Privacy Policy

Responsible:

Social Fashion Company GmbH

Thebäerstr. 17

50823 Cologne

Germany

Phone: +49 (221) 29 23 29 0

Email: shop@armedangels.com

The company data protection officer is:

Project 29 GmbH &, Co. KG

Ostengasse 14

93047 Regensburg

Email: anfragen@projekt29.de

Phone: 0941-2986930

Personal data refers to information about you as an individual. This includes your name, address, and email address. You are not required to disclose any personal data in order to visit our website. In certain cases, however, we will need your name, address, and other details in order to provide the requested service. The same applies if we are to supply you with information material upon request or respond to your inquiries. In such cases, we will always inform you accordingly.

We only store data that you have transmitted to us automatically or voluntarily. When you use one of our services, we generally collect only the data necessary to provide you with that service. We may also ask you for additional information, but providing this information is voluntary. Whenever we process personal data, we do so in order to provide you with our services or to pursue our commercial objectives.

When you visit our website, our web servers automatically store by default the IP address of your internet service provider, the website from which you are visiting us, the web pages you visit on our site, as well as the date and duration of your visit. The processing of this information is strictly necessary for the technical transmission of the website, the convenient use of our services, and the secure operation of the server. Our legitimate interest arises from Art. 6 para. 1 lit. (f) GDPR.

A direct inference to your identity is not possible on the basis of this information and will not be made by us. The information is stored and automatically deleted once the aforementioned purposes have been achieved. The standard retention periods for deletion are determined according to the criterion of necessity.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• Web browser and operating system used
• Full IP address of the requesting computer
• Amount of data transferred

This data will not be merged with other data sources. Processing is carried out in accordance with Art. 6 (1) (f) GDPR, based on our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, particularly to prevent attempted attacks on our web server, we store this data temporarily. It is not possible for us to identify individuals based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at the domain level, making it impossible to establish a connection to the individual user. In anonymized form, the data is also processed for statistical purposes, it is not compared with other databases or shared with third parties, even in excerpts.

When contacting us (e.g. via contact form, email, telephone or social media), the information provided by the inquiring persons will be processed to the extent necessary to respond to the contact inquiries and any requested measures.

We respond to contact requests within the scope of contractual or pre-contractual relationships in order to fulfill our contractual obligations or to respond to (pre-)contractual inquiries and, in all other cases, on the basis of our legitimate interests in responding to inquiries.

• Processed data types: Inventory data
  (e.g. names, addresses), contact details (e.g. email, telephone numbers),
• Content data (e.g. entries in online forms).
• Data subjects: communication partners.
• Purposes of processing: contact requests and communication.
• Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Our website uses so-called cookies. Cookies are small data packets that do not cause any damage to your computer. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are required to carry out electronic communication, to provide certain functions you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been obtained, processing will take place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) TDDSG), this consent can be revoked at any time.

You can set your browser to inform you about the use of cookies and to only accept cookies on a case-by-case basis, to exclude cookies for specific cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. You can find out which cookies and services are used on this website in this privacy policy.

On our website, we use a service for consent management ("Consent Management Platform (CMP)") to inform you about the cookies and other technologies we use on our website, as well as to obtain, manage, and document your consent, where required, to the processing of your personal data by these technologies. This is necessary pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR in order to fulfill our legal obligation under Art. 7 para. 1 GDPR to be able to demonstrate your consent to the processing of your personal data, to which we are subject.

Shopify

We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify").

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify records your IP address, as well as information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, as well as compiles user statistics. When you make a purchase on our website,
Shopify also collects your name, email address, delivery and
Billing addresses, payment details and other data related to the purchase (e.g., phone number, amount of sales, etc.). For analytics, Shopify stores cookies in your Browser.

For details, see Shopify's privacy policy:

https://www.shopify.de/legal/datenschutz .

