Legal Notice - OACE

Information according to § 5 TMG:

Oace Exclusive GmbH
Köhlstraße 10b
50827 Cologne-Ossendorf

Management:

Alexander Glörfeld

Contact:

Email: care@oace.de
Customer contact form: https://oace.de/pages/kontaktinformationen

Register entry:

Entry in the commercial register.
Commercial Register: Cologne
Registration number: HRB 119405

VAT ID:

VAT identification number according to §27a of the German VAT Act:
DE323002853

Responsible:

Alexander Glörfeld (Managing Director)
Köhlstraße 10b
50827 Cologne-Ossendorf

Shipping of returns:

Oace Exclusive GmbH
c/o Fiege Logistik Stiftung Co. KG
Am Berkhopsfeld 700
30938 Burgwedel Germany

copyright

The content and works created by the website operators on these pages are subject to German copyright law. Reproduction, processing, distribution, and any form of exploitation beyond the limits of copyright law require the written consent of the respective author or creator. Downloads and copies of this page are permitted only for private, non-commercial use. Insofar as the content on this page was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is identified as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. Upon notification of legal violations, we will remove such content immediately.

Privacy Policy

We take data protection seriously

Protecting your privacy when processing personal data is very important to us. When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you visited us, the pages you visit on our site, and the date and duration of your visit. This information is essential for the technical transmission of the website and the secure operation of the server. This data is not used for personalized analysis.

If you send us data via our contact form, this data will be stored on our servers as part of our data backup procedures. We will use your data solely for processing your request. Your data will be treated with strict confidentiality and will not be shared with third parties.

TABLE OF CONTENTS

1. Who is responsible for data processing and who can you contact?

2. Personal data

3. Visit the website

3.1. General Use

3.2. Automatically saved data

3.3. Making contact

3.4. Cookies

3.5. Consent Management

4. Service optimization

4.1. Platform

4.2. Newsletter

5. Tools and services for analysis, statistics and marketing

5.1. Analysis and Statistics

5.2. Advertising and Marketing

5.3. Social Media and Communication

6. Customer account

6.1. Shop and E-Commerce

6.2. Economic analyses and market research

6.3. Payment service providers

6.4. Transport service providers

7. Online presence on social media

8. Safety

9. What data is processed and from which sources does this data originate?

10. What data protection rights do I have?

11. Changes to this Privacy Policy

1. Who is responsible for data processing and who can you contact?

Responsible party:

Oace Exclusive GmbH

Köhlstraße 10b

50827 Cologne

E-mail: support@oace.de

The company's data protection officer is

Mr. Nico Becker

Project 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Email: anfragen@projekt29.de

Tel.: 0941-2986930

2. Personal data

Personal data is information about you. This includes your name, address, and email address. You do not need to provide any personal data to visit our website. In some cases, we need your name and address, as well as other information, to provide you with the requested service.

The same applies if we send you informational material upon request or if we answer your inquiries. In these cases, we will always inform you accordingly. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data necessary to provide you with that service. We may ask you for additional information, but providing this is entirely voluntary. Whenever we process personal data, we do so to provide you with our service or to pursue our business objectives.

3. Visit the website

3.1. General Use

When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you visited us, the pages you visit on our site, and the date and duration of your visit. Processing this information is essential for the technical transmission of the website, the convenient use of our services, and the secure operation of our servers . Our legitimate interest is based on Article 6(1)(f) of the GDPR.

It is not possible to directly identify you from this information, and we will not attempt to do so. The information will be stored and automatically deleted once the aforementioned purposes have been fulfilled. The standard deletion periods are determined by the criterion of necessity.

3.2. Automatically saved data

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• web browser and operating system used
• Full IP address of the requesting computer
• amount of data transferred

This data will not be combined with other data sources. Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For technical security reasons, particularly to defend against attacks on our web server, we temporarily store this data. It is not possible for us to identify individual users based on this data. After a maximum of seven days, the data is anonymized by shortening the IP address to the domain level, making it impossible to link it to a specific user. In anonymized form, the data is also processed for statistical purposes; it is not compared with other data sets or shared with third parties, even in part.

3.3. Making contact

When you contact us (e.g. via contact form, email, telephone or social media), the information provided by the requesting persons will be processed to the extent necessary to answer the contact requests and any requested measures.

Responding to contact requests within the framework of contractual or pre-contractual relationships is done to fulfill our contractual obligations or to answer (pre-)contractual inquiries, and otherwise on the basis of our legitimate interests in answering the inquiries.

• Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms).
• Affected persons: Communication partners.
• Purposes of processing: Contact requests and communication.
• Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

3.4. Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that allows websites and servers to recognize the specific web browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other web browsers that contain different cookies. A specific web browser can be recognized and identified via the unique cookie ID.

By using session cookies, the data controller can provide users of this website with a user-friendly service that would not be possible without setting cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

We only use personalized cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily consent to tracking and analysis via the displayed cookie banner. Your data may be shared with partners or third-party providers. These cookies will only be stored if you explicitly consent; the legal basis for this is your consent in accordance with Article 6(1)(a) GDPR.

You can change your cookie settings here at any time: https://oace.de/?utm_source=google&utm_medium=cpc&utm_campaign=googleads_search_brand&gclid=CjwKCAjw69moBhBgEiwAUFCx2FkHigD80qLFRHvTm_iBOEwTbcuRntAxdyaWCI118Ih3Os3tXk8VUhoCKA0QAvD_BwE

3.5. Consent Management

Usercentrics

This website uses Usercentrics' consent technology to obtain your consent to the storage of certain cookies on your device or the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Website:

https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”).

When you visit our website, the following personal data will be transferred to Usercentrics:

• Your consent(s) or the withdrawal of your consent(s)
• Your IP address
• Information about your browser
• Information about your device
• Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser to associate your given consents or their revocation with you. The data collected in this way is stored until you request its deletion, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

4. Service optimization

4.1. Platform

Shopify

We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify”).

Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, sales volume, etc.). Shopify stores cookies in your browser for these analyses.

For details, please refer to Shopify's privacy policy:

https://www.shopify.de/legal/datenschutz .

The use of Shopify is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

WhatsApp chat with Hello Charles

For WhatsApp chat, we use Hello Charles, a software solution from Charles GmbH, Gartenstr. 86-87, 10115 Berlin, under a data processing agreement. This service uses the WhatsApp Business API, meaning WhatsApp has no access to personal data within our area of ​​responsibility. Messages exchanged with us are encrypted when using the Business API, so third parties cannot access the content.

Hello Charles will delete or anonymize your data as soon as it is no longer needed for the purposes of processing, you request its deletion, or you withdraw your consent to its storage.

You can find Hello Charles' privacy policy at: https://www.hello-charles.com/privacy-policy

The use of WhatsApp by each user is governed exclusively by the agreements they have made with WhatsApp. WhatsApp's privacy policy can be found at: https://whatsapp.com/legal/business-policy/ .

Our comment function stores the IP addresses of users who post comments. Since we do not review comments on this website before publication, we need this data to take action against the author in the event of legal violations such as insults or propaganda.

Since corresponding consent was requested in accordance with Art. 6 para. 1 lit. a GDPR, data processing is carried out exclusively on the basis of this consent; this can be revoked at any time with effect for the future by replying to the last message with "STOP".

