Privacy Policy

1) Introduction and Controller’s Contact Details

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Jan Vogel, GutscheinWERFT, Kurt-Dunkelmann-Str. 2, 18057 Rostock, Germany, Tel.: +49 381 36767877, Email: info@gutscheinwerft.de. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 The controller has appointed a data protection officer who can be reached as follows: "Andre Weinert".

 

2) Data Collection When Visiting Our Website

2.1 When you use our website purely for information purposes – i.e., if you do not register or otherwise transmit information to us – we only collect the data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • The specific page of our website visited

  • Date and time of access

  • Amount of data sent in bytes

  • Referrer source (the website from which you arrived)

  • Browser used

  • Operating system used

  • IP address used (where applicable: in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or otherwise used. However, we reserve the right to retrospectively review the server log files if there are specific indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.

 

3) Hosting & Content Delivery Network

We use a provider for hosting our website and displaying page content who renders services itself or via selected sub-contractors exclusively on servers located within the European Union. All data collected on our website are processed on these servers. We have concluded a data processing agreement (DPA) with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

 

4) Contacting Us

When you contact us (e.g., via contact form or email), personal data are processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary. The legal basis for this processing is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once it can be inferred from the circumstances that the relevant matter has been conclusively resolved and provided that no statutory retention obligations apply.

5) Use of Customer Data for Direct Advertising

5.1 Subscribing to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory detail for sending the newsletter is your email address. Any additional information is voluntary and is used to address you personally. We use the so-called double opt-in process to ensure that you only receive the newsletter after you have expressly confirmed your consent to receive it by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. We store the IP address assigned by your Internet Service Provider (ISP) as well as the date and time of registration so that we can trace any potential misuse of your email address at a later point in time. The data collected by us during newsletter registration are used strictly for the intended purpose.

You may unsubscribe at any time via the link provided in the newsletter or by notifying the controller named above. After successful unsubscription, your email address will be promptly deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve further data use that is permitted by law and about which we inform you in this notice.

5.2 Sending the email newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for goods or services from our range similar to those you have already purchased. For this purpose, we are not required to obtain separate consent from you pursuant to Sec. 7(3) UWG (German Unfair Competition Act). Processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send such emails.

You are entitled to object at any time to the use of your email address for the aforementioned advertising purpose with effect for the future by notifying the controller named above. You will incur only transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.

5.3 HubSpot
Our email newsletters are sent via the following provider: HubSpot Ireland Ltd., 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we transmit the data you provided when subscribing to the newsletter to this provider pursuant to Art. 6(1)(f) GDPR so that it can send the newsletter on our behalf.

Subject to your explicit consent pursuant to Art. 6(1)(a) GDPR, the provider also performs statistical performance analysis of newsletter campaigns by means of web beacons or tracking pixels included in the emails, which can measure open rates and specific interactions with newsletter content. Device information (e.g., time of retrieval, IP address, browser type, operating system) is also collected and evaluated, but not merged with other datasets.

You may revoke your consent to newsletter tracking at any time with effect for the future. We have concluded a data processing agreement with the provider, which protects our website visitors’ data and prohibits disclosure to third parties.

6) Data Processing for Order Fulfillment

6.1 Where necessary for contractual performance for delivery and payment purposes, we transmit the personal data collected by us pursuant to Art. 6(1)(b) GDPR to the commissioned transport company and the commissioned financial institution. If, under a corresponding agreement, we owe you updates for goods with digital elements or for digital products, we process the contact details you provided when ordering (name, address, email address) in order to inform you personally, via an appropriate communication channel (e.g., by post or email), about upcoming updates within the statutory period in accordance with our legal information obligations pursuant to Art. 6(1)(c) GDPR. Your contact details are used strictly for the purpose of notifications about updates owed by us and are processed by us only to the extent necessary for each such notification.

To process your order, we also work with the following service provider(s) who support us in whole or in part in fulfilling concluded contracts. Certain personal data will be transferred to these service providers in accordance with the following information.

6.2 Use of payment service providers (payment services)

  • Amazon Pay
    Available on this website: one or more online payment methods from Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg. If you select a payment method from this provider that involves advance performance (e.g., credit card payment), the payment data you provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the contents of your order will be transmitted to the provider pursuant to Art. 6(1)(b) GDPR. The transfer takes place solely for the purpose of payment processing and only to the extent necessary for that purpose.

  • Apple Pay
    If you choose the “Apple Pay” payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the Apple Pay function of your device running iOS, watchOS, or macOS by charging a payment card stored in Apple Pay. Apple Pay uses security features built into your device’s hardware and software to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify via your device’s Face ID or Touch ID function.

For payment processing, the information you provided during the order process together with information about your order is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider of the card stored in Apple Pay. This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm payment success.