The use of Shopify is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable Presentation of our website. If a corresponding consent is requeste.
If consent has been given, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Art. 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We have concluded a contract for order processing (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which ensures that this
the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

Cloudflare

We use the service "Cloudflare." The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Cloudflare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed through Cloudflare's network. This enables Cloudflare to analyze the traffic between your browser and our website and act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in
to ensure that our website is provided as error-free and securely as possible (Art. 6 (1) (f) GDPR).

Data transfer to the USA is based on the standard contractual clauses of the
EU Commission. Details can be found here:

https://www.cloudflare.com/privacypolicy/.

For more information about Cloudflare's security and privacy practices, please visit: https://www.cloudflare.com/privacypolicy/.

We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Doofinder

We use a service from Doofinder SL, Madrid 28037, Rufino González 23 bis, 1° 1, Spain "Doofinder" on our website to make visiting our website more attractive and to present you with better search results more quickly.
Data processing is governed by Art. 6 (1) (f) GDPR. Our legitimate interest lies in the optimized presentation of our website. For this purpose, the browser you use must establish a connection to Doofinder's servers. This allows Doofinder to know that our website was accessed via your IP address. Further information about Doofinder Search can be found at https://www.doofinder.com/de/ and in doofinder's privacy policy: https://www.doofinder.com/de/privacy-policy

We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Amazon CloudFront CDN

We use the Amazon CloudFront CDN content delivery network. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon").

Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed through the content delivery network. This allows us to increase the global accessibility and performance of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 (1) (f) GDPR).

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:

https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/

Amazon is also certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and thUSA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Each data subject to the DPF certified company undertakes to comply with these data protection standards to comply.

For more information about Amazon CloudFront CDN, see:

https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf .

Zendesk

To process user inquiries, we use the CRM system Zendesk. The provider is Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA.

We use Zendesk to handle your inquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. You can submit inquiries by providing only your email address, without entering your name. Messages sent to us remain with us until you request their deletion or the purpose for storing the data no longer applies (e.g. after your inquiry has been fully processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Zendesk has Binding Corporate Rules (BCR) approved by the Irish Data Protection Commission. These are binding internal company regulations that legitimize the internal transfer of data to third countries outside the EU and the EEA. Details can be found here:

https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.

If you do not agree to your inquiry being processed by us via Zendesk, you can alternatively contact us by email, telephone, or fax.

For further information, please refer to Zendesk’s privacy policy:

https://www.zendesk.de/company/customers-partners/privacy-policy/.

Our website allows you to send us messages via a chat window. The chat functions are provided by Zendesk. When you use this chat window, we store your chat messages as well as your IP address. Entering your name is not required for the chat.

We have entered into a Data Processing Agreement (DPA) with the aforementioned provider. This is a legally required contract that ensures that personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR

If you subscribe to our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 (1) (a) GDPR. You can unsubscribe from the newsletter at any time and can do so either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address from the recipient list unless you have expressly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration.

Please note that we evaluate your user behavior when sending the newsletter. To this end, we also analyze your use of our newsletter by measuring, storing, and evaluating open rates and click rates for the purpose of designing future newsletter campaigns ("newsletter tracking").

For this evaluation, the emails sent contain single-pixel technologies (e.g., so-called web beacons, tracking pixels) stored on our website. For the evaluation, we link, in particular, the following "newsletter data":

• the page from which the page was requested (so-called referrer URL),
• the date and time of the call,
• the description of the type of web browser used,
• the IP address of the requesting computer,
• the email address,
• the date and time of registration and confirmation

and the one-pixel technologies with your email address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also include this ID. If you do not wish to receive newsletter tracking, you can unsubscribe from the newsletter at any time as previously described. The information will be stored for as long as you are subscribed to the newsletter.

The newsletter may also be sent by our service providers within the scope of processing on our behalf. For questions regarding our service providers and the basis of our cooperation with them, please refer to the contact details provided in this privacy policy. The newsletter and the newsletter tracking described above may also be sent by our service providers within the scope of processing on our behalf. For questions regarding our service providers and the basis of our cooperation with them, please refer to the contact details provided in this privacy policy.

