Privacy Policy

Responsible:

Social Fashion Company GmbH

Thebäerstr. 17

50823 Cologne

Germany

Phone: +49 (221) 29 23 29 0

Email: shop@armedangels.com

The company data protection officer is

Project 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Email: anfragen@projekt29.de

Phone: 0941-2986930

Personal data is information about you. This includes your name, address, and email address. You do not need to provide any personal data to visit our website. In some cases, we need your name and address, as well as other information, to provide you with the requested service.

The same applies if we send you informational material upon request or if we answer your inquiries. In these cases, we will always inform you accordingly. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data necessary to provide you with that service. We may ask you for additional information, but providing this is entirely voluntary. Whenever we process personal data, we do so to provide you with our service or to pursue our business objectives.

When you visit our website, our web servers store the IP address of your Internet service provider, the website from which you visit us, the web pages you visit on our site, and the date and duration of your visit. Processing this information is absolutely necessary for the technical transmission of the websites, the convenient use of our services, and secure server operation. Our legitimate interest arises from Art. 6 (1) (f) GDPR.

It is not possible to directly identify you based on this information, and we will not do so. The information will be stored and automatically deleted once the aforementioned purposes have been fulfilled. The standard deletion periods depend on the criterion of necessity.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• web browser and operating system used
• full IP address of the requesting computer
• amount of data transferred

This data will not be merged with other data sources. Processing is carried out in accordance with Art. 6 (1) (f) GDPR, based on our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, particularly to prevent attempted attacks on our web server, we store this data temporarily. It is not possible for us to identify individuals based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at the domain level, making it impossible to establish a connection to the individual user. In anonymized form, the data is also processed for statistical purposes; it is not compared with other databases or shared with third parties, even in excerpts.

When you contact us (e.g. via contact form, email, telephone or social media), the information provided by the person making the inquiry will be processed to the extent necessary to answer the contact inquiries and any requested measures.

Contact enquiries within the framework of contractual or pre-contractual relationships are answered to fulfill our contractual obligations or to answer (pre-)contractual enquiries and, moreover, on the basis of our legitimate interests in answering the enquiries.

• Processed data types: Inventory data
  (e.g. names, addresses), contact details (e.g. email, telephone numbers),
  Content data (e.g. entries in online forms).
• Data subjects: communication partners.
• Purposes of processing: contact requests and communication.
• Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Our website uses so-called cookies. Cookies are small data packets that do not cause any damage to your computer. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are required to carry out electronic communication, to provide certain functions you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been obtained, processing will take place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) TDDSG); this consent can be revoked at any time.

You can set your browser to inform you about the use of cookies and to only accept cookies on a case-by-case basis, to exclude cookies for specific cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. You can find out which cookies and services are used on this website in this privacy policy.

We use a consent management service ("Consent Manager Platform (CMP)") on our website to inform you about the cookies and other technologies we use on our website, as well as to obtain, manage, and document your consent, if required, to the processing of your personal data by these technologies. This is necessary according to Art. 6 (1) (c) GDPR to fulfill our legal obligation under Art. 7 (1) GDPR to be able to prove your consent to the processing of your personal data, to which we are subject.

After you submit your cookie consent on our website, the web server stores the following data: IP address, device information, browser information, language setting, website accessed or its URL, date and time of your consent declaration, and information on your consent behavior.

In addition, the following technologies are used, which contain/contain information about your consent behavior: cookies. The data is stored exclusively in a cookie; no personal data is transmitted to the provider of the Consent Manager Platform (CMP). Your data will be deleted after one year unless you have expressly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR, or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration.

Shopify

We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify”).

Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address and information about the device and browser you are using. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, sales volume, etc.). Shopify stores cookies in your browser for these analyses.

For details, please refer to Shopify's privacy policy:

https://www.shopify.de/legal/datenschutz .

