Privacy Policy

Protection of personal data

Title

1. Information on the collection of personal data and contact details of the Controller

2. Collection of data during visits to our website (server log files)

3. Cookie

4. Contact Us

5. Processing of data when opening a customer account and for the performance of the contract

6. Use of your data for direct marketing

7. Processing of data for order handling

8. Contact for review reminders

9. Use of Social Media: Social Plugins (Shariff Solution)

10. Online marketing

11. Web Analytics Services

12. Retargeting/Remarketing/Referral Advertising

13. Data Subject Rights

14. Retention period of personal data

1. information on the collection of personal data and contact details of the controller

1.1

We are pleased that you have visited our website and thank you for your interest. Below, we explain how we process your personal data when you use our website. “Personal data” refers to all information that can be used to identify you personally.

1.2

The data controller within the meaning of Regulation (EU) 2016/679 (GDPR) is Veloris. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the string “https://” and the padlock icon in your browser’s address bar.

2. collection of data during visits to our website (server log files)

In the case of purely informational use of the website (without registration or transmission of information), we only collect the data that your browser sends to our server:

  • Website visited
  • Date and time of access
  • Amount of data transmitted (in bytes)
  • Source/referrer
  • Browser used
  • Operating system used
  • IP address used (possibly in anonymized form)

Processing takes place pursuant to Article 6(1)(f) of the GDPR, based on our legitimate interest in improving the stability and functionality of the website. The data is not otherwise communicated or used. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

3. cookie

We use cookies to make your visit to our website more enjoyable and to enable certain functions.

 

Session cookies: deleted when the browser is closed.
Permanent cookies (including third-party cookies): remain on your device and recognize your browser upon your next visit. They collect, among other things, browser data, location, and IP addresses. These cookies are automatically deleted after a specific, variable period of time.

 

In some cases, cookies simplify the ordering process (for example, by remembering the contents of your shopping cart). If personal data are also processed through cookies, such processing takes place on the basis of:

 

  • Article 6(1)(b) GDPR (performance of a contract) and/or
  • Article 6(1)(f) GDPR (legitimate interest: optimal functionality and user-friendliness of the website).

We may cooperate with advertising partners who store cookies on your device during your visit (third-party cookies). In such cases, you will be informed individually in the following sections about the use of these cookies and the scope of the data collected.

 

Browser Settings for Cookies

 

You can configure your browser to be informed about the setting of cookies and decide on a case-by-case basis whether to accept them, to exclude acceptance in certain cases, or to generally block them. Instructions:

 

If you do not accept cookies, the functionality of the website may be limited.

4. contact us

When you contact us (e.g., via form or email), we collect the personal data provided in the respective form. This data is used and stored solely for the purpose of responding to your inquiry and for the related technical administration.

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest: responding to inquiries).
    If the contact is made for the purpose of concluding a contract, Article 6(1)(b) GDPR also applies.
    The data will be deleted once the processing of your request has been completed, unless legal retention obligations require otherwise.

5. processing of data when opening a customer account and for the performance of the contract

Pursuant to Article 6(1)(b) GDPR, we collect and process the personal data you provide for the performance of the contract or for opening a customer account (see forms).
You may request the deletion of your account at any time by writing to the controller.
After the full performance of the contract or deletion of the account, the data will be blocked in compliance with fiscal and commercial retention periods and then deleted, unless you have consented to further use of the data or we are legally entitled to further processing within the limits of the law.

6. use of your data for direct marketing

6.1 Subscription to the email newsletter (double opt-in)

If you subscribe, we will periodically send you information about our offers.
Required field: email address (other details are optional and used only for proper form of address).
Double opt-in procedure: you will receive an email with a confirmation link.

  • Consent: Article 6(1)(a) GDPR.
  • We store your IP address, date, and time of subscription in order to trace any possible misuse.
  • You can unsubscribe at any time via the link provided in the newsletter or by contacting the controller. We will promptly delete your address from the mailing list unless you have consented to further use of your data or we are entitled to continued processing as permitted by law.

