Privacy policy

A. Information about the processing of personal data

We hereby inform you about the collection and processing of your data in accordance with Art. 13 GDPR.

Version: 3.7

Date: October 6, 2025

B. Contact details

Responsible body

Calumet Photo Video GmbH

Friesenweg 12

22763 Hamburg

Phone: +49 40 423 160 86 38

Email: kundenservice@calumet.de

Website: https://www.calumet.de

Data protection officer

Mag. Jur. Djoko Lukic (datenschutzbuero.hamburg)

Suhrenkamp 59

22335 Hamburg

Email: calumet@datenschutzbuero.hamburg

Website: https://datenschutzbuero.hamburg

Competent supervisory authority for data protection

The Hamburg Commissioner for Data Protection and Freedom of Information

Ludwig-Erhard-Str 22, 7th floor

20459 Hamburg

Tel.: +49 40 / 428 54 - 4040

Email: mailbox@datenschutz.hamburg.de

C. General explanations

Personal data

“Personal data” pursuant to Art. 4 No. 1 GDPR is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

(Data) processing

“Processing” pursuant to Art. 4 No. 2 GDPR means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or other forms of provision, comparison or linking, restriction, erasure or destruction.

Controller

The “controller” pursuant to Art. 4 No. 7 GDPR is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Consent

“Consent” pursuant to Art. 4 No. 11 GDPR is any freely given, specific, informed, and unambiguous indication of the data subject's wishes in the form of a statement or other unequivocal affirmative action by which the data subject signifies their agreement to the processing of personal data relating to them.

You can revoke any consent you have given via the consent banner by clicking on the “Cookie settings” link at the bottom right of the website.

Data deletion and retention periods

Your data will be deleted as soon as it is no longer required for the purposes for which it was collected or processed. This does not apply to data that must be retained for commercial or tax reasons.

Commercial letters are all documents or emails related to a commercial transaction, such as offers, order confirmations, or contracts. These documents must generally be retained for six years, not including the year in which the commercial letter was created. The retention obligation also applies to other electronic documents.

Accounting-related data is all information required for keeping books and records, such as invoices, cash books, bank receipts, or payroll documents. This data must generally be retained for ten years.

Data transfer to recipients outside the EU

Data transfers are always carried out on a legal basis. Data transfers to recipients located outside the European Union are only carried out if

(1) an adequacy decision has been agreed with the destination country of the data transfer,

(2) or the data processing is carried out on the basis of standard contractual clauses

(3) or the data subjects agree to the data transfer.

D. Your rights

You are entitled to exercise the rights listed below.

1. Right of access, Art. 15 GDPR

In accordance with Article 15 of the General Data Protection Regulation (GDPR), you as the data subject have the right to obtain information about the processing of your personal data.

Provided that the information does not involve a disproportionate effort, we will provide you with information about the personal data stored about you free of charge and provide you with a copy of this data. The information must contain the following:

a) the purposes of the processing;

b) the categories of personal data that are being processed;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;

e) the existence of a right to rectify or erase personal data concerning you or to restrict processing by the controller or a right to object to such processing;

f) the existence of a right to lodge a complaint with a supervisory authority;

g) if the personal data is not collected from the data subject, all available information on the origin of the data;

h) the existence of automated decision-making, including profiling, and, at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The right to information pursuant to Art. 15 GDPR exists only to the extent that it does not adversely affect the rights and freedoms of other data subjects pursuant to Art. 15 (4) GDPR.

2. Right to data portability, Art. 20 GDPR

If data processing is carried out on the basis of consent or a contract and by means of automated procedures, you have the right to have your data provided in a structured, commonly used, and machine-readable format.

3. Right to rectification, Art. 16 GDPR

You may request the rectification of inaccurate data or the completion of incomplete data concerning you.

4. Right to erasure, Art. 17 GDPR

Your personal data must be erased under the following conditions:

a) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

b) You withdraw your consent on which the processing was based in accordance with Art. 6 (1) (a) GDPR and there is no other legal basis for the processing.

c) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing.

d) The personal data has been unlawfully processed.

e) The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

f) The personal data has been collected in relation to information society services offered to minors in accordance with Art. 8 (1) GDPR.

Your right to erasure does not apply if the processing is necessary

a) for exercising the right of freedom of expression and information;

b) to comply with a legal obligation that requires processing or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) GDPR and (i) as well as Art. 9 (3) GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

e) for the establishment, exercise or defense of legal claims.

5. Right to restriction, Art. 18 GDPR

You have the right to restriction of processing if one of the following conditions applies:

a) you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data;

b) the processing of your data is unlawful, you oppose the erasure of the data and request the restriction of its use instead;

c) you need the data for the establishment, exercise, or defense of legal claims;

d) you have objected to the processing pursuant to Art. 21 (1) GDPR, as long as it is not yet clear whether our legitimate reasons outweigh yours.

If processing has been restricted, this personal data may – apart from its storage – only be processed with the consent of the data subject or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If you have obtained a restriction of processing, we will inform you before the restriction is lifted.

6. Right to object, Art. 21 GDPR

As a data subject, you have the right to object to the processing of your personal data in accordance with Article 21 of the General Data Protection Regulation (GDPR). You can exercise your right to object in the following cases:

a) If the processing is based on our legitimate interest and your interests, fundamental rights, and freedoms override the legitimate interest.

b) If personal data is processed for direct marketing purposes.

c) If you object, we may only process your personal data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

d) You have the right to object to the processing of your personal data at any time and without giving reasons. The objection can be made in writing or electronically and should be addressed to our contact address (see above, No. B.1.).

7. Withdrawal of consent, Art. 7 (3) GDPR

You have the right to withdraw your consent given to us at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal can be made in writing or electronically and should be sent to our contact address (see above, No. B.1.).

Newsletter

If you receive newsletters from us, you can withdraw your consent via the unsubscribe link in the newsletter or by sending a statement to our contact address.

Cookie or consent banner

You can withdraw any consent you have given via the consent banner by clicking on the “Cookie settings” link at the bottom right of the website.

8. Right to lodge a complaint, Art. 77 GDPR

You also have the right to complain to a data protection supervisory authority about our processing of your personal data. Employees do not have to follow official channels when communicating with the supervisory authority.

E. Contract fulfillment

1. Customer account

The purpose of data processing is to provide a function for creating a personal Calumet customer account. The personal customer account allows you to conveniently place orders and manage watch lists by permanently storing your data.

In the context of support and maintenance work, the service providers involved may take note of personal data.

The customer account is provided within the framework of a (pre-)contractual obligation and the legal basis is therefore Art. 6 (1) (b) GDPR.