The use of Shopify is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed Content Delivery Network (CDN) with DNS. Technically, the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in providing our website as reliably and securely as possible (Art. 6 para. 1 lit. f GDPR).

Data transfers to the USA are based on the standard contractual clauses of the
Supported by the EU Commission. Details can be found here:

https://www.cloudflare.com/privacypolicy/.

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Doofinder

We use a service provided by Doofinder SL, Madrid 28037, Rufino González 23 bis, 1º 1, Spain ("Doofinder") on our website to make your visit more enjoyable and to provide you with faster, better search results. The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in the optimized presentation of our website. For this purpose, your browser must connect to Doofinder's servers. This allows Doofinder to know that our website was accessed via your IP address. You can find more information about Doofinder search at https://www.doofinder.com/de/ and in Doofinder's privacy policy: https://www.doofinder.com/de/privacy-policy

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Amazon CloudFront CDN

We use the Amazon CloudFront CDN content delivery network. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon").

Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the transfer of information between your browser and our website is routed through this network. This allows us to improve the global accessibility and performance of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website in the most error-free and secure way possible (Art. 6 para. 1 lit. f GDPR).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:

https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/

Amazon also holds a certification under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF
Certified companies commit to complying with these data protection standards.

Further information about Amazon CloudFront CDN can be found here:

https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf .

Zendesk

We use the Zendesk CRM system to process user inquiries. The provider is Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103 USA. We use Zendesk to process your inquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can submit inquiries using only your email address and without providing your name.

Messages sent to us will remain with us until you request their deletion or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected. Zendesk has Binding Corporate Rules (BCRs) approved by the Irish Data Protection Commission. These are binding internal company rules that legitimize the transfer of data within the company to third countries outside the EU and the EEA. Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/

If you do not agree to your request being processed via Zendesk, you can alternatively contact us by email, telephone, or fax. Further information can be found in Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/

Our website offers you the option of sending us messages via a chat window. The chat functionality is provided by Zendesk. When you use this chat window, we store your IP address along with your chat messages. Providing your name is not required for the chat. We have a data processing agreement (DPA) with the aforementioned provider.

This is a legally required contract under data protection law, which ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 (1) (a) GDPR. You can unsubscribe from the newsletter at any time and can do so either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration.

Please note that we evaluate your user behavior when sending the newsletter. To this end, we also analyze your use of our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of designing future newsletter campaigns ("newsletter tracking").

For this evaluation, the emails sent contain single-pixel technologies (e.g., so-called web beacons, tracking pixels) stored on our website. For the evaluation, we link, in particular, the following "newsletter data":

• the page from which the page was requested (so-called referrer URL),
• the date and time of the call,
• the description of the type of web browser used,
• the IP address of the requesting computer,
• the email address,
• the date and time of registration and confirmation

and single-pixel technologies using your email address or IP address and, if applicable, a unique ID. Links contained in the newsletter may also contain this ID.

If you do not wish to be tracked by the newsletter, you can unsubscribe from the newsletter at any time, as described above.

The information will be stored for as long as you are subscribed to the newsletter.

The newsletter may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

Swish (Appmate)

To display dynamic product content and improve the user experience on the website, we use the Swish app, provided by Appmate Pty Ltd, Australia. Swish may process pseudonymous usage data (e.g., mouse movements, clicks, device type, language settings) to optimize page loading time and interaction.

The legal basis for this use is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to improve the user-friendliness of our webshop.

More information at: https://apps.shopify.com/swish

Back in Stock

For the notification function when products are sold out, we use the app Back in Stock from SureSwift Capital Inc., USA. If you are interested in a
By subscribing to notifications, we process your email address and product information for the purpose of notifying you as soon as the item is available again.

The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Consent can be withdrawn at any time with effect for the future.

Back in Stock's privacy policy: https://backinstock.org/privacy

Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to manage website tags via a user interface. The Tag Manager itself does not process any personal data; in particular, it does not create user profiles, store cookies, or perform its own analyses. It serves solely to manage and deploy other tools (e.g., tracking or statistics tools). These tools may, however, collect data themselves – you can find information about this in the relevant sections of this privacy policy.