Swish (Appmate)

To display dynamic product content and to improve user experience on the website, we use the app Swish, provided by Appmate Pty Ltd, Australia. Swish may process pseudonymized usage data (e.g. mouse movements, clicks, device type, language settings) to optimize page load time and interaction on the site.

The legal basis for this use is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in improving the user-friendliness of our webshop.

More information: https://apps.shopify.com/swish

Back in Stock

For the notification function of out-of-stock products, we use the app Back in Stock from SureSwift Capital Inc., USA. When you sign up for a notification, we process your email address and product information for the purpose of notifying you once the item is available again.

The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with future effect.

Privacy policy of Back in Stock: https://backinstock.org/privacy

Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to manage website tags via a user interface. The Tag Manager itself does not process any personal data, in particular, it does not create user profiles or store cookies.
and does not conduct its own analyses. It is used solely for the administration and use of other tools (e.g. tracking or statistics tools). However, these tools may collect data themselves. you can find more Information in the relevant sections of this privacy policy.

When using the Tag Manager, your IP address can be transferred to servers of the parent company Google LLC in the USA. There is currently no adequacy decision from the EU Commission for the USA. Therefore, transfers are based on EU standard contractual clauses and, where necessary, your consent.

The use of Google Tag Manager is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the technically error-free and efficient integration and management of third-party services on our website.

Further information: https://policies.google.com/privacy

Google Analytics (4)

This website uses features of the web analysis service Google Analytics. Provider is Google Ireland Limited ("Google"), Gordon House, Barrow
Street, Dublin 4, Ireland.

Google Analytics enables website operators to analyze the behavior of website visitors. This provides the website operator with various usage data, such as page views, length of stay, operating systems used, and origin of the user. This data is summarized in a user ID and assigned to the assigned to the respective device of the website visitor.

Furthermore, with Google Analytics we can, among other things, track your mouse and scroll movements and clicks.
Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and sets. Use machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of this website is generally transferred to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .

Google is also certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when processing data in the United States. Any data processed under the DPF certified company undertakes to comply with these data protection standards.

Browser Plugin [MOU1]

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de . For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals [MOU2]

We use Google Signals. When you visit our website, Google Analytics records, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google Account
Google Signal visitor data will be linked to your Google Account
and used for personalized advertising messages. The data is
also for the creation of anonymized statistics on user behavior
of our users.

Google Analytics
E-commerce measurement [MOU3]

This website uses the "E-Commerce Measurement" feature of Google Analytics. With the help of E-Commerce Measurement, the website operator can measure the purchasing behavior of
Analyze website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product is collected. Google may aggregate this data under a transaction ID that is assigned to the respective user or their device.

Fitanalytics

This website uses the "Fitfinder" service. Fitfinder is a service provided by Fit Analytics GmbH, Voigtstr. 3, 10247 Berlin. Fitfinder offers the following services:

• Real-time advice on clothing sizes


• Fit prediction services in our partners' online shops


• Optimizing the overall quality of our consulting algorithms

All data collected in this way remains anonymous. Fitanalytics does not collect or process any directly personal data (such as name, address, payment information). The IP addresses transmitted to servers through standard backend processes are irreversibly hashed and shortened immediately upon receipt. All data collected by the Fitanalytics application is stored on servers and in Databases within the European Union or in the country of origin.
No data in this category is stored after outside the European Union. All data will be automatically deleted after a specified retention period.


The legal basis for the use of Fitfinder is your consent in accordance with Art. 6 (1) (a) GDPR. Further information on data protection from the third-party provider can be found on the following Facebook website: https://widget.fitanalytics.com/documents/privacy_de.html

Klar Analytics

On our website we use the Services from Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich). Klar collects, processes, and stores data on our behalf for reach measurement and statistical evaluation on this website and its subpages. This collection is carried out on the following legal basis

