PRIVACY POLICY

This Privacy Policy applies to the website www.hufguru.com

Controller:

Alexandra Wilhelm

An Sichelscheid 13

52134 Herzogenrath

Germany

office@hufguru.com

Processing of Personal Data

Within the scope of this website, we process your personal data, including but not limited to the following manners (for further data processing operations within the framework of this website, please refer to the subsequent sections of this Privacy Policy):

Log Files when Visiting the Website

When you use our website, our hosting provider logs so-called "logfile" data upon every access to the servers. This includes, for example, the name of the accessed website, the previously visited page ("referrer" URL), product and version information of the browser and operating system used, the requesting provider, date and time of access, search engines used, country of access, volume of data transferred, names of downloaded files, and your IP address.

The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest in storing the logfile data lies in ensuring system security, including the investigation of abuse. Logfile data is deleted or anonymized after a maximum of 30 days, unless it is required for a longer period due to a security-related incident, for example, for investigation or evidentiary purposes.

Contacting Us

When you submit contact inquiries, we process your personal data such as your name, address, e-mail address, telephone number, or similar information that we require to answer your request.

The legal basis for processing your personal data in the context of contact inquiries is Art. 6(1)(b) GDPR, provided that your request is aimed at entering into a contract; otherwise, it is Art. 6(1)(f) GDPR, whereby our legitimate interest lies in responding to inquiries.

In the context of contact inquiries, we store your personal data for as long as is necessary to process your request or with regard to statutory retention obligations.

Registration / Orders

When you register or place orders, we process your personal data such as your name, address, e-mail address, telephone number, date of birth, chosen username, payment data, or similar information that we require to fulfill the contractual relationship with you or to carry out pre-contractual measures that take place at your request.

We store your personal data collected during registration or ordering for as long as is necessary for the performance of the contractual relationship (including, where applicable, the provision of the customer account) and/or to carry out pre-contractual measures taking place at your request and/or with regard to warranty, guarantee, or comparable obligations and/or with regard to statutory retention periods.

The legal basis for processing your personal data collected during registration or ordering is Art. 6(1)(b) GDPR ("performance of a contract").

The provision of this personal data is not required by law or contract. However, it is necessary for the conclusion of the contract—i.e., to process the registration or order—insofar as the respective information is mandatory (rather than merely voluntary) in our registration/ordering process.

Newsletter

If you subscribe to our newsletter, we process the data collected during this process, such as your e-mail address, salutation, etc., for the purpose of sending the newsletter.

Insofar as the data processing for the purposes described above takes place with your consent, the legal basis is Article 6(1)(a) GDPR (consent). In all other respects, data processing is based on Article 6(1)(f) GDPR ("legitimate interests"), whereby the legitimate interests lie in the aforementioned purposes.

We store the personal data required for sending the newsletter for as long as we need it for this purpose or until you revoke your consent to receive the newsletter. Any legitimately continued storage for other purposes (e.g., customer communication) remains unaffected by this.

Cookies

Cookies are small text files that are stored on the user's computer and enable an analysis of the user's website utilization.

Cookies can be used, for example, to make the use of the website easier and more convenient for the visitor, to enable certain functions in the first place, or to analyze visitor flows.

Insofar as personal data is also processed by individual cookies used by us, the processing is carried out pursuant to Art. 6(1)(b) GDPR for the performance of the contract, pursuant to Art. 6(1)(a) GDPR in the event that consent has been granted, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the commercial operation of our online offer as well as a user-friendly and effective design of the page visit.

The storage duration of cookies may be limited to the duration of the respective browser session, meaning that cookies are deleted after closing the browser (temporary/session cookies); or the storage duration may extend beyond this to recognize the user on their next visit and then show them preferred content, for example (persistent cookies). Unless we state otherwise in this Privacy Policy, within our cookie management services, or via other separate cookie information, you should assume that cookies are persistent and their storage duration is up to two years.

You have the right at any time to revoke any consent granted for the setting of cookies or to object to data processing via cookies by deleting the cookies in your browser settings.

Regarding advertising cookies, you can block and/or manage many of them via the following services:

• www.aboutads.info/choices/
• www.youronlinechoices.com/uk/your-ad-choices/
• www.networkadvertising.org/managing/opt_out.asp

However, if you reject cookies, you may not be able to use certain website functions, services, applications, or tools.

Embedded Content and Features

External content and features obtained from third-party servers are integrated into our website.

In this process, your IP address, information about your browser and operating system, the referring website, the time of the visit, or the use of our website may be transmitted to the respective third-party providers.

This data can be collected on our website via plugins, pixel tags (invisible graphics), or cookies.

The data may be used by the third-party providers concerned for statistical or marketing purposes.