You can delete your customer account via the customer menu or by contacting our customer service.

Data recipients (server hosting):

ScaleCommerce GmbH (Horstweg 24, 14059 Berlin) – Privacy policy: https://scale.sc/kontakt#datenschutz

Hetzner online GmbH (Industriestr. 25, 91710 Gunzenhausen) – Privacy policy: https://www.hetzner.com/de/legal/privacy-policy

Cloudflare Germany GmbH (Rosental 7, 80331 Munich) – Privacy policy: https://www.cloudflare.com/privacypolicy/

2. Rental

The purpose of processing is to fulfill our contractual obligations arising from the rental agreement. To enable you to rent our equipment, we use the following platform: https://www.rent.calumetphoto.de/.

The following categories of data are processed in connection with the rental: your name, address, date of birth, telephone number, address details, and information about the rentals.

In addition, we process the data that is technically necessary to provide the website. This includes the following data categories in particular: your public IP address, the date and time of page use, the time zone difference to Greenwich Mean Time (GMT), the content of the request (specific page), the access status/HTTP status code, the amount of data transferred in each case, the website from which the request originates, information about the browser, the operating system and its interface, and the language and version of the browser software.

In the event of payment defaults, we will transfer your data to lawyers and debt collection service providers in order to assert legal claims.

Data processing is carried out to exercise our contractual rights and to fulfill our contractual obligations in accordance with Art. 6 (1) (b) GDPR.

Your data will be deleted as soon as it is no longer required to fulfill the purpose. We are required to retain tax-relevant data for a period of 10 years.

3. Offer to purchase equipment

In order to identify potential purchase partners, we review our customers' purchase history. If a potential purchase item can be found in our customers' purchase history, we contact the customer by post or email to clarify whether there is any interest in selling.

In doing so, we process the names, the address data necessary for establishing contact, and information on previous purchase history.

The legal basis for this is our legitimate interest in advertising our services within the meaning of Art. 6 I lit. f) GDPR in conjunction with Recital No. 47, sentence 7.

The contact is not to be regarded as annoying advertising within the meaning of Section 7 UWG (German Unfair Competition Act) and it can therefore be concluded that the rights of the data subjects do not outweigh our legitimate interests.

4. Resale / Resale portal

We use Loopia from Thingsy AG for resale. We process the following data for this purpose: your name, your address, your telephone number, your email address, and information about the goods offered.

If we make you an offer to purchase and you accept it, your address data will be transmitted to the respective shipping service provider for the creation of a parcel label and the execution of the transport.

The legal basis for the processing of your data and its transfer to the transport service provider is the underlying contractual relationship in accordance with Art. 6 (1) (b) GDPR.

Data recipients:

UPS Deutschland GmbH, Frankfurter Straße 106, 65760 Eschborn (https://www.ups.com/de/de/support/shipping-support. ..)

DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany (https://www.dhl.de/de/toolbar/footer/datenschutz.h...)

Thingsy AG, Technoparkstraße 1, 8005 Zurich, Switzerland (https://www.getloopia.ch/datenschutz)

Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany (https://www.deutschepost.de/de/f/footer/datenschut...)

5. Verification of identity

We may need to verify your identity in order to prevent fraud or other unauthorized activities, such as receiving stolen goods. To verify your identity, we may ask you to provide additional data and documents such as copies of your identity card, copies of registration certificates, or other documents. We will only ask you to provide these documents in exceptional cases, such as when there is reasonable suspicion of an unauthorized activity. We may also process or check documents for identity verification when purchasing high-value goods.

Where possible, we would review the requested information at a local branch. If it is not possible to review the information at a local branch or if this is not sufficient to verify your identity, we would accept the data digitally in agreement with you.

Once your identity has been verified, we would delete the data immediately, provided that there are no further indications of an illegal act or no other obligation to store your data.

The legal basis for data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our interest here is protection against financial losses that may result from unlawful acts such as fraud or handling stolen goods.

Your right to informational self-determination does not outweigh this, as the intensity of the intrusion on you is low. If your identity is checked in a branch, no data will be stored. If the documents are provided digitally, they will be deleted immediately after the identity check—unless there is a concrete suspicion of a criminal offense. The legislator has also stated in Recital 47 of the General Data Protection Regulation that fraud prevention is a legitimate interest.

If we collect data in this context, we always take into account the principle of proportionality and examine each case separately.

You can object to the verification of your identity in accordance with Art. 21 (1) GDPR.

If identity verification is carried out in compliance with legal requirements, e.g. within the meaning of Section 10 of the Money Laundering Act, the legal basis for data processing is Article 6(1)(c) GDPR.

6. Contract fulfillment

The personal data you provide (master data, contact data, payment data) will be stored and processed for the purpose of contract fulfillment. You will receive the information necessary for the purchase transaction (order confirmation, invoice, etc.) by email.

We process the following data from you for the purpose of processing orders: your name, date of birth, contact details (telephone number, email address), and delivery address details. The address data will be passed on to the transport company responsible for delivery. In the case of freight forwarding deliveries, we will pass on your telephone number to the freight forwarding company responsible for the purpose of arranging a delivery date. If the goods ordered are delivered to you directly by manufacturers or wholesalers, we will pass on your address data to them for the purpose of fulfilling the contract.

Virtual server systems in highly available server infrastructures at various service providers, including Amazon AWS, are used to process orders. Standard contractual clauses have been agreed upon to legitimize the transfer of data to Amazon AWS.

In the event of payment defaults, we will transfer your data to lawyers and debt collection service providers in order to assert legal claims.

Data processing is carried out to exercise our contractual rights and to fulfill our contractual obligations in accordance with Art. 6 (1) (b) GDPR. We use the service provider Shiptrack (ecovium Holding GmbH, Justus-von-Liebig-Straße 3, 31535 Neustadt - https://ecovium.com/de/datenschutzinformation) to provide shipment information for your order. On our behalf, they will send you information about the shipment of your order by email based on the shipment data provided by our transport companies.

Further information on data processing by the contracted transport companies can be found at the following links:

https://www.dpdhl.com/de/datenschutz.html

https://www.ups.com/de/de/support/shipping-support...

For tax reasons, data relating to order processing must be retained for 10 years in accordance with § 147 AO (German Fiscal Code).

Data recipients (transport companies):

DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany (https://www.dhl.de/de/toolbar/footer/datenschutz. h...)

UPS Deutschland Inc. & Co. OHG Görlitzer Straße 1 41460 Neuss Germany (https://www.ups.com/de/de/support/shipping-support...)