Unless the user has given his consent, the data is collected anonymously, i.e. without collecting personal or personally identifiable data, and in groups, i.e. by randomly assigning the collected data to groups of users. It is therefore not possible to trace the data back to individual users. This anonymous collection is absolutely necessary according to Section 25 Paragraph 2 No. 2 TDDDG in order to optimize business expenses and thus guarantee the desired service. If the user has given their consent in accordance with Art. 6 Paragraph 1 Sentence 1 a GDPR and Section 25 Paragraph 1 Sentence 1 TDDDG, the data to be processed will be collected on a user-specific basis. Different cookies are used for the aforementioned different types of collection in order to guarantee the respective type of collection. You can revoke your consent at any time via the cookie settings.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). We, as website operators, can evaluate this data quantitatively, for example, by analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Art. 25 (1) TDDDG. This consent can be revoked at any time.

For the US, the European Commission also has an adequacy decision, provided companies are certified under the Data Privacy Framework program. Google is certified accordingly and thus meets the EU Commission's requirements.

Google AdSense (not personalized)

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalized" mode. Unlike personalized mode, the ads are not based on your previous user behavior, and no user profile is created. Instead, so-called "contextual information" is used to select ads. The selected ads are then based on, for example, your location, the content of the website you are on, or your current search terms. Learn more about the differences between personalized and non-personalized targeting with Google.


AdSense can be found at:

https://support.google.com/adsense/answer/9007336 .

Please note that even when using Google Adsense in non-personalized mode, cookies or similar recognition technologies (e.g., device fingerprinting) may be used. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent in accordance with Art. 6 Paragraph 1 lit. a GDPR and Section 25 paragraph 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses.

Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/

You can adjust your advertising settings yourself in your user account. To do so, click the following link and log in:

https://adssettings.google.com/authenticated .

For more information about Google's advertising technologies, please visit: https://policies.google.com/technologies/ads
and

https://www.google.de/intl/de/policies/privacy/ .

Google Ads Customer Match

We use Google Ads Customer Match lists as part of our Google advertising activities. For the use of Customer Match, lists with encrypted user data (e.g. names, email addresses, addresses,
Customer-specific identifiers are uploaded to Google. Google then compares whether the submitted user data matches existing Google customers. This can then be used to create target groups that can be used to target ads/campaigns. After the customer match lists are created, the encrypted customer data is automatically deleted. This prevents providers from accessing new addresses.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google LLC, based in California, USA, and possibly US authorities may access the data stored by Google.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Art. 25 (1) TDDDG. This consent can be revoked at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:

https://policies.google.com/privacy/frameworks
and here

https://privacy.google.com/businesses/controllerterms/mccs

Microsoft Advertising

We use the Microsoft Advertising service from Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us target advertisements via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. Personal data in the form of Online identifiers (including cookie identifiers), IP addresses, Device identifiers and information about device and browser settings processed.

Microsoft Advertising collects data via UET that allows us to track target groups using remarketing lists. When you visit our website, a cookie is stored on your device. This allows Microsoft Advertising to recognize that our website has been visited and, if you visit it later, to
Using Microsoft Bing or Yahoo, an advertisement may be displayed. This information is also used to create conversion statistics, i.e., to record how many users reached our website after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that could be used to personally identify users.

Further information on these Processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tools. Processing will only take place with your consent in accordance with ¤25 TDDDG or Art. 6 (1) (a) GDPR. You can revoke your consent using our Consent Management Tool.

For Microsoft services, a Transfer of data to Microsoft Corp. in the USA not excluded . Microsoft is certified under the Data Privacy Framework and complies thus the requirements of the US adequacy decision by the EU Commission . Further information on data protection at Microsoft can be found in Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement .

Pinterest Day

We have integrated the Pinterest tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest tag is used to track certain actions you perform on our website. This data can then be used to show you interest-based advertising on our website or on another site in the Pinterest tag network.

For this purpose, the Pinterest tag records, among other things, a tag ID, your location, and the referrer URL. Furthermore, campaign-specific data such as order value, order quantity, order number, category of purchased items, and video views may be recorded.

Pinterest Tag uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting).

Since a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and 25 (1) TDDDG, insofar as the consent allows the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDSG. Consent can be revoked at any time.

