Privacy Policy
The party responsible for data processing is:
Dagmar Janousek
c/o Gunnar Europe/ Essdconsulting BV
Surinameplein 6
1058 GP
Nederland
Email: CustomerService@gunnars.eu
We are pleased that you are interested in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information on how we handle your data.
You can visit our website without providing any personal information. Each time a webpage is accessed, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data) and documents the access. This access data is evaluated solely for the purpose of ensuring the trouble-free operation of the site and improving our offerings. This serves to protect our legitimate interests in the correct presentation of our offerings, which predominate within the context of a balance of interests according to Art. 6 (1) sentence 1 lit. f DSGVO. All access data will be deleted no later than seven days after the end of your visit to the site.
Hosting
The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided on this website will be processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact details provided in this privacy policy.
2.1 Data Processing for Contract Execution
For the purpose of contract execution (including inquiries and processing of any warranty and performance claims as well as any statutory update obligations) according to Art. 6 (1) sentence 1 lit. b DSGVO, we collect personal data if you voluntarily provide it to us as part of your order. Required fields are marked as such because we need the data to process the contract, and we cannot send the order without this information. Which data is collected can be seen from the respective input forms. Further information on data processing, especially on the transfer to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After the complete execution of the contract, your data will be restricted for further processing and deleted after the retention periods required by tax and commercial law according to Art. 6 (1) sentence 1 lit. c DSGVO unless you have expressly consented to further use of your data according to Art. 6 (1) sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this policy.
2.2 Customer Account
If you have given your consent according to Art. 6 (1) sentence 1 lit. a DSGVO by choosing to open a customer account, we will use your data for the purpose of opening a customer account and storing your data for future orders on our website. The deletion of your customer account is possible at any time and can be done either by a message to the contact option described in this privacy policy or through a designated function in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data according to Art. 6 (1) sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this policy.
2.3 Contact
In the context of customer communication, we collect personal data to process your inquiries according to Art. 6 (1) sentence 1 lit. b DSGVO if you voluntarily provide it to us when contacting us (e.g., via contact form or email). Required fields are marked as such because we need the data to process your contact. Which data is collected can be seen from the respective input forms. After your inquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data according to Art. 6 (1) sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this policy.
To fulfill the contract according to Art. 6 (1) sentence 1 lit. b DSGVO, we pass on your data to the shipping service provider commissioned with the delivery, to the extent that this is necessary for the delivery of ordered goods.
Data transfer to shipping service providers for the purpose of shipping notification
If you have given us your express consent during or after your order, we will pass on your email address to the selected shipping service provider based on this consent according to Art. 6 (1) sentence 1 lit. a DSGVO so that they can contact you before delivery for the purpose of delivery notification or coordination. The consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your provided data unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this policy.
General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 - 7
DE-36286 Neuenstein
Germany
United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany
PostNL
Waldorpstraat 3
2521 CA Den Haag
Netherlands
DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
Germany
In handling payments in our online shop, we work with these partners: technical service providers, credit institutions, payment service providers.
4.1 Data Processing for Transaction Handling
Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who act as data processors on our behalf, or to the commissioned credit institutions or the selected payment service provider to the extent necessary for processing the payment. This serves to fulfill the contract according to Art. 6 (1) sentence 1 lit. b DSGVO. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g., on their own website or through a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
If you have questions about our payment processing partners and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
4.2 Data Processing for Fraud Prevention and Payment Optimization
We may provide our service providers with additional data, which they use together with the data necessary for processing the payment as our data processors for the purposes of fraud prevention and optimization of our payment processes (e.g., invoicing, processing contested payments, support for accounting). This serves our legitimate interests in safeguarding against fraud or in efficient payment management according to Art. 6 (1) sentence 1 lit. f DSGVO.
4.3 Identity and Credit Check
When Selecting Klarna Payment Services Klarna Pay Now (automatic debit) If you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna), we request your consent according to Art. 6 (1) sentence 1 lit. a DSGVO to transmit the data necessary for processing the payment and for an identity and credit check to Klarna. In Germany, the credit agencies named in Klarna's privacy policy may be used for identity and credit checks. The information obtained on the statistical probability of a payment default is used by Klarna for a balanced decision on the establishment, implementation, or termination of the contractual relationship. Your consent can be revoked at any time by sending a message to the contact option described in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can revoke your consent to this use of personal data at any time also to Klarna.
