Login

Language

Cart

Your cart is empty

Data protection

Privacy Policy of DUFTBUNKER GmbH

Person responsible for data processing:

DUFTBUNKER GmbH
Market. 7A
58730 Fröndenberg
Germany | Germany

info@duftbunker.de

We appreciate your interest in our online shop. Protecting your privacy is very important to us.
Below we will inform you in detail about how we handle your data.

1. General information and mandatory information

The following information provides an overview of what happens to your personal data when you visit our website.

Personal data is any data that can be used to personally identify you.

For detailed information on data protection, please refer to our privacy policy listed here.

2. Data collection on our website

The controller is DUFTBUNKER GmbH (hereinafter "Controller") and processes the data provided by the data subject (hereinafter "Customer") in accordance with the provisions of the European General Data Protection Regulation (hereinafter "GDPR"). The controller's contact details are: Address: DUFTBUNKER GmbH, Alleestr. 16, 58730 Fröndenberg, Germany

Email: info@duftbunker.de

2.2 How do we collect your data?

The processing of the customer’s personal data is necessary for the fulfillment of a contract to which the customer is a party or for the implementation of pre-contractual measures taken at the customer’s request. This particularly applies to the use of the online shop and registration for the newsletter or our WhatsApp service. The legal basis for this processing is Art. 6 (1) (b) GDPR. In the event that the customer uses the contact form, the personal data will be used exclusively to process their request. The legal basis for this processing is the customer’s consent in accordance with Art. 6 (1) (a) GDPR. In other cases in which personal data is processed, the processing is carried out to protect the legitimate interests of the controller, namely to analyze the use of the website by Google Analytics, Webtrekk, Kameleon, Overheat; to determine a Net Promoter Score (Zenloop) and to integrate third parties (Zanox - Awin, Criteo, Facebook, Shopzilla, Bing Ads, Doubleclick, Kelkoo, Shopping24, Google Adwords, Google Conversion Code, NetScaleNow, Sovendus). The legal basis for this processing is Art. 6 (1) (f) GDPR. The controller points out the customer's right of objection. Further information can be found under points 2.7, 2.9, 2.10 & 6 of this declaration.

2.3 What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.

2.4 Fulfillment of the contract or implementation of pre-contractual measures:

In order to fulfill the contract or to carry out pre-contractual measures, the customer's personal data transmitted to the controller will be made accessible to the following recipients / categories of recipients: - Shipping service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany, or to DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany, or Hermes Germany GmbH, Essener Str. 89, 22419 Hamburg, Germany, or Österreichische Post AG, Rochusplatz 1, 1030 Vienna, Austria.

Web hosting company
Telephone and fax providers
our tax advisor
Banks: Sparkasse UnnaKamen, Bahnhofstr. 37, 59423 Unna, Germany
Payment providers such as PayPal, Amazon Pay, etc.
Without the customer's written consent, personal data will not be made available to third parties unless required by law. The following data is mandatory for the conclusion of a contract (mandatory information):

  • First and Last Name
  • Address (street, postal code, city)
  • Telephone number
  • E-mail address


2.5 Use of our contact form:

The personal data that you provide to us via the contact form (e.g. your name and address or your email address) will only be processed for correspondence with you and only for the purpose for which you provided us with the data.

2.6 Analysis tools and third-party tools

When you visit our website, your browsing behavior may be statistically analyzed. This is done primarily with cookies and so-called analysis programs. The analysis of your browsing behavior is generally anonymous; it cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy. You can object to this analysis. We will inform you about your options for objection in this privacy policy.

2.7 Cookies

The controller uses cookies on various pages to make visiting its websites more attractive and enable the use of certain functions. Cookies are small text files that are stored on the visitor's computer. Most of the cookies used by the controller are deleted from the visitor's hard drive after the end of the browser session (so-called session cookies). Other cookies remain on the visitor's computer and enable the controller to recognize the visitor's computer on the next visit (so-called persistent cookies). Of course, the customer can reject cookies at any time, provided the browser used allows this.

2.8 Information about on-site targeting

The DUFTBUNKER website uses cookie technology to collect data to optimize our advertising and the entire online offering. This data is not used to identify you personally, but solely for an anonymous evaluation of website usage. Your data will never be merged with the personal data we store. This technology allows us to present you with advertising and/or special offers and services whose content is based on the information obtained through clickstream analysis (for example, advertising that is targeted at the fact that only sports shoes have been viewed in recent days). Our goal is to make our online offering as attractive as possible for you and to present you with advertising that corresponds to your areas of interest.