When using the Tag Manager, your IP address may be transferred to servers of the parent company, Google LLC, in the USA. The EU Commission has not yet issued an adequacy decision for the USA. Therefore, any transfer is based on EU standard contractual clauses and, where necessary, your consent.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. We have a legitimate interest in the technically flawless and efficient integration and management of third-party services on our website.

Further information: https://policies.google.com/privacy

Google Analytics (4)

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data is aggregated into a user ID and assigned to the respective device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse movements, scrolling, and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA. The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. You may withdraw your consent at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .

Google also holds a certification under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF
Certified companies commit to complying with these data protection standards.

Browser Plugin [MOU1]

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals [MOU2]

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Google Analytics
E-commerce measurement [MOU3]

This website uses the "E-Commerce Measurement" feature of Google Analytics. E-Commerce Measurement allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product are collected. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Note regarding Google services

We use services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
For more information about data security and privacy at Google, see Responsible handling of business data.
as well as the terms of use at
https://policies.google.com/terms .

You can change your cookie settings at any time {here}.

Clarity

This website uses Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA98052-6399 (USA), https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as "Clarity").

Clarity is a tool for analyzing user behavior on this website. Clarity collects data in this process.

especially mouse movements, and creates a graphical representation of which part of the

Website users scroll particularly frequently (heatmaps). Clarity can also record sessions, allowing us to view page usage in video form. Furthermore, we receive information about general user behavior within our website.

Clarity uses technologies that recognize the user for the purpose of analyzing the

To enable user behavior tracking (e.g., cookies or the use of device fingerprinting). Your

Personal data is stored on Microsoft's servers (Microsoft Azure Cloud Service) in the USA.

sshogun

The use of Clarity is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in effective user analysis. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

Further details on Clarity's data protection policy can be found here:

https://docs.microsoft.com/en-us/clarity/faq .

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Fitanalytics

This website uses the "Fitfinder" service. Fitfinder is a service provided by Fit Analytics GmbH, Voigtstr. 3, 10247 Berlin. Fitfinder offers the following services:

Real-time clothing size advice

Fit prediction services in the online shops of our partners

Optimizing the overall quality of our consulting algorithms

All data collected in this way remains anonymous. Fitanalytics does not collect or process any directly personally identifiable information (such as name, address, or payment information) through this method. IP addresses transmitted to servers via standard backend processes are immediately and irreversibly hashed and truncated upon receipt. All data collected by the Fitanalytics application is stored on servers and in databases within the European Union or in the end user's country of origin. No data in this category is transferred outside the European Union. All data is automatically deleted after a defined retention period.


The legal basis for the use of Fitfinder is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Further information from the third-party provider regarding data protection can be found on the following Facebook website: https://widget.fitanalytics.com/documents/privacy_de.html

Klar Analytics

On our website, we use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich). Klar collects, processes, and stores data on our behalf for audience measurement and statistical analysis on this website and its subpages. This data collection is based on the following legal grounds:

Unless the user has given their consent, data is collected anonymously, i.e., without collecting personal or personally identifiable information, and in groups, i.e., by randomly assigning the collected data to groups of users. It is therefore impossible to identify individual users. This anonymous collection is mandatory according to Section 25 Paragraph 2 No. 2 of the German Telemedia Act (TDDG) in order to optimize business processes and thus guarantee the desired service. If the user has given their consent according to Article 6 Paragraph 1 Sentence 1 a of the GDPR and Section 25 Paragraph 1 Sentence 1 of the TDDG, the data to be processed is collected on a user-specific basis. Different cookies are used for the aforementioned different types of data collection to ensure the respective data collection method. You can withdraw your consent at any time via the cookie settings.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many advertisements resulted in clicks.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. This consent can be revoked at any time.

