Privacy Policy

ARTICLE 1: General Information

VAN DEN BROEK LIFE highly values the protection of your personal data. We handle your information confidentially and in compliance with data protection laws and our privacy policy. This website collects various personal data, which can be used to identify you. Our privacy policy clarifies the types of data we collect and their purpose. We also explain the methods and objectives of data collection.

Please note that data transmission over the internet, such as email communication, may have security vulnerabilities. Full protection against third-party access is not guaranteed.

Overview of the legal basis for data processing on this website

When you provide consent for data processing, we process your personal data following Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and special categories of data under Art. 9(1) GDPR. If you expressly consent to the transfer of personal data to third countries, data processing also occurs based on Art. 49(1)(a) GDPR. You can revoke your consent at any time. If your data is needed for contract fulfillment or pre-contractual measures, we process your data according to Art. 6(1)(b) GDPR. We also process your data to meet legal obligations under Art. 6(1)(c) GDPR. Data processing may occur based on our legitimate interest as per Art. 6(1)(f) GDPR. Specific legal bases for each case are detailed in this privacy policy.

Objection to promotional emails

We oppose using contact information provided on our website for sending unsolicited advertisements and informational materials. VAN DEN BROEK LIFE explicitly reserves the right to pursue legal action in cases of unsolicited delivery of advertising information, like spam emails.

1.1. Notice on data transfer to the USA and other third countries

We use tools provided by companies based in the USA or other third countries with potentially insecure data protection standards. When these tools are active, your personal data might be transferred to and processed in these countries. It is important to note that these countries may not guarantee a data protection level equivalent to the EU. For instance, US companies are required to share personal data with security agencies without allowing you, the data subject, to take legal action against it. Consequently, there is a possibility that US authorities (e.g., intelligence agencies) could process, analyze, and store your data on US servers for surveillance purposes. We do not have control over these processing activities.

1.2. Purpose of data collection and usage

We collect data for two primary reasons. First, we gather data to ensure the smooth functioning of our website and to resolve any issues that may arise. Secondly, we use some of the collected data to analyze your user behavior, which helps us understand your preferences and interests, and enables us to improve our website and tailor content to better serve your needs.

1.3. Data Storage Duration

If a specific storage period is not mentioned in this privacy policy, your personal data will be retained until the purpose for processing is no longer applicable. If you request legitimate deletion or withdraw your consent to data processing, your data will be erased, unless there are legally permissible reasons for retaining your personal data (e.g., tax or commercial law retention periods). In such cases, your data will be deleted once these reasons are no longer valid.

1.4. Your Rights Regarding Your Data

You have the right to obtain information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You can also request correction or deletion of your data. You can withdraw your consent to data processing at any time for the future. Additionally, under certain circumstances, you can request the restriction of processing your personal data. You also have the right to file a complaint with the appropriate supervisory authority.

For any further questions about data protection or to exercise your rights, you can contact us at any time. The contact details of the responsible person can be found below.

Here is a detailed description of your specific rights:

Revoking your consent to data processing

You can revoke your consent for data processing at any time. The legality of data processing carried out until the revocation remains unaffected.

Right to object to data collection in special cases and direct advertising (Art. 21 GDPR)

If data processing is based on Art. 6(1)€ or (f) GDPR, you have the right to object to the processing of your personal data for reasons arising from your particular situation, including profiling based on these provisions. The respective legal basis for processing can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims (objection according to Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your data for such advertising, including profiling related to direct marketing. If you object, your personal data will no longer be used for direct advertising (objection according to Art. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In case of GDPR violations, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, workplace, or the place of the alleged violation. This right is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to receive data that we process automatically based on your consent or contract fulfillment, to be handed over to you or a third party in a common, machine-readable format. If you request direct transfer of data to another responsible party, this will be done to the extent that it is technically feasible.

Information, deletion, and correction

You have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing within the applicable legal provisions, as well as the right to correct or delete this data at any time. You can contact us at any time for this purpose or for further questions on personal data.