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed Content Delivery Network (CDN) with DNS. Technically, the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website in the most error-free and secure way possible (Art. 6 para. 1 lit. f GDPR).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:

https://www.cloudflare.com/privacypolicy/.

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

Jotform

We have integrated Jotform into this website. The provider is Jotform Inc., 111 Pine St. Suite, 1815 San Francisco, California 94111, USA (hereinafter referred to as Jotform).

Jotform allows us to create online forms to collect messages, inquiries, and other input from our website visitors. All information you enter is processed on Jotform's servers.

The use of Jotform is based on our legitimate interest in the greatest possible safety.

user-friendly investigation of your request (Art. 6 para. 1 lit. f GDPR).

The data you entered in the form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

Data transfers to the USA are secured by EU Standard Contractual Clauses, which we have concluded with Jotform. Details can be found here: https://www.jotform.com/gdpr-compliance/dpa/ .

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

unpkg

We use the unpkg service as a Content Delivery Network (CDN). The files integrated via unpkg are open source and can therefore be viewed and reviewed at any time. This integration is based on Article 6 Paragraph 1 Letter f of the GDPR, stemming from our legitimate interest in enhancing our website and providing a technically secure, maintenance-free, and efficient way to integrate external libraries and frameworks. Since unpkg uses the hosting provider Cloudflare to deliver the data, requests sent to these servers may be stored for statistical or other purposes. According to Cloudflare, the collected raw data is deleted within 4 hours, but no later than 3 days. Further information about unpkg and Cloudflare's privacy policy can be found at unpkg.com and cloudflare.com/de-de/privacypolicy/ .

Using Bugsnag

We use "Bugsnag" for our application, a service provided by Bugsnag Inc., 939 Harrison St, San Francisco, CA 94107, USA (hereinafter referred to as "Bugsnag"). Bugsnag enables us to identify errors in our application that have led to a malfunction or crash. Bugsnag uses cookies for this purpose; these are small text files that are stored on your device. When an error occurs, the cookie transmits anonymized technical data, such as browser data, details of the page accessed on our website, and the requesting IP address, to a Bugsnag server in the USA, where it is stored. On our behalf, Bugsnag will use this information to analyze your use of the website, identify the source of the error, and thus enable us to fix the error and optimize our application.

We use Bugsnag for efficient error correction and thus for optimizing our website. This also constitutes our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is Article 6(1)(f) GDPR.

https://docs.bugsnag.com/legal/privacy-policy/

Trustpilot reviews

We participate in the review process of the provider Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark.

Trustpilot offers users the opportunity to rate our services. Users who have used our services are asked for their consent to receive a review request. If users have given their consent (for example, by clicking a checkbox or a link), they will receive a review request with a link to a review page. To ensure that users have actually used our services, we transmit the necessary data to Trustpilot regarding the user and the service used (this includes name, email address, and a reference number). This data is used solely for verifying the user's authenticity and addressing them directly.

The legal basis for processing the user's data within the framework of the evaluation procedure is consent pursuant to Art. 6 para. 1 lit. a. GDPR.

To submit a review, you need to create a Trustpilot account. In this case, Trustpilot's terms and conditions and privacy policy apply. To ensure the neutrality and objectivity of the reviews, we have no direct influence on them and cannot delete them ourselves. For this, we ask users to contact Trustpilot.

Furthermore, we may integrate the Trustpilot widget into our website. A widget is a functional and content element embedded within our online service that displays dynamic information. While the content is displayed within our online service, it is retrieved from Trustpilot's servers at that moment. This ensures that the content, especially the current rating, is always up-to-date. For this to work, a data connection must be established between the page accessed within our online service and Trustpilot, and Trustpilot receives certain technical data (access data, including the IP address) necessary for delivering the content. Trustpilot also receives information that users have visited our online service. This information can be stored in a cookie and used by Trustpilot to identify which online services participating in the Trustpilot rating system have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes.

Since we ask users for their consent to the processing of their data through the use of cookies, the legal basis for the processing is Art. 6 para. 1 lit. a. GDPR.

Users can find further information about the processing of their data by Trustpilot, as well as their rights to object and other data subject rights, in Trustpilot's privacy policy: https://de.legal.trustpilot.com/end-user-privacy-terms .

4.2. Newsletter

Klaviyo

This website uses Klaviyo's services for sending newsletters. The provider is Klaviyo, 225 Franklin St, Boston, MA 02110, USA.

Klaviyo is a service that can be used, among other things, to organize and analyze the sending of newsletters. If you enter data for the purpose of subscribing to the newsletter (e.g., email address), this data will be stored on Klaviyo's servers in the USA.

Klaviyo helps us analyze our newsletter campaigns. If you have a campaign with

When you open an email sent by Klaviyo, a file embedded in the email (a so-called web beacon) connects to Klaviyo's servers in the USA. This allows Klaviyo to determine whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also collected (e.g., time of access, IP address, browser type, and operating system). This information cannot be linked to individual newsletter recipients. It is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not want your data analyzed by Klaviyo, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter email. Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.

The data you provided for the purpose of subscribing to our newsletter will be stored by us or our newsletter service provider until you unsubscribe. After you unsubscribe, your data will be deleted from the newsletter distribution list. Data stored for other purposes will remain unaffected.

Data transfers to the USA are based on the EU Commission's standard contractual clauses.

Details can be found here: https://www.klaviyo.com/legal/dpa

After you unsubscribe from the newsletter mailing list, your email address will be deleted by us or the

Newsletter service providers may be stored on a blacklist if this is necessary to prevent future subscriptions.

Mailings are required. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage on the blacklist is not time-limited. You can object to this storage if your interests outweigh our legitimate interest.

For more information, please see Klaviyo's privacy policy at:

https://www.klaviyo.com/legal/privacy-notice

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

5. Tools and services for analysis, statistics and marketing

5.1. Analysis and Statistics

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other data.

technologies can be integrated on our website. The Google Tag Manager itself does not create any

It does not store user profiles, cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR.

Website operators have a legitimate interest in the quick and easy integration and management of various tools on their website. This is subject to the necessary consent. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Google Analytics (4)

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data is aggregated into a user ID and assigned to the respective device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse movements, scrolling, and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA. The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG. You may withdraw your consent at any time.

Google is certified under the Data Privacy Framework program. Together with the EU Commission's adequacy decision regarding the USA, this justifies data transfers to the USA.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de . More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Google Analytics E-Commerce Measurement

This website uses the "E-Commerce Measurement" feature of Google Analytics. E-Commerce Measurement allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product are collected. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com ).

Hotjar is a tool for analyzing your user behavior on this website. With Hotjar, we can record your mouse movements, scrolling, and clicks, among other things. Hotjar can also determine how long you hover your mouse over a specific area. From this information, Hotjar creates heatmaps that show which areas of the website are most frequently viewed by visitors.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

Furthermore, Hotjar allows you to collect direct feedback from website visitors.

This function serves to improve the website operator's web offerings.

Hotjar uses technologies that recognize the user for the purpose of analyzing...

enable user behavior (e.g., cookies or the use of device fingerprinting).

The use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

If you wish to disable data collection by Hotjar, click on the following link and follow the instructions there:

https://www.hotjar.com/policies/do-not-track/

Please note that Hotjar must be deactivated separately for each browser and device. For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link:

https://www.hotjar.com/privacy

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

5.2. Advertising and Marketing

Google Doubleclick

This website uses features of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “DoubleClick”).

