Privacy Policy

Overview of Data Protection

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. The term “personal data” refers to all information that can be used to personally identify you. Detailed information regarding data protection can be found in the Privacy Policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

The processing of data on this website is carried out by the website operator. The operator’s contact details can be found in the section “Information about the responsible party (controller under GDPR)” within this Privacy Policy.

How is your data collected?

Your data is collected when you voluntarily provide it to us, for example by entering information into a contact form.

Additional data is collected automatically by our IT systems or after your consent during your visit to the website. This mainly includes technical data such as your browser type, operating system, or the time the website was accessed. This information is recorded automatically once you access this website.

What do we use your data for?

Part of the collected data is used to ensure the proper functioning and error-free provision of the website. Other data may be used to analyze user behavior. If contracts are concluded or initiated via the website, the transmitted data may also be processed for offers, orders, or customer inquiries.

What rights do you have regarding your data?

You have the right to receive free information at any time regarding the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of your data. If you have consented to data processing, you may revoke this consent at any time with future effect. Under certain circumstances, you may also request the restriction of processing of your personal data. Furthermore, you have the right to file a complaint with the responsible supervisory authority.

If you have any questions regarding data protection or personal data, you may contact us at any time.

Analysis Tools and Third-Party Services

Your browsing behavior may be statistically analyzed while visiting this website. Such analyses are mainly carried out using analytics programs.

Further information regarding these analysis tools can be found below in this Privacy Policy.

Hosting and Content Delivery Networks (CDN)

Shopify

This website is hosted by the following provider:

Shopify International Limited
Victoria Building, 1-2 Haddington Road
Dublin 4, D04 XN32, Ireland
(hereinafter referred to as “Shopify”)

Shopify is a platform used for creating and hosting websites. When visiting our website, Shopify collects your IP address as well as information about the device and browser you use. Shopify also analyzes visitor statistics, traffic sources, and customer behavior. If you place an order through our website, Shopify additionally processes data such as your name, email address, billing and shipping address, payment information, telephone number, and other purchase-related details. Shopify may store cookies in your browser for analytical purposes.

Further information can be found in Shopify’s Privacy Policy:
https://www.shopify.de/legal/datenschutz

The use of Shopify is based on Art. 6(1)(f) GDPR due to our legitimate interest in the reliable and secure presentation of our website. If consent has been requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent can be revoked at any time.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This agreement ensures that personal data of our website visitors is processed solely according to our instructions and in compliance with GDPR regulations.

Whenever you use this website, various types of personal data may be collected. Personal data refers to any information that can personally identify you. This Privacy Policy explains which data we collect, how we collect it, and for which purposes it is used.

Please note that data transmission over the internet (for example via email communication) may contain security vulnerabilities. Complete protection of data against third-party access cannot be guaranteed.

Information About the Responsible Party (Controller under GDPR)

The controller responsible for data processing on this website is:

Morris Martin
In den Klötzen 17
16552 Schildow

Phone: +49 1771623875
E-Mail: exaltstatues@gmail.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated within this Privacy Policy, your personal data will remain with us until the purpose for processing no longer applies. If you request deletion of your data or revoke your consent, your data will be deleted unless legal retention obligations require otherwise (e.g., retention periods under tax or commercial law). In such cases, deletion takes place once these obligations no longer apply.

Legal Basis for Data Processing

If you have provided consent for data processing, your personal data will be processed on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR where special categories of data pursuant to Art. 9(1) GDPR are involved.

If you have explicitly consented to the transfer of personal data to third countries, processing also takes place on the basis of Art. 49(1)(a) GDPR. If consent includes the storage of cookies or access to information on your device, processing is additionally based on § 25 (1) TDDDG. Consent may be revoked at any time.

If your data is required for the fulfillment of a contract or pre-contractual measures, processing is carried out on the basis of Art. 6(1)(b) GDPR. Where processing is required to fulfill legal obligations, Art. 6(1)(c) GDPR applies. Data processing may also be based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Further information regarding the applicable legal basis is provided throughout this Privacy Policy.