Right to restriction of processing

You have the right to request the restriction of processing your personal data under certain circumstances. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. During verification, you have the right to request the restriction of processing your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data but you need it for exercising, defending, or asserting legal claims, you have the right to request restricted processing instead of deletion.
  • If you have lodged an objection according to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, this data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising, or defending legal claims, or protecting the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

1.5. Data Encryption

SSL or TLS Encryption

This website employs SSL or TLS encryption for security purposes and to safeguard the transmission of confidential content, such as orders or inquiries sent to us as the site operator. An encrypted connection can be identified by the browser's address line changing from "http://" to "https://" and by the lock symbol appearing in your browser line. When SSL or TLS encryption is enabled, the data you share with us cannot be accessed by third parties.

Encrypted Payment Transactions on This Website

After concluding a fee-based contract, if you are obliged to provide us with your payment data (e.g., account number for direct debit authorization), this information is necessary for payment processing. Payment transactions using standard methods (Visa/MasterCard, direct debit) are conducted exclusively through an encrypted SSL or TLS connection. An encrypted connection is indicated by the browser's address line changing from "http://" to "https://" and by the lock symbol appearing in your browser line. During encrypted communication, your payment data shared with us cannot be accessed by third parties. 

ARTICLE 2: Information on the Responsible Entity and Data Protection Officer 

The entity responsible for processing data on this website is Van Den Broek Life B.V. The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses).

We have appointed the following data protection officer:

Dennis van den Broek
Van Den Broek Life B.V.
Faradaystraat 17
2014 EN Haarlem
Netherlands
Phone: +31 6 15 91 78 04
Email: info@vandenbroeklife.com 

ARTICLE 3: Data collection on this website 

3.1. How Do We Collect Your Data?

Your data is collected in two ways: First, you provide data to us directly, such as when you enter information into a contact form. Second, our IT systems automatically collect other data when you visit our website, primarily technical data (e.g., internet browser, operating system, or time of page view). This data is automatically collected as soon as you access this website.

When visiting this website, your browsing behavior may be statistically analyzed. This is primarily done using analysis programs. You can find detailed information about these analysis tools and other third-party applications below.

3.2. Hosting

This website is externally hosted. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated through a website.

External hosting is utilized to fulfill the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of providing a secure, fast, and efficient online service through a professional provider (Art. 6 (1) (f) GDPR). If consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.

Our hosting provider(s) will only process your data to the extent necessary to fulfill their performance obligations and will comply with our instructions regarding this data.

We use the following hosting provider(s):

Shopify Inc., a company based in Canada. Shopify also provides us with the online e-commerce platform that allows us to offer you our products. Your data is stored by Shopify's data storage and backup and the general Shopify application. Shopify stores your data on a secure server. If you are a resident of the EU, the European Economic Area (EEA), or Switzerland, your data will be processed and stored in Ireland by Shopify International Ltd. However, Shopify points out that data can also be transferred to other regions, including the USA and Canada, as part of a smooth service. Shopify strictly adheres to the agreement between the EU and the USA or the agreement between Switzerland and the USA on data collection and use (EU-US Privacy Shield Framework). For more information about Shopify's privacy policy, please visit: http://www.shopify.com/legal/privacyData Processing Agreement

3.3. Cookies

Our website utilizes "cookies." Cookies are small data packets that do not harm your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically removed by your web browser.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website features would not function without them (e.g., the shopping cart or video display). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies required for carrying out the electronic communication process, providing certain functions you requested (e.g., the shopping cart) or optimizing the website (e.g., cookies for measuring web audience) (necessary cookies) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively based on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

You can configure your browser to inform you about cookie settings and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

You can find information about which cookies and services are used on this website in this privacy policy.

Consent with iSenseLabs

This website uses the consent technology of iSenseLabs to obtain your consent for storing certain cookies on your device or using specific technologies and to document this in compliance with data protection regulations. The provider of this technology is iSense LLC, Delaware, United States, website: https://isenselabs.com/.

When you visit our website, the following personal data is transferred to iSenseLabs:

  • Your consent(s) or revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of your visit to the website

Additionally, iSenseLabs stores a cookie in your browser to associate the consents granted or their revocation with you. The data collected this way will be stored until you request us to delete it, remove the iSenseLabs cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

iSenseLabs is used to obtain legally required consent for using certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Data Processing Agreement

We have concluded a DPA for using the above-mentioned service. This is a contract required by data protection law, ensuring that personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

Server Log Files

Van Den Broek Life automatically collects and stores information in server log files, which your browser automatically transmits to us. These include:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data will not be combined with other data sources. This data is collected based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, server log files must be recorded.

