Direct delivery*
Affordable prices
Top Rating!
EN
Select your language:
English German
Shipping to:
Serves as the basis for the calculation.
0
Menu

Data Privacy

PRIVACY POLICY

§ 1 General information

We process your personal data (e.g., title, name, address, email address, telephone number, bank details, credit card number) only in accordance with the provisions of German data protection law and the data protection law of the European Union (EU). The following provisions inform you about the purposes of processing, recipients, legal bases, storage periods, your rights, and the controller responsible for your data processing. This privacy policy applies only to our websites. If you are redirected to other sites via links on our sites, please refer to their privacy policies for information about how they handle your data.

§ 2 Data processing for contract fulfillment

(1) Purpose of processing
The personal data you provide to us during the ordering process is necessary for us to conclude a contract with you. You are not obliged to provide your personal data. However, we cannot send you the goods without your address. For some payment methods, we need the necessary payment data in order to pass it on to a payment service provider commissioned by us. The data you enter during the ordering process is therefore processed for the purpose of fulfilling the contract.
If you send us an inquiry by email, via a contact form, etc. before concluding a contract, we will process the data received in this way to carry out pre-contractual measures and answer your questions about our products, for example.
If you open a customer account, your data (in particular your name, address, payment method, email address, and password) will be processed for the purpose of registering and creating a customer login. The stored data allows you to shop with us more quickly and view your orders at any time. You can delete your account by sending us a message or using the delete function.

(2) Legal basis
The legal basis for this processing is Art. 6 (1) b) GDPR.

(3) Categories of recipients
Payment service providers, shipping service providers, hosting providers, merchandise management system (if applicable), suppliers (dropshipping) (if applicable).

(4) Storage period
We store the data required for contract processing until the expiry of the statutory warranty and, if applicable, contractual guarantee periods.
We store the data required under commercial and tax law for the periods specified by law, usually ten years (cf. § 257 HGB, § 147 AO).
The data processed for the purpose of implementing pre-contractual measures will be deleted as soon as the measures have been implemented and it is clear that a contract will not be concluded.

§ 3 Comments

(1) Purpose of processing
It is possible to write a comment. Your data (e.g., name/pseudonym, email address, website) will then only be processed for the purpose of publishing your comment.

(2) Legal basis
The legal basis for this processing is Art. 6 (1) f) GDPR.

(3) Legitimate interest
Our legitimate interest is the public exchange of user opinions on specific topics and products. The publication serves, among other things, to promote transparency and opinion-forming. Your interest in data protection is protected, as you can publish your comment under a pseudonym.

(4) Storage period
There is no specific storage period. You can request the deletion of your comment at any time.

(5) RIGHT TO OBJECT
You have the right to object at any time to data processing based on Art. 6 (1) f) GDPR and not used for direct marketing for reasons arising from your particular situation.
In the case of direct marketing, however, you may object to the processing at any time without giving reasons.

§ 4 Shop rating

(1) Purpose of processing
After completing an order, you have the option of voluntarily rating our shop. For this purpose, we process your email address, order number, order date, and the content you provide in the review (e.g., review text, star rating).

The processing is carried out for the following purposes:
- Sending a review request by email (only with prior express consent)
- Assigning the review to a specific order
- Preventing review abuse
- Quality assurance through internal review prior to publication
- Publication of approved reviews on our website
- Transmission of approved reviews to the external review portal ausgezeichnet.org for public display of our review profile
Publication only takes place after internal content review.

(2) Legal basis
If we send you a review request by email, this is done exclusively on the basis of your prior consent in accordance with Art. 6 (1) lit. a GDPR.
The processing and publication of the review itself is based on our legitimate interest in transparent customer communication, quality assurance, and prevention of misuse in accordance with Art. 6 (1) lit. f GDPR.

(3) Recipients
Internal processing within our company
Hosting service provider for our website
ausgezeichnet.org (if published on an external review portal)
No further transfer to third parties takes place.

(4) Storage period
Reviews are generally stored permanently as long as there is a legitimate interest in displaying them.
You can request the deletion of your review at any time. In this case, the review will be removed from our internal database and, as far as technically possible, from connected review portals.

§ 5 Further information

(1) Purpose of processing and functionality
We use various external services and technologies on our website to provide content, carry out marketing measures, analyze the use of our website, and enable communication with users. These include, in particular, video integrations (e.g., YouTube), online advertising services (e.g., Google Ads, Microsoft Ads, Meta Ads), and an AI-supported chat service for responding to user inquiries.
In doing so, personal data such as IP addresses, usage data, device information, communication content, or interaction data may be processed and transmitted to the respective service providers. Processing only takes place if it is technically necessary or if you have given your prior consent. These services are used for the technical provision of our website, user communication, the analysis and improvement of our offering, and the implementation of marketing and advertising measures.

(2) Legal basis
If consent is requested (e.g., for marketing, tracking, or video services): Art. 6 (1) (a) GDPR
Technically necessary processing, system security, and prevention of misuse: Art. 6 (1) (f) GDPR

(3) Legitimate interest
Our legitimate interest lies in the secure, stable, and user-friendly provision of our website, the improvement of our offering, efficient communication with users, and the economic marketing of our services.