Information on Data Transfers to Third Countries and Non-DPF Certified US Providers

Among other technologies, we use tools from companies located in third countries that may not provide an adequate level of data protection under applicable data protection laws. We may also use US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If such tools are activated, your personal data may be transferred to and processed in these countries. Please note that data protection standards comparable to those within the EU cannot always be guaranteed in such countries.

We also point out that the United States is generally considered a secure third country if the recipient is certified under the EU-US Data Privacy Framework (DPF) or provides suitable additional safeguards. Further information regarding transfers to third countries and the respective recipients can be found within this Privacy Policy.

Recipients of Personal Data

As part of our business activities, we cooperate with various external service providers. In some cases, this requires the transfer of personal data to these third parties. We only share personal data where this is necessary for the fulfillment of a contract, required by law (e.g., disclosure to tax authorities), based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, or permitted by another legal basis.

Where processors are used, personal data is transferred only on the basis of a valid data processing agreement. In cases of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke any consent you have previously granted at any time. The legality of data processing carried out before the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. This also applies to profiling based on these provisions.

The respective legal basis for processing can be found in this Privacy Policy. If you object, we will no longer process the affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or where processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such advertising purposes. This also applies to profiling related to direct advertising. Following your objection, your personal data will no longer be used for direct advertising purposes (objection pursuant to Art. 21(2) GDPR).

Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the location of the alleged infringement. This right exists independently of other legal remedies or administrative procedures.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. You may also request direct transfer of the data to another controller where technically feasible.

Information, Correction, and Deletion of Data

Within the framework of applicable legal provisions, you have the right to obtain information at any time regarding your stored personal data, its origin, recipients, and the purpose of data processing. You may also have the right to request correction or deletion of your data. If you have questions regarding personal data or related matters, you may contact us at any time.

Right to Restrict Processing

You have the right to request restriction of the processing of your personal data. You may contact us at any time to exercise this right.

The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your stored personal data, we usually require time to verify this. During the review period, you may request restriction of processing.
If the processing of your personal data was or is unlawful, you may request restriction of processing instead of deletion.
If we no longer require your personal data, but you need it for the establishment, exercise, or defense of legal claims, you may request restriction instead of deletion.
If you have objected pursuant to Art. 21(1) GDPR, a balancing of interests must take place. Until it has been determined whose interests prevail, you may request restriction of processing.

If processing has been restricted, such personal data may only be processed — apart from storage — with your consent or for the establishment, exercise, or defense of legal claims, for protecting the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

SSL and/or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries sent to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection when the browser address changes from “http://” to “https://” and by the lock symbol displayed in your browser bar.

When SSL or TLS encryption is activated, data transmitted to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

If you are required to provide payment information (e.g., account details for direct debit authorization) after concluding a paid contract with us, this data is necessary for payment processing.

Payment transactions using common payment methods (Visa/MasterCard, direct debit, etc.) are processed exclusively through encrypted SSL or TLS connections. You can recognize such encrypted connections by the “https://” prefix and the lock icon displayed in your browser.

When communication is encrypted, the payment information you transmit to us cannot be accessed by third parties.

Recording of Data on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data files that do not cause any damage to your device. They may either be stored temporarily for the duration of a session (session cookies) or permanently on your device (persistent cookies). Session cookies are automatically deleted once your visit ends. Persistent cookies remain stored until you delete them manually or your browser deletes them automatically.

Cookies may originate from us (first-party cookies) or from third-party providers (third-party cookies). Third-party cookies allow integration of external services into websites, for example payment processing services.

Cookies serve various functions. Many cookies are technically necessary, as certain website features would not function properly without them (e.g., shopping cart functions or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies required for electronic communication processes, for providing specific functions requested by users, or for optimizing the website are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis applies. The website operator has a legitimate interest in storing necessary cookies for technically flawless and optimized services. If consent for storing cookies or similar technologies has been requested, processing takes place exclusively on the basis of this consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

You may configure your browser to notify you whenever cookies are set and allow cookies only in specific cases. You may also disable cookies entirely or activate automatic deletion when closing the browser. Disabling cookies may limit the functionality of this website.

