Privacy policy

1) Introduction and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data is all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Auralumina GmbH, 30th floor DC Tower, Donau-City-Str. 7, 1220 Vienna, Austria, Tel.: 00436641480300, e-mail: admin@whytedot-dentalcare.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to the server of the site (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/referrer from which you reached the page
Browser used
Operating system used
IP address used (where applicable, in anonymised form)

The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is neither passed on nor used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.

3) Hosting & content delivery network

3.1 Shopify

For hosting our website and displaying the site content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Bunny

We use a content delivery network from the following provider: BUNNYWAY d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

3.3 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 (1) (f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has joined the EU–US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

3.4 imgix

We use a content delivery network from the following provider: Zebrafish Labs Inc., 423 Tehama St., San Francisco, CA 94103, USA

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and enable your page settings to be stored (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies we use, the processing is carried out either in accordance with Art. 6 (1) (b) GDPR for the performance of a contract, in accordance with Art. 6 (1) (a) GDPR if consent has been given, or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or exclude the acceptance of cookies for specific cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Judge.me

For review reminders we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom

Exclusively on the basis of your express consent pursuant to Art. 6 (1) (a) GDPR, we transmit your e-mail address and, where applicable, further customer data to the provider so that they can contact you by e-mail with a review reminder.

You can revoke your consent at any time with effect for the future, either to us or to the provider.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2 WhatsApp Business

You have the option of contacting us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “business version” of WhatsApp.

If you contact us via WhatsApp in connection with a specific transaction (for example, an order you have placed), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 (1) (b) GDPR for the purpose of processing and responding to your enquiry. On the same legal basis, we may ask you for additional data via WhatsApp (order number, customer number, address or e-mail address) in order to be able to assign your enquiry to a specific transaction.

If you use our WhatsApp contact for general enquiries (for example about our range of services, availability or our online presence), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in providing the requested information efficiently and promptly.

Your data will only ever be used to respond to your enquiry via WhatsApp. It will not be passed on to third parties.

Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers stored telephone numbers to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device whose address book only stores the WhatsApp contact data of those users who have also contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact data is stored in our address book has already consented, when first using the app on their device, by accepting the WhatsApp terms of use, to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 (1) (a) GDPR. The transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For information on the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

As part of the processing operations described above, data may be transferred to servers of Meta Platforms Inc. in the USA.

5.3 When you contact us (e.g. via contact form or e-mail), personal data is processed – exclusively for the purpose of processing and responding to your enquiry and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted once it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Data processing when opening a customer account

In accordance with Art. 6 (1) (b) GDPR, personal data is collected and processed to the extent necessary if you provide it to us when opening a customer account. You can see which data is required to open the account from the input form on our website.

You can delete your customer account at any time by sending a message to the controller at the address given above. After deletion of your customer account, your data will be deleted provided that all contracts concluded via it have been fully processed, there are no statutory retention periods to the contrary and we have no legitimate interest in continuing to store the data.

7) Use of customer data for direct marketing

7.1 Subscribing to our e-mail newsletter

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your e-mail address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters once you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. In this context, we store the IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. After you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 Klaviyo

The dispatch of our e-mail newsletters and other promotional e-mail communication is carried out via the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

On the basis of our legitimate interest in effective and user-friendly e-mail marketing, we pass on the data you provided when registering in accordance with Art. 6 (1) (f) GDPR to this provider so that they can handle the e-mail dispatch on our behalf.

Subject to your express consent pursuant to Art. 6 (1) (a) GDPR, the provider also carries out a statistical evaluation of campaign success using web beacons or tracking pixels in the e-mails sent, which can measure open rates and specific interactions with the content of the newsletter. In this context, device information (e.g. time of access, IP address, browser type and operating system) is also collected and analysed, but not merged with other data sets.

You can revoke your consent to e-mail tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

7.3 Shopping cart reminders by e-mail

If you abandon your purchase with us before completing your order, you have the option of receiving a one-time reminder of the contents of your virtual shopping cart by e-mail.

The only mandatory information required for sending this reminder is your e-mail address. Providing additional data is voluntary and may be used to address you personally. For sending the e-mail, we use the so-called double opt-in procedure, which ensures that you only receive a notification once you have expressly confirmed your consent to this by clicking on a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR for sending a shopping cart reminder. In this context, we store the IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for our e-mail notification service will be used strictly for the intended purpose.