Data recipient (server hosting):

ScaleCommerce GmbH (Horstweg 24, 14059 Berlin) – Privacy policy: https://scale.sc/kontakt#datenschutz

Hetzner onlineGmbH (Industriestr. 25, 91710 Gunzenhausen) – Privacy policy: https://www.hetzner.com/de/legal/privacy-policy

Amazon Web Services EMEA SARL (38 Avenue John F. Kennedy, L-1855 Luxembourg) – Privacy policy: https://aws.amazon.com/de/compliance/data-privacy/

Cloudflare Germany GmbH (Rosental 7, 80331 Munich) – Privacy policy: https://www.cloudflare.com/privacypolicy/

7. Returns

If you exercise your right of withdrawal or initiate a return for other reasons, we will process your data for the purpose of handling and processing the return. This includes the following data categories: name, address, email address, telephone number, order number, payment method, refund amount, reasons for return, and correspondence.

The obligation to process your return and the associated refund arises from the underlying purchase contract in accordance with Section 433 of the German Civil Code (BGB). The legal basis is therefore the fulfillment of contractual obligations in accordance with Art. 6 I lit. b) GDPR.

As part of the reversal of the transaction, your address data will be passed on to logistics and shipping service providers for the purpose of processing the return.

Payment service providers and banks will receive your data in connection with the refund of the purchase price.

We store your data for as long as is necessary for the processing of returns and, if applicable, for statutory retention obligations. This includes, in particular, tax and commercial law requirements (up to 10 years in accordance with § 147 AO, § 257 HGB).

Data recipients (transport companies):

DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany (https://www.dhl.de/de/toolbar/footer/datenschutz.h...)

UPS Deutschland Inc. & Co. OHG Görlitzer Straße 1 41460 Neuss Germany (https://www.ups.com/de/de/support/shipping-support...)

8. Payment processing

For payment processing purposes, we process your name and the respective payment amount. For tax reasons, the data processed in this context must be retained for 10 years in accordance with § 147 AO (German Fiscal Code).

We use various payment service providers to execute payments (see “Data recipients”). The payment service providers are responsible for the respective data processing. Further information on data processing by payment service providers can be found in the respective privacy policies.

The legal basis is the underlying contractual relationship in accordance with Art. 6 (1) (b) GDPR.

Data recipients:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg (https://www.paypal.com/de/webapps/mpp/ua/privacy-f...)

Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands (https://www.adyen.com/policies-and-disclaimer/priv...)

9. Purchase on account, direct debit purchase, and credit check

To avoid payment defaults for direct debit or purchase on account in retail stores and for orders placed by email, we check the buyer's creditworthiness using the services of SCHUFA Holding AG. For this purpose, we transmit your full name, address, and date of birth to SCHUFA. The information provided by SCHUFA serves as the basis for our decision on whether a purchase on account can be made possible.

For online purchases, we also use Ratepay's “regular customer concept.” This involves analyzing and evaluating positive payment experiences from previous purchases via Ratepay and taking them into account when granting purchase on account or direct debit.

The legal basis for this data processing is our legitimate interest in avoiding payment defaults in accordance with Art. 6 (1) lit. f GDPR.

When you make a purchase on account, we process your contact details, delivery address, and order details. When you pay by direct debit, we also process your bank details (IBAN and BIC). The legal basis for this is the fulfillment of our contractual obligations and the assertion of claims arising from the purchase contract in accordance with Art. 6 (1) (b) GDPR.

Data recipients:

SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (https://www.schufa.de/global/datenschutz/)

Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin (https://www.ratepay.com/datenschutz/)

10. Brokerage of leasing and loan services

For the purpose of brokering financing, we transmit your name, address, and contact details, as well as the order number, to the various credit institutions (see “Data recipients”). . You will send the other documents required to conclude the loan or leasing agreement directly to the respective credit institution.

The legal basis is the underlying contractual relationship in accordance with Art. 6 (1) (b) GDPR.

Data recipients:

Targobank AG, Kasernenstr. 10, 40213 Düsseldorf (https://www.targobank.de/de/datenschutz)

ALBIS Leasing AG, Ifflandstraße 4, 22087 Hamburg (https://www.albis-leasing.de/datenschutz)

DLL Deutschland - De Lage Landen International B.V. –German branch–, Theo-Champion-Str. 1, 40549 Düsseldorf (https://www.dllgroup.com/de/de-de/Datenschutzerkl%...)

11. Repair processing

We process the following data to carry out repairs: your name, your address, and your contact details. If you provide us with photographs or videos for fault analysis, these will also be processed for troubleshooting purposes. If the repairs are carried out under warranty or guarantee claims, we also process information relating to the purchase transaction (time of purchase, receipts, etc.).

The devices submitted are forwarded to repair shops or the respective manufacturer. We do not pass on any personal data to the repair shops. Only in the case of warranty or guarantee services is information about the purchase passed on for the purpose of verifying the repair claim.

The legal basis for data processing is the existing contractual relationship with you in accordance with Art. 6 (1) (b) GDPR.

F. Communication

1. Electronic contact (email, contact form, live chat, etc.)

The purpose of data processing is to operate an electronic communication system.

Communication by email requires the processing of the email address of the recipient or sender. Since various types of information are transmitted by email, data of all kinds is processed in addition to technical log data.

If we transmit particularly sensitive data, we encrypt it in advance. We also use transport-encrypted connections for the transmission and receipt of emails.

If you use the contact form, the following data will also be processed:

Your email address,

your name,

the content of the message,

your public IP address,

the date and time of page use,

the time zone difference to Greenwich Mean Time (GMT),

the content of the request (specific page),

the access status/HTTP status code,

the amount of data transferred in each case,

the website from which the request originates,

information about the browser,

the operating system and its interface, and

the language and version of the browser software.

Customer inquiries are stored in the Freshworks GmbH ticket system. Both the data transmission and the storage of the data are encrypted.

You can communicate with us via live chat using “Freshchat” (Freshworks GmbH). We will usually respond to your request within the live chat tool. The chat service provider collects your IP address for this purpose. If you would like us to respond to your request by other means, you can voluntarily provide your email address or telephone number. The service providers have been obliged to take adequate technical and organizational protective measures. We can check compliance with these protective measures at any time.

The operation and use of the email infrastructure is based on our legitimate interest in operating a means of communication and exercising our freedom to conduct a business in accordance with Art. 6 (1) (f) GDPR.

If the communication takes place in connection with existing or intended contractual relationships, the legal basis is the underlying (pre-)contractual obligation pursuant to Art. 6 (1) (b) GDPR.