2.9 Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

  • Browser type and version
  • operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data will not be merged with other data sources. The basis for data processing is Art. 6 (1) (f) GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures. The log files will be deleted within 14 days.

2.10 Registration on this website

You can register on our website to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration. For important changes, such as changes to the scope of services or technically necessary changes, we will use the email address you provided during registration to inform you. The data entered during registration is processed on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time. An informal email to us is sufficient. The legality of any data processing that has already taken place remains unaffected by the revocation. The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

2.14 Comment function on this website

For the comment function on this page, in addition to your comment, information about the time the comment was created and, if you do not post anonymously, the user name you have chosen will be saved.

2.15 Storage period of comments

The comments and the associated data (e.g. time of creation, user name) are saved and remain on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

2.16 Legal basis

Comments are stored based on your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time. To do so, simply send us an informal email. The legality of any data processing already carried out remains unaffected by the revocation.

2.17 Processing of data (customer and contract data)

We collect, process, and use personal data only to the extent necessary to establish, define, or modify the legal relationship (master data). This is done on the basis of Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures. We collect, process, and use personal data about the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill them. The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

2.20 Data transfer upon conclusion of contract for online shops, retailers and shipping of goods

We only transmit personal data to third parties if this is necessary for the performance of the contract, for example, to the company entrusted with delivering the goods or the credit institution commissioned with payment processing. Further transmission of data will not occur or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the fulfillment of a contract or for pre-contractual measures.

2.21 Hosting

We offer an online shop on our website. For this, we use the Software as a Service (SaaS) rental shop system of a service provider commissioned by us.

The name of our rental shop system and the address of the service provider are:

Shopify of the provider Shopify International Limited, 1-2 Haddington Road, D04 XN32, Dublin, Ireland (hereinafter referred to as Shopify).

Further information can be found in the provider’s privacy policy:

https://www.shopify.de/legal/datenschutz

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Date and time of the server request
  • IP address

This data will not be merged with other data sources. This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.

We have concluded a data processing agreement with the relevant service provider, in which we oblige the relevant service provider to protect user data and not to pass it on to third parties.

The website server is geographically located in the United States of America.

3. Payment options

1. Description and scope of data processing

We offer our customers various payment options for processing their orders. Depending on the payment option, we redirect customers to the platform of the corresponding payment service provider. After the payment process is completed, we receive the customer's payment data from the payment service providers or our main bank and process it in our systems for invoicing and accounting purposes.

Payment by credit card

It is possible to complete the payment process by credit card.

If you have chosen to pay by credit card, payment data will be passed on to payment service providers for payment processing. All payment service providers comply with the requirements of the Payment Card Industry (PCI) Data Security Standards and have been certified by an independent PCI Qualified Security Assessor.

When paying by credit card, the following data is regularly transmitted:

  • Purchase amount
  • Date and time of purchase
  • First name and last name
  • address
  • E-mail address
  • Credit card number
  • Credit card validity period
  • Security code (CVC)
  • IP address
  • Telephone number / mobile number

Payment data is passed on to the following payment service providers:

Shopify Payments

Further information on data protection guidelines and withdrawal and removal options for payment service providers can be found here:

Payment via PayPal

It is possible to process the payment transaction with the payment service provider PayPal. In addition to direct payment methods, PayPal also offers purchase on account, direct debit, credit card, and installment payments.

The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg.

If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.

This included, in particular, the following data:

  • name
  • address
  • E-mail address
  • Telephone / mobile number
  • IP address
  • Bank details
  • Card number
  • Validity date and CVC code
  • Number of articles
  • Item number
  • Data on goods and services
  • Transaction amount and tax levies
  • Information on previous purchasing behavior

The data transmitted to PayPal may be transferred by PayPal to credit reporting agencies. This transfer is for the purpose of identity and credit checks.

PayPal may also share your data with third parties if this is necessary to fulfill contractual obligations or to process the data on their behalf. When transferring your personal data within PayPal-affiliated companies, the Binding Corporate Rules, which are approved by the relevant supervisory authorities, apply. You can find them here:

https://www.paypal.com/de/webapps/mpp/ua/bcr

Other data transfers may be based on contractual protection provisions. For further information, please contact PayPal.