Further details regarding cookies and services used on this website can be found within this Privacy Policy.

Contact Form

If you submit inquiries through our contact form, the information entered in the form, including any contact details provided, will be stored by us for the purpose of processing your request and handling possible follow-up questions. We do not share this information without your consent.

Processing of this data is based on Art. 6(1)(b) GDPR if your request is related to contractual matters or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in efficiently handling inquiries pursuant to Art. 6(1)(f) GDPR or on your consent pursuant to Art. 6(1)(a) GDPR where applicable. Consent may be revoked at any time.

The information you enter in the contact form remains with us until you request deletion, revoke your consent, or the purpose for storing the data no longer applies (e.g., after your inquiry has been fully processed). Mandatory statutory retention periods remain unaffected.

Requests by E-Mail, Telephone, or Fax

If you contact us by email, telephone, or fax, your request, including all resulting personal data (e.g., name and inquiry), will be stored and processed for the purpose of handling your request. This data will not be shared without your consent.

Processing is carried out on the basis of Art. 6(1)(b) GDPR where your inquiry relates to a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR or on your consent pursuant to Art. 6(1)(a) GDPR if obtained. Consent may be revoked at any time.

Data transmitted through inquiries remains with us until you request deletion, revoke your consent, or the purpose for data storage no longer applies. Mandatory legal provisions — especially statutory retention periods — remain unaffected.

Social Media

Facebook

This website integrates elements of the Facebook social network. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, collected data may also be transferred to the USA and other third countries.

An overview of Facebook social plugins is available here:
https://developers.facebook.com/docs/plugins/

When the social media element is activated, a direct connection between your device and Facebook’s servers is established. Facebook thereby receives information confirming your visit to this website along with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, Facebook may associate the contents of this website with your user profile. As the website operator, we have no knowledge of the content of transmitted data or how Facebook uses it.

Further information can be found in Facebook’s Privacy Policy:
https://de-de.facebook.com/privacy/explanation

Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Where personal data is collected on our website and transmitted to Facebook, we and Meta Platforms Ireland Limited are jointly responsible for processing pursuant to Art. 26 GDPR. Joint responsibility is limited to data collection and transmission to Facebook. Processing carried out by Facebook after transfer is not part of this joint responsibility.

The respective obligations are governed by a joint processing agreement available at:
https://www.facebook.com/legal/controller_addendum

Data transfers to the USA are based on the Standard Contractual Clauses (SCCs) of the European Commission. Additional information can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
https://www.facebook.com/policy.php

Meta is certified under the EU-US Data Privacy Framework (DPF). Further information is available at:
https://www.dataprivacyframework.gov/participant/4452

Instagram

Functions of the Instagram platform are integrated into this website. These services are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the Instagram element is activated, a direct connection between your device and Instagram’s servers is established. Instagram thereby receives information regarding your visit to this website.

If you are logged into your Instagram account, clicking the Instagram button allows Instagram to associate website content with your Instagram profile. As the website operator, we have no knowledge regarding the content of transmitted data or how Instagram uses it.

Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Where personal data is collected and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited are jointly responsible pursuant to Art. 26 GDPR. This responsibility is limited solely to collection and transfer of the data.

The applicable joint processing agreement can be found here:
https://www.facebook.com/legal/controller_addendum

Further information regarding data transfers can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/
https://de-de.facebook.com/help/566994660333381

Additional details regarding Instagram’s privacy policy are available at:
https://privacycenter.instagram.com/policy/

Meta is certified under the EU-US Data Privacy Framework (DPF). More information can be found here:
https://www.dataprivacyframework.gov/participant/4452
https://www.dataprivacyframework.gov/participant/5780

eCommerce and Payment Service Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, organization, and modification of contractual relationships. Personal usage data related to the use of this website is only collected, processed, and used where necessary to enable use of our services or for billing purposes. The legal basis for this processing is Art. 6(1)(b) GDPR.