(4) Categories of recipients
IT and hosting service providers
Providers of marketing and advertising services
Providers of communication and AI services
Providers of embedded content (e.g., video platforms)
If data is transferred to service providers outside the European Union, this is only done in compliance with legal requirements (e.g., EU standard contractual clauses or adequacy decision).

(5) Storage period
Personal data will only be stored for as long as is necessary for the respective processing purposes or as long as statutory retention periods exist. Data processed on the basis of consent will be stored until consent is revoked.

(6) Right of revocation and objection
You can revoke your consent at any time with effect for the future.
If the processing is based on legitimate interests, you can object to the processing at any time if there are reasons arising from your particular situation.

§ 6 PayPal transactions

Please note that all PayPal transactions are subject to the PayPal privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

§ 7 Credit check by Klarna Please note the following privacy policy if you choose Klarna's payment services: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

§ 8 Web analysis with Google Analytics

(1) Purpose of processing
This website uses Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics 4 uses “cookies,” which are text files placed on your device, to help the website analyze how users use the site. According to Google, Google Analytics 4 does not log or store individual IP addresses. Analytics does not provide precise location data. Instead, the following metadata is derived from IP addresses: “City” (and the derived latitude and longitude of the city), “Continent,” “Country,” “Region,” “Subcontinent” (and the ID-based equivalents). For accesses originating in the EU, IP addresses are only used to derive location data and are then immediately deleted. They are not logged, are not accessible, and are not used for any other purposes. When collecting measurement data in Analytics, all IP searches are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing. These servers are also located outside the EU. Google Analytics offers a user ID feature. This feature allows sessions to be assigned a permanent ID, enabling user behavior to be analyzed across devices. No unauthorized personally identifiable information is used when using the IDs, and user IDs do not contain any information that could be used by third parties to determine a user's identity. Remarketing target groups can be created based on the user IDs. However, Analytics only collects the user ID and device ID for the last device associated with a logged-in user.

We use the Google Signals feature. This feature collects additional information about website visitors who have enabled personalized ads, and ads can be delivered to these visitors in cross-device remarketing campaigns.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. Further information on data processing by Google: https://business.safety.google/privacy/
(2) Legal basis The legal basis for this processing is your consent pursuant to Art. 6 (1a) GDPR.

(3) Categories of recipients
Google and its partner companies.

(4) Transfer to a third country
Google Ireland Limited is an affiliate of Google LLC. Google LLC is based in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043). The basis for the transfer of personal data from the EU to the USA is the EU-US Privacy Shield.

(5) Storage period
14 months

(6) RIGHT OF WITHDRAWAL
You can withdraw your consent at any time with future effect via our cookie banner or our website.
You can prevent cookies from being stored by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website, as well as Google from processing this data, by downloading and installing the browser plug-in available under the following link: optout

§ 9 Information about cookies

(1) Purpose of processing
This website uses both technically necessary cookies and cookies that require consent (e.g., for analysis and marketing purposes). These are small text files that are not permanently stored on your computer system by or in your Internet browser. These cookies enable you, for example, to place multiple products in a shopping cart.

Other cookies remain permanently and recognize your browser the next time you visit. These cookies enable you, for example, to permanently store your passwords for a customer account.

In addition, we use a technically necessary session cookie, which is required to maintain the session, for the shopping cart function, and for the secure use of our shop. This cookie does not contain any tracking or marketing functions and is automatically deleted as soon as the session ends.

The legal basis is § 25 (2) TTDSG and Art. 6 (1) lit. b GDPR.

(2) Legal bases
The legal basis for this processing is Art. 6 (1) a) GDPR.

You may have expressly given the following consent to the use of cookies on our site:

We use cookies and similar technologies to provide you with a personalized shopping experience and personalized advertising, and to analyze our data traffic. You can select “Accept all” to agree to these uses, or click on ‘Settings’ to set your individual cookie preferences. You can change your selection under “Cookie settings” (at the bottom of this page).

(3) Storage period
Technically necessary cookies are usually deleted when you close your browser. Permanently stored cookies have a varying lifespan of a few minutes to several years.

(4) Right of revocation
If you do not want these cookies to be stored, please deactivate the acceptance of these cookies in your Internet browser. However, this may result in a functional restriction of our website.

You can revoke your consent to permanent storage by deleting the stored cookies via your browser.

§ 10 Web advertising service with Google Adsense

(1) Purpose of processing
Google Adsense, a web advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), is used on these pages to display advertisements (text ads, banners, etc.). For this purpose, your browser stores cookies (small text files) on your hard drive. These cookies are used by Google to personalize content and ads, offer social media features, and analyze traffic to our website. Device identifiers are used for apps. In addition, information about your use of our website is shared with social media, advertising, and analytics partners. These partners combine this information with other data that you have provided to them or that they have collected as part of your use of their services.