5.1 Email Newsletter with Subscription, Newsletter Tracking with Separate Consent
If you subscribe to our newsletter, we use the data required for this purpose or separately provided by you to send you our email newsletter regularly based on your consent in accordance with Art. 6(1)(1)(a) GDPR. You can unsubscribe from the newsletter at any time by sending a message to the contact option described below or via a link provided in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6(1)(1)(a) GDPR or we reserve the right to use your data for purposes permitted by law and about which we inform you in this statement.
If you have additionally consented to newsletter analysis in accordance with Art. 6(1)(1)(a) GDPR, we also analyze your interaction with our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of designing future newsletter campaigns ("newsletter tracking").
For this evaluation, the sent emails contain one-pixel technologies (e.g., web beacons, tracking pixels), which are stored on our website. We link the following "newsletter data" for evaluation:
You can unsubscribe from newsletter tracking at any time by sending a message to the contact option described or via a link provided in the newsletter. The information is stored as long as you are subscribed to the newsletter.
5.2 Sending Review Requests via Email
If you have given us your explicit consent during or after your order in accordance with Art. 6(1)(1)(a) GDPR, we will use your email address to request a review of your order using the review system we employ. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a link provided in the review request.
Review requests may also be sent by our service provider Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"). In the course of sending review requests, we receive information about the respective status from Trusted Shops (e.g., whether the review request was sent and whether it arrived). This is done in accordance with Art. 6(1)(1)(f) GDPR to fulfill our legitimate interest in obtaining information about review invitations in order to make possible optimizations based on this and to fulfill Trusted Shops' legitimate interest in offering this service.
We are jointly responsible with Trusted Shops for sending review requests and collecting and displaying review or status information. Within the framework of the joint responsibility existing between us and Trusted Shops, please contact Trusted Shops directly for data protection questions and to assert your rights, whose contact options you can find here. Further information on data protection can be found at the following link here. Regardless, you can always contact us via the contact option described in this privacy policy. Your inquiry will then be forwarded to the other responsible party for response, if necessary.
General Information
To make your visit to our website attractive and enable the use of certain functions, we use technologies, including cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies).
Protection of Privacy for Devices
When using our online offerings, we use technologies that are strictly necessary to provide the expressly desired telemedia service. The storage of information on your device or access to information already stored on your device does not require consent.
For non-essential functions, the storage of information on your device or access to information already stored on your device requires your consent. Please note that not granting consent may result in parts of the website not being fully usable. Any consent granted remains until you adjust or reset the respective settings on your device.
Subsequent Data Processing via Cookies and Other Technologies
We use such technologies that are necessary for the use of certain functions of our website (e.g., shopping cart function). These technologies collect and process IP address, time of visit, device and browser information, and information about your use of our website (e.g., information on the content of the shopping cart). This serves our legitimate interests in providing an optimized presentation of our offering in accordance with Art. 6(1)(1)(f) GDPR.
We also use technologies to fulfill legal obligations that we are subject to (e.g., to be able to prove consents to the processing of your personal data) and for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the subsequent sections of this privacy policy.
The cookie settings for your browser can be found at the following links:
If you have consented to the use of technologies in accordance with Art. 6(1)(1)(a) GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.
We use the following cookies and other technologies from third-party providers on our website. Unless otherwise stated for the individual technologies, this is done based on your consent in accordance with Art. 6(1)(1)(a) GDPR. Once the purpose for the technology's use has been fulfilled and its use has ended, the data collected in this context will be deleted. You can revoke your consent at any time with future effect. Further information on your revocation options can be found in the section "Cookies and Other Technologies". Further information, including the basis of our cooperation with individual providers, can be found for each technology. If you have any questions about the providers and the basis of our cooperation with them, please contact us via the contact option described in this privacy policy.
7.1 Use of Google Services
We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google's technologies about your use of our website is generally transmitted to and stored on a server at Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Unless otherwise stated for the individual technologies, data processing is carried out based on an agreement between jointly responsible parties pursuant to Art. 26 GDPR. Further information on data processing by Google can be found in Google's privacy policy.
Our service providers are located and/or use servers in countries outside the EU and the EEA, for which the European Commission has determined an adequate level of data protection.
Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on the European Commission's standard contractual clauses.
Google Tag Manager
With Google Tag Manager, we can manage various codes and services on our website. When implementing the individual tags, Google may also process personal data (e.g., IP address, online identifiers (including cookies)). Data processing is based on an agreement for data processing by Google.
By using Google Tag Manager, we can integrate various services/technologies.
If you do not wish individual tracking services to be used and have therefore deactivated them, the deactivation remains in place for all affected tracking tags implemented via Google Tag Manager.