All PayPal transactions are subject to PayPal's privacy policy, which can be found at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full/

Payment by direct bank transfer

Payment via Sofortüberweisung is possible. In this case, your data will be collected by Sofort GmbH, Theresienhöhe 12, 80339 Munich.
The controller does not collect or store the data itself.

By authorizing an instant transfer, you instruct Sofort GmbH to automatically check whether your account covers the amount to be transferred (account coverage check) and whether any instant transfers from your account in the last 30 days have been successfully carried out. After a positive check, to transmit the transfer order you have authorized in electronic form to your bank and to inform us, as the payment recipient (online provider) you have selected, that the transfer has been successfully completed.

To do this, Sofort GmbH requires the IBAN, PIN, and TAN of your online banking account. During the ordering process, you will be automatically redirected to Sofort GmbH's secure payment form.
You will receive confirmation of the transaction immediately afterward. We will then receive the transfer credit directly.
Anyone with an activated online banking account with PIN/TAN procedure can use Sofortüberweisung as a payment method.

Please note that a few banks do not yet support payment via Sofortüberweisung.

You can find further information via the following link:
https://www.klarna.com/sofort/

Further information on the stored data can be found at: https://www.klarna.com/sofort/#cq-0

We also offer the following payment options:

Google Pay, ApplePay, ShopPay, iDeal, EPS, bancontact

2. Purpose of data processing

The transmission of payment data to payment service providers serves to process the payment, e.g. when you purchase a product and/or use a service.

3. Legal basis for data processing

The legal basis for data processing is Art. 6 (1) (b) GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract.

4. Duration of storage

All payment data and data on any chargebacks that may occur will only be stored for as long as they are needed for payment processing and any possible processing of chargebacks and debt collection, as well as to combat misuse.

Furthermore, payment data may be stored for a longer period if and for as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.

Your personal data will be deleted after the statutory retention period has expired, i.e. after 10 years at the latest.

5. Possibility of objection and removal

You can revoke your consent to the processing of your payment data at any time by notifying the controller or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and for as long as this is necessary for the contractual payment processing.

4. Newsletter

1. Description and scope of data processing

You have the option to subscribe to a free newsletter. When you register for the newsletter, the following data from the input form will be transmitted to us:

  • E-mail address
  • Date and time of registration

Your consent to the processing of your data will be obtained during the registration process and reference will be made to this privacy policy.

If you purchase goods or services on our website and provide your email address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services.

In connection with data processing for sending newsletters, no data will be passed on to third parties. The data will be used exclusively for sending the newsletter.

4.1 Purpose of data processing

The collection of the user’s email address serves to deliver the newsletter.

4.2 Legal basis for data processing

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 (1) (a) GDPR if the user has given his or her consent.

4.3 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

4.4 Possibility of objection and removal

If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
In this case, all personal data stored during the contact process will be deleted.

5. Contact form

The personal data you provide via the contact form will be used solely to respond to your inquiry. Providing your data is voluntary. However, without providing the required information, we may not be able to process your inquiry.

5.1 Legal basis for processing:

Your personal data is processed on the basis of Art. 6 (1) (a) GDPR, as you give us your consent to process it by using the contact form.

5.2 Data transfer to third parties

As a general rule, your data will not be shared with third parties. Exceptions apply only if we are legally obligated to do so or if the sharing is necessary to fulfill our contractual relationship with you.

5.3 Data security

We take technical and organizational security measures to protect your personal data against accidental or unlawful deletion, alteration or loss, as well as against unauthorized disclosure or access.

5.4 Storage period

Your data will be deleted after your request has been processed, unless there are legal retention obligations.

5.5 Rights of data subjects

You have the right to access, rectification, erasure, restriction of processing, and data portability of your personal data. Furthermore, you can revoke your consent to data processing at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.

5.6 Right to complain

You have the right to complain to the data protection authority if you believe that the processing of your personal data violates data protection regulations.

Please note that this privacy policy may be amended and updated from time to time. Therefore, we recommend checking regularly for any changes.

6. Privacy Policy for Corporate Social Media Presences:

Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

On our company page, we provide information and offer Instagram users the opportunity to communicate. If you perform an activity on our Instagram corporate page (e.g., comments, posts, likes, etc.), you may thereby make personal data (e.g., your real name or photo from your user profile) public. However, since we generally have no influence on the processing of your personal data by the Instagram companies jointly responsible for the DUFTBUNKER GmbH corporate page, we cannot provide any binding information regarding the purpose and scope of the processing of your data.

