Privacy Policy
We process your personal data (e.g., title, name, address, email address, phone number, bank details, credit card number) only in accordance with the provisions of German data protection law and the data protection laws of the European Union (EU). The following provisions inform you not only about the purposes of processing, recipients, legal bases, and retention periods, but also about your rights and the controller responsible for your data processing. This privacy policy applies only to our websites. If you are redirected to other sites via links on our pages, please refer to those sites for information regarding their respective handling of your data.
(1) Purpose of processing
The personal data you provide to us during the ordering process is necessary for entering into a contract with us. You are not required to provide your personal data. However, without your address, we cannot ship the goods to you. For some payment methods, we need the necessary payment details to forward them to a payment service provider we have commissioned. The processing of the data you enter during the ordering process is therefore carried out for the purpose of fulfilling the contract.
If you send us an inquiry via email, a contact form, or other means before entering into a contract, we will process the data received in this manner to take steps prior to entering into a contract and, for example, answer your questions about our products.
(2) Legal basis
The legal basis for this processing is Article 6(1)(b) of the GDPR.
(3) Recipient categories
Payment service providers, shipping service providers, hosting providers, inventory management systems (if applicable), and suppliers (dropshipping, print-on-demand) (if applicable).
(4) Retention period
We retain the data necessary for contract processing until the expiration of the statutory warranty period and, if applicable, the contractual warranty period.
We retain the data required under commercial and tax law for the periods specified by law, which is typically ten years (see Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO)).
Data processed for the purpose of taking steps prior to entering into a contract will be deleted as soon as those steps have been completed and it is clear that a contract will not be concluded.
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the United States. However, if IP anonymization is enabled on this website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link:optout
This website uses Google Analytics with the "anonymizeIP()" extension so that IP addresses are processed in a truncated form to prevent direct identification of individuals.
Please note the following privacy policy if you choose to use Klarna's payment services:
http://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
(1) Purpose of processing
This website uses cookies that are technically necessary. These are small text files that are not permanently stored on your computer system by your web browser. These cookies enable you, for example, to add multiple products to a shopping cart.
Other cookies are persistent and recognize your browser the next time you visit. These cookies allow you, for example, to permanently save your passwords for a customer account.
(2) Legal basis
The legal basis for the processing is Article 6(1)(a) of the GDPR.
You may have expressly given the following consent:
I accept
(3) Retention period
Technically necessary cookies are usually deleted when you close your browser. Persistent cookies have varying lifespans, ranging from a few minutes to several years.
(4) Right of Withdrawal
If you do not wish to have these cookies stored, please disable them in your web browser. However, this may limit the functionality of our website.
You can revoke your consent to the permanent storage of cookies at any time by deleting the stored cookies through your browser.
We use social plugins from facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins can be identified by the Facebook logo or the label "Facebook Social Plugin." For example, if you click the“Like” button or post a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. Furthermore, Facebook makes your preferences public to your Facebook friends. If you are logged into Facebook, Facebook can directly associate your visit to our site with your Facebook account. Even if you are not logged in or do not have a Facebook account at all, your browser transmits information (e.g., which website you visited, your IP address) that is stored by Facebook. For details on how Facebook handles your personal data and your rights in this regard, please refer toFacebook’s privacy policy. If you do not want Facebook to associate the data collected about you via our websites with your Facebook account, you must log out of Facebook before visiting our websites. You can also completely prevent the Facebook plugins from loading by using add-ons for your browser, e.g., the "Facebook Blocker" (Facebook).
(1) Purpose of processing
When you subscribe to the newsletter, your email address will be used for promotional purposes; specifically, we will use the newsletter to inform you about products in our range. For statistical purposes, we may analyze which links in the newsletter are clicked. However, we cannot identify which specific person clicked on them. You have provided the following consent separately or, if applicable, explicitly during the ordering process: Join the family!
(2) Legal basis
The legal basis for this processing is Article 6(1)(a) of the GDPR.
(3) Recipient categories
newsletter service provider (if applicable)
(4) Retention period
Your email address will be stored for the purpose of sending the newsletter only for the duration of your subscription.
(5) Right of Withdrawal
You may withdraw your consent at any time, effective immediately. If you no longer wish to receive the newsletter, you can unsubscribe as follows: via the unsubscribe link in the newsletter
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to access information
You may request confirmation from the controller as to whether we are processing personal data concerning you.
If such processing is taking place, you may request the following information from the controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of the storage of your personal data or, if it is not possible to provide specific information on this, the criteria used to determine the storage period;
(5) the existence of a right to have personal data concerning you rectified or erased, a right to restrict processing by the controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information regarding the origin of the data, if the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and—at least in such cases—meaningful information about the logic involved, as well as the scope and intended consequences of such processing for the data subject.
You have the right to request information regarding whether your personal data is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in connection with the transfer.
2. Right to rectification
You have the right to request that the controller correct and/or complete your personal data if the personal data being processed is inaccurate or incomplete. The controller must make the correction without delay.
3. Right to restriction of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
(1) if you contest the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need it to establish, exercise, or defend legal claims, or
(4) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the controller’s legitimate grounds override your interests.
If the processing of your personal data has been restricted, such data may—apart from storage—be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of a substantial public interest of the Union or a Member State.
If the restriction on processing has been imposed in accordance with the above conditions, the controller will notify you before the restriction is lifted.
4. Right to erasure
(a) Obligation to delete
You may request that the controller erase your personal data without delay, and the controller is obligated to erase such data without delay if any of the following grounds apply:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The erasure of your personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you was collected in connection with the information society services offered, in accordance with Article 8(1) of the GDPR.
b) Disclosure to third parties
If the controller has made your personal data public and is required to erase it pursuant to Article 17(1) of the GDPR, the controller shall, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform the controllers processing the personal data that you, as the data subject, have requested the erasure of all links to such personal data or of copies or replicas of such personal data.
c) Exceptions
The right to erasure does not apply if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
(5) to assert, exercise, or defend legal claims.
5. Right to Information
If you have exercised your right to rectification, erasure, or restriction of processing with the controller, the controller is required to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to request information from the controller regarding these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
(1) the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
(2) the processing is carried out using automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, provided that this is technically feasible. This must not infringe upon the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for those purposes.
You have the option, in connection with the use of information society services—notwithstanding Directive 2002/58/EC—to exercise your right to object through automated means using technical specifications.
8. Right to withdraw consent under data protection law
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of any processing carried out on the basis of your consent prior to its withdrawal.
9. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permitted under Union or Member State law to which the controller is subject, and such law provides for appropriate safeguards to protect your rights and freedoms as well as your legitimate interests; or
(3) is done with your express consent.
However, these decisions must not be based on special categories of personal data as defined in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including, at a minimum, the right to request that the controller involve a person, to present your point of view, and to challenge the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace, or the place where the alleged infringement occurred, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of seeking judicial remedy under Article 78 of the GDPR.
Heiko Lippok
c/o SHO Handels GmbH
Semperstraße 91
22303 Hamburg
Phone: 0172 9185744
Email: hello@studiosonntag.shop