.
Google also reserves the right to combine the processed transaction data with additional information collected and stored during the use of other Google services.
The Google Pay terms of use are available here: Google Pay Terms.
For further information on Google Pay's privacy policy, visit: Google Pay Privacy Notice.

- Klarna
When selecting a Klarna payment service, payment processing is handled by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden ("Klarna"). To enable the payment process, your personal data (first and last name, address, house number, postal code, city, gender, email address, phone number, and IP address), along with data related to the order (e.g., invoice amount, items, delivery method), will be forwarded to Klarna for identity and credit checks, provided you have expressly consented to this in accordance with Art. 6(1)(a) GDPR during the order process.
Details about the credit agencies Klarna may use can be found here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

The credit report may contain probability values (so-called score values). These score values are based on scientifically recognized mathematical-statistical methods, including but not limited to address data. Klarna uses the obtained information about the statistical probability of payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship.

You can revoke your consent at any time by contacting the data controller or Klarna. However, Klarna may remain entitled to process your personal data if required for contractual payment processing.
Your personal data will be processed in compliance with applicable data protection regulations and as described in Klarna's privacy policy for individuals in Germany:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for individuals in Austria:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.

- PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—"purchase on account" or "installment payment" via PayPal, your payment data will be forwarded to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") for payment processing. The transfer occurs in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.

For payment methods such as credit card via PayPal, direct debit via PayPal, or—if offered—"purchase on account" or "installment payment" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be forwarded to credit agencies in accordance with Art. 6(1)(f) GDPR, based on PayPal's legitimate interest in determining your solvency. The result of the credit check concerning the statistical probability of default is used by PayPal to decide whether to provide the respective payment method.
The credit report may include probability values (so-called score values) based on scientifically recognized mathematical-statistical methods. These calculations incorporate address data, among other factors.

For more information about PayPal's privacy practices, including the credit agencies used, please refer to PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

You can object to this processing of your data by notifying PayPal. However, PayPal may still process your personal data if necessary for contractual payment processing.

  • SOFORT
    When choosing the payment method "SOFORT," payment processing is handled by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"). Your data provided during the ordering process, along with information about your order, will be forwarded to SOFORT in accordance with Art. 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB [publ], Sveavägen 46, 11134 Stockholm, Sweden). Data transfer is carried out exclusively for payment processing purposes with SOFORT and only to the extent necessary.
    Further information on SOFORT's data protection policy can be found here:
    https://www.klarna.com/sofort/datenschutz.

 

8) Tools and Miscellaneous

- Net Reviews S.A.S. for Verification and Publication of Customer Reviews
To verify and publish customer reviews, we use the services of Net Reviews S.A.S., 18-20 Avenue Robert Schuman, 13002, Marseille, France ("Net Reviews"), operating in Germany under the name "Echte Bewertungen by NetReviews."
When you leave a review on our website, your first and last name, email address, order date and number, as well as product names and international references (GTIN/ISDNF), are collected, transmitted to Net Reviews, and evaluated there to determine the legitimacy of a customer review for a specific order. This processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in ensuring the authenticity of customer reviews by verifying the transaction and preventing review misuse.
After the review verification and approval process is complete, the data is deleted by Net Reviews.
For more information on data protection at Net Reviews, please visit:
https://www.echte-bewertungen.com/index.php?page=mod_protectiondonnees.

9) Rights of the Data Subject

9.1 The applicable data protection law grants you the following rights regarding the processing of your personal data (rights of access and intervention):

  • Right of access according to Article 15 GDPR;
  • Right to rectification according to Article 16 GDPR;
  • Right to erasure according to Article 17 GDPR;
  • Right to restriction of processing according to Article 18 GDPR;
  • Right to notification according to Article 19 GDPR;
  • Right to data portability according to Article 20 GDPR;
  • Right to withdraw consent according to Article 7(3) GDPR;
  • Right to lodge a complaint according to Article 77 GDPR.

9.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

 

10) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the processing purpose, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax retention periods).

  • Consent under Article 6(1)(a) GDPR:
    Data will be stored until the data subject withdraws their consent.

  • Processing based on Article 6(1)(b) GDPR:
    Data will be routinely deleted after the statutory retention periods have expired, provided they are no longer required for the fulfillment or initiation of a contract.

  • Processing based on Article 6(1)(f) GDPR:
    Data will be stored until the data subject exercises their right to object, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

  • Direct marketing under Article 6(1)(f) GDPR:
    Data will be stored until the data subject objects to the processing.

Unless otherwise specified in the information provided in this declaration for specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.