6.2 Newsletter for existing customers

If you have provided your email address during a purchase, we may use it to send you regular offers for similar products or services (without additional consent) pursuant to Article 6(1)(f) GDPR (legitimate interest: personalized direct marketing).
You may object to this use of your email address at any time with effect for the future by contacting the controller (transmission costs according to basic rates).
After your objection, we will immediately stop sending such communications.

7. processing of data for order handling

7.1 Disclosure for delivery and payment

 

For the performance of the contract, we disclose personal data:

  • to the carrier commissioned with the delivery (for shipping purposes);
  • to the financial institution commissioned with payment processing.

Legal basis: Article 6(1)(b) GDPR.
Information on the payment service providers used is provided below.

 

7.2 Use of payment service providers

 

PayPal
For payments made via PayPal, by credit card through PayPal, by direct debit via PayPal, or (if offered) by “purchase on account” or “instalment payment” through PayPal, we transmit your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, pursuant to Article 6(1)(b) GDPR, to the extent necessary for payment processing.

 

For certain payment methods, PayPal may carry out a creditworthiness check in accordance with Article 6(1)(f) GDPR (legitimate interest in verifying the ability to pay) and may transmit data to credit agencies.
The credit report may include probability values (scores) calculated using recognized statistical procedures, including address data.
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You may object to this processing at any time by contacting PayPal. However, PayPal may still process your data if this is necessary for the contractual payment process.

 

SOFORT (Klarna Group)
If you choose “SOFORT” as a payment method, the payment will be processed by SOFORT GmbH, Theresienhöhe 12, 80339 Munich (part of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm).
We transmit the information you provided during the ordering process, along with order details, to SOFORT in accordance with Article 6(1)(b) GDPR solely for payment processing purposes.
Privacy Policy: https://www.klarna.com/sofort/datenschutz

8. contact for review reminders

We may use your email address once to remind you to leave a review, provided that you have given your explicit consent during or after your order (Article 6(1)(a) GDPR).
You may withdraw your consent at any time by contacting the controller.

9. use of social media: social plugins (shariff solution)

Attention (customs charges): any additional customs fees and/or duties are not included in the price and are the responsibility of the customer.

 

9.1 Facebook Plugin (Shariff)

Plugin of the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
The buttons are integrated as HTML links (no connection to Facebook servers occurs when visiting the website). By clicking the button, a new browser window opens with the Facebook page (login may be required).
Facebook Inc. is certified under the “Privacy Shield” agreement.
Purpose and scope of data processing and privacy settings: https://www.facebook.com/policy.phphttps://www.facebook.com/policy.php

 

9.2 Google+ Plugin (Shariff)

Plugin of the social network Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Integrated as an HTML link; by clicking, Google+ opens in a new window.
Google LLC is certified under the “Privacy Shield.”
Privacy policy: https://www.google.com/intl/de/policies/privacy/

 

9.3 Instagram Plugin (Shariff)

Plugin of the Instagram service, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA.
Integrated as an HTML link; by clicking, Instagram opens in a new window (login may be required).
Instagram LLC is certified under the “Privacy Shield.”
Privacy policy: https://help.instagram.com/155833707900388/

10. online marketing

10.1 DoubleClick by Google

DoubleClick (Google LLC) uses cookies to display relevant ads, improve campaign reporting, and prevent duplicate views.


Legal basis: Article 6(1)(f) GDPR (legitimate interest in optimal marketing).
Cookie IDs may record conversions.

Through these marketing tools, your browser automatically connects directly to Google’s servers. If you are logged into Google, Google can associate your visit with your account. Even if you do not have a Google account, the provider may detect and store your IP address.