For the USA, there is also an adequacy decision from the European Commission, provided that companies are certified under the Data Privacy Framework program. Google is certified accordingly and therefore meets the requirements of the EU Commission.

Google AdSense (non-personalized)

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalized" mode. Unlike personalized mode, the ads are not based on your previous browsing behavior, and no user profile is created. Instead, so-called "contextual information" is used to select the ads. The selected ads are then based, for example, on your location, the content of the website you are visiting, or your current search terms. You can find more information about the differences between personalized and non-personalized targeting with Google AdSense here:

https://support.google.com/adsense/answer/9007336 .

Please note that even when using Google AdSense in non-personalized mode, cookies or similar tracking technologies (e.g., device fingerprinting) may be used. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's standard contractual clauses.

Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:

https://adssettings.google.com/authenticated .

For more information about Google's advertising technologies, please visit: https://policies.google.com/technologies/ads
and

https://www.google.de/intl/de/policies/privacy/ .

Google Ads Customer Match

We use Google Ads Customer Match lists as part of our Google advertising activities. For the use of Customer Match, lists containing encrypted user data (e.g., names, email addresses, addresses, etc.) are created.
Customer-specific identifiers are uploaded to Google. Google then compares the submitted user data with existing Google customers. This allows them to create target audiences that can be used to manage ads and campaigns. After the Customer Match lists are created, the encrypted customer data is automatically deleted. This prevents the providers from gaining access to new addresses.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google LLC, based in California, USA, and potentially US authorities may access the data stored by Google.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. You may withdraw your consent at any time. Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:

https://policies.google.com/privacy/frameworks
and here

https://privacy.google.com/businesses/controllerterms/mccs

Microsoft Advertising

We use the Microsoft Advertising service on our website, provided by Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads). Microsoft Advertising is an online marketing service that uses Universal Event Tracking (UET) to help us target advertisements via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. This involves processing personal data in the form of online identifiers (including cookie IDs), IP addresses, device identifiers, and information about device and browser settings.

Microsoft Advertising uses UET to collect data that allows us to track target audiences through remarketing lists. For this purpose, a cookie is stored on the user's device when they visit our website. Microsoft Advertising can then recognize that our website has been visited and display an advertisement on subsequent visits to Microsoft Bing or Yahoo. This information is also used to generate conversion statistics, i.e., to track how many users reached our website after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any personally identifiable information.

Further information on these processing activities, the technologies used, the data stored, and the storage period can be found in the settings of our consent management tool. Processing only takes place with your consent in accordance with Section 25 of the German Telemedia Act (TDDG) or Article 6(1)(a) of the GDPR. You can withdraw your consent via our consent management tool.

When using Microsoft services, the transfer of data to Microsoft Corp. in the USA cannot be ruled out. Microsoft is certified under the Data Privacy Framework and complies with it.
This fulfills the requirements of the EU Commission's adequacy decision regarding the USA. Further information on data protection at Microsoft can be found in Microsoft's privacy statement at https://privacy.microsoft.com/de-de/privacystatement .

Pinterest tag

We have integrated the Pinterest tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest tag is used to track certain actions you perform on our website. This data can then be used to display interest-based advertising to you on our website or on other sites within the Pinterest tag advertising network.

For this purpose, the Pinterest tag collects, among other things, a tag ID, your location, and the referrer URL. Furthermore, action-specific data such as order value, order quantity, order number, category of purchased items, and video views can be collected.

The Pinterest tag uses technologies that enable cross-site user recognition for the analysis of user behavior (e.g., cookies or device fingerprinting).

Since the necessary consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDSG. This consent can be revoked at any time.

Pinterest is a global company, so data may be transferred to the USA. According to Pinterest, this data transfer is based on the EU Commission's Standard Contractual Clauses. Details can be found here:

https://policy.pinterest.com/de/privacy-policy .

You can find more information about the Pinterest tag here:

https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag .

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Taboola pixels

A visitor pixel and cookies from Taboola Inc., 28 West 23rd St., 5th fl., New York, NY 10010, USA are used on our website for conversion tracking. This allows us to track user behavior after they have been redirected to the provider's website by clicking on a Taboola advertisement.
This process is used to evaluate the effectiveness of Taboola advertisements for statistical and market research purposes and can help optimize future advertising campaigns. The data collected is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the users.

Since the necessary consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDSG. This consent can be revoked at any time.

All information on how Taboola handles data can be found in Taboola's privacy policy, available at https://www.taboola.com/de/privacy-policy

We have concluded a data processing agreement pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Clarity

This website uses Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA98052-6399 (USA), https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as "Clarity").

Clarity is a tool for analyzing user behavior on this website. Specifically, Clarity records mouse movements and creates a graphical representation (heatmap) of which parts of the website users scroll to most frequently. Clarity can also record sessions, allowing us to analyze website usage in video format.
You can view it. Furthermore, we receive information about general user behavior within our website.

Clarity uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA. The use of Clarity is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in effective user analysis. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDG. Consent can be withdrawn at any time.

Further details on Clarity's data protection policy can be found here:

https://docs.microsoft.com/en-us/clarity/faq .

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Emarsys

For certain activities related to the ARMEDANGELS website and email communication, the external service provider Emarsys eMarketing Systems AG, Märzstraße 1, 1150 Vienna ("Emarsys") has been commissioned. Emarsys processes data exclusively in accordance with the instructions of ARMEDANGELS and is also bound by this privacy policy.

Emarsys does not store or use your computer's IP address for marketing purposes. IP addresses collected by Emarsys web servers are stored only temporarily to detect and prevent misuse. This processing is based on legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, whereby our interest lies in the security and functionality of the website.

Cookies are stored on your device by Emarsys via your web browser. These cookies contain identification numbers, but are not combined with personal data such as your name, address or email address unless you have given us your explicit consent (legal basis: Art. 6 para. 1 lit. a GDPR).

Emarsys uses these cookies to recognize returning browsers and to evaluate the use of our website and the success of marketing measures. This processing serves the purpose of tailoring our online offerings and email communications to the interests of users (legal basis: Art. 6 para. 1 lit. f GDPR, possibly in conjunction with Art. 6 para. 1 lit. a GDPR for personalized content or profiling).

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the aforementioned provider. This is a legally required contract under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Linkster

On this page, we use the tracking technology of Linkster GmbH, Geschwister-Scholl-Straße 52, 20251 Hamburg, to measure and visualize insights into partnerships and advertising channels.

This is a function for measuring the effectiveness of the respective advertising campaigns. Furthermore, the information allows us to attribute advertising success for billing purposes with the relevant advertising partners. When you click on an advertising integration, cookies are placed in your browser, which are read in the event of a transaction. At each touchpoint, your browser sends an HTTP request to the Linkster server, transmitting certain information. This information includes

the URL of the website on which advertising material is placed (referrer URL),

the browser identifier (user agent) of your device (including information about the device type and operating system),

the IP address of the end device (this IP address is anonymized and hashed by us before storage),

HTTP headers (data packets automatically transmitted by your browser containing various technical information)
Information),

the time of the request and, if previously stored on the device, the cookie with its content.

The tracking technology stores cookies on your device to document actions. A 24-digit, anonymous ID is stored in the cookie. The data linked to this ID is encrypted and stored in our database on the server. This data includes information about the last touchpoints (i.e., when a specific advertisement was displayed or clicked on a device). The stored touchpoints can potentially be combined to create a sequence of actions (user journey). When an action is requested, the order number and the value of your order are usually also transmitted and stored by us. The cookies stored by Linkster GmbH are deleted after a maximum of 30 days. The information transmitted to us and the cookies serve solely the purpose of correctly attributing the success of an advertisement and the corresponding billing, and this is justified by our legitimate interests pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Reviews
(Reviews.io)

On our website, you have the opportunity to write reviews. For this, we use "Review.io," a service provided by REVIEWS.io 2020 GmbH, Stralauer Allee 6, 10245 Berlin, Germany. Reviews.io allows us to collect customer reviews and publish them on our website.