The data generated by the company's website is not stored in our own systems.

Instagram: https://help.instagram.com/519522125107875

YouTube: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

On our company page, we provide information and offer Instagram users the opportunity to communicate. If you perform an activity on our Instagram corporate page (e.g., comments, posts, likes, etc.), you may thereby make personal data (e.g., your real name or photo from your user profile) public. However, since we generally have no influence on the processing of your personal data by the Instagram companies jointly responsible for the DUFTBUNKER GmbH corporate page, we cannot provide any binding information regarding the purpose and scope of the processing of your data.

Every user is free to publish personal data through activities.

The legal basis for data processing is Art. 6 (1) (a) GDPR.

The data generated by the company's website is not stored in our own systems.

Youtube: https://policies.google.com/privacy?gl=DE&hl=de

TikTok: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on how TikTok handles your personal data can be found in TikTok's privacy policy:
https://www.tiktok.com/legal/privacy-policy?lang=de.
Data transfers to non-secure third countries are based on the EU Commission's standard contractual clauses. Details can be found here:
https://www.tiktok.com/legal/privacy-policy?lang=de.

7. Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). As part of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. The cookies cannot be tracked across the websites of AdWords customers. The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics. Conversion cookies are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. More information about Google AdWords and Google Conversion Tracking can be found in Google's privacy policy: https://www.google.de/policies/privacy/. You can set your browser to inform you when cookies are set, to only allow cookies in individual cases, to exclude cookies for certain cases or in general, and to activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.

7.1 Google Analytics

In order to analyse the use of the website, the customer's personal data that is transmitted to the controller will be made available to the following recipient: - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland This website uses Google Analytics, a web analysis service provided by Google Ireland Limited ("Google"). Google Analytics uses so-called "cookies", text files that are stored on the customer's PC and that enable an analysis of the customer's use of the website. The information generated by the cookie about the use of this website (including the IP address) will be transmitted to a Google server and stored there. However, if IP anonymisation is activated on this website, Google will shorten your IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by the customer's browser as part of Google Analytics will not be merged with other Google data. The customer can prevent cookies from being saved by setting their browser software accordingly; however, the controller points out to the customer that in this case the customer may not be able to use all functions of this website to their full extent. The customer can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including their IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en The customer can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set that prevents the future collection of data when visiting this website: Deactivate Google Analytics. The customer can find more information at https://tools.google.com/dlpage/gaoptout?hl=en or at https://www.google.com/intl/en/analytics/privacyoverview.html (general information on Google Analytics and data protection). The controller informs the customer that Google Analytics has been extended on this website with the code "anonymizeIp" ("analytics.js") to ensure the anonymized collection of IP addresses (so-called IP masking). Without the customer's written consent, personal data will not be made accessible to other third parties, unless this is required by law.

7.2 Google AdSense

This website uses Google AdSense, a service for integrating advertisements provided by Google Ireland Limited ("Google"). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense uses so-called "cookies", text files that are stored on your computer and that enable an analysis of website use. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on these pages. The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server and stored there. Google may also share this information with Google's contractual partners. However, Google will not combine your IP address with other data stored by you. The storage of AdSense cookies is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

7.3 Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history with your Google Account for this purpose. This means that the same personalized advertising messages can be displayed on every device on which you log in with your Google Account. To support this function, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising. You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google Account; to do so, follow this link: https://www.google.com/settings/ads/onweb/. The data collected is summarized in your Google Account solely on the basis of your consent, which you can give or withdraw to Google (Art. 6 (1) (a) GDPR). For data collection processes that are not merged into your Google Account (e.g., because you do not have a Google Account or have objected to the merging), the data is collected on the basis of Art. 6 (1) (f) GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes. Further information and the data protection provisions can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads/.

8. Links to other websites

We occasionally link to third-party websites. Although we carefully select these third parties, we cannot guarantee or assume liability for the accuracy or completeness of the content or data security of third-party websites. This privacy policy also does not apply to linked third-party websites.

SHIPPING

Free shipping within Germany from 150 €.

DELIVERY

Your orders will reach you within 3 - 5 days.

SERVICE

We are happy to be there for you - write us an e-mail.

PAYMENT

We only offer secure payment methods.