Data recipients:

Freshworks GmbH, Neue Grünstraße 17, 10179 Berlin (https://www.freshworks.com/privacy/)

Microsoft Deutschland GmbH, Walter-Gropius-Str. 5, 80807 Munich, Germany (https://privacy.microsoft.com/de-de/privacystateme...)

2. Video conferences, webinars

The purpose of data processing is to operate a system for conducting video conferences, online meetings, and webinars. We use the communication solutions “Zoom” and “Microsoft Teams” for this purpose.

When using these communication solutions, various personal data is processed. This includes, in particular, your name, email address, IP address, audio and video data, chat histories, and the transmitted communication content. The communication content is transmitted exclusively in encrypted form.

The legal basis for data processing is determined by the context. If the video conference is held in connection with the fulfillment of (pre-)contractual obligations, the legal basis is the contractual relationship pursuant to Art. 6 (1) (b) GDPR.

If data processing is carried out for the purposes of application procedures, the legal basis is Section 26 BDSG in conjunction with Art. 6 (1) (b) GDPR.

In all other cases, the legal basis for data processing when conducting online meetings, video conferences, or webinars is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Data recipients:

Zoom Video Communications Inc., 55 Almaden Blvd, 6th Floor, San Jose, CA 95113, USA (https://zoom.us/docs/de-de/privacy-and-legal.html)

Microsoft Deutschland GmbH, Walter-Gropius-Str. 5, 80807 Munich, Germany (https://privacy.microsoft.com/de-de/privacystateme...)

3. Appointment bookings (eTermin)

We use the “eTermin” service for the purpose of scheduling appointments. The following data categories are processed: your name, your email address, and your telephone number. The information is forwarded to the branch where the consultation is to take place.

The legal basis for the consultation is the (pre-)contractual obligation within the meaning of Art. 6 (1) (b) GDPR.

Data recipient:

eTermin GmbH, Mättivor 3, 6430 Schwyz, Switzerland (https://www.etermin.net/online-terminbuchung-daten...)

4. Social media

We operate the following subpages on social media:

Facebook (Meta): https://www.facebook.com/CalumetPhotoDeutschland

Instagram (Meta): https://www.instagram.com/calumetphotode/

X (formerly Twitter): https://x.com/calumetphotode

XING: https://www.xing.com/pages/calumetphotographicgmbh

LinkedIn: https://www.linkedin.com/company/calumet-photo-vid...

The purposes of data processing are to inform the public about our offers and to provide additional communication channels.

No data is transmitted to social media when you visit our pages. Only when you use our subpages on the respective platforms will the providers process the information that must be processed in the context of providing a website.

We have no influence over how and what other data is processed by the platform operators. Information about data processing can be found in the respective privacy policies (see “Data recipients”).

The operation and use of the platforms is based on our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR in promoting our products and services and providing additional communication channels.

If we publish personally identifiable content from you, this publication is based on your consent in accordance with Art. 6 (1) (a) GDPR. To revoke your consent, please contact the responsible body or the data protection officer.

Further information on the platform operators:

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (https://www.facebook.com/policy.php)

X Corp., 1355 Market St Ste 900, San Francisco, CA 94103 (https://x.com/de/privacy)

YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (https://policies.google.com/privacy?hl=de)

Instagram, LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (https://help.instagram.com/519522125107875)

New Work SE (XING), Dammtorstraße 30, 20354 Hamburg, Germany (https://privacy.xing.com/de/datenschutzerklaerung)

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/legal/privacy-policy)

5. Application process

The purpose of processing is to carry out application procedures.

As part of the application process, we process the data provided in the application documents. This includes both your master data and your professional data (education, career history, etc.). If you are hired, the data provided will be stored in your personnel file.

We do not pass on the processed data. Internally, the application documents are made available to the heads of the respective departments and, if applicable, to the relevant representatives (representatives for severely disabled persons, etc.).

The legal basis for the processing of application documents is Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) of the GDPR for the initiation or agreement of contractual relationships.

If you are not hired, the data will be destroyed or deleted after six months at the latest.

G. Marketing

1. Letter marketing

We process your personal data for the purpose of advertising by mail. This includes, in particular, sending advertising letters and contacting you to participate in surveys and competitions.

In addition, you may also receive individual voucher codes and personal trade-in offers (exchange your used devices for credit, discounts, or cash) from us.

Your name and address are processed for this purpose. We have either obtained your data from publicly available sources or received it from you.

If your data is transferred from our shop system to the service providers used for letter marketing, we also transfer your customer number and, if available, your email address for clear identification purposes.

We only pass on your personal data to third parties if this is necessary for the fulfillment of our tasks. These are in particular service providers who support us in sending advertising materials or carrying out marketing campaigns (see “Data recipients”). . These service providers are contractually obliged to process the data only in accordance with our instructions and in compliance with the applicable data protection regulations.

Furthermore, we commission service providers who use their own databases. These databases have also been extracted from public sources or provided on the basis of your consent.

Data processing is based on our legitimate interests (Art. 6 (1) (f) GDPR). Our legitimate interest is the promotion of our products.

We only store your personal data for as long as is necessary to fulfill our tasks or as long as you do not object. If you object to the use of your data, we will delete your data immediately, unless we are legally obliged to retain the data.

Data recipients:

optilyz GmbH, Neue Schönhauser Str. 19, 10178 Berlin, Germany (https://optilyz.com/de/datenschutzerklaerung/)

Mediaport porduction GmbH & Co.KG, Ulzburger Str. 131, 22850 Norderstedt, Germany (https://www.mediaport-production.de/datenschutzerk...)

Bloomreach B.V, Fred. Roeskestraat 109, 1076 EE Amsterdam, Netherlands (https://www.bloomreach.com/en/privacy-at-bloomreac...)

2. Newsletters and marketing emails (Bloomreach)

Personalized newsletter marketing

We use the “Bloomreach” service to provide you with personalized newsletters and other offers that are relevant to your interests.

The processing of your email address and technical log data is necessary for sending offers and newsletters. If we know your name, we will use it to address you personally in the newsletters.

Our newsletters are personalized based on your previous purchases, your use of our online shop, and your use of previous newsletters. When you open the newsletter, a tracking pixel (also known as a tracking pixel) is loaded. This allows us to track whether the newsletter has been opened and to determine how interesting the content is to you.

When you open the newsletter and offer emails, tracking pixels (also known as web beacons or tracking pixels) are loaded from the newsletter operator's server. This allows us to track whether you have viewed the newsletter.

When you open the newsletter, your IP address is recorded. IP addresses are assigned by Internet service providers (ISPs) and can be roughly assigned to a geographical location, such as a country or a large city area. This assignment is based on publicly available data. We use this information to inform you about offers in specific stores.

