1. Controller and Your Rights

Responsible Entity (Controller)

The entity responsible for data processing on this website is: Markus Berlit, Grunewaldstr. 4, 93053 Regensburg

E-Mail: [email protected]

Your Data Subject Rights (GDPR)

You have the right to request information about your personal data, its rectification, erasure, or restriction of processing. You also have the right to object to processing and the right to data portability. You can exercise these rights by contacting us via the email address above.

2. Hosting and Infrastructure

Cloudflare (CDN and Security)

We use Cloudflare, Inc. (USA) as a Content Delivery Network (CDN) and security service. Cloudflare processes all traffic between your browser and our website to optimize loading times and provide security features (e.g., protection against DDoS attacks).

  • Data Processed: Cloudflare collects and processes metadata about website visitors, primarily IP addresses and diagnostic data.
  • Legal Basis: This processing is based on our legitimate interest in the technically error-free and secure delivery and optimization of our website (Art. 6 (1) lit. f GDPR).
  • US Data Transfer: Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF), which is the legal basis for transferring data to the USA.

Hosting Provider (Hostinger)

We host the contents of our website with Hostinger (Hostinger International Ltd., Cyprus). The data collected on this website is stored on the hoster’s servers.

  • Data Processing Basis: This is done based on our legitimate interest in making our website available to the public (Art. 6 (1) lit. f GDPR).
  • Processor Status: Hostinger acts as our data processor. We have concluded a Data Processing Addendum (DPA) with Hostinger to ensure the processing of personal data aligns with GDPR standards.

LiteSpeed Cache

We use the LiteSpeed Cache plugin to increase the loading speed of our website. This plugin temporarily stores a copy of every web page on your local server.

  • Data Processed: HTML pages, IP addresses (stored in temporary cache files).
  • Basis: Legitimate interest in website optimization and speed (Art. 6 (1) lit. f GDPR). The cache files are temporary and not accessible by LiteSpeed employees, except when technical support is explicitly requested.

3. General Data Collection & Contact

Cookies

Our website uses cookies. Technically necessary cookies (e.g., for login, shopping cart) are stored based on Art. 6 (1) lit. f GDPR. All other cookies (tracking, marketing, analytics) are only processed after we obtain your specific, informed consent via our cookie banner (Art. 6 (1) lit. a GDPR).

Contact Form 7, Flamingo, and Connector

When you send us inquiries via our Contact Form 7 forms, your information from the inquiry form, including the contact details you provided, are stored for the purpose of processing the request. This data is stored locally on our server via Flamingo and may be forwarded to external email marketing services via the Connector plugin (e.g., Mailchimp).

  • Data Processed: Name, Email, IP address, Message content.
  • Basis: Consent (Art. 6 (1) lit. a GDPR) or for the initiation/fulfillment of a contract (Art. 6 (1) lit. b GDPR).

4. E-commerce and Payment Processing

WooCommerce and WooPayments

We use WooCommerce for our online shop functionality and WooPayments for processing credit card transactions directly on our site.

  • Data Processed: Customer data, order history, billing/shipping addresses.
  • Basis: Fulfillment of the contract (Art. 6 (1) lit. b GDPR).

Payment Processing (Stripe)

We rely on Stripe for payment processing when using payment links or specific payment methods.

  • Data Processed: Payment data (e.g., card number, transaction amount).
  • Basis: Contract fulfillment (Art. 6 (1) lit. b GDPR).
  • US Data Transfer: Stripe may transfer data to the USA. Stripe complies with the EU-U.S. Data Privacy Framework (DPF), which is the legal mechanism for data transfer to the USA.

Shipping Services (DHL / Deutsche Post)

  • Data Processed: Name, Address, Email (for tracking).
  • Basis: Contract fulfillment (Art. 6 (1) lit. b GDPR).

5. Design, Fonts, and External Resources

Slider Revolution, LayerSlider, and Elementor

These plugins are used for design and layout. By default, they often load external resources, particularly Google Fonts, to display text uniformly.

  • Data Processed: Your IP address is transmitted to Google when your browser loads these fonts.
  • Basis: Consent (Art. 6 (1) lit. a GDPR). We advise that these external resources be blocked by your cookie consent manager until the user provides consent, as unconsented Google Font loading has been ruled a violation by German courts.

YouTube with Enhanced Privacy

We use YouTube to embed videos in Enhanced Privacy Mode (youtube-nocookie.com).

  • Data Processed: IP address, device information.
  • Basis: Consent (Art. 6 (1) lit. a GDPR).
  • US Data Transfer: Data may be transferred to Google in the USA, relying on the EU-U.S. Data Privacy Framework (DPF).

6. Marketing and Tracking

TikTok Pixel and Integration

We use the TikTok integration to sync product catalogs and track user actions via the TikTok Pixel for advertising purposes.

  • Data Processed: IP address, device identifiers, pages viewed, button clicks, and order information (via Pixel events).
  • Basis: Explicit Consent (Art. 6 (1) lit. a GDPR).

Google for WooCommerce

This plugin synchronizes your product catalog with Google Merchant Center for advertising purposes (Google Shopping, etc.).

  • Data Processed: Product data, sales data, IP address.
  • Basis: Consent (Art. 6 (1) lit. a GDPR). Data is transferred to Google in the USA.

7. Security and Optimization

Wordfence Security

We use Wordfence Security to protect our website against viruses and malware.

  • Data Processed: IP addresses (for security checks), usernames (during login attempts).
  • Basis: Legitimate interest in securing our website and preventing fraud (Art. 6 (1) lit. f GDPR).

Rank Math SEO / Yoast Duplicate Post / WPS Hide Login

These are internal tools used for site maintenance, SEO, and protection. They do not generally process the personal data of website visitors but rely on the security provided by our host (Hostinger).