In order for you to write a review, Review.io requires your name or a pseudonym and your email address (which will not be published). Once you write a review via Review.io, the service automatically creates an account for you.

Your data is processed based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by email to us is sufficient. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal. In the event of withdrawal of your consent, we will delete or anonymize the review.

Reviews can be submitted in a way that prevents other website users from identifying you. It is entirely your decision whether you wish to provide any personal information beyond the required fields. Please note that even when choosing your pseudonym, within the free text fields, and when uploading photos, it is possible to provide information that could allow you to be identified. We recommend that you write your review text without including any personal data and edit your photos accordingly. We reserve the right not to publish reviews containing personal data or to (partially) anonymize them.

Furthermore, Review.io performs the following processing on our behalf as part of the review process:

Identification as a reviewer when you log in to our website and visit the website again.

Verification of the authenticity of your reviews, answering your questions, and providing appropriate customer service.

Forwarding our messages once we have replied to your review

We have concluded a data processing agreement with Review.io in accordance with the requirements of Art. 28 GDPR, in which we oblige them to protect our customers' data and not to pass it on to third parties.

For more information about the type of data collected by Review.io, please see Review.io's Terms of Service and Privacy Policy: https://www.reviews.io/front/data-protection .

Criteo

This website uses features provided by Criteo. The provider is Criteo SA, 32 Rue Blanche, 75009 Paris (hereinafter referred to as "Criteo").

Criteo is used to show you interest-based advertisements within the Criteo advertising network. Your interests are determined based on your previous browsing behavior. For example, Criteo records which products you have viewed, added to your shopping cart, or purchased.
Further details about the data collected by Criteo can be found here:

https://www.criteo.com/de/privacy/how-we-use-your-data/.

In order to show you interest-based advertising, we and other Criteo partners need to be able to recognize you. For this purpose, a cookie is stored on your device or a similar identifier is used, which links your user behavior to a pseudonymous user profile. Details can be found in Criteo's privacy policy at:

https://www.criteo.com/de/privacy/ .

Your personal data and the Criteo cookies stored in your browser will be stored for a maximum of 13 months from the date of collection.

Criteo is used for targeted advertising purposes. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDG. Consent can be withdrawn at any time.

Criteo and we are joint controllers within the meaning of Article 26 GDPR. An agreement on joint processing has been concluded between Criteo and us, the essential contents of which Criteo describes at the following link:

https://www.criteo.com/de/privacy/how-we-use-your-data/ .

Depict.ai

To improve product search and display personalized product recommendations on our website, we use the Depict service from Depict.ai AB, Vasagatan 16, 111 20 Stockholm, Sweden.

Depict processes pseudonymized information about your interactions in the shop (e.g., viewed products, click behavior, device information, IP address) to optimize product searches and display personalized product recommendations. This information is not linked to your name or email address.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in making our online services user-friendly and targeted. If consent has been given
When consent is requested via our cookie banner (e.g., for tracking via cookies), processing is additionally based on Article 6(1)(a) GDPR. Depict processes the data exclusively within the EU. Further information on data processing by Depict can be found at: https://depict.ai/privacy-policy

Meta Pixel

This website uses Facebook's visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising campaigns to be optimized.

The data collected is anonymous for us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy. This allows Facebook to display advertisements on Facebook pages as well as on websites outside of Facebook. We, as the website operators, have no influence over this use of data.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's standard contractual clauses.

Furthermore, Facebook is certified under the Data Privacy Framework Program.

https://www.facebook.com/legal/EU_data_transfer_addendum
and

https://de-de.facebook.com/help/566994660333381 .