3.4. Communicating with Us

Online Contact Form

When you send inquiries via the contact form, we store your details from the inquiry form, including the contact details you provided, for the purpose of processing the inquiry and handling any follow-up questions. We will not share this data without your consent. This data is processed based on Art. 6 para. 1 lit. b GDPR if your request is related to contract performance or necessary for pre-contractual measures implementation. In other cases, processing is based on our legitimate interest in effectively handling inquiries (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR) if requested; consent can be revoked at any time. The data entered in the contact form remains with us until you request deletion, revoke consent for storage, or the purpose for storing no longer applies (e.g., after processing your request). Mandatory statutory provisions, particularly retention periods, remain unaffected.

Inquiry by E-mail, Telephone, or Fax

If you contact us by e-mail, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent. This data is processed based on Art. 6 para. 1 lit. b GDPR if your request is related to contract performance or necessary for pre-contractual measures implementation. In other cases, processing is based on our legitimate interest in effectively handling inquiries (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR) if requested; consent can be revoked at any time. Data sent to us via contact requests remains with us until you request deletion, revoke consent for storage, or the purpose for storing no longer applies (e.g., after processing your request). Mandatory statutory provisions, particularly retention periods, remain unaffected.

Communication via WhatsApp

We use WhatsApp for communication with our customers and other third parties, among other means. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Communication occurs via end-to-end encryption (peer-to-peer), preventing WhatsApp or other third parties from accessing communication content. However, WhatsApp does have access to metadata generated during communication (e.g., sender, recipient, and time). We also note that WhatsApp, according to its statement, shares personal data of its users with its US-based parent company Meta. Further details on data processing can be found in WhatsApp's privacy policy: https://www.whatsapp.com/legal/#privacy-policy.

WhatsApp is used based on our legitimate interest in quickly and effectively communicating with customers, prospects, and other business and contractual partners (Art. 6 (1) (f) GDPR). If consent has been requested, data processing is carried out exclusively based on consent; this can be revoked at any time with future effect.

The communication content exchanged on WhatsApp remains with us until you request deletion, revoke consent for storage, or the purpose for storing no longer applies (e.g., after processing your request). Mandatory statutory provisions, particularly retention periods, remain unaffected.

We use WhatsApp in the "WhatsApp Business" variant. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have configured our WhatsApp accounts to prevent automatic synchronization with the address book on smartphones in use. We have concluded a DPA with the provider mentioned above.

Registration on this Website

You can register on this website to use additional site features. We use the data entered for this purpose only to enable the use of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For significant changes, such as the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you this way.

The processing of the data entered during registration is carried out to execute the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

Judge.me

If you have given us your express consent during or after your order in accordance with Art. 6 para. 1 lit. a GDPR, we transmit your e-mail address, your order number, and the order date to the rating platform Judge.me of Judge.me LLC, PO Box 7403, Jackson, Wyoming 83002, USA, so they can send you a rating reminder by e-mail. You can revoke your consent at any time by sending a message to the data controller or to the evaluation platform Judge.me.

Our website also includes functions for recording and displaying product reviews using the Judge.me service. In this context, certain personal data is processed as part of the review submission to verify customer reviews. If you submit a rating on our website, your first and last name, your e-mail address, order date and number, as well as the name and, if applicable, international references (GTIN/ISDNF) will be collected, transmitted to Judge.me, and evaluated there to decide on the legitimacy of a customer rating for a specific order. This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in ensuring the authenticity of customer reviews by ensuring they are transaction-related and preventing review abuse. After the evaluation review and approval have been completed, the data will be deleted by Judge.me. All aforementioned processing operations may also involve the transmission of personal data to servers of Judge.me LLC in the USA. Judge.me's privacy policy can be found at: https://judge.me/privacy

3.5. Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies, and does not carry out any independent analyses. It is only used to manage and play out the tools integrated via it. However, Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and administration of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

Google Analytics

This website uses functions of the web analysis service Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used, and origin of the user. This data is assigned to the respective end device of the user. There is no assignment to a user ID.