DoubleClick is used to show you interest-based ads across Google.

To display advertising within the advertising network. The advertisements can be targeted to the interests of the individual viewer using DoubleClick. For example, our advertising may appear in Google search results or in banner ads connected to DoubleClick.

In order to display interest-based advertising to users, DoubleClick must analyze the respective user profile.

DoubleClick uses cookies or similar technologies to recognize users and associate their visited websites, clicks, and other information about their user behavior.

The system uses recognition technologies (e.g., device fingerprinting). The collected information is compiled into a pseudonymous user profile in order to display interest-based advertising to the user in question.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. This consent can be revoked at any time.

Further information on how to object to the ads displayed by Google

For advertisements, please see the following links:

https://policies.google.com/technologies/ads and

https://adssettings.google.com/authenticated .

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google.

Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites.

to display ads when the user enters specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be based on user data already available at Google (e.g.,

Location data and interests are used to display relevant information (target group targeting). We, as website operators,

We can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. You may withdraw your consent at any time. Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:

https://policies.google.com/privacy/frameworks and

https://privacy.google.com/businesses/controllerterms/mccs/ .

Facebook Pixel

This website uses Facebook's visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have clicked on a

Facebook ad redirects to the provider's website. This allows the

The effectiveness of Facebook ads was evaluated for statistical and market research purposes.

and future advertising measures will be optimized.

The data collected is anonymous for us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy. This allows Facebook to display advertisements on Facebook pages as well as on websites outside of Facebook. We, as the website operators, have no influence over this use of data.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. This consent can be revoked at any time.

Data transfers to the USA are based on the USA's adequacy decision and Facebook's certification under the Data Privacy Framework program.

To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The subsequent processing by Facebook is not part of this joint responsibility. Our joint obligations are set out in a joint controllership agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum .

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring its data protection-compliant implementation on our website. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

You can find further information on protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/ .

You can also use the "Custom Audiences" remarketing feature in the settings section for

To disable ads, go to https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen .

You must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate Facebook's interest-based advertising on the European Interactive Digital Advertising Alliance website:

http://www.youronlinechoices.com/de/praferenzmanagement/ .

TikTok Pixel

We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok advertising tool provided by both TikTok and TikTok.

• TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
• TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both hereinafter referred to collectively as “TikTok”).

The TikTok Pixel is a snippet of JavaScript code that allows us to understand and track visitor activity on our website. The TikTok Pixel collects and processes information about visitors to our website or the devices they use (so-called event data).

The event data collected via the TikTok pixel is used for targeting our advertisements, improving ad delivery, and for personalized advertising. For this purpose, the event data collected on our website using the TikTok pixel is transmitted to Facebook TikTok.

Some of this event data is information stored on your device. Additionally, the TikTok Pixel uses cookies to store information on your device. Such storage of information by the TikTok Pixel, or access to information already stored on your device, only occurs with your consent. The legal basis for our collection and transfer of personal data to TikTok is therefore Article 6(1)(a) of the GDPR. You can withdraw your consent at any time via our consent management tool.

This collection and transmission of event data is carried out by us and TikTok as joint controllers. We have entered into a joint controllership agreement with TikTok, which defines the distribution of data protection responsibilities between us and TikTok. In this agreement, we and TikTok have agreed, among other things, to...

• that we are responsible for providing you with all information pursuant to Articles 13 and 14 of the GDPR regarding the joint processing of personal data;
• that TikTok is responsible for enabling the rights of data subjects pursuant to Articles 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland after joint processing.

You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871 .

TikTok is solely responsible for the subsequent processing of the transmitted event data. Further information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights with respect to TikTok, can be found in TikTok's Data Policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE .

5.3. Social Media and Communication

Pinterest tag

We have integrated the Pinterest tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest tag is used to track certain actions you perform on our website. This data can then be used to display interest-based advertising to you on our website or on other sites within the Pinterest tag advertising network.

For this purpose, the Pinterest tag collects, among other things, a tag ID, your location, and the referrer URL. Furthermore, action-specific data such as order value, order quantity, order number, category of purchased items, and video views can be collected.

The Pinterest tag uses technologies that enable cross-site user recognition for the analysis of user behavior (e.g., cookies or device fingerprinting).

The use of the Pinterest tag is based on Article 6(1)(f) GDPR.

The website operator has a legitimate interest in the most effective marketing measures possible. If the necessary consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

You can find more information about the Pinterest tag here:

https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag .

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Instagram plugin via Elfsight Instagram Feed CC

Our website integrates features of the Instagram service. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

The Elfsight Instagram Feed CC plugin loads images directly from Instagram. All other data is collected and cached server-side. When you, as a visitor to our website, load the content, it is retrieved from Elfsight's cache for the Instagram feed. No personal data is collected for this data request.

Further information on Elfsight's data protection policy can be found at:

https://elfsight.com/privacy-policy/

Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/

Online presence on Facebook, TikTok, Twitter, Instagram, LinkedIn, Xing, Pinterest

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored when you visit our online presence on the aforementioned social media platforms for market research and advertising purposes. Pseudonymous user profiles will be created from this data. These profiles can be used, for example, to display advertisements both on and off the platforms that are likely to correspond to your interests. Cookies are generally used for this purpose. Detailed information on the processing and use of data by the respective social media operator, as well as contact options and your related rights and settings for protecting your privacy, can be found in the providers' privacy policies linked below. Should you require further assistance, please feel free to contact us.

Social Plugins Facebook, Instagram, TikTok and Pinterest

Our website uses social media buttons from social networks. These are simply embedded as HTML links, so no connection is established with the servers of the respective provider when you visit our website. Clicking on one of the buttons opens the website of the respective social network in a new browser window. There you can, for example, click the Like or Share button.

6. Customer account

Contractual partners can create an account within our online service (e.g., customer or user account, hereinafter referred to as "customer account"). If registration of a customer account is required, contractual partners will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as during subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to verify the registration and prevent any misuse of the customer account.

When customers terminate their customer account, the data relating to the customer account will be deleted, unless its retention is required for legal reasons. It is the customer's responsibility to back up their data after terminating their customer account. The legal basis for data processing is therefore Article 6(1)(b) GDPR.

6.1. Shop and E-Commerce

We process our customers' data to enable them to select, purchase, or order their chosen products, goods, and related services, as well as to facilitate payment, delivery, and fulfillment. If necessary for order fulfillment, we use service providers, particularly postal, freight forwarding, and shipping companies, to carry out delivery or fulfillment for our customers. We utilize the services of banks and payment service providers for processing payments. The required information is marked as such during the ordering or similar purchase process and includes the data necessary for delivery, provision, and invoicing, as well as contact information to allow for any necessary follow-up.

• Types of data processed : Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. email, telephone numbers), contract data (e.g. subject matter of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Affected persons : prospective customers, business and contractual partners, customers.
• Purposes of processing : Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, administration and answering of inquiries, security measures, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).
• Legal basis : Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

6.2. Economic analyses and market research

For business reasons and in order to recognize market trends, the wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby the group of persons affected may include contractual partners, prospective customers, customers, visitors and users of our online service.