Furthermore, Facebook is certified under the Data Privacy Framework.

To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The subsequent processing by Facebook is not part of this joint responsibility. Our joint obligations are set out in a joint processing agreement. You can find the text of the agreement here:

https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a data protection-compliant manner. Facebook is responsible for the data security of its products.
You can assert your data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

You can find further information on protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/ .

You can also use the "Custom Audiences" remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
deactivate. You must be logged into Facebook to do this.

Meta Custom Audiences

We use Meta Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid services, submit data to us, or interact with our company's Facebook content, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can then use to display relevant advertising to you. Furthermore, your data can be used to define target groups.
(Lookalike Audiences).

Facebook processes this data as our data processor. Details can be found in Facebook's Terms of Service.

https://www.facebook.com/legal/terms/customaudience .

The use of this service is based on your consent pursuant to Art. 6.
Article 6(1)(a) GDPR and Article 25(1) TDDDG. Consent can be withdrawn at any time.

Data transfers to the USA are based on the EU Commission's standard contractual clauses.

Details can be found here:

https://www.facebook.com/legal/terms/customaudience

and

https://www.facebook.com/legal/terms/dataprocessing .
Furthermore, Facebook is certified under the Data Privacy Framework.

A/B Lyft

We use the ABlyft service from Conversion Expert GmbH, Zeppelinring 52c, 24146 Kiel ( https://ablyft.com ) on our website. ABlyft supports us with A/B testing and analysis to continuously improve the user-friendliness of our website.

Certain information about the use of our website is collected (e.g., browser and device data, interactions with page elements). This data is stored exclusively in aggregated and anonymized form and does not allow any conclusions to be drawn about individual persons.

However, data is only collected with your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future via the settings in our consent tool.

Further information on data protection at ABlyft can be found here: https://ablyft.com/de/datenschutzerklaerung .

Contractual partners can create an account within our online service (e.g., customer or user account, hereinafter referred to as "customer account"). If registration of a customer account is required, contractual partners will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as during subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to verify the registration and prevent any misuse of the customer account.

When customers terminate their customer account, the data relating to the customer account will be deleted, unless its retention is required for legal reasons. It is the customer's responsibility to back up their data after terminating their customer account. The legal basis for data processing is therefore Article 6(1)(b) GDPR.

We process our customers' data to enable them to select, purchase, or order their chosen products, goods, and related services, as well as to facilitate payment, delivery, and fulfillment. If necessary for order fulfillment, we use service providers, particularly postal, freight forwarding, and shipping companies, to carry out delivery or fulfillment for our customers. We utilize the services of banks and payment service providers for processing payments. The required information is marked as such during the ordering or similar purchase process and includes the data necessary for delivery, provision, and invoicing, as well as contact information to allow for any necessary follow-up.

• Types of data processed : Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. email, telephone numbers), contract data (e.g. subject matter of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Affected persons : prospective customers, business and contractual partners, customers.
• Purposes of processing: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, administration and answering of inquiries, security measures, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).
  
• Legal basis : Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

For business reasons and in order to recognize market trends, the wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby the group of persons affected may include contractual partners, prospective customers, customers, visitors and users of our online service.

The analyses are conducted for the purposes of business evaluations, marketing, and market research (e.g., to identify customer groups with different characteristics). Where available, we may consider the profiles of registered users, including their information such as details of services used. These analyses are solely for our internal use and will not be disclosed externally, unless they are anonymous analyses with aggregated, i.e., anonymized, data. Furthermore, we respect user privacy and process data for analytical purposes using pseudonyms wherever possible and, where feasible, anonymously (e.g., as aggregated data).

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use additional payment service providers besides banks and credit institutions (collectively "payment service providers") for this purpose.



The data processed by payment service providers includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to process the transactions. However, the entered data is only processed and stored by the payment service providers.