Insofar as data processing takes place with your consent, the legal basis is Article 6(1)(a) GDPR (consent). In all other respects, data processing is carried out on the basis of Article 6(1)(f) GDPR ("legitimate interests"), whereby the legitimate interests lie in providing the content or functions to the user.

Content and/or functions of the following providers are integrated into our website:

• OpenStreetMap: A map service that we use to display our locations; operated by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. Website: www.openstreetmap.org; Privacy Policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy 
• 
  

Facebook Presence

We operate a presence on the social network Facebook. The operator of Facebook is Meta Platforms Ireland Ltd., Dublin, Ireland (hereinafter "Meta").

Your personal data is processed by us and, above all, by Meta. Below, we describe what data of yours we process on our Facebook page and our relationship with Meta in this regard.

What personal data do we process when you use our Facebook page?

When you use our Facebook page, we process the following personal data:

Communication

We operate our presence on Facebook to present our goods and/or services and to communicate with customers and interested parties.

The legal basis for our processing of the respective communication content with you is Article 6(1)(1)(f) GDPR ("legitimate interests"), whereby our legitimate interests lie in the aforementioned purposes. For orders placed via our social network presences, the legal basis is also Article 6(1)(b) GDPR ("performance of a contract").

Technical Usage Data

When you use our Facebook page, we process technical information about your visit, such as your device's IP address, the time of your visit, and the website from which you visit us. We process this data for technical administration, to provide the Facebook page, and to obtain statistical information as the page operator about the use of our Facebook page.

The legal basis for processing your data is Art. 6(1)(f) GDPR. Our interest lies in continuously improving our Facebook page and providing you with information that is interesting and relevant to you.

Statistical Usage Data

Furthermore, we collect statistical usage data. This includes, for example, information about views of pages, posts, or videos, subscriptions, likes of posts, recommendations of posts or comments, sharing of content, reactions or comments to posts, reports of posts, clicks on links on other pages leading to the fan page, mouse movements over names or profile pictures to preview content, clicks on buttons on a fan page, and information regarding the device (computer or mobile device) with which you are logged in.

We only receive such ("usage data") in aggregated—i.e., summarized—form via the Facebook tool "Page Insights" (https://www.meta.com/business/a/page/page-insights and https://de-de.meta.com/legal/terms/information_about_page_insights_data) ("Insights Data"). We cannot attribute Insights Data to your person.

We process this data for technical administration, to provide our Facebook page, and to obtain statistical information as the page operator about the utilization of our fan page. The legal basis for processing this data is Art. 6(1)(f) GDPR. Our interest here is the administration and improvement of the Facebook page.

For the processing of Insights Data, we and Meta are so-called "Joint Controllers". This means that Facebook and we process this data for the joint purpose of understanding the usage behavior of visitors to our fan page. Meta, as the operator of the platform, collects the detailed usage data from you; we only receive the summarized Insights Data from Meta. Therefore, only Meta makes the decisions regarding the processing of usage data in connection with Page Insights. For the event of such joint controllership, the EU General Data Protection Regulation requires us to enter into an agreement with Meta. You can access this contract here: https://www.meta.com/legal/terms/page_controller_addendum. It contains further details and explanations on joint controllership with Meta in the context of Insights.

Likes, Posts, and Messages

When you use our Facebook page, we process:

• Your Facebook username and profile picture,
• Your click interactions with our posts ("likes", "shares", etc.), and
• Your comments, posts, messages, and other content that you provide to us on our Facebook page.

The legal basis for this processing is Art. 6(1)(f) GDPR (balancing of interests). We process your data to provide you and other users of our Facebook page with interesting information and to inform you regularly about what we offer.

Data Processing by Meta

We have no access to other personal data processed during your use of Facebook. The processing of your personal data by Meta is governed by Meta's privacy policies (https://de-de.meta.com/policy.php).

Please pay particular attention to the following:

Data Transfer to the USA and Other Third Countries

Meta may transfer your data to servers worldwide. Meta bases data transfers to the USA and other third countries on adequacy decisions and, otherwise, on the EU Standard Contractual Clauses. Details can be found in the following section of Meta's Privacy Policy: https://de-de.meta.com/privacy/policy?annotations[0]=9.ex.2-MechanismsWeUseFor&subpage=9.subpage.3-HowDoWeSafeguard; Meta's full Privacy Policy can be found at: https://de-de.meta.com/privacy/policy.

Use of Cookies by Meta

When you access Facebook—independent of our Facebook page—Meta places cookies and similar trackers on your device. If you are also logged in to Facebook as a user, Meta is able to track that you visited our Facebook page and how you used it. This also applies to all other Facebook fan pages.

Meta describes in general terms in its data policies which cookies it uses, what information Meta receives via the cookie, how it is used, how long it is stored by Meta, and with which third-party partners it is shared. There you will also find information about contact options for Meta as well as configuration settings for advertisements. The data policies are available at the following link: https://de-de.meta.com/policy.php.