The analyses are conducted for the purposes of business evaluations, marketing, and market research (e.g., to identify customer groups with different characteristics). Where available, we may consider the profiles of registered users, including their information such as details of services used. These analyses are solely for our internal use and will not be disclosed externally, unless they are anonymous analyses with aggregated, i.e., anonymized, data. Furthermore, we respect user privacy and process data for analytical purposes using pseudonyms wherever possible and, where feasible, anonymously (e.g., as aggregated data).

6.3. Payment service providers

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use additional payment service providers besides banks and credit institutions (collectively "payment service providers") for this purpose.

The data processed by payment service providers includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to process the transactions. However, the entered data is processed and stored only by the payment service providers. This means we do not receive any account or credit card information, but only confirmation or rejection of the payment. The payment service providers may transmit the data to credit reference agencies for identity and creditworthiness verification. Please refer to the terms and conditions and privacy policies of the payment service providers for further information.

The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions and can be accessed on their respective websites or transaction applications. We also refer you to these for further information and to exercise your rights of withdrawal, access, and other data subject rights.

The following payment service providers are used:

• PayPal
• Apple Pay
• Google Pay
• Klarna
• Credit card (Visa, Mastercard)

6.4. Transport service providers

For the purpose of delivering ordered goods, we work with logistics service providers/transport companies and/or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of shipment notification: first name, last name, postal address, and, if applicable, email address and telephone number. The legal basis for this processing is Article 6(1)(b) GDPR.

7. Online presence on social media

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored when you visit our online presence on our social media channels for market research and advertising purposes. Pseudonymous user profiles will be created from this data. These profiles can be used, for example, to display advertisements both on and off the platforms that are likely to correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as contact options and your related rights and settings for protecting your privacy, please refer to the linked privacy policies of the providers on their websites. Should you require further assistance, please feel free to contact us.

8. Safety

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers are bound by applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before transmission. This means that your data cannot be misused by third parties. Our security measures are subject to continuous improvement, and our privacy policy is constantly being revised. Please ensure you have the most up-to-date version.

9. What data is processed and from which sources does this data originate?

We process the data that we have received from you in the context of contract initiation or execution, based on consents, or in the context of your application to us or your employment with us.

Personal data includes:

For customers : First and last name, address, contact details (email address, telephone number, fax), bank details.

For applicants and employees : first and last name, address, contact details (email address, telephone number, fax), date of birth, data from CV and work references, bank details, religious affiliation, photographs.

For business partners : Name of their legal representatives, company name, commercial register number, VAT ID number, business number, address, contact person details (email address, telephone number, fax), bank details.

For competition participants, this includes first and last name, email address or social media account.

In addition, we also process the following other personal data:

• Information about the type and content of contract data, order data, sales and invoice data, customer and supplier history, and consulting documents,
• Advertising and sales data,
• Data that we generate ourselves from master/contact data as well as other data, such as through customer needs and customer potential analyses,

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended from time to time:

• for the fulfillment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data is processed for online contract management and for managing your employment contract with our company. The data is processed particularly during the initiation of business and the execution of contracts with you.

• to fulfill legal obligations (Art. 6 para. 1 lit.c GDPR):

The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g., under the German Commercial Code or the German Fiscal Code.

• for the purposes of legitimate interests (Art. 6 para. 1 lit. f GDPR):

Based on a balancing of interests, data processing beyond the actual fulfillment of the contract may occur to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests occurs, for example, in the following cases:

- Advertising or marketing

- Measures for business management and further development of services and products;

- in the context of legal proceedings

• within the scope of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us your consent to process your data, e.g. to send you our newsletter

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either in general or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Under the legal provisions of Section 7 Paragraph 3 of the German Unfair Competition Act (UWG), we are entitled to use the email address you provided when concluding the contract for direct marketing of our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to our newsletter.

If you do not wish to receive such recommendations from us via email, you can object to the use of your email address for this purpose at any time, without incurring any costs other than the standard transmission fees. A written notification is sufficient. Of course, every email also contains an unsubscribe link.

Who receives my data?

When we use a service provider for data processing, we remain responsible for the protection of your data. All data processors are contractually obligated to treat your data confidentially and to process it only within the scope of providing their services. The data processors we engage receive your data only if they require it to fulfill their respective services. These include, for example, IT service providers that we need for the operation and security of our IT system, as well as advertising and address publishers for our own advertising campaigns.

In the event of a legal obligation or in the context of legal proceedings, authorities and courts as well as external auditors may be recipients of your data.

Furthermore, for the purpose of initiating and fulfilling contracts, insurance companies, banks, credit agencies and service providers may be recipients of your data.

How long will my data be stored?

We process your data until the business relationship ends or until the applicable statutory retention periods expire (e.g., under the Commercial Code, the Tax Code, or the Working Time Act); furthermore, until the conclusion of any legal disputes in which the data is required as evidence.

10. What data protection rights do I have?

You have the right to information, rectification, erasure or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:

You can request information from us about whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:

You can request that we delete your data if we process it unlawfully or if the processing disproportionately infringes upon your legitimate interests. Please note that there may be reasons that prevent immediate deletion, for example, in the case of legally mandated retention periods.

Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, unless there is a contractual or legal obligation to retain it.

Right to restriction of processing:

You can request that we restrict the processing of your data if

- You dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.

- the processing of the data is unlawful, but you refuse deletion and instead request a restriction of data use,

- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or

- You have objected to the processing of your data.

Right to data portability:

You can request that we provide you with your data that you have provided to us in a structured, commonly used and machine-readable format, and that you can transmit this data to another controller without hindrance from us, provided that

- we process this data based on your consent, which you can revoke, or to fulfill a contract between us, and

- this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:

If we process your data based on legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims. You can object to the processing of your data for direct marketing purposes at any time without giving reasons.

Right to appeal:

If you believe that we have violated German or European data protection law in processing your data, please contact us so that we can clarify any questions. You also have the right, of course, to contact the supervisory authority responsible for your region, the respective state data protection authority.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Am I obligated to provide data?

The processing of your data is necessary for the conclusion and/or fulfillment of your contract with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obligated to give your consent to data processing for data that is not relevant to the fulfillment of the contract or not required by law.

11. Changes to this Privacy Policy

We reserve the right to amend our privacy policy if necessary due to new technologies. Please ensure you have the most up-to-date version. If fundamental changes are made to this privacy policy, we will announce them on our website.

Table of Contents

• General Information
• Changes
• Order Process
• Contract Text Storage
• Right of Withdrawal
• Exclusion or Premature Expiration of the Right of Withdrawal
• Note: Returning Products
• Prices and Shipping Costs
• Payment Terms
• Promotional Coupons and Their Redemption
• Regulations on promotional gifts (e.g., Secret Piece)
• Vouchers, product vouchers, and their redemption
• Delivery and shipping conditions – Information on calculating the delivery date
• Refunds
• Retention of title
• Warranty/liability for defects
• Customer account
• Data storage and data protection
• Alternative dispute resolution
• Final provisions

1. General

1.1 The following contractual provisions (Terms and Conditions) apply to all contracts concluded with the customer (hereinafter: CUSTOMER) via the online shop of Oace Exclusive GmbH, Albert Schäffler Straße 6, 74080 Heilbronn, Germany (hereinafter: SELLER) under the domain oace.de.