 

Opt-out from tracking: block cookies from www.googleadservices.com (Google Ads settings), use the DAA settings (www.aboutads.info), or configure your browser to be notified about or to reject cookies.
Google LLC is certified under the “Privacy Shield.”
Privacy policy: https://www.google.de/policies/privacy/

 

10.2 Google Ads (AdWords) Conversion Tracking

We use Google Ads and conversion tracking (Google LLC) to measure the effectiveness of our advertisements.
The conversion cookie is set when you click on a Google ad. It typically expires after 30 days and does not serve to personally identify users.

If you do not wish to participate in tracking, you can disable the conversion cookie in your browser settings.
 

Legal basis: Article 6(1)(f) GDPR.
Google LLC is certified under the “Privacy Shield.”
Privacy policy: https://www.google.de/policies/privacy/
Permanent deactivation of advertising cookies: https://www.google.com/settings/ads/plugin?hl=de

Note: Disabling cookies may limit the functionality of the website.

 

11. web analytics services

Google (Universal) Analytics

We use Google Analytics (Google LLC). The cookies generate information (including a shortened IP address) that may be transmitted to servers in the USA.

 

IP anonymization (“_anonymizeIp()”) is activated within the EU/EEA; only in exceptional cases is the full IP address transmitted to the USA.
Legal basis: Art. 6(1)(f) GDPR (statistical analysis for optimization and marketing purposes).
Google processes the data on our behalf; your IP address will not be combined with other data held by Google.
You can prevent cookies from being stored by adjusting your browser settings; however, some website functions may not be fully available as a result.

 

Opt-out options:

Cross-device analysis with User-ID
Upon first access, a unique, permanent, and anonymized User ID is assigned for cross-device analysis. It does not contain any personal data.
You can object at any time by disabling Google Analytics on all systems you use.

Further information about Universal Analytics:
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

 

12.retargeting/remarketing/referral advertising

Facebook Custom Audience (Pixel)

 

With your explicit consent, user behavior can be tracked after viewing or clicking on a Facebook ad (for statistical analysis and ad optimization).
The data is anonymous to us, but Facebook stores it and associates it with user profiles in accordance with https://www.facebook.com/about/privacy/.
A cookie may be stored for this purpose.
Legal basis: Art. 6(1)(a) GDPR (consent).
Consent is valid only for users aged 13 and over (for users under 13, consent from a legal guardian is required).
Facebook is certified under the “Privacy Shield” framework.
You can disable cookies through your browser settings or via the Digital Advertising Alliance: https://www.aboutads.info/choices/.

 

Google Ads Remarketing

 

We use Google Ads Remarketing (Google LLC). Google places a cookie with a pseudonymous ID to enable interest-based advertising.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in optimized marketing).

Further processing occurs only if you have consented to linking your web and app browsing history with your Google Account and using this data for personalized ads. If you are logged into your Google Account during your visit, Google may also use your Analytics data to create cross-device remarketing lists (temporarily linking your personal data with Analytics data).

To disable cookies used for ad personalization, use the browser add-on at https://www.google.com/settings/ads/onweb/ or the settings at www.aboutads.info.
Google LLC is certified under the “Privacy Shield” framework.
For more information about Google advertising and policies, visit: https://www.google.com/policies/technologies/ads/.https://www.facebook.com?utm_source=chatgpt.com

13. data subject rights

13.1 Overview

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR), subject to legal exceptions
Right to restriction of processing (Art. 18 GDPR)
Right to notification of recipients (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

 

13.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS (OUR LEGITIMATE INTEREST), YOU HAVE THE RIGHT TO OBJECT AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IN THE EVENT OF AN OBJECTION, WE WILL CEASE PROCESSING YOUR DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING.
ONCE YOU OBJECT, WE WILL IMMEDIATELY CEASE PROCESSING YOUR DATA FOR DIRECT MARKETING PURPOSES.

14. retention period of personal data

The retention period is determined by statutory requirements (e.g., tax and commercial laws). Once these periods expire, the data is routinely deleted, unless it is still required for the performance or initiation of a contract, or if we have a legitimate interest in its continued storage.