Where personal data are processed in the transmissions described, processing is carried out solely for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR. Apple retains anonymized transaction data—such as approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Due to anonymization, no personal reference is possible. Apple uses anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on iPhone or Apple Watch to complete a purchase you made via Safari on a Mac, the Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store this information in a form that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac." Further privacy information for Apple Pay can be found here: https://support.apple.com/de-de/HT203027

  • Google Pay
    If you choose the “Google Pay” payment method of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment is processed via the Google Pay application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with NFC by charging a payment card stored with Google Pay or a verified payment system there (e.g., PayPal). To authorize a Google Pay payment exceeding €25.00, you must first unlock your device using the configured verification method (e.g., facial recognition, password, fingerprint, or pattern).

For payment processing, the information you provided during the order process, together with information about your order, is transmitted to Google. Google then transmits your Google Pay payment information to the originating website in the form of a one-time transaction number used to verify a successful payment. This transaction number contains no information about the real payment data of the means of payment stored with Google Pay; it is created and transmitted as a single-use numeric token. For all Google Pay transactions, Google acts solely as an intermediary for processing the payment. The transaction itself is carried out exclusively between the user and the originating website by charging the payment method stored with Google Pay.

Where personal data are processed in the transmissions described, processing is carried out solely for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR. Google may collect, store, and evaluate transaction-specific information for each Google Pay transaction (including date, time, amount, merchant location and description, a merchant-provided description of goods or services purchased, photos you attached to the transaction, the seller’s and buyer’s or sender’s and recipient’s name and email address, payment method used, your description of the purpose of the transaction, and any associated offer). According to Google, this processing is performed solely pursuant to Art. 6(1)(f) GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service. Google also reserves the right to combine processed transaction data with other information collected and stored when using other Google services.
Google Pay Terms of Service:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Google Pay Privacy Notice:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

  • Mollie
    Available on this website: one or more online payment methods from Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands. If you select a payment method from this provider that involves advance performance (e.g., credit card payment), the payment data you provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the contents of your order will be transmitted to the provider pursuant to Art. 6(1)(b) GDPR. The transfer takes place solely for the purpose of payment processing and only to the extent necessary for that purpose.

7) Web Analytics Services

Matomo
This website uses a web analytics service from the following provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”). To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses of site usage within a short timeframe of up to 24 hours. The site’s config_id is a randomly set, time-limited hash of a limited set of the visitor’s settings and attributes. The config_id or config hash is a string computed for a visitor based on their operating system, browser, browser plugins, IP address, and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the site visitor to create the config_id.

Where the information processed in this way includes personal user data, processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes. To object to future processing of your visitor data, we provide a separate opt-out option on our website. Data are transferred to the provider only if the service is not hosted on our own servers. In the case of self-hosting, no data collected via the service are transmitted to the provider. Where the service is not hosted on our own servers, we have concluded a data processing agreement with the provider that ensures protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. For data transfers to New Zealand, an EU adequacy decision applies, attesting to compliance with European data protection standards for international data transfers.

8) Data Subject Rights

8.1 Under applicable data protection law, you have the following rights vis-à-vis the controller regarding the processing of your personal data (rights of access and intervention). The legal bases for exercising each right are indicated below:

  • Right of access, Art. 15 GDPR

  • Right to rectification, Art. 16 GDPR

  • Right to erasure, Art. 17 GDPR

  • Right to restriction of processing, Art. 18 GDPR

  • Right to notification, Art. 19 GDPR

  • Right to data portability, Art. 20 GDPR

  • Right to withdraw consent granted, Art. 7(3) GDPR

  • Right to lodge a complaint, Art. 77 GDPR

8.2 Right to Object
Where we process your personal data on the basis of our overriding legitimate interest following a balancing of interests, you have the right, at any time and on grounds relating to your particular situation, to object to such processing with effect for the future.
If you exercise your right to object, we will cease processing the data concerned. However, further processing is reserved if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
If your personal data are processed by us for direct advertising purposes, you have the right to object at any time to the processing of personal data concerning you for such advertising. You may exercise your objection as described above.
If you exercise your right to object, we will cease processing the data concerned for direct advertising purposes.

 

9) Duration of Storage of Personal Data

The duration of storage of personal data depends on the respective legal basis, the purpose of processing, and—where applicable—also on the relevant statutory retention period (e.g., commercial and tax-law retention periods).

Where personal data are processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, such data are stored until you withdraw your consent. Where statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations pursuant to Art. 6(1)(b) GDPR, such data are routinely deleted after the retention periods expire, provided they are no longer required for contract performance or contract initiation and/or we have no legitimate interest in continued storage.

Where personal data are processed on the basis of Art. 6(1)(f) GDPR, such data are stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. Where personal data are processed for direct advertising purposes on the basis of Art. 6(1)(f) GDPR, such data are stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in this notice with respect to specific processing situations, stored personal data are otherwise deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Copyright notice: This privacy policy was created by the specialized attorneys of IT-Recht Kanzlei under DOC-ID: ##ITK-1233ca2ca17bbf05e6f4ff71404ccab9## and is protected by copyright (https://www.it-recht-kanzlei.de)

Last updated: 17.02.2025