1.2 The presentation of the products in the SELLER's online shop is merely a non-binding invitation to the CUSTOMER to place an order from a non-binding online catalog. By placing an order, the CUSTOMER makes a binding offer to conclude a contract for the items contained in the shopping cart. The SELLER will immediately confirm receipt of the order by automated email. The automated order confirmation from the shop system does not constitute a contractual relationship. A contract is only concluded when the SELLER accepts the CUSTOMER's offer by delivering the ordered items to the CUSTOMER. Only with this separate declaration of acceptance is the purchase contract concluded with Oace Exclusive GmbH, Köhlstraße 10b, 50827 Cologne-Ossendorf, Germany, managing directors Alexander Glörfeld and Jan Luca Kraume, HRB 119405 Cologne Local Court.

 

1.3 Only private individuals are considered CUSTOMERS.

2. Changes

The SELLER reserves the right to update these terms and conditions as necessary. Changes will be communicated to CUSTOMERS in a timely manner and will only take effect with the CUSTOMERS' consent.

 

3. Order process

3.1 The CUSTOMER can add the desired items to the shopping cart by clicking on the corresponding button and initiate the order process by clicking on the shopping cart. During the order process, the CUSTOMER must enter the necessary contact details for shipping and payment. It is also possible to create a customer account and save the order data entered for future orders. The order is bindingly completed by clicking on the “Buy” button. Confirmation of receipt of the CUSTOMER's order will be sent by email immediately after the order has been submitted.

 

3.2 If an external payment provider is selected from the payment options, the purchase will be forwarded and completed on that provider's website.

3.3 Orders that exceed quantities that are customary for private consumption may be rejected or canceled. The CUSTOMER will be notified of this.

3.4 The CUSTOMER can correct input errors, in particular items mistakenly placed in the shopping cart, by entering the desired quantity in the shopping cart and using the available buttons. During the ordering process, the CUSTOMER can correct input errors in the various steps by navigating to the respective step using the “forward” and “back” buttons of the browser.

3.5 By completing the order, the CUSTOMER declares that they have read and understood the General Terms and Conditions, the data protection provisions, and the cancellation policy.

3.6 The contract language is German.

 

4. Storage of the contract text

The contract text is not stored by the SELLER. The order data will be sent to the CUSTOMER separately in text form (e-mail). The General Terms and Conditions can also be accessed and printed out in the online shop at https://oace.de/policies/terms-of-service.

 

5. Right of withdrawal

If the CUSTOMER is a consumer (i.e., a natural person who places the order for a purpose that cannot be attributed to their commercial or self-employed professional activity), the CUSTOMER is entitled to a right of withdrawal in accordance with the statutory provisions.

• Cancellation policy: https://oace.de/policies/refund-policy
  
• The CUSTOMER can access the sample withdrawal form here: https://cdn.shopify.com/s/files/1/0501/0938/2822/files/Muster-Widerrufsformular_OACE.pdf?v=1696429169

 

6. Exclusion or premature expiry of the right of withdrawal

The right of withdrawal does not apply to distance contracts:

• for the delivery of goods that can spoil quickly or whose expiration date would be quickly exceeded.
• for the delivery of sealed goods that are not suitable for return for reasons of health protection or hygiene if their seal has been removed after delivery.
• for the delivery of goods if, due to their nature, they have been inseparably mixed with other goods after delivery.
• Contracts for the delivery of goods that are not prefabricated and for the manufacture of which an individual selection or determination by the consumer is decisive or which are clearly tailored to the personal needs of the consumer.

 

7. Note: Returning products

The goods should be returned in their original packaging with all accessories and packaging components to

Oace Exclusive GmbH

c/o Fiege Logistik Stiftung Co. KG

Am Berkhopsfeld 700

30938 Burgwedel

Germany

. The SELLER requests that protective outer packaging be used to ensure adequate protection against any transport damage if the original packaging is no longer available. Damage and contamination of the item to be returned should be avoided. CUSTOMERS are requested to return the physical products to the seller as a prepaid package and to retain the proof of delivery. THE SELLER points out that the right of withdrawal and its consequences naturally exist regardless of compliance with this notice; it merely serves to facilitate the processing of the return.

The SELLER asks the CUSTOMER to immediately file a complaint with the delivery service and contact the SELLER upon delivery of goods with obvious transport damage. Failure to file a complaint or contact the SELLER has no consequences for the CUSTOMER's legal claims and their enforcement, in particular warranty rights. The CUSTOMER thereby helps the SELLER to assert its own claims against the carrier or the transport insurance company.

8. Prices and shipping costs

8.1 The prices valid on the day of the order, as displayed in the online shop, apply.

8.2 The prices displayed in the online shop are in euros and include statutory value added tax.

8.3 When purchasing goods that are delivered in a package or by other means by post, the following applies: The prices displayed in the online shop do not include shipping costs for packaging and postage. Shipping costs are calculated dynamically during the ordering process and displayed in the shopping cart overview before the order is placed.

8.4 Information on delivery countries and shipping costs can be found here: https://oace.de/policies/shipping-policy

Note on returns:

Returns within Germany cost €3.90 and will be deducted from the refund. There are no return costs for exchanges. Return costs for shipments outside Germany must be borne by the customer.

 

9. Terms of payment

9.1 The SELLER only accepts the payment methods offered during the ordering process in the online shop. These are:

• PayPal
• Credit card: Visa, Mastercard, Maestro
• Klarna invoice
• Klarna Sofort
• SOFORT
• Bancontact (Belgium only)
• eps transfer (Austria only)
• Ideal (Netherlands only)
• Apple Pay
• Google Pay

9.2 The CUSTOMER selects their preferred payment method from the available payment methods.

9.3 PayPal: If payment is made via PayPal, the CUSTOMER must have a PayPal account and authenticate themselves with their PayPal login details. The CUSTOMER must then complete the PayPal payment process and confirm the payment to the SELLER. Payments can also be made via PayPal without a PayPal user account. With regard to the guest function of PayPal, the terms and conditions available via the payment method apply. If the CUSTOMER chooses to pay by credit card in PayPal, they may be asked for a second authentication feature, depending on the amount of the payment or the type of delivery, by displaying the website of the credit institution. The CUSTOMER must then verify the payment process with their personal second authentication feature, such as a password, PIN, TAN, or biometric data such as a fingerprint or face scan, using a special app.

9.4 Credit card: If delivery is made against payment by credit card, the CUSTOMER, by providing their credit card details, authorizes the full invoice amount, including any delivery and shipping costs, to be charged to the relevant credit card company when due. At the end of the ordering process, the CUSTOMER is asked to enter their credit card number, the credit card's expiration date, and the verification code in the corresponding form. Depending on the amount of the payment or the type of delivery, the customer may be asked to provide a second authentication feature by displaying the website of the credit institution. The CUSTOMER must then verify the payment transaction with their personal second authentication feature, such as a password, PIN, TAN, or biometric data such as a fingerprint or face scan, using a special app. The specific type of identification used depends on the respective payment service provider (e.g., the CUSTOMER's credit card institution). In this case, the charge is initiated with the order confirmation.

9.5 Klarna invoice: In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, we offer you the Klarna payment method. Payment is made to Klarna. For more information, please refer to Klarna's terms of use. General information about Klarna can be found here. Your personal data will be processed by Klarna in accordance with the applicable data protection laws and as described in Klarna's privacy policy.

9.6 If payment is made via instant transfer (Klarna Sofort) of the Klarna Group, the CUSTOMER must have an activated online banking account with PIN/TAN procedure. At the end of the ordering process, the CUSTOMER will be asked to enter their account number, bank code, PIN, and TAN in the form pre-filled by the SELLER (bank details, transfer amount, purpose of transfer). Immediately afterwards, the transaction will be confirmed to the CUSTOMER.

