PRIVACY POLICY
This Privacy Policy applies to the websites www.hufguru.com and www.alexandrawilhelm.com.
Controller: Hufguru UG (haftungsbeschränkt) An Sichelscheid 13 52134 Herzogenrath office@hufguru.com
1. Processing of Personal Data
Within the scope of this website, we process your personal data in the following manners (for further data processing operations within the framework of this website, please refer to the subsequent sections of this Privacy Policy):
Log files when visiting the website When you use our website, our hosting provider logs so-called "logfile" data upon every access to the servers, such as: name of the accessed website, previously visited page (“referrer” URL), product and version information of the used browser and operating system, requesting provider, date and time of access, used search engines, country of access, amount of data transferred, names of downloaded files, and IP address. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest in storing the logfile data lies in ensuring system security, including the investigation of abuse. Logfile data is deleted or anonymized after a maximum of 30 days, unless it is required longer due to a security-related incident, e.g., for investigation or evidentiary purposes.
Contacting us When you submit contact requests, we process your personal data such as name, address, email address, telephone number, etc., which we need to answer your request. The legal basis for the processing of your personal data in the context of contact requests is Art. 6(1)(b) GDPR, provided that your request is aimed at the conclusion of a contract; otherwise, it is Art. 6(1)(f) GDPR, whereby our legitimate interest lies in responding to inquiries. We store your personal data in the context of contact requests for as long as it is necessary for the processing of your request or with regard to statutory retention obligations.
Registration/Orders When you register or place orders, we process your personal data such as name, address, email address, telephone number, date of birth, chosen username, payment data, etc., which we need for the fulfillment of the contractual relationship with you or for the implementation of pre-contractual measures that take place upon your request. We store the personal data collected during registration or orders for as long as it is necessary for the fulfillment of the contractual relationship (possibly including the provision of the customer account) and/or for the implementation of pre-contractual measures requested by you and/or with regard to warranty, guarantee, or comparable obligations and/or with regard to statutory retention periods. The legal basis for the processing of your personal data collected during registration or orders is Art. 6(1)(b) GDPR (“performance of a contract”). The provision of this personal data is not legally or contractually required. However, it is necessary for the conclusion of the contract, i.e., the implementation of the registration or order, insofar as the relevant information in our registration/order process is mandatory (rather than voluntary).
Newsletter If you sign up for our newsletter, we process the data collected, such as your email address, salutation, etc., for the purpose of sending the newsletter. Insofar as the data processing for the purposes described above is based on your consent, the legal basis is Article 6(1)(a) GDPR (consent). Otherwise, data processing is based on Article 6(1)(f) GDPR (“legitimate interests”), whereby the legitimate interests lie in the aforementioned purposes. We store the personal data required for sending the newsletter as long as we need it for this purpose or until you revoke your consent to receive the newsletter. Any potentially legitimate continued storage for other purposes (e.g., customer communication) remains unaffected.
2. Cookies
Cookies are small text files that are stored on the user's computer and enable an analysis of the use of the website by the user. Cookies can, for example, be used to make the use of the website easier and more convenient for the visitor or to enable certain functions in the first place, or for the analysis of visitor flows. Insofar as personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6(1)(b) GDPR for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the event of consent granted, or in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests in the commercial operation of our online offer as well as a user-friendly and effective design of the site visit. The storage duration of the cookies can be limited to the duration of the respective browser session, i.e., the cookies are deleted after closing the browser (temporary cookies); or the storage duration can go beyond that in order to recognize the user on the next visit and then display, for example, preferred content (persistent cookies). Unless we provide deviating information in this Privacy Policy or within the scope of our cookie management services or other separate information on cookies, you should assume that cookies are persistent and the storage duration is up to two years. You have the option at any time to revoke your consent to the setting of cookies or to object to the data processing by cookies by deleting the cookies in your browser settings. Regarding advertising cookies, you can block and/or manage many of them via the following services: www.aboutads.info/choices/ | www.youronlinechoices.com/uk/your-ad-choices/ | www.networkadvertising.org/managing/opt_out.asp However, if you decline cookies, you may not be able to use certain website functions, services, applications, or tools.
3. Embedded Content and Functions
On our website, we have integrated external content and functions obtained from the servers of third-party providers. In this process, information such as IP address, browser and operating system information, the referring website, visit time, or the use of our website may be transmitted to the respective third-party providers. These data can be collected on our website via plugins, pixel tags (invisible graphics), or cookies. The data can be used by the relevant third-party providers for statistical or marketing purposes. Insofar as data processing is based on your consent, the legal basis is Article 6(1)(a) GDPR (consent). Otherwise, data processing is based on Article 6(1)(f) GDPR (“legitimate interests”), whereby the legitimate interests may lie in the provision of content or functions to the user. We have integrated content and/or functions from the following provider:
- OpenStreetMap: A map service we use to display our locations; operated by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom; Website: www.openstreetmap.org; Privacy Policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy
4. Facebook Presence
We operate a presence on the social network Facebook. The operator of Facebook is Meta Platforms Ireland Ltd., Dublin, Ireland (hereinafter “Meta”). Your personal data is processed by us and primarily by Meta. Below, we describe which of your data we process on our Facebook page and our relationship with Meta.
a) Which personal data do we process when using our Facebook page?