We use transport-encrypted connections to send emails.

The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR.

To revoke your consent to receive newsletters and offers, you can use the unsubscribe link in the newsletters.

Alternatively, you can also send your revocation by email to kundenservice@calumet.de or contact the responsible body or the data protection officer (see above).

Existing customer advertising

If you have provided us with your email address when purchasing goods or using services, we reserve the right to send you offers for similar goods or services by email. Your data will be processed on the basis of our legitimate interest in personalized direct marketing in accordance with Art. 6 (1) (f) GDPR in conjunction with § 7 (3) UWG (German Unfair Competition Act).

You can object to this use of your data at any time without incurring any costs. The objection can be made either by email to the responsible body mentioned above or via the unsubscribe link in each advertising message. After your objection, you will no longer receive any advertising for existing customers.

Website usage analysis

In order to optimize our offering and personalize the newsletter, we also use Bloomreach to track your usage behavior in our online shop. Cookies are stored on your device to collect the following data:

IP address (and local assignment),

user login information,

browser information (time zone, operating system, referring links, browser),

user activities (search terms, content displayed, items in shopping cart, usage times, previous purchases)

Based on this information, we provide you with recommendations tailored to your target group.

The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR. You can adjust your cookie settings at any time via our consent banner.

Analysis of our marketing measures

To optimize the effectiveness of our marketing and sales activities, we create aggregated, non-personal reports.

The legal basis for this is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR (Recital 47 GDPR).

Service provider

The service is operated by Bloomreach. The service provider receives the data collected in the course of marketing activities. A data processing agreement is in place in accordance with Art. 28 GDPR. In addition, Bloomreach is certified under the Data Privacy Framework, which legitimizes data transfers to the USA.

Further information on data processing by Bloomreach:

https://www.bloomreach.com/en/privacy-at-bloomreac...

https://www.bloomreach.com/en/security-at-bloomrea...

https://www.bloomreach.com/wp-content/uploads/2024...

Furthermore, customer data is transferred to Optilyz for the management and implementation of the respective marketing campaigns.

Data recipient:

Bloomreach B.V, Fred. Roeskestraat 109, 1076 EE Amsterdam, Netherlands

3. Price alert

The purpose of data processing is to provide a service that sends an automatic email notification when a certain price limit is reached. Your name and email address are processed for this purpose.

The legal basis is the consent you have given in accordance with Art. 6 (1) (a) GDPR.

You can revoke your consent at any time with future effect. To do so, please use the link provided in the email. Alternatively, you can also send your revocation by email to kundenservice@calumet.de or by post to the above address.

Your data will be deleted if it is no longer required for the purpose, e.g., due to revocation.

Data recipient:

shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (https://www.shopware.com/de/datenschutz/)

4. Website usage analysis (Hotjar)

We use Hotjar to determine whether and which content on our website is of interest.

The following data is processed for this purpose: Your public IP address, the date and time of the website display, the time zone difference to Greenwich Mean Time (GMT), the content of the request (the specific page), the amount of data transferred in each case, the website from which the request originates, information about the browser, the operating system and its interface, and the language and version of the browser software.

The legal basis for the processing is your consent in accordance with Art. 6 (1) (a) GDPR.

To revoke your consent to data processing, you can call up the consent banner again and adjust the settings accordingly. Further information and the link to call up the consent banner can be found in section C. of this privacy policy (Consent). .

Data recipient:

Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (https://www.hotjar.com/legal/policies/privacy)

5. Website usage analysis (Google Analytics, Google Signals, and Predictive Metrics)

We use Google Analytics to determine whether and which content on our website is of interest.

The following data is processed in this context: Your public IP address, the date and time the website was viewed, the time zone difference to Greenwich Mean Time (GMT), the content of the request (the specific page), the amount of data transferred in each case, the website from which the request originates, information about the browser, the operating system and its interface, and the language and version of the browser software.

We use Google Analytics with the “Google Signals” function (https://support.google.com/analytics/answer/753298...), which enables anonymous evaluation of user data across different devices and platforms. The data processed by Google Signals cannot be attributed to individual persons due to anonymization.

The legal basis for the processing is your consent in accordance with Art. 6 (1) (a) GDPR.

Data recipient:

Google Germany GmbH, ABC-Straße 19, 20354 Hamburg, Germany (https://policies.google.com/privacy?hl=de)

6. Website usage analysis (Criteo)

We use the services of Criteo SA (https://www.criteo.com/de/privacy/) to optimize our online marketing. This involves collecting data about your usage behavior on our website and storing it in cookies on your device. This enables us to determine your interests and provide you with personalized advertising. Your data is processed in pseudonymized form. The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR.

To revoke your consent, you can call up the consent banner again and adjust the settings accordingly. Further information and the link to call up the consent banner can be found in section C. under “Consent.”

Alternatively, you can also revoke your consent via the following setting: https://www.criteo.com/de/privacy/disable-criteo-s....

Data recipient:

Criteo SA, 32 Rue Blanche, 75009 Paris, France (https://www.criteo.com/de/privacy/)

7. Interest-based marketing (Google Ads remarketing)

By using Google Ads remarketing, we can display our ads in a targeted manner, taking your preferences into account. Your user actions are recorded and specific target groups are defined based on these. As soon as you visit other websites that also participate in the Google Display Network, you will see ads that match your interests.

The legal basis for data processing is the consent you have given in accordance with Art. 6 I lit. a) GDPR.

To revoke your consent, you can call up the consent banner again and adjust the settings accordingly. Further information and the link to the consent banner can be found in section C. under “Consent.”

You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plugin available at the following link: https://www.google.com/settings/ads/onweb/

Data recipient:

Google Germany GmbH, ABC-Straße 19, 20354 Hamburg, Germany (https://policies.google.com/privacy?hl=de)

8. Interest-based marketing (trbo)

We provide personalized information and offers on our website through the Trbo service. To do this, we use tracking tools from the service provider, known as “cookies” and “web beacons,” to optimize our online offering, measure the effectiveness of our online advertising, and display personalized offers. Our goal is to improve the user experience on our website and increase our conversion rate.

The following data is collected: Which pages are visited, when, how often, and in what order; which products are searched for; which links or offers are clicked on; and which orders are placed.

The data collected is processed pseudonymously and is not merged with personal data (such as your name, address, etc.).

A data processing agreement has been concluded with the service provider.

The legal basis for data processing is your consent, in accordance with Art. 6 (1) (a) GDPR.