9.7 If a delivery is made against payment by Bancontact, the CUSTOMER either enters their card information or pays via the Bancontact app. If the CUSTOMER enters the card number of their Bancontact card, they will be taken to the familiar online banking environment of their bank. After successfully logging in and entering their PIN, the CUSTOMER confirms the transaction. They are then returned to the online shop.

9.8 If a delivery is made against payment by eps transfer, the CUSTOMER needs an online banking account with one of the participating banks. At the end of the ordering process, the CUSTOMER selects the bank and logs into the private online banking area. There, the CUSTOMER checks the payment details already entered. If these are correct, the CUSTOMER authorizes the payment via eps and thus completes the purchase.

9.9 If a delivery is made against payment via SOFORT, the CUSTOMER logs into their online banking and authorizes the payment via a transaction authentication number (TAN) before returning to the web shop.

9.10 If a delivery is made against payment via iDeal, the CUSTOMER first selects their bank. They are then redirected to their bank's online banking environment. There, the CUSTOMER logs in securely with their own access data. The total amount due and other transfer information are already filled in on the input screen, so that the CUSTOMER only has to confirm the payment via iDEAL. After confirming the payment, the CUSTOMER is redirected back to the web shop. The CUSTOMER then immediately receives a payment confirmation.

9.11 If a delivery is made against payment via Apple Pay, the CUSTOMER pays directly via their own Apple account. After submitting the order, the CUSTOMER is redirected to Apple, where the payment of the order amount can be authorized. As soon as the SELLER has been informed of the authorization, the item will be shipped, depending on the delivery time specified for the item. Depending on the payment method stored with Apple Pay, the actual invoice amount will be charged immediately after authorization or after shipment, after deduction of any discounts, gift vouchers, etc.

9.12 If a delivery is made against payment via Google Pay, the CUSTOMER pays directly via their own Google account. After submitting the order, the CUSTOMER is redirected to Google, where payment of the order amount can be authorized. Once the SELLER has been informed of the authorization, the order will be shipped, depending on the delivery time specified for the item. Depending on the payment method stored with Apple Pay, the actual invoice amount will be charged immediately after authorization or after shipment, after deduction of any discounts, gift vouchers, etc.

 

10. Promotional vouchers and their redemption

10.1 Promotional vouchers are vouchers that cannot be purchased, but are issued by the SELLER as part of advertising campaigns with a specific period of validity.

10.2 Promotional vouchers can only be redeemed during the specified period and only once per order. Promotional vouchers cannot be used to purchase gift vouchers. Please note that promotional vouchers or promotions in general may be subject to a minimum order value.

10.3 The value of the goods must be at least equal to the amount of the promotional voucher. Any difference to a higher value of goods can be settled using the payment options offered. The value of a promotional voucher will not be paid out in cash or bear interest. The promotional voucher will not be refunded if goods are returned in whole or in part.

10.4 Promotional vouchers can only be redeemed before completing the order process. Subsequent crediting is not possible. The promotional voucher cannot be transferred to third parties. Multiple promotional vouchers cannot be combined with each other, unless otherwise specified in the terms and conditions of the promotion.

10.5 If the total value of the order falls below the minimum order value of the promotional voucher used due to a subsequent return of ordered goods, the SELLER reserves the right to charge the original price of the ordered goods and to invoice the CUSTOMER retrospectively.

11. Regulation on promotional gifts (e.g., Secret Piece)

Requirements for receiving the promotional gift:

As part of certain promotions (e.g., “Secret Piece”), customers receive a free gift if the order value, after deduction of discounts and vouchers, reaches a specified minimum order value (e.g., $120).

Subsequent adjustment in the event of returns:

If items are returned and the original order value falls below the specified minimum order value (e.g., $120), the promotional gift (“Secret Piece”) will be charged retrospectively at a cost of $35.

Billing for the promotional gift:

a) The amount for the promotional gift will be offset against the refund amount for the return.

b) If the amount of the return is not sufficient to cover the cost of the promotional gift, we reserve the right to invoice the amount separately.

Returning the promotional gift:

Alternatively, the customer has the option of returning the promotional gift unused and in perfect condition within the scope of the right of return. In this case, no charge will be made.

12. Vouchers and their redemption

12.1 Vouchers are vouchers for a specific purchase value that are issued exclusively by the SELLER to the CUSTOMER, e.g., as a gesture of goodwill. They are customer-specific, non-transferable, and cannot be purchased. Cash payment is not possible.

12.2 To redeem a voucher, its code must be entered in the field provided before completing the order process. The amount stored for the voucher will be deducted from the value of the order. Any remaining voucher amounts will be retained and can be redeemed during the next order process by re-entering the voucher code as before. Orders that exceed the voucher amount can be settled using the payment options offered.

 

13. Delivery and shipping conditions – Information on calculating the delivery date

13.1 Unless otherwise agreed with the CUSTOMER, goods delivered in a package or by other means of post will be sent by post (parcel, small parcel, letter, shipping company, etc.) to the delivery address provided by the CUSTOMER in the order.

13.2 The delivery time is specified separately for each item or in the product description on the item page. Shipping takes place within 1-5 business days. Delivery in Germany therefore takes place within 2-10 business days at the latest. Further information can be found by the CUSTOMER at https://oace.de/policies/shipping-policy.

13.3 Unless the SELLER expressly states other delivery times in the product description on the item page, all items offered by us are ready for immediate shipment. Exceptions to this are pre-sales communicated in advance by the SELLER, which may take 8-12 weeks for delivery. CUSTOMERS will receive regular updates on the website, in their customer account, and by email during the waiting period.

13.4 In the case of payment in advance, the delivery time specified on the item page begins on the day after the payment order is sent to the bank responsible for the transfer, and for all other payment methods, on the day after the contract is concluded. If the deadline falls on a Saturday, Sunday, or public holiday at the place of delivery, the deadline shall end on the next working day.

13.5 Orders can be placed by all CUSTOMERS from the European Economic Area and, where applicable, other countries specified in the online shop. Orders are only delivered to Germany and the countries specified in the online shop. The CUSTOMER can view details at https://oace.de/policies/shipping-policy.

13.6 If the carrier returns the purchased item to the SELLER because delivery to the CUSTOMER was not possible, the CUSTOMER shall bear the costs of reshipment. This does not apply if the CUSTOMER has exercised any existing right of withdrawal at the same time as refusing acceptance, or if the CUSTOMER is not responsible for the circumstances that led to the impossibility of delivery, or if the CUSTOMER was temporarily prevented from accepting the service offered, unless the SELLER had given the CUSTOMER reasonable advance notice of the service.

 

14. Refunds

The SELLER will automatically arrange any refunds to the account used by the CUSTOMER for payment. In the case of payment by invoice, the refund will be transferred to the account from which the transfer was made. If the CUSTOMER has paid via external payment providers, the refund will be made to the associated account. If the CUSTOMER used a gift voucher for their purchase, the corresponding amount will be credited to their gift voucher account.

 

The amount to be refunded will be transferred back by the SELLER as quickly as possible (within the first 14 days after arrival at the warehouse). When purchasing a SET, a discounted price applies. This only applies to the set – if the CUSTOMER decides to return one of the two items, our individual prices per product apply. The amount to be refunded is therefore calculated as follows: set price – individual price = refund amount.