This means we do not receive any account or credit card information, but only confirmation or rejection of the payment. The payment service providers may transmit the data to credit reference agencies. This transmission is for the purpose of identity and creditworthiness verification. Please refer to the terms and conditions and privacy policies of the payment service providers for further information.


The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions and can be accessed on their respective websites or transaction applications. We also refer you to these for further information and to exercise your rights of withdrawal, access, and other data subject rights.

For the purpose of delivering ordered goods, we work with logistics service providers/transport companies and/or shipping partners, to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of notifying the shipment: first name, last name, postal address, and, if applicable, the email address and telephone number. The legal basis for processing is Art. 6 (1) (b) GDPR.

When you purchase on account or use any other payment method where we provide the goods or services in advance, we may conduct a credit check (scoring). For this purpose, we transmit the data you entered (e.g., name, address, age, or bank details) to a credit agency. Based on this data, the probability of payment default is determined. If the risk of payment default is deemed too high, we may refuse the payment method in question.

Credit checks are carried out on the basis of contract fulfillment (Art. 6 para. 1 lit. b GDPR) and the prevention of payment defaults (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 para. 1 lit. a GDPR); this consent can be revoked at any time.

We offer you the opportunity to become a CHANGEMAKER and join our CHANGEMAKERS CLUB. As a CHANGEMAKER, you'll receive a variety of benefits, such as free shipping, early access to sales, or exclusive product advice from our customer service team.

In this process, we may process your name, address, date of birth, and purchase details.

An analysis of your web behavior (page views, shopping cart abandonment, visit duration) is possible to the extent that you grant any necessary consent via our cookie banner. We also link campaign response data with your master data and purchase data.

Membership in the CHANGEMAKERS CLUBS is inextricably linked to receiving our newsletter, so if you become a member we will also process your email address (for details on the processing of personal data in connection with the newsletter, see section 27 of this privacy policy).

Processing your email address is also necessary to distinguish club members from other customers with user accounts or from ordering guests, and to fulfill the concluded membership agreement, Art. 6 para. 1 lit. b GDPR. If you do not provide us with your email address, you cannot become a CHANGEMAKER.

The processing of your name, address and other information provided in connection with an order is necessary for the performance of a purchase contract concluded with you, Art. 6 para. 1 lit. b GDPR.

If you have also provided your date of birth during registration, we process this on the basis of your consent, Art. 6 para. 1 lit. a GDPR.

The data will be stored for the duration of your CHANGEMAKERS membership and beyond, in accordance with legal retention requirements (such as those under commercial or tax law), and then deleted.

Membership in the CHANGEMAKERS CLUB is voluntary. In particular, it is not required to place orders through our online shop. Therefore, consent to receive our newsletter is also not required for the conclusion and fulfillment of a purchase agreement.

If you become a member of the CHANGEMAKERS CLUB, but also without such a membership, we can create a customer profile for you that contains the following information:

- Master data (name, address, date of birth, email address)
- Purchase data (product categories, order value, order frequency, returns)

We have a legitimate interest in this within the meaning of Article 6(1)(f) GDPR. This interest is based on being able to determine which products you purchased and when. In this way, we can understand our customers' interest in our products and tailor our product range and promotions accordingly to achieve the highest possible customer satisfaction. Your own interests, fundamental rights, and freedoms do not conflict with this form of profiling, as we do not process any sensitive data about you, we do not subject your profile to any further analysis (for example, to determine the likelihood of a return), and we do not enrich your profile with any other data. Ultimately, this form of documentation also helps you to understand your purchase history with us, so the recording may also be in your interest.

If you have given your consent to this in accordance with Art. 6 (1) (a) GDPR to the respective social media operator, when you visit our online presence on our social media channels your data will be automatically collected and stored for market research and advertising purposes, from which user profiles will be created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. Detailed information on the processing and use of data by the respective social media operator as well as a contact option and your related rights and setting options to protect your privacy can be found in the respective data protection notices linked to the providers' websites. If you still need help with this, you can contact us.