Pinterest is a global company, so data may also be transferred to the USA.
According to Pinterest, this data transfer is based on the EU Commission's standard contractual clauses. Details can be found here:

https://policy.pinterest.com/de/privacy-policy .

For more information about Pinterest Tag, see here:

https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag .

We have concluded a contract for order processing (AV) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and processed in compliance with the GDPR.

Taboola Pixel

A visitor pixel and cookies from Taboola Inc., 28 West 23rd St., 5th fl., New York, NY 10010, USA, are used on our website for conversion measurement. This allows us to track user behavior after they have been redirected to the provider's website by clicking on a Taboola ad.
This process is used to evaluate the effectiveness of Taboola ads for statistical and market research purposes and can help optimize future advertising measures. The data collected is anonymous to us, meaning we cannot draw any conclusions about the identity of the users.

Since a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and 25 (1) TDDDG, insofar as the consent allows the storage of
Cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDSG. Consent is revocable at any time.

All information on how Taboola handles data can be found in Taboola's privacy policy, available at https://www.taboola.com/de/privacy-policy

We have a contract for Order processing according to Art. 28 GDPR with the above-mentioned provider. This is a data protection prescribed contract, which ensures that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.

Clarity

This website uses Clarity, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 (USA), https://docs.microsoft.com/en-us/clarity/ (hereinafter "Clarity").

Clarity is a tool for analyzing user behavior on this website. Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity can also record sessions, allowing us to record page usage in the form of videos.
We also receive information about general user behavior on our website.

Clarity uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

The use of Clarity is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective user analysis. If appropriate consent is requested processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG, insofar as the consent allows the storage of Cookies or access to information in the user's device (e.g. Device fingerprinting) within the meaning of the TDDDG. The consent is revocable at any time.

Further details on Clarity's privacy policy can be found here:

https://docs.microsoft.com/en-us/clarity/faq .

We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR

Emarsys

For certain activities related to the website and the ARMEDANGELS's email communication has been handled by the external service provider Emarsys eMarketing Systems AG, MŠrzstra§e 1, 1150 Vienna("Emarsys"). Emarsys processes data exclusively in accordance with the instructions of ARMEDANGELS and is also bound by this data protection notice.

Emarsys does not use your computerÕs IP address for marketing purposes stored or used. The IP addresses recorded by Emarsys web servers are stored only briefly to detect and prevent misuse. Processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, whereby our interest lies in the security and functionality of the website.

Cookies are stored by Emarsys on your device via your web browser.

These cookies contain identification numbers, but are not linked to personal data such as your name, address, or email address unless you have given us your express consent (legal basis: Art. 6 (1) (a) GDPR).

Emarsys uses these cookies to recognize recurring browsers and to evaluate the use of our website and the success of marketing measures. This processing serves the purpose of tailoring our online offering and email communication to the interests of users (legal basis: Art. 6 (1) (f) GDPR, possibly in conjunction with Art. 6 (1) (a) GDPR for personalized content or profiling).

We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Linkster

On this site, we use the tracking technology of Linkster GmbH, Geschwister-Scholl-Stra§e 52, 20251 Hamburg, to measure and visualize insights into partnerships and advertising channels.

This is a function for measuring the effectiveness of the corresponding advertising measures. Furthermore, the information enables us to allocate advertising success for billing purposes with the corresponding advertising partners. When you click on an advertising integration, cookies are placed in your browser that are read in the event of a transaction. At each touch point, your browser sends an HTTP request to the Linkster server, transmitting certain information. This information includes

• the URL of the website on which advertising material is placed (referrer URL),
• the browser identifier (user agent) of your device (including information about the device type and operating system),
• the IP address of the end device (this IP address is anonymized and hashed by us before storage),
• HTTP Header (data packet automatically transmitted by your browser with various technical
  Information),
• the time of the request and, if previously stored on the device, the cookie with its content.