15. Retention of title

The SELLER retains ownership of the items sold until the purchase price has been paid in full.

 

The following also applies to entrepreneurs: We retain ownership of the goods until all claims arising from an ongoing business relationship have been settled in full. You may resell the goods subject to retention of title in the ordinary course of business; you assign to us in advance all claims arising from this resale – irrespective of any combination or mixing of the goods subject to retention of title with new items – in the amount of the invoice amount, and we accept this assignment. You remain authorized to collect the claims, but we may also collect claims ourselves if you do not meet your payment obligations.

 

16. Warranty/liability for defects

The rights in the event of defects in the purchased item are governed by the statutory provisions.

 

17. Customer account

17.1 The CUSTOMER can create a customer account in the online shop free of charge.

17.2 When creating a customer account, the CUSTOMER is asked to provide their personal data in accordance with the SELLER's privacy policy. By providing their data, the CUSTOMER guarantees its authenticity and accuracy. They are also obliged to keep the data up to date in the event of an order. Additional shipping costs incurred by the SELLER due to incorrect or inaccurate data will be charged to the CUSTOMER. After requesting the creation of a customer account by clicking on “Create,” the CUSTOMER will receive an email.

17.3 By clicking on the link contained therein, the CUSTOMER confirms their identity and receives confirmation of the creation of their customer account by email.

17.4 The CUSTOMER is only entitled to register and operate one customer account at a time on www.oace.de. If the SELLER becomes aware of multiple registrations, the SELLER is entitled to exclude the CUSTOMER from using the web shop. CUSTOMERS whose customer account has already been blocked or terminated by us in the past may not create a new customer account. Minors are not permitted to register.

17.5 The CUSTOMER and SELLER may terminate the contract for the customer account at any time with immediate effect for the future without giving reasons. The SELLER reserves the right to delete the registration of CUSTOMERS who have not provided complete or incorrect data.

 

18. Data storage and data protection

The data protection provisions of the privacy policy at https://oace.de/policies/privacy-policy apply exclusively.

19. Alternative dispute resolution

The SELLER is not obliged and not willing to participate in dispute resolution proceedings before a consumer arbitration board.

The European Commission provides a platform for online dispute resolution (ODR), which can be found here: https://www.ec.europa.eu/consumers/odr.

20. Final provisions

20.1 The law of the Federal Republic of Germany applies, excluding the UN Convention on Contracts for the International Sale of Goods.

20.2 The above choice of law applies only insofar as the protection granted by mandatory provisions of the law of the country in which the CUSTOMER has their habitual residence is not withdrawn.

Click here to download the General Terms and Conditions as a PDF file.

Privacy policy for the OACE Athletic Club app

We take the protection of your personal data very seriously and treat it confidentially and in accordance with data protection regulations (GDPR, TTDSG and BDSG new). This privacy policy applies to our mobile iPhone and Android apps (hereinafter referred to as "APP"). It describes the type, purpose and scope of data collection during the use of the APP.

Responsible for data processing:

Oace Exclusive GmbH

Köhlstraße 10b

50827 Cologne

Email: support@oace.de

The external company data protection officer is

Mr. Nico Becker

Project 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Email: anfragen@projekt29.de

Tel.: 0941-2986930

Table of contents

1. General

2. Encryption

3. Information on the processing of your data

3.1. Information collected during download

3.2. Information that is collected automatically

3.3. App access rights

3.4. Creating a user account (registration) and logging in

4. Loyalty Program

5. Upload outfit

6. Receiving messages (push notification)

7. Voting system

8. Services and Data Analysis

8.1. DatoCMS

8.2. Heroku

8.3. Shopify

8.4. Algolia

9. Disclosure and transfer of data

9.1. Abuse or violation of laws

9.2. Further Development

10. Changes of purpose

11. Data storage period

12. Your rights as a data subject

12.1. Right to Information

12.2. Right to rectification of inaccurate data

12.3. Right to erasure

12.4. Right to restriction of processing

12.5. Right to data portability

13. Right to object

14. Right of appeal

15. Changes to this Privacy Policy

1. General

When you use the app, we process your personal data. Personal data is any information relating to an identified or identifiable natural person. Because protecting your privacy when you use the app is important to us, we would like to inform you below about what personal data we process when you use the app and how we handle this data. We will also inform you about the legal basis for processing your data and, where processing is necessary to protect our legitimate interests, about those interests as well.

2. Encryption

This app uses encryption for security reasons and to protect the transmission of confidential information, such as requests you send to us as the app operator, or communication between app users. This encryption prevents unauthorized third parties from reading the data you transmit.

3. Information on the processing of your data

Certain information is processed automatically as soon as you use the app. We have listed below exactly which personal data is processed:

3.1. Information collected during download

When you download the app, certain necessary information is transmitted to your chosen app store (e.g., Google Play or Apple App Store). This may include your username, email address, customer number, the time of download, payment information, and your device's unique identifier. This data is processed exclusively by the respective app store and is outside our control.

3.2. Information that is collected automatically

As part of your use of the app, we automatically collect certain data that is necessary for using the app. This includes:

• Internal device ID

• Version of your operating system

• Time of access

This data is processed automatically for the following reasons:

• Provisioning the app environment

• App improvements

• Prevention of malfunctions

This data processing is justified because the processing is necessary for the performance of the contract between you as the data subject and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the app, and we also have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a market- and interest-oriented service, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR prevail in this respect.

3.3. App access rights

In order to offer our services via the app, we require the following access permissions. These permissions grant us access to certain functions of your device:

· Photos

Videos

Camera

· Location

Access to device functions is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, and – insofar as a contract has been concluded – the performance of our contractual obligations (Art. 6 para. 1 lit. b GDPR).

3.4. Creating a user account (registration) and logging in

You always have the option to use the app as a guest, meaning you can use it without providing any personal data. However, some functions will be limited in this case: for example, participation in voting, Outfit of the Week, competitions, etc.

When you create a user account or log in, we use your login credentials (email address and password) to grant you access to and manage your user account. Required fields are marked with an asterisk during registration and are necessary for concluding the user agreement. If you do not provide this information, you cannot create a user account. Your login credentials are the same as for the Oace shop. For registration, we process the following data:

· Gender

· First name Last Name

· E-mail address

For the ordering process, we process the following information:

· Address

Payment information

You can also optionally provide some additional information:

Desired size

· Birth date

• Pictures of your outfits

The processing of this personal data is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, your consent pursuant to GDPR, your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG and - insofar as a contract has been concluded - for the performance of our contractual obligations (Art. 6 para. 1 lit. b GDPR).

4. Loyalty Program

As part of the loyalty program, members collect points through various activities. Depending on their point balance, members receive special benefits. By downloading the app and logging into your user account, you automatically participate in the program and can start collecting points in the future. The legal basis for this is Article 6 Paragraph 1 Letter b GDPR. You can find all the information about the different levels of our loyalty program and what earns points in the terms and conditions.

5. Upload outfit

You can upload photos of your current outfits to the app. These photos will then be published for all app users. This not only earns you points for your account, but also gives you the chance to win weekly and monthly prizes. These photos will only be published after manual selection; no photos will be shared before then. Further information can be found in the Terms and Conditions.