(2) Legal basis
The legal basis for this processing is Art. 6 (1) a) GDPR.

(3) Categories of recipients
The company Google LLC and its partner companies.

(4) Transfer to a third country
Google Ireland Limited is an affiliate of Google LLC. Google LLC is based in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043). The basis for the transfer of personal data from the EU to the USA is the EU-US Privacy Shield.

(5) Storage period
Your personal data will only be stored for as long as you have consented to its processing.

(6) Revocation of consent You may revoke your consent at any time by notifying the controller.

§ 11 Newsletter (1) Purpose of processing When you subscribe to the newsletter, your email address will be used for advertising purposes, i.e., we will inform you about products from our range in particular in the newsletter. For statistical purposes, we may evaluate which links are clicked in the newsletter. However, we cannot identify which specific person clicked on them. You have given the following consent separately or, if applicable, expressly during the ordering process: Subscribe to newsletter

(2) Legal basis
The legal basis for this processing is Art. 6 (1a) GDPR.

(3) Categories of recipients
Newsletter distribution provider, if applicable

(4) Storage period
Your email address will only be stored for the duration of the desired subscription for the purpose of sending the newsletter.

(5) Right of withdrawal
You can withdraw your consent at any time with effect for the future. If you no longer wish to receive the newsletter, you can unsubscribe as follows: “Via an unsubscribe link in the newsletter”; “Via your user account.”

§ 12 Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller:

1. Right to information
Within the scope of Art. 15 GDPR, you can request information about your personal data processed by us.

2. Right to rectification
If the information concerning you is no longer accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

3. Right to erasure
You can request the erasure of your personal data under the conditions of Art. 17 GDPR.

4. Right to restriction of processing
Within the scope of the provisions of Art. 18 GDPR, you have the right to request a restriction on the processing of data concerning you.

5. Right to data portability
Under Article 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

6. Right to withdraw your consent under data protection law
According to Art. 7 (3) GDPR, you have the right to withdraw your declaration of consent under data protection law at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until withdrawal.

7. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority (in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement) pursuant to Art. 77 GDPR.

Please also note your right to object under Art. 21 GDPR:

a) General: justified objection required
If the processing of personal data concerning you is carried out
- to safeguard our overriding legitimate interest (legal basis according to Art. 6 (1) f) GDPR) or
- in the public interest (legal basis pursuant to Art. 6 (1) e) GDPR),
you have the right to object to the processing at any time for reasons arising from your particular situation; this also applies to profiling based on the provisions of the GDPR.

In the event of an objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. b) Special case of direct marketing: simple objection suffices
If the personal data concerning you is processed for direct marketing purposes, you have the right to object to this processing at any time without giving reasons; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Data controller:
Christian Arnold
Altenburger Str. 21/2
04626 Schmölln
info(-at)dachfenster-riese.de

Contact details of our data protection officer:
Altenburger Str. 21/2
04626 Schmölln
info(-at)dachfenster-riese.de

§ 13 Integration of YouTube videos

We embed videos from the YouTube platform on our website. The provider is Google Ireland Limited, Dublin, Ireland.
When you visit a page with an embedded video, personal data may be transmitted to YouTube. The embedding only takes place with your consent.
The legal basis is Art. 6 (1) lit. a GDPR.
A transfer to Google LLC in the USA may take place. The basis for this is the EU-US Privacy Shield Framework.
You can revoke your consent at any time via the cookie settings.

§ 14 Google Ads (conversion tracking and remarketing)

We use Google Ads for advertising, conversion tracking, and remarketing.
Cookies may be set to measure advertising success and display personalized advertising.
The legal basis is Art. 6 (1) (a) GDPR (consent).
Data may be transferred to Google LLC in the USA. The basis for this is the EU-US Privacy Shield Framework.

Maximum storage period is 14 months.
You can revoke your consent at any time.

§ 15 Meta / Facebook Ads

We use Meta Pixel to analyze and optimize our advertising measures.
Usage data is processed in order to display personalized advertising.
The legal basis is Art. 6 (1) lit. a GDPR.
Data may be transferred to Meta Platforms Inc., USA. The basis for this is the EU-US Privacy Shield Framework. The maximum storage period is 14 months. You can revoke your consent at any time.

§ 16 Microsoft Ads

We use Microsoft Advertising for conversion measurement and advertising display.
The legal basis is Art. 6 (1) (a) GDPR.
Data may be transferred to Microsoft Corporation, USA. The basis for this is the EU-US Privacy Shield Framework.
The maximum storage period is 14 months.
You can revoke your consent at any time.

§ 17 AI chatbot

We use an AI-supported chatbot on our website to process user inquiries.
This may involve the processing of entered content and technical usage data.
Please do not submit any sensitive personal data.
The legal basis is Art. 6 (1) (a) GDPR or Art. 6 (1) (f) GDPR.
Data may be transferred to the USA. The basis for this is the EU-US Privacy Shield Framework.
Chat content is only stored for as long as is necessary for processing.