The tracking technology stores cookies on your device to document actions. A 24-digit, anonymous ID is stored in the cookie. Linked to this ID, the data is stored encrypted in our database on the server. This contains information about the last touchpoints (i.e., when a specific advertising medium was displayed or was clicked). The saved touch points can be combined to form a sequence chain (user journey). When an action request is made, the order number and the shopping cart value of your order are usually also transmitted and stored by us. The cookies stored by Linkster GmbH are deleted after 30 days at the latest. The information transmitted to us and the cookies serve exclusively for the purpose of correctly assigning the success of an advertising medium and the corresponding billing and is justified by our legitimate interests according to Art. 6 (1) (f) GDPR.

Reviews
(Reviews.io)

On our website, you have the opportunity to write reviews. For this purpose, we use "Review.io," a service provided by REVIEWS.io 2020 GMBH, Stralauer Allee 6, 10245 Berlin, Germany. Reviews.io allows us to collect customer reviews and publish them on our website.

In order for you to write a review, Review.io requires your name or a pseudonym and your email address (will not be published).
If you write a review via Review.io, the service automatically creates an account for you.

The processing is based on your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time. To do so, simply send us an informal email. The legality of the data processing operations already carried out remains unaffected by the revocation. In the event of revocation of your consent, we will delete or anonymize the Review.

Reviews can be submitted in such a way that other website users cannot identify you. It is your free choice whether you wish to provide personal information beyond the mandatory information. Please note that when choosing your pseudonym, as well as in the free text fields and when uploading photos, it is possible to provide information that allows you to be identified. We recommend that you write your review text without providing any personal information and design photos accordingly. We reserve the right not to publish reviews containing personal information or to (partially) anonymize them.

Furthermore, Review.io carries out the following processing for us as part of the review:

• Identification as a reviewer when you log in to our website and visit the website again
• Verifying the authenticity of your reviews, answering your questions, and providing appropriate customer service


• Forwarding our messages when we have responded to your review

We have concluded a data processing agreement with Review.io in accordance with the requirements of Art. 28 GDPR, in which we oblige them to protect our customers' data and not to pass it on to third parties.

For more information about the type of data collected by Review.io, please see Review.io's Terms of Service and Privacy Policy: https://www.reviews.io/front/data-protection .

Criteo

This website uses features from Criteo. Provider is Criteo SA, 32 Rue Blanche, 75009 Paris (hereinafter "Criteo").

Criteo is used to show you interest-based advertisements within the Criteo advertising network.
Your interests are determined based on your previous usage behavior. Criteo records, for example, which products you have viewed, added to your shopping cart, or purchased.
Further details on the data collected by Criteo can be found here:

https://www.criteo.com/de/privacy/how-we-use-your-data/.

In order to show you interest-based advertising, we or other Criteo partners need to be able to recognize you. For this purpose, a cookie is stored on your device or a similar identifier is used that links your user behavior to a pseudonymous user profile. For details, please see Criteo's privacy policy at:

https://www.criteo.com/de/privacy/ .

Your personal data and the Criteo cookies stored in your browser will be stored for a maximum of 13 months from the date of collection.

Criteo is used for targeted advertising purposes. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Art. 25 Paragraph 1 TDDDG, insofar as the consent allows the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the Telemedia Act (TDDDG). Consent can be revoked at any time.

Criteo and we are joint controllers within the meaning of Art. 26 GDPR. A joint processing agreement has been concluded between Criteo and us, the essential content of which Criteo describes at the following link:

https://www.criteo.com/de/privacy/how-we-use-your-data/ .

Depict.ai

To improve product searches and display personalized product recommendations on our website, we use the Depict service from Depict.ai AB, Vasagatan 16, 111 20 Stockholm, Sweden.

Depict processes pseudonymized information about your interactions in the shop (e.g. products viewed, click behavior, device information, IP address) to optimize product searches and display personalized product recommendations. This information is not associated with your name or email address.