The legal basis for this data processing is your consent pursuant to GDPR, your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG and - to fulfill our contractual obligations for the competition (Art. 6 para. 1 lit. b GDPR).

6. Receiving messages (push notification):

You have the option to activate "Push Notifications" in the app (push technology or server push describes a type of communication where data is transmitted even though the receiving app is running in the background). With "Push Notifications," you can be informed, for example, when there are new updates in a news channel that contains information relevant to you. You can configure this feature in the app's settings and enable/disable notifications separately.

To enable "push notifications", we store the following information along with your identification data: activation or deactivation of "push notifications" per service, activation or deactivation of "push notifications" in general, and push tokens from your mobile device (only if at least one "push notification" is activated).

The data is stored only and is visible to the currently logged-in app user. This personal data is stored for the purpose of "push notifications" to keep app users informed. No further analysis of the collected personal data will be performed beyond the purposes described.

The basis for data processing is your consent within the framework of the voluntary use of this service pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

7. Voting system

Our app uses a voting system from the provider lyket.dev (Italy) to store and process ratings. This involves storing the IP address and the date and time of each vote. This data is not shared with third parties and is automatically deleted after a few days. No personal data is processed. Furthermore, this information is only stored after you click. The legal basis for this processing is therefore your consent pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time.

8. Services and Data Analysis

We have integrated external services to provide the app and some of its functions. We have concluded corresponding data processing agreements with these service providers in accordance with Article 28 of the GDPR.

When you access our app, your behavior may be statistically evaluated using certain analytics tools and analyzed for advertising, market research, or to improve our services. We ensure compliance with legal data protection regulations when using such tools. When using external service providers (data processors), we ensure through appropriate contracts with these providers that data processing complies with German and European data protection standards.

8.1. DatoCMS

(1) This app displays content managed in DatoCMS, a so-called headless content management system. This content is located on servers of the provider of DatoCMS, therefore, accesses to these servers and the associated data transfers are carried out in accordance with Section 3 Paragraph 1 of this privacy policy.

(2) The use of DatoCMS is necessary for technical reasons in order to display the content you have requested. The legal basis for this use is our legitimate interest pursuant to Article 6(1)(f) GDPR.

(3) The provider of DatoCMS is Dato Srl, Via Francesco Botticini 3, 50143 Florence, Italy. Information on Dato Srl's privacy policy can be found at https://www.datocms.com/legal/privacy-policy

8.2. Heroku

We use the European data center of Heroku, Inc., a service of Salesforce, located at Salesforce Tower, 415 Mission St., San Francisco, CA 94105, USA, to operate our API. The legal basis for using Heroku is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 f GDPR. Our legitimate interest lies in the technically flawless and optimized provision of our services. You can find further information on Heroku's data processing and storage practices here: https://www.heroku.com/policy/security.

8.3. Shopify

We host our shop with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify”).

Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data.

Data related to the purchase (e.g., phone number, total sales, etc.). Shopify stores cookies in your browser for analysis purposes.

For details, please refer to Shopify's privacy policy:

https://www.shopify.de/legal/datenschutz

The use of Shopify is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

8.4. Algolia

Our app uses Algolia Instantsearch, a search engine service provided by Algolia Inc. ("Algolia"), to search and index content. By using Algolia Instantsearch, your IP address and search query are transmitted to an Algolia server and stored there for statistical purposes for 90 days. Please refer to Algolia's Terms of Service and Privacy Policy .

Algolia does not transfer the collected data to third parties, but processes it exclusively internally for statistical evaluations and the monitoring of its services.

The use of Algolia Instantsearch serves the purpose of making the information contained on our website and app easier to find and thus ensuring user-friendliness. This also constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

9. Disclosure and transfer of data

Your personal data will only be shared without your explicit prior consent, in addition to the cases explicitly mentioned in this privacy policy, if it is legally permissible or necessary. This may be the case, for example, if processing is necessary to protect the vital interests of the user or another natural person.

9.1. Abuse or violation of laws

If it is necessary to investigate unlawful or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities, as well as, where applicable, to injured third parties or legal counsel. This will only occur, however, if there is evidence of unlawful or abusive behavior. Data may also be disclosed if this serves to enforce terms of use or other legal claims. Furthermore, we are legally obligated to provide information to certain public authorities upon request. These include law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and tax authorities.

Any transfer of personal data is justified because the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) GDPR in conjunction with national legal requirements for the transfer of data to law enforcement authorities, or because we have a legitimate interest in transferring the data to the aforementioned third parties if there are indications of abusive behavior or for the enforcement of our terms of use, other terms and conditions or legal claims, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not override this interest.

9.2. Further Development

As our business evolves, our company structure may change through alterations to our legal form, or the establishment, acquisition, or sale of business units or components. In such transactions, customer information may be transferred along with the relevant part of the business. Whenever we transfer personal data to third parties to the extent described above, we ensure that this is done in accordance with this Privacy Policy and applicable data protection law.

Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our company structure to economic and legal circumstances as needed, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not override this interest.

10. Changes of purpose

Your personal data will only be processed for purposes other than those described if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before the further processing and provide you with all other relevant information.

11. Data storage period

We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of your use of the app or the contractual relationship, plus a period of [7] days during which we retain backup copies after deletion, unless this data is required for a longer period for criminal prosecution or for securing, asserting, or enforcing legal claims.

Specific information in this privacy policy or legal requirements regarding the retention and deletion of personal data, in particular data that we are required to retain for tax reasons, remain unaffected.

12. Your rights as a data subject

12.1. Right to Information

You have the right to request information from us at any time regarding the personal data we process concerning you, in accordance with Article 15 of the GDPR. You can submit your request by post or email to the address provided below.

12.2. Right to rectification of inaccurate data

You have the right to request that we immediately correct any inaccurate personal data concerning you. Please contact us using the contact details provided below.

12.3. Right to erasure

You have the right, under the conditions described in Article 17 of the GDPR, to request that we erase your personal data. These conditions include, in particular, a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, if you have objected to the processing, or if there is a legal obligation to erase the data under Union law or the law of the Member State to which we are subject. For information on the data retention period, please see section 5 of this privacy policy. To exercise your right to erasure, please contact us using the contact details provided below.

12.4. Right to restriction of processing

You have the right to request that we restrict the processing of your personal data in accordance with Article 18 of the GDPR. This right exists in particular if the accuracy of the personal data is contested between you and us, for the period necessary to verify its accuracy; if you, instead of erasure, request restricted processing when you have a right to erasure; if the data is no longer necessary for the purposes for which it was collected, but you require it for the establishment, exercise, or defense of legal claims; and if the successful exercise of an objection is still contested between you and us. To exercise your right to restrict processing, please contact us using the contact details provided below.

12.5. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, in accordance with Article 20 of the GDPR. To exercise your right to data portability, please contact us using the contact details provided below.

13. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based, among other things, on point (e) or (f) of Article 6(1) of the GDPR, pursuant to Article 21 of the GDPR. We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

14. Right of appeal

You also have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is:

The State Commissioner for Data Protection and

Freedom of information in Baden-Württemberg

Lautenschlagerstraße 20

70173 Stuttgart

Tel.: 0711/615541-0

15. Changes to this Privacy Policy

We keep this privacy policy up to date. Therefore, we reserve the right to amend it from time to time and to reflect changes in the collection, processing, or use of your data. The current version of the privacy policy is always available within the app.