Furthermore, with Google Analytics, we can, among other things, record your mouse and scroll movements and clicks. Google Analytics uses various modeling approaches to complement the collected data sets and uses machine learning technologies in data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?

For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245

Google Signals

We use Google signals. When you visit our website, Google Analytics collects, among other things: Your location, search history, and YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. As a result, reports can be created that contain

statements about the age, gender, and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

Data Processing Agreement

We have concluded a DPA with Google for data processing and fully implement the strict requirements under the GDPR when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product are recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

Google Ads

The website operator uses Google Ads, an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently display interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can opt out of personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

Further information and the data protection regulations can be found in Google's privacy policy at: https://policies.google.com/technologies/ads

Target group formation with customer matching

For target group formation, we use, among other things, the customer matching of Google Ads Remarketing. In doing so, we transfer certain customer data (e.g. e-mail addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google accounts, targeted, interest-based advertising messages can be displayed to them within the Google network (e.g., on YouTube, in the search engine, or on other websites).

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

For more information on customer matching, please refer to the Google Privacy Policy: https://policies.google.com/privacy

Google Ads Conversion Tracking

This website uses Google Ads Conversion Tracking provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Conversion Tracking, we can measure the effectiveness of our advertising efforts. By doing so, we can find out how many users interact with our advertisements, which ads lead to the desired actions (e.g., newsletter sign-ups, purchases), and the economic success of our advertising campaigns.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

For more information on Google Ads Conversion Tracking, please refer to the Google Privacy Policy: https://policies.google.com/privacy

3.6. Newsletter

If you wish to subscribe to the newsletter offered on our website, we require your email address and information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. We will not collect any additional data, or only on a voluntary basis. For processing the newsletter, we use newsletter service providers, which are described below.

Klaviyo

Our email newsletters are sent through the technical service provider "Klaviyo", 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/). We share the data you provided during the newsletter registration with Klaviyo. This disclosure is based on Art. 6 para. 1 lit. f GDPR, serving our legitimate interest in using an efficient, secure, and user-friendly newsletter system. Please be aware that your data is typically transferred to a Klaviyo server in the USA and stored there. Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use our newsletter recipients' data to contact them directly or to share their data with third parties.

To safeguard your data in the USA, we have entered into a data processing agreement with Klaviyo. This agreement ensures Klaviyo's commitment to protect our users' data, process it on our behalf in accordance with their data protection regulations, and not to share it with third parties.

You can review Klaviyo's privacy policy here: https://www.klaviyo.com/privacy

3.7. Plugins and tools

YouTube

Our website includes videos from YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our webpages containing an embedded YouTube video, a connection to YouTube's servers is established, informing the server which of our pages you have visited. YouTube may store cookies on your device or use comparable technologies for recognition (e.g., device fingerprinting), enabling them to gather information about this website's visitors. This information helps compile video statistics, enhance user experience, and prevent fraudulent activities.

If you're logged into your YouTube account, your browsing behavior can be directly linked to your personal profile. To prevent this, log out of your YouTube account. The use of YouTube aims to present our online offerings attractively, representing a legitimate interest per Art. 6 para. 1 lit. f GDPR. If consent has been obtained, processing occurs based on Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn at any time.

For more information on user data handling, refer to YouTube's privacy policy: https://policies.google.com/privacy

Yotpo/Swell

Our website uses Yotpo/Swell, an e-commerce optimization software provided by Yotpo Ltd., New York, 400 Lafayette St, NY, USA. Yotpo/Swell processes your data in the USA, among other locations.