Data processing is carried out on the basis of Art. 6 (1) (f) GDPR, based on our legitimate interest in making our online offering user-friendly and targeted. If consent is requested via our cookie banner (e.g., when tracking through cookies), the processing is also based on Art. 6 (1) (a) GDPR. Depict processes the data exclusively within the EU. Further information on data processing by Depict can be found at: https://depict.ai/privacy-poli

Meta Pixel

This website uses Facebook's visitor action pixel to measure conversions. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the providerÕs website by clicking on a Facebook ad. This allows the effectiveness Facebook ads are evaluated for statistical and market research purposes and future advertising measures are optimized.

The data collected is anonymous to us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile and allowing Facebook to use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages and outside of Facebook. We as the website operator cannot influence this use of the data.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Art. 25 (1) TDDDG. This consent can be revoked at any time.

Data transfer to the USA is based on the EU CommissionÕs standard contractual clauses.

Facebook is also certified under the Data Privacy Framework Program.

https://www.facebook.com/legal/EU_data_transfer_addendum
and

https://de-de.facebook.com/help/566994660333381 .

Facebook is also certified under the Data Privacy Framework.

To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. Any processing by Facebook that occurs after forwarding is not part of the joint responsibility. The obligations incumbent upon us jointly have been
in a joint processing agreement. The text of the agreement can be found at:

https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring that the data protection regulations are
We are responsible for implementing the tool on our website. Facebook is responsible for data security of Facebook products.
You can assert your data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/ .

You can also use the "Custom Audiences" remarketing feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
To do this, you must be logged in to Facebook.

Meta Custom Audiences

We use Meta Custom Audiences. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid services, transmit data to us, or interact with our company's Facebook content, we collect your personal data. If you consent to the use of Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display relevant advertising to you. Furthermore, your data can be used to define target groups.
(Lookalike Audiences).

Facebook processes this data as our data processor. Details can be found in Facebook's user agreement:

https://www.facebook.com/legal/terms/customaudience .

The use of this service is based on your consent in accordance with Art. 6 Paragraph 1 lit. a GDPR and Section 25 paragraph 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU CommissionÕs standard contractual clauses.

Details can be found here:

https://www.facebook.com/legal/terms/customaudience

and https://www.facebook.com/legal/terms/dataprocessing .
Facebook is also certified according to the Data Privacy Framework.

Contractual partners can create an account within our online offering (e.g., a customer or user account, referred to as "customer account"). If registration of a customer account is required, contractual partners will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to verify registration and prevent any misuse of the customer account.
Once customers have canceled their customer account, the data relating to the customer account will be deleted, unless retention is required for legal reasons. It is the customer's responsibility to back up their data after the customer account has been canceled. The legal basis for data processing is therefore Art. 6 (1) (b) GDPR

We process our customers’ data in order to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. Where necessary for fulfilling an order, we use service providers, in particular postal, freight, and shipping companies, to carry out the delivery or execution for our customers. For handling payment transactions, we use the services of banks and payment service providers. The required information is identified as such during the ordering or comparable purchase process and includes the information necessary for delivery, provision, and invoicing, as well as contact information in order to allow for any necessary communication.

Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. email, telephone numbers), contract data (e.g. subject matter of contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Prospective customers, business and contractual partners, customers.

Purposes of processing: Provision of contractual services and customer support, handling of contact requests and communication, office and organizational procedures, administration and response to inquiries, security measures, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).

Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

For business management purposes and in order to identify market trends, the needs of contractual partners, and user preferences, we analyze the data available to us regarding business transactions, contracts, inquiries, etc. The group of data subjects may include contractual partners, prospects, customers, visitors, and users of our online offering.

The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g. to determine customer groups with different characteristics). Where applicable, we may take into account the profiles of registered users along with their details, such as services used.

The analyses are intended solely for our own use and are not disclosed externally, unless these are anonymous analyses with aggregated, i.e. anonymized, values. Furthermore, we respect the privacy of users and process data for analysis purposes as pseudonymously as possible and, where feasible, anonymously (e.g. in aggregated form).

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, we use other payment service providers (collectively "Payment Service Providers") for this purpose.

