Privacy Policy

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for concluding a contract. You are not obliged to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is given in the following processing operations. "Personal data" means any information relating to an identified or identifiable natural person. Server log files You can visit our websites without providing any personal information. Each time our website is accessed, usage data is transmitted to us or our web host / IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the accessed page, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and in improving our offer. Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. An adequacy decision by the EU Commission exists for Canada. For the USA, an adequacy decision by the EU Commission is available, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.

Contact

Controller

Please contact us if you wish. The controller for data processing is: MARECLO Ebru Tanrikulu, Alt Oberliederbach 40, 65835 Liederbach Germany, 01732753686, info@mareclo.com Proactive contact by customer via email If you proactively contact us by email for business purposes, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves to process and respond to your contact request. If the contact serves to carry out pre-contractual measures (e.g., consultation for purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR. If the contact is made for other reasons, this data processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation. We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use. Collection and processing when using the contact form When using the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of contacting us. If the contact serves to carry out pre-contractual measures (e.g., consultation for purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR. If the contact is made for other reasons, this data processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation. We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use. Collection and processing when using the withdrawal button If you have concluded a contract via our online presence, we provide you with a withdrawal function (withdrawal button) through which you can submit your declaration of withdrawal directly. When using the withdrawal function, we collect your personal data (name, email address, information for identifying the contract or part of the contract you wish to withdraw, as well as the time (date and time) of sending the declaration of withdrawal) only to the extent provided by you. The data processing serves the purpose of providing you with the legally required option to withdraw your contract and for proper processing of your withdrawal. If the contact concerns a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR. Otherwise, the data processing is based on Art. 6 para. 1 lit. c GDPR, to fulfill a legal obligation to provide you with a withdrawal function on our online presence. We use your email address only to process your declaration of withdrawal. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use. The processing of your personal data serves the purpose of legally fulfilling the requirements for the design of the withdrawal function and is carried out on the basis of Art. 6 para. 1 lit. c GDPR. This data processing is also carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in being able to provide you with a user-friendly withdrawal option. In this case, you have the right to object at any time to this processing of your personal data based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation. WhatsApp Business If you contact us for business purposes via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "WhatsApp"). If you reside outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA). The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number stored on WhatsApp, if provided your name, and other data to the extent provided by you. We use a mobile device for the service, in whose address book only data of users who

have contacted us via WhatsApp are stored. Thus, no personal data is passed on to WhatsApp without your prior consent to WhatsApp. Your data will be transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA. An adequacy decision by the EU Commission exists for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. has certified itself under the TADPF and has thus committed to comply with European data protection principles. If the contact serves to carry out pre-contractual measures (e.g., consultation for purchase interest, offer creation) or concerns a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR. If the contact is made for other reasons, this data processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in providing quick and easy contact and in responding to your request. In this case, you have the right to object at any time to this processing of your personal data based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation. We use your personal data only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use. Further information on terms of use and data protection when using WhatsApp can be found at https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.

Customer Account

Orders

Customer Account

When opening a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until revocation. Your customer account will then be deleted. Collection, processing, and transfer of personal data for orders When ordering, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order and for processing your inquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and is necessary for the fulfillment of a contract with you. Your data may be transferred, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to a minimum. Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. An adequacy decision by the EU Commission exists for Canada. For the USA, an adequacy decision by the EU Commission is available, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.