You can delete Meta cookies here, among other places: http://www.youronlinechoices.com/de/praferenzmanagement/.

Instagram Presence

We operate a presence on Instagram. The Instagram service is operated by Meta Platforms Ireland Ltd., Dublin, Ireland (hereinafter "Meta").

Controllers

We are the controller within the meaning of Art. 4(7) of the General Data Protection Regulation (GDPR) provided that we exclusively process the personal data transmitted to us by you via Instagram ourselves.

Insofar as the personal data transmitted to us by you via Instagram is also or exclusively processed by Instagram, Meta Platforms Ireland Ltd., Dublin, Ireland is also a controller for data processing within the meaning of the GDPR alongside us.

You can contact the Data Protection Officer of Instagram or Meta via the contact form provided by Meta.

As the controller of the Instagram page, we have entered into agreements with Meta which, among other things, regulate the conditions for using the Instagram page. The terms of use of Instagram and the other terms and guidelines listed at the end of those terms are authoritative.

Use of Cookies by Meta

When you visit our Instagram page, personal data of the respective user is collected by Meta as a controller, including through the use of cookies.

You can learn from Instagram's privacy notice which cookies Meta uses, what information Meta receives via the cookie, how it is used, how long it is stored by Meta, and with which third-party partners it is shared. There you will also find information about contact options for Meta as well as configuration settings for advertisements. You can additionally configure your browser settings according to your wishes and, for example, refuse the acceptance of cookies. However, we point out that in this case, not all functions of Instagram may be available to you.

You can delete Meta cookies here, among other places: http://www.youronlinechoices.com/de/praferenzmanagement/.

Likes, Posts, and Messages

Insofar as you visit our Instagram page as a registered Instagram user, we process the following data:

• Your Instagram username and profile picture,
• Your click interaction with our posts ("likes", "shares", etc.), and
• Your comments, posts, messages, and other content that you provide on our page.

Insofar as you contact us via our Instagram page or by e-mail, the data you may provide with the message (e-mail address, name) will be stored by us to answer your questions. We delete the data arising in this context after storage is no longer required.

The legal basis for this processing is Art. 6(1)(b) and (f) GDPR (balancing of interests, at the request of the data subject). We process your data to provide you and other users of our page with interesting information and to inform you regularly about what we offer.

We, on the other hand, do not have full access to the data collected by Meta or your profile data and can only view the public information of your profile. You decide specifically what this is in your Instagram settings. For example, you have the option to actively hide "likes" in your profile or to unfollow our Instagram page. Then your profile will no longer appear in the list of fans of our Instagram page.

We have no influence on the collection of your data and its further processing by Instagram. Likewise, it is not apparent to us where, for what period of time, and to what extent the respective data is stored by Meta. This also applies to existing deletion obligations of Meta, what analyses and connections or linkings Meta performs with the data, and to whom the data is passed on. You can find out what additional personal data Meta processes when using our Instagram page in Instagram's privacy notice.

Statistical Usage Data

In order to better achieve the intended goals of our Instagram page, demographic and geographic evaluations are also compiled based on the information collected by Meta and provided to us by Meta. We can use this information to place targeted, interest-based advertisements without obtaining direct knowledge of the visitor's identity. If visitors use Instagram on multiple end devices, collection and evaluation can also take place across devices if they are registered visitors who are logged into their own profile. The following information is provided to us by Meta regarding the use of our Instagram page:

• Followers: Number of people following our Instagram page - including growth and development over a defined timeframe.
• Reach: Number of people who see a specific post. Number of interactions on a post. From this, it can be deduced, for example, which content is better received in the community than others.
• Ad Performance: How many people were reached with a post or a paid advertisement and interacted with it?
• Demographics: Average age of visitors, gender, place of residence, language.
• Activities: Times when most users from the community are online.
• Actions on the page: Clicks on directions, e-mails, website, and profile visits.
• Page views: Number of times the page was accessed and on which device.

These generated visitor statistics are transmitted to us by Meta via the Instagram tool ("Insights") exclusively in anonymized form. We cannot assign Insights Data to your person. We also do not have access to the respective underlying data.

We process this data exclusively for technical administration, to provide our Instagram page, and to obtain statistical information as the page operator about its utilization. The legal basis for processing this data is Art. 6(1)(f) GDPR. Our interest here is the administration and improvement of the page.

For the processing of Insights Data, we and Meta are so-called "Joint Controllers". This means that Meta and we process this data for the joint purpose of understanding the usage behavior of visitors to our Instagram pages. Meta, as the operator of the platform, collects the detailed usage data from you; we only receive the summarized Insights Data from Meta. Therefore, only Meta makes the decisions regarding the processing of usage data in connection with Page Insights. For the event of such joint controllership, the EU General Data Protection Regulation requires us to enter into an agreement with Meta. You can access this contract here: https://www.meta.com/legal/terms/page_controller_addendum. It contains further details and explanations on joint controllership with Meta in the context of Insights.