The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information confirming or rejecting the payment. Under certain circumstances, the payment service providers may transmit the data to credit agencies. This transmission is for the purpose of identity and credit checks. For more information, please refer to the terms and conditions and the privacy policy of the payment service providers.
Payment transactions are subject to the terms and conditions and privacy policy of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and to assert your rights of withdrawal, information, and other data subjects.

For the purpose of delivering ordered goods, we cooperate with logistics service providers/transport companies and/or shipping partners, to whom the following data is transmitted for the purpose of delivering the ordered goods and/or for the purpose of shipment notification: first name, last name, postal address, and, if applicable, email address and telephone number. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR.

When purchasing on account or using another payment method where we make an advance payment, we may conduct a credit check (scoring). For this purpose, we transmit the data you enter (e.g., name, address, age, or bank details) to a credit agency. Based on this data, the probability of a payment default is determined. If the risk of payment default is excessive, we may refuse the payment method in question.

The credit check is carried out on the basis of contract fulfilment (Art. 6 (1) (b) GDPR).
Avoiding payment defaults (legitimate interest according to Art. 6 (1) (f) GDPR). If consent has been obtained, the credit check will be based on this consent (Art. 6 (1) (f) GDPR), consent can be revoked at any time.

We offer you the opportunity to become a CHANGEMAKER and join our CHANGEMAKERS CLUB. As a CHANGEMAKER, you will receive changing benefits, such as free shipping, early access to sale promotions, or exclusive product advice from our customer service team.

In this context, we may process your name, address, and date of birth, as well as your purchase data. An analysis of your web behavior (page views, shopping cart abandonment, visit duration) is possible to the extent that you have given the necessary consent via our cookie banner. In addition, we link campaign response data with your master data and purchase data.

Membership in the CHANGEMAKERS CLUB is inseparably linked to receiving our newsletter, which means that in the event of your membership, we will also process your email address (for details on the processing of personal data in connection with the newsletter, see section 27 of this privacy policy). However, processing your email address is also necessary to distinguish club members from other customers with user accounts or guest purchasers and to fulfill the membership agreement, pursuant to Art. 6 para. 1 lit. b GDPR. If you do not provide us with your email address, you cannot become a CHANGEMAKER.

Processing your name and address, as well as other details provided in the context of an order, is necessary to fulfill a purchase contract concluded with you, pursuant to Art. 6 para. 1 lit. b GDPR. If you also provided your date of birth when registering, we process this on the basis of your consent, pursuant to Art. 6 para. 1 lit. a GDPR.

The data will be stored for the duration of your CHANGEMAKERS membership and beyond in accordance with statutory retention obligations (e.g. commercial or tax law) and then deleted.

Membership in the CHANGEMAKERS CLUB is voluntary. In particular, it is not required to place orders through our online shop. Likewise, consent to receiving our newsletter is not necessary for the conclusion and fulfillment of a purchase contract.

If you become a member of the CHANGEMAKERS CLUB, but also without such membership, we may create a customer profile for you containing the following information:

We have a legitimate interest in this sense, pursuant to Art. 6 para. 1 lit. f GDPR. This interest lies in being able to determine which products were purchased by you and when. In this way, we can understand our customers’ interest in our products and align our assortment and promotions accordingly, in order to achieve the highest possible customer satisfaction.

Your own interests, fundamental rights, and freedoms do not conflict with this form of profiling, as we do not process any sensitive data about you, do not subject your profile to further analysis (e.g. to determine how likely a return is), and do not enrich your profile with other data. Ultimately, this form of documentation also helps you track your purchase history with us, so the recording may also be in your own interest.

If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will automatically be collected and stored for market research and advertising purposes when visiting our online presences on our social media channels. Using pseudonyms, usage profiles may be created from this data. These profiles can be used, for example, to display advertisements within and outside the platforms that are presumed to match your interests. Cookies are generally used for this purpose.

For detailed information on the processing and use of your data by the respective social media operator, as well as a contact option and your rights in this regard and settings to protect your privacy, please refer to the respective linked privacy notices of the providers on their websites. Should you nevertheless require assistance in this matter, you may contact us.