Advertising

Use of the email address for sending newsletters

We use your email address to send you information and offers via newsletter, provided you have expressly consented to this. The data processing serves exclusively the purpose of promotional communication. For this purpose, we process your email address and, if applicable, other data that you voluntarily provided during registration for our newsletter. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time, without affecting the legality of the processing carried out based on the consent until revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list. Despite removal from the distribution list, we may continue to store your email address in a so-called blacklist to prevent you from receiving newsletter emails from us in the future. This storage is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our and your legitimate interest in preventing the renewed use of your email address for sending our newsletter. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation. Use of Brevo (formerly Sendinblue) We use the service of Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin; "Brevo") for sending newsletters as part of contract processing. We pass on the information you provided during newsletter registration (email address, if applicable, first and last name) to Brevo. The data processing serves the purpose of sending newsletters and their statistical evaluation. To evaluate newsletter campaigns, the sent email newsletters contain a 1x1 pixel graphic (tracking pixel) and/or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, your personal data such as IP address, browser type and device, and the time of opening may also be collected. Usage profiles can be created from this data under a pseudonym. The collected data is not used to identify you personally. The collected data is used only for statistical evaluation to improve newsletter campaigns. The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a targeted, advertising-effective, and user-friendly newsletter system. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation. Further information and Brevo's privacy policy can be found at: https://www.brevo.com/de/legal/privacypolicy/. Use of the email address for availability notifications We offer a product availability notification service on our website. Should an item be temporarily unavailable, you have the option to enter your email address for the respective item and be informed by us via email when it becomes available, provided you have consented to this. You will receive a one-time email notification about the availability of the respective item. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time, without affecting the legality of the processing carried out based on the consent until revocation. You can unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the distribution list.

Merchandise Management

Use of an external merchandise management system

We use a merchandise management system for contract processing as part of contract processing. For this purpose, your personal data collected during the order process is transmitted to Billbee GmbH, Arolser Str. 10, 34477 Twistetal. The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Payment Service Providers

Use of PayPal Check-Out

On our website, we use the payment service PayPal Check-Out from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. In this context, cookies may be stored that enable the recognition of your browser. The resulting data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in offering customer-oriented various payment methods. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation. Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal For individual payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, which include address data, among other things, in their calculation. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit checking for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when PayPal provides services in advance. You have the right to object at any time to this processing of personal data concerning you, based on Art. 6 para. 1 lit. f GDPR, by notifying PayPal, for reasons arising from your particular situation. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with the payment method you have chosen. Third-party providers When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. To carry out this payment method, the data may then be passed on by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Local third-party providers may include, for example: Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) Purchase on account via PayPal When paying via the purchase on account payment method, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Ratepay may carry out a credit assessment based on mathematical-statistical procedures (probability or score values) using credit agencies according to the procedure already described above. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Ratepay provides services in advance. Further information on data protection and which credit agencies Ratepay uses can be found at https://www.ratepay.com/legalpayment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/. Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Use of Shopify Payments We use the "Shopify Payments" payment service from Shopify International Limited (2nd Floor Victoria Buildings, 12 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Payment processing in this case is carried out by the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; "Stripe"). The data processing serves the purpose of enabling you to pay via the Shopify Payments payment service. By selecting and using a corresponding "Shopify Payments" payment method, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Stripe reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, which include address data, among other things, in their calculation. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of credit checking for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default when Stripe provides services in advance. You have the right to object at any time to this processing of personal data concerning you, based on Art. 6 para. 1 lit. f GDPR, by notifying Stripe, for reasons arising from your particular situation. The

provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide it means that the contract cannot be concluded with the payment method you have chosen. Further information on data processing when using the Shopify Payments payment service can be found in Shopify's privacy policy at: https://www.shopify.com/de/legal/datenschutz. Further information on data processing for payment transactions via the payment service provider Stripe can be found in Stripe's privacy policy at: https://stripe.com/de/privacy.

Cookies

Our website uses cookies. Cookies are small text files that are stored in or by the internet browser on a user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again. Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data contained therein. Already stored cookies can be deleted at any time. However, we would like to point out that in this case you may not be able to fully use all functions of this website. Under the links below, you can find out how to manage (including disabling) cookies in the most important browsers: Chrome: https://support.google.com/accounts/answer/61416?hl=de Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b92a946a29ae09 Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac Technically necessary cookies Unless otherwise stated below in the privacy policy, we only use these technically necessary cookies for the purpose of making our offer more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognise your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised again even after a page change. The use of cookies or comparable technologies is based on Section 25 (2) TDDDG. The processing of your personal data is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer. You have the right to object at any time to this processing of your personal data for reasons arising from your particular situation. Use of the Cookie Consent Manager CCM19 We use the Cookie Consent Manager CCM19 from Papoo Software & Media GmbH (Auguststr. 4, 53229 Bonn; "CCM19") on our website. The plug-in allows you to give consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent for already given consents. The data processing serves the purpose of obtaining and documenting necessary consents for data processing and thus complying with legal obligations. Cookies are used for this purpose. The following information, among others, may be collected, stored and, if applicable, transmitted to CCM19: randomly assigned ID, consent status, date and time of consent/rejection. The data is stored for 1 year and one month and then deleted. This data is not passed on to other third parties. The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Further information on data protection at CCM19 can be found at: https://www.ccm19.de/datenschutzerklaerung.html.