- Communication: We operate our presence on Facebook to present our products and/or services and to communicate with customers and interested parties. The legal basis for our processing of the relevant communication content is Art. 6(1) sentence 1(f) GDPR (“legitimate interests”), whereby our legitimate interests lie in the aforementioned purposes. In the case of orders via our presence on social networks, the legal basis is also Art. 6(1)(b) GDPR (“contract fulfillment”).
- Technical usage data: When you use our Facebook page, we process technical information about your visit, such as your device's IP address, time of visit, and the website from which you visit us. We process this data for technical administration and provision of the Facebook page and to obtain statistical information as the operator of the Facebook page regarding its usage. The legal basis is Art. 6(1)(f) GDPR. Our interest lies in constantly improving our Facebook page and providing you with relevant information.
- Statistical usage data: We also collect statistical usage data. This includes information about page views, post or video views, subscriptions, likes, recommendations, comments, shares, reactions, link clicks to other sites, mouse movements over names/profile pictures, and device information. We receive this (“usage data”) only in aggregated form via the Facebook tool “Page Insights” (https://www.meta.com/business/a/page/page-insights). We cannot associate Insights data with your person. We process this data for technical administration and provision of the page. The legal basis is Art. 6(1)(f) GDPR. For the processing of Insights data, we and Meta are “Joint Controllers.” The contract can be accessed here: https://www.meta.com/legal/terms/page_controller_addendum.
- Likes, Posts, and Messages: If you use our Facebook page, we process your Facebook username, profile picture, interaction clicks (“likes,” “shares,” etc.), and your comments, posts, messages, and other content you provide to us. The legal basis is Art. 6(1)(f) GDPR (balancing of interests).
b) Data processing by Meta We do not have access to other personal data processed during your use of Facebook. For the processing of your personal data by Meta, Meta’s privacy policies apply (https://de-de.meta.com/policy.php).
- Data transfer to the USA and other third countries: Meta may transfer your data to servers worldwide. Meta relies on adequacy decisions and, otherwise, on EU Standard Contractual Clauses. Details can be found here: https://de-de.meta.com/privacy/policy?annotations[0]=9.ex.2-MechanismsWeUseFor&subpage=9.subpage.3-HowDoWeSafeguard
- Use of cookies by Meta: When you visit Facebook—regardless of our Facebook page—Meta places cookies and similar trackers on your device. If you are a logged-in user, Meta can track that you visited our page and how you used it. Further information can be found in Meta's Data Policy. You can delete Meta cookies, for example, here: http://www.youronlinechoices.com/de/praferenzmanagement/
5. Instagram Presence
We operate a presence on Instagram. The Instagram service is operated by Meta Platforms Ireland Ltd., Dublin, Ireland.
Controllership: We are the controller within the meaning of Art. 4(7) GDPR, provided we process the personal data you send us via Instagram exclusively ourselves. To the extent that data is also or exclusively processed by Instagram, Meta is a joint controller.
Use of Cookies by Meta: When visiting our Instagram page, Meta collects personal data of users, including via cookies. For information on these cookies and how to manage them, please refer to Instagram’s privacy policies.
Likes, Posts, and Messages: If you visit our Instagram page as a registered user, we process your Instagram username, profile picture, interaction clicks (“likes,” “shares,” etc.), and your comments, posts, messages, and other content you provide. If you contact us via Instagram or email, the data provided (email, name) will be stored to answer your questions. The legal basis is Art. 6(1)(b), (f) GDPR. We do not have full access to Meta-collected data or your profile data; you control which information is public in your Instagram settings.
Statistical Usage Data: Meta provides us with demographic and geographic evaluations via the “Insights” tool based on collected information. These statistics are provided to us in anonymized form. We process this data for technical administration and the improvement of our page. The legal basis is Art. 6(1)(f) GDPR. As with Facebook, we and Meta are “Joint Controllers” for Insights data. You can access the contract here: https://www.meta.com/legal/terms/page_controller_addendum. From the contract, it essentially follows that requests for information and the assertion of data subject rights regarding Insights data must be made directly to Meta.