The contract essentially implies that information requests and the assertion of data subject rights regarding Insights Data must be asserted directly against Meta as the controller.

Furthermore, users of Instagram can influence the extent to which their user behavior may be recorded when visiting our Instagram page under the advertisement preference settings. Additional options are provided by the settings in Instagram or the form for the right to object.

Data Transfer to the USA and Other Third Countries

Meta may transfer your data to servers worldwide. Meta bases data transfers to the USA and other third countries on adequacy decisions and, otherwise, on the EU Standard Contractual Clauses. Details can be found in the following section of Meta's Privacy Policy: https://de-de.meta.com/privacy/policy?annotations[0]=9.ex.2-MechanismsWeUseFor&subpage=9.subpage.3-HowDoWeSafeguard; Meta's full Privacy Policy can be found at: https://de-de.meta.com/privacy/policy.

Data Subject Rights

• Pursuant to Art. 15 of the General Data Protection Regulation, you have the right to request information about the processing of your personal data ("Right of access by the data subject").
• Pursuant to Art. 16 of the General Data Protection Regulation, you have the right to demand the rectification and completion of inaccurate personal data concerning you ("Right to rectification").
• Pursuant to Art. 17 of the General Data Protection Regulation, you can request the erasure of personal data concerning you, provided that one of the reasons listed there applies ("Right to be forgotten").
• Likewise, pursuant to Art. 18 of the General Data Protection Regulation, you have the right to request the restriction of processing of your personal data if one of the prerequisites listed there applies ("Right to restriction of processing").
• Pursuant to Art. 20 of the General Data Protection Regulation, you have the right to receive the personal data concerning you provided to us and to have this data transmitted to another controller ("Right to data portability").
• Revocation of consent: See the section "Right of Revocation" in this Privacy Policy.
• Right to object: See the section "Right to Object" in this Privacy Policy.
• You have the right to lodge a complaint with the competent supervisory authority.
• 
  

Right of Revocation

You can revoke any consent you may have granted for the processing of your personal data at any time, for example by sending an e-mail to our e-mail address stated at the beginning. The lawfulness of the processing carried out on the basis of the consent until revocation shall not be affected thereby.

Right to Object

Insofar as our data processing is based on Article 6(1)(f) GDPR ("legitimate interests"), you have the right to object to the processing of your personal data in accordance with the further provisions of Article 21 GDPR.

Sharing of Your Data

Unless already listed elsewhere in this Privacy Policy, we share your personal data with the following additional recipients or categories of recipients:

Payment Service Providers (PayPal)

If you opt for payment via PayPal during the ordering process, payment processing is carried out by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. In this process, we transmit the data you provided during the ordering process (such as name, address, e-mail address, IP address, purchase amount, and other transaction-related data) to PayPal, insofar as this is necessary for payment processing.

The transmission takes place pursuant to Art. 6(1)(b) GDPR for the performance of a contract and on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR, since secure and efficient payment processing is in the interest of our company. PayPal reserves the right to conduct a credit assessment based on mathematical-statistical methods for certain payment methods (e.g., direct debit, purchase on account). Further information can be found in PayPal's Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Production and Shipping Service Providers (Print-on-Demand)

For the production and shipping of our products, we use the print-on-demand service provider Printful, Inc., 11025 West Lake Drive, Charlotte, NC 28273, USA, as well as their European subsidiary Printful Latvia AS, Ojara Vaciesa iela 6, Riga, LV-1004, Latvia. Within the framework of order processing, Printful receives personal data such as name, delivery address, ordered products, and, if necessary, telephone number and e-mail address, provided these are required for delivery. Printful processes this data as a processor based on a contract pursuant to Art. 28 GDPR. Further information can be found in Printful's Privacy Policy: https://www.printful.com/policies/privacy.

Unless already stated elsewhere in this Privacy Policy, we intend to transfer your personal data to the following third country or international organization:

• Within the scope of using Printful, a transfer of personal data to third countries outside the European Union may occur, particularly to the USA and Mexico, where Printful maintains production facilities. Printful has concluded appropriate safeguards pursuant to Art. 46 GDPR (e.g., EU Standard Contractual Clauses) with its service providers and affiliated companies to ensure an adequate level of data protection. Further information on international data transfers at Printful can be found under: https://www.printful.com/policies/privacy.
• 

IONOS Shop Software

We operate our online shop using software from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter "IONOS") on their servers. Specifically, we use the following product from IONOS: MyWebsite Creator. According to its privacy policy, IONOS processes data worldwide, including in the USA. The privacy policy of IONOS, which contains more detailed information, particularly regarding the transfer of data abroad, can be accessed here: https://www.ionos.de/terms-gtc/terms-privacy#c5950.