Analysis

Use of Shopify Statistics

On our website, we use the statistics and analysis functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") as part of a data processing agreement. Shopify is an affiliated company of Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada). The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and provided in reports, analyses, and statistics. Among other things, the following device information is collected and processed: information about the web browser, IP address, time zone, and some of the cookies installed on your device. When you navigate the website, information about visited web pages or products, the referrer URL (website from which you accessed our website), and information about how you interact with the website are also collected. For this purpose, technologies such as cookies, web beacons, tags, and pixels (electronic files for collecting information about how you navigate the website) are used. Your data may be transmitted to and processed in third countries outside the EU, particularly Canada and the USA. For Canada, there is an adequacy decision by the EU Commission. For the USA, an adequacy decision by the EU Commission is available, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations comparable to the Standard Contractual Clauses of the EU Commission. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out on the basis of the consent until withdrawal. Further information on data protection at Shopify can be found at https://www.shopify.com/de/legal/datenschutz, information on the data processing agreement at https://www.shopify.com/de/legal/dpa, and information on the cookies used at https://www.shopify.com/de/legal/cookies.

Plugins and Others

Use of Google invisible reCAPTCHA

On our website, we use the invisible reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). This serves the purpose of distinguishing between input by a human and automated, machine processing. In the background, Google collects and analyzes usage data that Invisible reCAPTCHA uses to distinguish regular users from bots. For this purpose, your input is transmitted to Google and further processed there. In addition, your IP address and possibly other data required by Google for the Invisible reCAPTCHA service are transferred to Google. This data is processed by Google within the European Union and, if applicable, also transmitted to servers of Google LLC in the USA. For the USA, an adequacy decision by the EU Commission is available, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and thus committed to complying with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out on the basis of the consent until withdrawal. Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy Integration of the Händlerbund member logo On our website, the Händlerbund member logo (Händlerbund e.V., Kohlgartenstraße 11 - 13, 04315 Leipzig) is integrated. When you access our website, information is automatically sent to the server of Händlerbund e.V. by the browser used on your device. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without your intervention and stored until automated deletion: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which the access takes place (referrer URL), browser used and, if applicable, the operating system of your computer, as well as the name of your access provider. The temporary storage of the IP address by the system is necessary to enable the delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. The storage in log files takes place to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of the information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR.

Data Subject Rights and Storage Duration

Duration of Storage

After complete contract processing, the data will first be stored for the duration of the warranty period, then taking into account statutory, in particular tax and commercial law, retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use. Rights of the data subject If the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right to information, to rectification, to erasure, to restriction of processing, to data portability. In addition, according to Art. 21 (1) GDPR, you have a right to object to processing based on Art. 6 (1) f GDPR, as well as to processing for the purpose of direct marketing. Right to lodge a complaint with the supervisory authority In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful. You can lodge a complaint, among others, with the supervisory authority responsible for us, which you can reach at the following contact details: Hessischer Beauftragter für Datenschutz und Informationsfreiheit Postfach 3163 65021 Wiesbaden Tel.: +49 611 14080 Fax: +49 611 1408900 or +49 611 1408901 E-Mail: poststelle@datenschutz.hessen.de Right to object If the personal data processing listed here is based on our legitimate interest according to Art. 6 (1) lit. f GDPR, you have the right to object to these processing operations at any time with effect for the future for reasons arising from your particular situation. After a successful objection, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.