Data transfer to the USA and other third countries: Meta may transfer your data globally. Data transfers to the USA and other third countries are based on adequacy decisions or EU Standard Contractual Clauses. See: https://de-de.meta.com/privacy/policy?annotations[0]=9.ex.2-MechanismsWeUseFor&subpage=9.subpage.3-HowDoWeSafeguard
6. Amazon Partner Program
We are participants in the Amazon EU Partner Program, designed to provide a medium for websites to earn advertising fees by placing advertisements and links to Amazon.de. Amazon uses cookies to trace the origin of orders. Amazon can recognize that you clicked the partner link on our website. The storage of “Amazon cookies” and the use of these tracking tools is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the correct billing of our commissions. Insofar as consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR; consent can be revoked at any time. Further information on data usage by Amazon can be found in the company's privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010
7. Data Subject Rights
According to Art. 15 GDPR, you have the right to request access to your personal data (“Right of access by the data subject”). According to Art. 16 GDPR, you have the right to request the rectification and erasure of incorrect personal data (“Right to rectification”). According to Art. 17 GDPR, you can request the erasure of your personal data if one of the listed grounds applies (“Right to be forgotten”). You also have the right under Art. 18 GDPR to request the restriction of processing (“Right to restriction of processing”). According to Art. 20 GDPR, you have the right to receive the personal data concerning you and to have these data transmitted to another controller (“Right to data portability”).
- Revocation of consents: See section “Right of Revocation” in this Privacy Policy.
- Right to object: See section “Right to Object” in this Privacy Policy.
- Right to lodge a complaint: You have the right to lodge a complaint with the competent supervisory authority.
8. Right of Revocation
You can revoke any consent you may have given for the processing of your personal data at any time, e.g., by email to our aforementioned email address. The lawfulness of the processing carried out based on the consent until the revocation remains unaffected.
9. Right to Object
Insofar as our data processing is based on Article 6(1)(f) GDPR (“legitimate interests”), you have the right, in accordance with Article 21 GDPR, to object to the processing of your personal data.
10. Sharing of Your Data
Unless otherwise stated in this Privacy Policy, we pass on your personal data to the following further recipients or categories of recipients:
- Payment Service Providers (PayPal): If you decide to pay via PayPal during the ordering process, the payment is processed via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. We transmit your data provided during the ordering process (name, address, email, IP address, purchase amount, and transaction data) to PayPal, insofar as this is necessary for payment processing. This is based on Art. 6(1)(b) GDPR for contract fulfillment and on the basis of legitimate interests according to Art. 6(1)(f) GDPR, as secure and efficient payment processing is in our company's interest. For certain payment methods, PayPal reserves the right to perform a credit check. Further information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Production and Shipping Service Providers (Print-on-Demand): We use the print-on-demand provider Printful, Inc., 11025 West Lake Drive, Charlotte, NC 28273, USA, and their European subsidiary Printful Latvia AS, Ojara Vaciesa iela 6, Riga, LV-1004, Latvia. During order processing, Printful receives personal data such as name, delivery address, ordered products, and, if necessary, phone number/email address for delivery. Printful processes this data as a processor based on a contract according to Art. 28 GDPR. Further information: https://www.printful.com/policies/privacy. In the context of using Printful, personal data may be transferred to third countries outside the EU, particularly the USA and Mexico. Printful has concluded appropriate guarantees according to Art. 46 GDPR (e.g., EU Standard Contractual Clauses) to ensure an appropriate level of data protection.
- Online Shop Software (IONOS): We operate our online shop using software from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter “IONOS”). IONOS processes data worldwide, including in the USA. You can access the IONOS privacy policy here: https://www.ionos.de/terms-gtc/terms-privacy#c5950
11. TikTok
a) Our presence on TikTok We maintain a profile on the platform TikTok, operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”). If you visit our profile or interact with our content, TikTok processes your personal data, including usage behavior (views, likes, comments, messages) and technical data (IP address, device information, location data). We receive only anonymized statistical evaluations from TikTok. We have no influence on the actual data processing by TikTok. The data may be transferred to countries outside the European Economic Area (e.g., USA, Singapore, Malaysia). TikTok uses Standard Contractual Clauses to ensure an adequate level of protection. The use of our TikTok account is based on our legitimate interest according to Art. 6(1)(f) GDPR. You can assert your data subject rights (access, rectification, erasure, restriction, objection, portability) against us or TikTok. Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de
b) Integration of TikTok content on our website / TikTok Pixel Our website may integrate functions and content from TikTok (e.g., videos, social media widgets, or the TikTok Pixel). Data such as IP address, browser and device information, usage actions, or cookies are transmitted to TikTok. TikTok processes this data for the purpose of providing functions, analysis, reach measurement, and personalized advertising. The data may be transferred to countries outside the European Economic Area. The legal basis for processing is Art. 6(1)(f) GDPR (legitimate interest in the optimization and economic use of our online offer) and, if necessary, Art. 6(1)(a) GDPR (consent, e.g., via a cookie/consent banner).
12. Online Withdrawal Form
If you wish to exercise your right of withdrawal, we provide an electronic withdrawal form on our website. We process the personal data you enter into the form (especially name, address, email address, order number, and date of purchase/receipt) to process your request.