7.2 Use of Facebook Services
Facebook Ads (Ads Manager)
Through Facebook Ads, we promote this website on Facebook (by Meta) and on other platforms. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the precise implementation, particularly the decision on the placement of the ads with individual users. Unless otherwise stated for the individual technologies, data processing is carried out based on an agreement between jointly responsible parties pursuant to Art. 26 GDPR. The joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.
If you have given your consent according to Art. 6(1)(1)(a) GDPR, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g., trustmarks, collected reviews) and to offer Trusted Shops products to buyers after an order.
The Trustbadge and the associated services are provided by Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we share joint responsibility under data protection law according to Art. 26 GDPR. We inform you below about the essential contract contents according to Art. 26(2) GDPR.
Within the scope of the joint responsibility between us and Trusted Shops AG, please direct data protection queries and the exercise of your rights preferably to Trusted Shops using the contact details provided in their privacy information. However, you can always contact the responsible party of your choice. Your request will then, if necessary, be forwarded to the other responsible party for response.
8.1 Data Processing when Integrating the Trustbadge / Other Widgets
The Trustbadge is provided by a US content delivery network (CDN) provider. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, available for the USA here. Service providers used in the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). More information is available here. If the service providers used are not certified under the DPF, standard contractual clauses have been agreed as an appropriate guarantee.
When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, the date and time of access, the transferred data volume, and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection, so the stored data cannot be assigned to you. The anonymized data is used for statistical purposes and error analysis.
8.2 Data Processing after Order Completion
If you have given your consent, the Trustbadge accesses order information stored on your device (order total, order number, and possibly purchased product) as well as your email address after order completion, and your email address is hashed using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops along with the order information according to Art. 6(1)(1)(a) GDPR.
This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing is carried out according to the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent for automatic recognition via the Trustbadge, you will be given the option to manually register for the services or to complete the protection under your existing user agreement.
To do this, the Trustbadge accesses the following information stored on your device after you complete your order: order total, order number, and email address. This is necessary so we can offer you buyer protection. Data is only transmitted to Trusted Shops if you actively choose to click the corresponding button in the so-called Trustcard to complete the buyer protection. If you choose to use the services, further processing is governed by the contractual agreement with Trusted Shops according to Art. 6(1)(b) GDPR, in order to complete your registration for buyer protection and secure the order, and possibly to send you review invitations by email.
Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6(1)(f) GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, available for the USA here and for Israel here. Service providers used in the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). More information is available here. If the service providers used are not certified under the DPF, standard contractual clauses have been agreed as an appropriate guarantee.
Our Online Presence on Facebook, Instagram
If you have given your consent according to Art. 6(1)(1)(a) GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the above-mentioned social media platforms. Usage profiles are created using pseudonyms. These profiles can be used to place advertisements inside and outside the platforms that presumably match your interests. Cookies are usually used for this. Detailed information on data processing and usage by the respective social media operator, as well as contact options and your rights and settings to protect your privacy, can be found in the privacy notices of the providers linked below. If you need help with this, you can contact us.
Facebook (by Meta) is an offer from Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information collected automatically by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is generally transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing in the context of visiting a Facebook (by Meta) fan page is based on an agreement between jointly responsible parties according to Art. 26 GDPR. Further information (information on Insights data) can be found here.
Our service providers are located and/or use servers in countries for which the European Commission has determined by decision that they provide an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for third-country transfers if the respective service provider is certified. Certification is present.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. No adequacy decision from the European Commission exists for these countries. Our cooperation with them is based on these guarantees: standard data protection clauses of the European Commission.
Instagram (by Meta) is an offer from Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information collected automatically by Meta Platforms Ireland about your use of our online presence on Instagram is generally transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between jointly responsible parties according to Art. 26 GDPR. Further information (information on Insights data) can be found here.
Our service providers are located and/or use servers in countries for which the European Commission has determined by decision that they provide an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for third-country transfers if the respective service provider is certified. Certification is present.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. No adequacy decision from the European Commission exists for these countries. Our cooperation with them is based on these guarantees: standard data protection clauses of the European Commission.
10.1 Your Rights
As a data subject, you have the following rights:
Right to Object
If we process your personal data as explained above to protect our legitimate interests within the framework of a balancing of interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is for other purposes, you only have a right to object if there are reasons arising from your particular situation.
After exercising your right to object, we will not process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not process your personal data for this purpose.
10.2 Contact Options
If you have any questions about the collection, processing or use of your personal data, if you wish to request information, correction, restriction or deletion of data, or if you wish to revoke consent given or object to a specific use of data, please contact us directly using the contact details in our legal notice.
Please enter your email address and subscribe!