Data recipient:

trbo GmbH, Leopoldstr. 41, 80802 Munich (https://www.trbo.com/de/datenschutz/)

9. Success analysis of marketing activities (Microsoft Conversion Tracking)

We use Microsoft's conversion tracking tool (https://about.ads.microsoft.com/de-de/policies/leg...) to optimize our online marketing measures. If you access our website via an advertisement on Microsoft (Bing), a cookie is stored on your device. This cookie enables us to track whether an order or purchase has been made on our website. This allows us to analyze and improve the effectiveness of our advertisements.

Data processing only takes place if you have given your prior consent. The legal basis for data processing is therefore Art. 6 (1) (a) GDPR.

Data recipient:

Microsoft Deutschland GmbH, Walter-Gropius-Str. 5, 80807 Munich, Germany (https://privacy.microsoft.com/de-de/privacystateme...

10. Success analysis of marketing activities (DataFeedWatch)

We use the services of “DataFeedWatch” to manage marketing activities and analyze their success.

DataFeedWatch Cookies uses cookies that are stored in the cache of your web browser on your device and enable us to analyze your use of the website and measure transactions using a marketing channel, right through to the completion of an order. The cookies collect certain information, such as the IP address, location, time of page view, etc. Information collected by Data Feed Watch is stored on Data Feed Watch servers and evaluated on our behalf.

The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR.

Data recipient:

cart.com inc., 1334 Brittmoore Rd. Suite 225, Houston, TX 77043, United States (https://www.datafeedwatch.de/datenschutz-bestimmun...)

11. Success analysis of marketing activities (Google Conversion Tracking)

We use Google Conversion Tracking to optimize our online marketing measures. Google Conversion Tracking enables us to analyze and improve the effectiveness of our online advertising campaigns by tracking user actions such as clicking on our ad.

When you access our website via an ad on Google, a cookie is stored on your device. This cookie enables Google and us to track whether an order or purchase has been made on our website.

The legal basis for data processing is your consent in accordance with Art. 6 I lit. a) GDPR. To revoke your consent, you can call up the consent banner again and adjust the settings accordingly. Further information and the link to call up the consent banner can be found in section C. under “Consent.”

Data recipient:

Google Germany GmbH, ABC-Straße 19, 20354 Hamburg, Germany (https://policies.google.com/privacy?hl=de)

12. Success analysis of marketing activities (advanced conversions; Google)

In order to optimize our marketing measures, we use Google's enhanced conversion tracking (https://support.google.com/google-ads/answer/98886...). Enhanced conversion tracking allows us to subsequently assign ad interactions, whereby tracking is server-controlled and does not use cookies. The following data categories may be used for this processing: Email address, name, home address, or phone number.

The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR. If you wish to revoke your consent, you can call up the consent banner again and adjust the settings accordingly. Further information and the link to call up the consent banner can be found in section C under “Consent.”

Data recipient:

Google Germany GmbH, ABC-Straße 19, 20354 Hamburg, Germany (https://policies.google.com/privacy?hl=de)

13. Facebook marketing

We use the “Facebook pixel” to carry out marketing measures aimed at specific target groups. The Facebook pixel records how visitors interact with our website. Facebook uses this data to create target groups, which enables us to provide targeted ads. We can also use the Facebook pixel to measure the success of advertising campaigns.

The data is processed by Facebook. Data processing is anonymous for us.

The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR.

Data recipient:

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (https://www.facebook.com/about/privacy/)

14. Affiliate marketing network (AWIN)

We use the affiliate marketing network AWIN to optimize our online marketing and offer partner programs. This network uses tracking technologies to track whether visitors to our website have accessed our website via a link from a partner program and whether an order or purchase has been made. The following data is collected: the user's IP address, date and time of access, user's device type, information about the user's operating system and browser, order value, and shopping cart data.

The data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Data recipient:

AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany (https://www.awin.com/de/datenschutzerklarung)

15. Provision of vouchers (Sovendus)

In order to select a voucher offer that is currently of interest to you, we pseudonymize and encrypt the hash value of your email address and your IP address and transmit it to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus). The hash value is a calculated value derived from your email address. The hash value, in turn, does not allow any conclusions to be drawn about the data (in this case, the email address) from which it was created.

The pseudonymized hash value of the email address is used by Sovendus to take into account any advertising objections that may exist. The legal basis for this is the legal obligation pursuant to Art. 6 I lit. c) in conjunction with Art. 21 (3) GDPR.

The IP address is used by Sovendus exclusively for data security purposes and is usually anonymized after seven days. The legal basis is the legal obligation pursuant to Art. 6 I lit. c) GDPR to implement adequate protective measures pursuant to Art. 32 I GDPR.

If you are interested in a voucher offer from Sovendus, have not opted out of advertising at your email address, and click on the voucher banner displayed only in this case, we will transmit the following data categories to Sovendus in encrypted form: Your name, your postal code, the country in which you reside, and your email address. The legal basis for this is our legitimate interest in participating in the partner network for marketing our own products in accordance with Art. 6 I lit. f) GDPR.

In addition, for billing purposes, we transmit the order number, the order value with the currency, the session ID, the coupon code, and the timestamp to Sovendus in pseudonymized form. Data processing is carried out to fulfill our contractual obligation and is therefore based on Art. 6 I lit. b) GDPR.

16. Participation in competitions

The purpose of data processing is to conduct competitions and provide prizes.

If you participate in one of our competitions (e.g., a photo competition), we process the following personal data about you: name, date of birth, email address, postal address.

We process your data to ensure that the conditions of participation are met, to inform you about your prize, and to provide you with the prize. We need your date of birth to determine whether minors are participating and whether the necessary consent of a legal representative has been obtained. We also process the data to ensure that the conditions of participation are met.

If you participate in a photo competition, we will publish your winning photo and your full name as the author of the photo in our print and online magazine “PerfectPic,” on our social media channels (Facebook, Instagram, Xing, and LinkedIn, see F.4), and in our newsletter.

The legal basis for data processing is Art. 6 (1) (b) GDPR for the implementation of pre-contractual measures or for the fulfillment of a contract. The conditions of participation in the competition form the contractual framework and are made available to you.

Your data will be used exclusively for the purpose of conducting the competition and, if you have not won the competition, will be deleted afterwards. The published information, the winner's photo, and the name of the creator will not be removed from the media due to the agreements made in the terms of use. Other data, such as your email address, postal address, and date of birth, will be deleted when the voucher is redeemed. Data that is subject to legal retention requirements, such as invoice data, will be retained accordingly.

H. Website/Internet presence

1. Provision of the Internet presence

The purpose of data processing is the presentation and operation of our Internet presence.