Yotpo/Swell uses standard contractual clauses (Art. 46. (2) and (3) GDPR) as the basis for data processing by recipients in third countries or data transfers to such countries. These clauses, templates provided by the EU Commission, ensure your data adheres to European data protection standards even when transferred to third countries, such as the USA. Yotpo/Swell commits to complying with European data protection levels when processing relevant data in the USA. These clauses are based on an EU Commission implementing decision, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

The Yotpo/Swell Data Protection Addendum, corresponding to standard contractual clauses, can be found at https://www.yotpo.com/data-processing-addendum/

For more information on data processed through Yotpo/Swell, refer to their Privacy Policy: https://www.yotpo.com/privacy-policy/

3.8. Referral Partnerships

ReferralCandy

We use ReferralCandy for our affiliate program on our website, which allows brand ambassadors, influencers, and other partners to register and receive a commission for referring customers who make a purchase using their unique code. By using ReferralCandy's service, your data may be transferred to the provider, Anafore Pte Ltd, a company based in Singapore, which is not subject to GDPR regulations. The storage and analysis of data for the correct calculation of affiliate program remuneration is based on our legitimate interest and is compliant with Art. 6 para. 1 lit. f GDPR. To learn more about ReferralCandy's data processing, please refer to their privacy policy at https://www.referralcandy.com/privacy

3.9. eCommerce and payment providers

Processing of customer and contract data:

To establish, design, and modify our contractual relationships, we collect, process, and use personal customer and contract data. We only collect, process, and use personal data about the use of this website (usage data) as necessary to enable the user to use the service or to bill for it. This is based on the legal basis of Art. 6 (1) (b) GDPR. The collected customer data will be deleted after completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Shopify:

The functionality of our online store is ensured by Shopify Inc., a company based in Canada. Shopify provides us with the online e-commerce platform that allows us to offer you our products. Your data is stored by Shopify's data storage and backup and the general Shopify application. Shopify stores your data on a secure server. If you are a resident of the EU, the European Economic Area (EEA), or Switzerland, your data will be processed and stored in Ireland by Shopify International Ltd. However, Shopify points out that data can also be transferred to other regions, including the USA and Canada, as part of a smooth service. Shopify strictly adheres to the agreement between the EU and the USA or the agreement between Switzerland and the USA on data collection and use (EU-US Privacy Shield Framework). For more information about Shopify's privacy policy, please visit: http://www.shopify.com/legal/privacy

Payment services:

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. These transactions are subject to the respective contractual and data protection provisions of the respective providers. The payment service providers are used on the basis of Art. 6 (1) (b) GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient, and secure as possible (Art. 6 (1) (f) GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; Consents can be revoked at any time for the future.

We provide payment services from several payment service providers on our website. Here are the details of each provider:

PayPal:

The payment service provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., located at 22-24 Boulevard Royal, L-2449 Luxembourg (referred to as "PayPal" hereafter).

In accordance with the standard contractual clauses of the EU Commission, data transfer to the USA is made. You can find more information at https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For details about PayPal's privacy policy, please visit https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay:

Apple Inc. provides this payment service, located at Infinite Loop, Cupertino, CA 95014, USA. You can find Apple's privacy policy at https://www.apple.com/legal/privacy

Google Pay:

The provider of this payment service is Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland. You can find Google's privacy policy at https://policies.google.com/privacy.

Shopify Payment:

Shopify International Limited is the provider of this payment service in the EU. It is located at 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (referred to as "Shopify Payment" hereafter). For more details, please visit Shopify Payment's privacy policy at https://www.shopify.com/legal/privacy

American Express:

American Express Europe S.A. provides this payment service, located at Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (referred to as "American Express" hereafter). American Express may transfer data to its parent company in the United States, based on the Binding Corporate Rules. For more information about American Express's privacy policy, please visit https://www.americanexpress.com/legal/privacy

Mastercard:

Mastercard Europe SA provides this payment service, located at Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (referred to as "Mastercard" hereafter). Mastercard may transfer data to its parent company in the United States, based on Mastercard's Binding Corporate Rules. You can find more information at https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA:

The payment service provider is Visa Europe Services Inc., London Branch, located at 1 Sheldon Square, London W2 6TT, Great Britain (referred to as "VISA" hereafter). Great Britain is considered a safe third country in terms of data protection, meaning that the UK has a level of data protection equivalent to that of the European Union. VISA may transfer data to its parent company in the United States, based on the standard contractual clauses of the EU Commission. For more information about VISA's privacy policy, please visit https://www.visa.com/visa-privacy-center.html.