Collected customer data will be deleted after completion of the order or termination of the business relationship and after expiration of applicable statutory retention periods. Mandatory retention obligations remain unaffected.

Data Transfer When Concluding Contracts for Online Stores and Shipment of Goods

When ordering goods from us, your personal data will be shared with the shipping provider responsible for delivery and the payment service provider handling payment transactions. Only data necessary for fulfilling their respective services will be transferred. The legal basis for this processing is Art. 6(1)(b) GDPR.

If you have provided consent pursuant to Art. 6(1)(a) GDPR, we may share your email address with the shipping provider to allow shipment status notifications via email. You may revoke this consent at any time.

Data Transfer for Services and Digital Content

Personal data is only transferred to third parties where required for contract fulfillment, for example to financial institutions responsible for payment processing.

No additional transfer of data takes place unless you have explicitly consented to such transfer. Your data will not be shared with third parties for advertising purposes without your express consent.

The legal basis for processing is Art. 6(1)(b) GDPR, which permits data processing for the fulfillment of contractual or pre-contractual obligations.

Credit Checks

We may conduct credit checks if purchases are made on account or under payment methods involving credit risk (scoring). For this purpose, personal information you provide (e.g., name, address, age, banking details) may be transferred to a credit agency. Based on this information, the probability of payment default is assessed. If the risk of non-payment is considered excessive, we reserve the right to reject the requested payment method.

Credit checks are carried out on the basis of contractual fulfillment pursuant to Art. 6(1)(b) GDPR and our legitimate interest in preventing payment defaults pursuant to Art. 6(1)(f) GDPR. If consent has been obtained, processing is based on Art. 6(1)(a) GDPR and may be revoked at any time.

Payment Services

We integrate payment services from third-party providers on our website. When you make a purchase, your payment data (e.g., name, payment amount, account information, or credit card number) is processed by the respective payment provider for the purpose of payment processing.

The respective contractual and privacy policies of the individual providers apply to these transactions. The use of payment providers is based on Art. 6(1)(b) GDPR (contract fulfillment) and our legitimate interest in ensuring secure, smooth, and convenient payment processing pursuant to Art. 6(1)(f) GDPR. If consent is required for certain processes, the legal basis is Art. 6(1)(a) GDPR. Consent may be revoked at any time with future effect.

The following payment providers are used on this website:

PayPal

Provider:
PayPal (Europe) S.à.r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg

Data transfers to the USA are based on the Standard Contractual Clauses (SCCs) of the European Commission.

More information:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Apple Pay

Provider:
Apple Inc.
Infinite Loop
Cupertino, CA 95014, USA

Google Pay

Provider:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

Stripe

Provider for EU customers:
Stripe Payments Europe Ltd.
1 Grand Canal Street Lower
Grand Canal Dock, Dublin, Ireland

Data transfers to the USA are based on the SCCs of the European Commission.

Further information:
https://stripe.com/de/privacy
https://stripe.com/de/guides/general-data-protection-regulation

Klarna

Provider:
Klarna AB
Sveavägen 46
111 34 Stockholm, Sweden

Klarna offers various payment methods, including installment payments. If Klarna Checkout is used, Klarna may collect personal data and use cookies to optimize its services.

Further information:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf
https://www.klarna.com/de/datenschutz/

Sofortüberweisung (Instant Bank Transfer)

Provider:
Sofort GmbH
Theresienhöhe 12
80339 Munich, Germany

Using the “Sofortüberweisung” payment method allows us to receive real-time payment confirmation from Sofort GmbH. For this process, you submit a PIN and TAN to Sofort GmbH, enabling secure access to your online banking account.

Sofort GmbH automatically checks your account balance and performs the transfer using the transmitted TAN. Additional account-related information may also be processed automatically.

The following personal data may be transmitted: name, address, phone number, email address, IP address, banking information, and other payment-related details.

Further information:
https://www.klarna.com/sofort/