In order for our Internet presence to be displayed on your device, data must be transmitted to your device. The processing of the following data is necessary for this:

Your public IP address,

the date and time of page use,

the time zone difference to Greenwich Mean Time (GMT),

the content of the request (specific page),

the access status/HTTP status code,

the amount of data transferred in each case,

the website from which the request originates,

information about your browser,

the operating system and its interface, and

the language and version of the browser software.

We do not actively pass on the processed data. We use the following service providers to provide the necessary technical infrastructure:

To provide the website and online shop:

ScaleCommerce GmbH (Horstweg 24, 14059 Berlin) – Privacy policy: https://scale.sc/kontakt#datenschutz

Hetzner online GmbH (Industriestr. 25, 91710 Gunzenhausen) – Privacy policy: https://www.hetzner.com/de/legal/privacy-policy

For the security and fast provision of the website:

Cloudflare Germany GmbH (Rosental 7, 80331 Munich) – Privacy policy: https://www.cloudflare.com/privacypolicy/

All necessary data processing agreements have been concluded. Furthermore, the service providers have been obliged to take adequate technical and organizational protective measures. We can check compliance with these protective measures at any time.

The provision of the website and the information published on it is based on our own legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interests here are the presentation of our offers and the provision of our contact details.

2. Google reCAPTCHA

To protect against automated attacks, we check whether interaction with our online shop has been generated by a machine. To do this, we use the functions of Google reCAPTCHA (https://www.google.com/recaptcha/about/). This generates queries that can be answered correctly by humans – but not by software systems. In addition, the following data is analyzed in the background: IP address, referrer URL, information about the operating system and browser, cookies, mouse movements and keyboard entries, and length of stay.

The legal basis for this data processing is our legitimate interest in protecting our website and the processed data in accordance with Art. 6 (1) (f) GDPR.

Data recipient:

Google Germany GmbH, ABC-Straße 19, 20354 Hamburg, Germany (https://policies.google.com/privacy?hl=de)

3. Integration of Google Maps and YouTube

We use Google services on our website to display maps or YouTube videos.

When displaying map content or YouTube videos, the following information is transmitted to Google: Your public IP address, the date and time of the website display, the time zone difference to Greenwich Mean Time (GMT), the content of the request (the specific page), the amount of data transferred in each case, the website from which the request originates, information about the browser, the operating system and its interface, and the language and version of the browser software.

The content will only be displayed and the associated data transferred to Google after you have given your prior consent. The legal basis for data processing is therefore Art. 6 (1) (a) GDPR.

To revoke your consent to data processing, you can call up the consent banner again and adjust the settings accordingly. Further information and the link to the consent banner can be found in section C. of this privacy policy (Consent).

Data recipients:

Google Germany GmbH, ABC-Straße 19, 20354 Hamburg, Germany (https://policies.google.com/privacy?hl=de)

YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (https://policies.google.com/privacy?hl=de)

4. Evaluation of products and services

Request to evaluate our products and services

After purchasing a product or participating in a workshop, you may receive a request to evaluate the respective product or event. This request may be sent by post on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Prior consent is not required in this case.

We process your name and address for the purpose of sending the postal delivery.

If you have agreed to receive evaluation requests by email, you may also receive a corresponding email. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. In this context, we process your name and email address. The review requests are sent via the service provider Bloomreach.

Product reviews via our website

After logging in with your access data, you can review our products in our online shop. Your review and the occupation you specify will be recorded.

If third parties report your review as illegal, we reserve the right to contact you by email and delete the review.

The legal basis for processing is our legitimate interest in publishing product reviews in accordance with Art. 6 (1) (f) GDPR.

Your review will be published with your first name and the occupation you have specified for as long as the reviewed item is available in our online shop.

Product review with Limesurvey

If you submit your review via our review form, we will process your first and last name, your occupation, and your product review. The processing of your last name is necessary to verify the purchase.

If we offer you a voucher for your review, we will also process your email address.

Your review will be published with the first name you provide (or anonymously) and the occupation you specify for as long as the reviewed item is available in our online shop.

The following technical data is processed as part of the review form:

Cookies to prevent repeated participation

Website/address accessed

Date and time of access

IP address of the user

Access status/HTTP status code

Browser type and version/operating system used

If third parties report your review as illegal, we reserve the right to contact you by email and delete the review.

The legal basis for data processing is our legitimate interest in publishing product reviews in accordance with Art. 6 (1) (f) GDPR.

If you receive a voucher for your review, the legal basis is a contractual relationship in accordance with Art. 6 (1) (b) GDPR.

The review form is provided by LimeSurvey GmbH. We have concluded a data processing agreement with the service provider. Data processing takes place exclusively in Germany.

Anonymous evaluation of workshops

If you have participated in one of our workshops at a Calumet store, you will have the opportunity to evaluate the event anonymously afterwards. The link required for the evaluation will usually be provided in the form of a QR code after the event. It is also possible that you will be asked to provide an evaluation by post or email after the event (see above).

Your non-personal data will be processed for the purpose of evaluating the workshop.

In addition, the following technical data will be processed when the form is provided:

Cookies to prevent repeated participation

Website/address accessed

Date and time of access

IP address of the user

Access status/HTTP status code

Browser type and version/operating system used

The survey is conducted on the basis of our legitimate interest in improving our workshops in accordance with Art. 6 (1) (f) GDPR.

Data recipients:

LimeSurvey GmbH, Papenreye 63, 22453 Hamburg (https://www.limesurvey.org/de/datenschutzhinweise)

Bloomreach B.V, Fred. Roeskestraat 109, 1076 EE Amsterdam, Netherlands (https://www.bloomreach.com/de/legal/privacy)

5. Online security seal

To strengthen our customers' trust in our online shop, we have integrated the Trusted Shops Trustbadge. This shows our certification and enables you to use the Trusted Shops services (e.g., buyer protection). By clicking on the Trustbadge, you can obtain further information about our certification.

When the Trustbadge is loaded, Trusted Shops processes the following technical data:

IP address

Date and time of access

Amount of data transferred

Requesting provider

This data is not evaluated and is deleted no later than seven days after you leave the site.

The legal basis is our legitimate interest in marketing our offer in accordance with Art. 6 (1) (f) GDPR.

Data recipient:

Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (https://www.trustedshops.de/impressum-datenschutz/...)

6. Consent banner (Usercentrics)

We use the consent management tool “Usercentrics” to obtain consent for data processing on our website that requires consent.

Data processing is carried out in compliance with data protection requirements and thus on the basis of Art. 6 I lit. c GDPR.

The following data is processed when using Usercentrics: consent status, information about the cookies used.

By opening the “Cookie settings” link (at the bottom right of the website), the consent settings can be changed.

Service provider:

Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich (https://usercentrics.com/privacy-policy/)

7. Website search (Algolia)

Our website uses the Algolia website search service, provided by Algolia SAS, to enable fast and user-friendly searches within our online offering.

Basic search

To enable the search function, Algolia has collected and processed the content of our online shop, in particular product catalogs, product overview pages, editorial content, and search queries.

The following user data must be processed in order to provide search results:

IP address

Time of search query

Network connection data

Search terms

Event tracking

If users have agreed to event tracking, their clicks are recorded pseudonymously in order to improve the search and recommendation functions. Products that are clicked on by many users appear higher up in the search results. This allows the product search to better adapt to the interests of our users.

The following additional data is collected and processed:

Click behavior on search results

Interactions with products (e.g., clicks on products in category pages)

Shopping cart actions (e.g., adding to shopping cart)

Purchases and orders

The usage data is pseudonymized before being transmitted to Algolia. For this purpose, a randomly generated identifier (randomized user ID) is created.

Personalized search

If users have consented to the personalized search function, Algolia analyzes search and click behavior to identify individual preferences. On this basis, Algolia can display personalized search results or product recommendations, such as preferred products from certain brands.

The above personal data is processed for personalized search.

Algolia optimizes search results using technologies based on artificial intelligence.

If you have consented to event tracking or the personalized search function, your usage data will be processed on the basis of your consent, Art. 6 (1) (a) GDPR. You can revoke this consent at any time with future effect by adjusting the settings in the consent banner.

If you use Algolia without consenting to event tracking or the personalized search function, processing is carried out in our legitimate interest in providing a website search, Art. 6 (1) (f) GDPR.

Algolia generally stores the data for a maximum of 90 days, unless there are relevant legal retention obligations.

Service provider:

Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France (https://www.algolia.com/policies/privacy)

I. Cookies

1. General

When you view websites, cookies and similar files are stored on your computer. These files are used to store content and personal settings. You can delete cookies at any time using your browser settings or prevent them from being stored altogether.

Cookies are divided into three groups:

Essential cookies: These cookies are necessary for the proper display of the website.

Functional cookies: These cookies enable the use or display of additional functions, such as the display of videos or map services.

Marketing cookies: These cookies are created to optimize our offering.

The use of functional and marketing cookies always requires prior consent. We use the cookie consent banner tool from Usercentrics GmbH (see above) to store your selected cookie preferences.

You can revoke the consent you have given via the consent banner by clicking on the “Cookie settings” link at the bottom right of the website.

2. List of cookies

Group Service Cookie Function/processing activity Lifetime Legal basis

Marketing Google _ga: Google Analytics: This cookie is used to distinguish between users and enables information about the use of the website to be stored. 2 years Art. 6 (1) (a) GDPR

Marketing Google _gid This cookie is used to distinguish users and collect information about the use of a website. 24 hours Art. 6 (1) (a) GDPR

Marketing Google _ga_XY This cookie is used by Google Analytics to distinguish users and collect information about the use of a website. The identifier, referred to as “XY,” is a randomly generated value that is used each time the website is visited. 2 years Art. 6 (1) (a) GDPR

Marketing Google _gcl_au This cookie is used by Google Analytics and Google Ads to measure and optimize the effectiveness of advertising campaigns. 3 months Art. 6 (1) (a) GDPR

Marketing Google 1P_JAR AEC The cookie “1p_jar_aec” is used by Google Analytics and Google AdWords to collect and analyze information about the use of websites and advertising campaigns. 30 days Art. 6 (1) (a) GDPR

Essential Google CONSENT This cookie is used to store consent from Google. 15 years Art. 6 para. 1 sentence 1 lit. f) GDPR

Marketing Google IDE This cookie is used by Google AdSense and DoubleClick to collect and analyze information about the use of websites and advertising campaigns. This cookie also stores information about which ads were shown to the user and whether the user clicked on any of these ads. 2 years Art. 6 para. 1 sentence 1 lit. a) GDPR

Marketing Google NID These cookies store your preferred settings and other information, such as your preferred language or how many search results should be displayed per page. 6 months Art. 6 (1) (a) GDPR

Marketing Google OTZ This cookie is used by Google to collect and store information about the user's activities (such as search queries) on various Google services. 1 month Art. 6 (1) (a) GDPR

Marketing Bloomreach __exponea_etc__ Storage of a user ID and recording of website usage 3 years Art. 6 I lit. a) GDPR

Marketing Bloomreach xnpe_[project-token] Storage of a user ID and recording of website usage 3 years Art. 6 I lit. a) GDPR

Marketing Bloomreach __exponea_time2__ This cookie shows the time stamp offset between browser and server time. 60 minutes Art. 6 I lit. a) GDPR

Marketing Bloomreach __exponea_ab_[ABTestName]__ This cookie is returned as the variant name for an A/B test. 3 years Art. 6 I lit. a) GDPR

Essential Paypal Nsid This cookie is necessary for secure data transmission. Art. 6 para. 1 sentence 1 lit. f) GDPR

Essential Paypal Ts This cookie is used to detect unusual activity for the secure execution of transactions. End of session Art. 6 para. 1 sentence 1 lit. f) GDPR

Essential Paypal Ts_c This cookie is used to detect unusual activity for the secure execution of transactions. 3 years Art. 6 para. 1 sentence 1 lit. f) GDPR

Essential Paypal x-pp-s This cookie is used to detect unusual activity for the secure execution of transactions. End of session Art. 6 para. 1 sentence 1 lit. f) GDPR

Essential Calumet customer-group-id This cookie is required to store session-related information. End of session Art. 6 (1) (f) GDPR

Essential Calumet Session- This cookie is required to store session-related information. End of session Art. 6 (1) (f) GDPR

Essential Calumet SearchCollectorSession This cookie is used to temporarily store search queries. 2 days Art. 6 (1) (f) GDPR

Essential Calumet Timezone This cookie is used to record the correct time zone. 1 month Art. 6 para. 1 sentence 1 lit. f) GDPR

Essential Loopia trade-in-frontend_live_u2main.sig This cookie is necessary for the operation of the resale portal. 3 days Art. 6 I lit. b) GDPR

Essential Loopia trade-in-frontend_live_u2main This cookie is necessary for the operation of the resale portal. 3 days Art. 6 I lit. b) GDPR

Essential Loopia trade-in-frontend_u1main This cookie is necessary for the operation of the resale portal. End of session Art. 6 I lit. b) GDPR