You can unsubscribe from shopping cart reminders at any time by sending a corresponding message to the controller named at the beginning. After you have unsubscribed, your e-mail address will be deleted from our distribution list set up for this purpose without delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

8) Data processing for order handling

8.1 Insofar as it is necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided when placing the order in order to inform you personally within the scope of our statutory information obligations in accordance with Art. 6 (1) (c) GDPR. Your contact details will be used strictly for the purpose of notifications about updates owed by us and will be processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 LOGSTA

For order processing, we use the following provider: LOGSTA Germany GmbH, Elbestraße 2, 84453 Mühldorf am Inn, Germany

Name, address and, where applicable, other personal data are passed on to the provider exclusively for the purpose of processing the online order in accordance with Art. 6 (1) (b) GDPR. Your data will only be passed on to the extent that this is actually necessary for processing the order.

8.3 Disclosure of personal data to shipping service providers

- Deutsche Post

We use the following provider as a transport service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

We pass on your e-mail address and/or telephone number to the provider before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification in accordance with Art. 6 (1) (a) GDPR, provided that you have given your express consent for this during the ordering process. Otherwise, we only pass on the name of the recipient and the delivery address to the provider for delivery purposes in accordance with Art. 6 (1) (b) GDPR. The data will only be passed on to the extent that this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL

We use the following provider as a transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL Express

We use the following provider as a transport service provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL Austria

We use the following provider as a transport service provider: DHL Paket (Austria) GmbH, Campus 21, Liebermannstrasse F08/401, 2345 Brunn am Gebirge
Austria

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DPD

We use the following provider as a transport service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DPD Austria

We use the following provider as a transport service provider: DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, Leopoldsdorf 2333, Austria

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- FedEx

We use the following provider as a transport service provider: FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach, Germany

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- FedEx Austria

We use the following provider as a transport service provider: FedEx Express Austria GmbH, Cargo Nord, Obj. 3, 1300 Vienna Airport, Austria

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- Austrian Post

We use the following provider as a transport service provider: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.

8.4 Use of payment service providers (payment services)

- Apple Pay

If you choose the “Apple Pay” payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment will be processed via the “Apple Pay” function of your device running iOS, watchOS or macOS by charging a payment card stored with “Apple Pay”. Apple Pay uses security features that are integrated into the hardware and software of your device to protect your transactions. To authorise a payment, you must therefore enter a code you have previously defined and verify using the “Face ID” or “Touch ID” function of your device.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.

If personal data is processed in the course of the transfers described, this is done exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Apple stores anonymised transaction data, including the approximate purchase amount, the approximate date and time, and an indication of whether the transaction was successfully completed. Due to anonymisation, it is not possible to identify a person. Apple uses the anonymised data to improve “Apple Pay” and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made via Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and deactivate “Allow payments on Mac”.

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- Crypto.com Pay

If you choose the “Cryptocurrencies” payment method, payment is processed via the “Crypto.com” payment service of Foris DAX MT Limited, Level 7, Spinola Park, Triq Mikiel Ang Borg, St Julians SPK 1000, Malta.

To make the payment, you will be redirected to an automatically generated page of Crypto.com. There you will be shown the transaction details so that you can carry out the transaction using the wallet software of your choice. After the transaction has been initiated and detected, you will be redirected back to the checkout on our site. For payment processing, only transaction-inherent information is stored in the respective blockchain of the cryptocurrency; personal data is not transmitted to Crypto.com.

If, in individual cases, personal data is transmitted, this is done exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Further information on data protection at Crypto.com can be found at https://crypto.com/privacy/privacy_eea.pdf.
- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provide during the ordering process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where the provider pays in advance (such as invoice or instalment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postcode, town/city, date of birth, e-mail address, telephone number, where applicable data on an alternative means of payment).

In order to safeguard our legitimate interest in determining the solvency of our customers, we forward this data to the provider in accordance with Art. 6 (1) (f) GDPR for the purpose of a credit check. On the basis of the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.

For the decision within the scope of the application check, identity and credit information from the following credit agencies may also be included in addition to internal provider criteria in accordance with Art. 6 (1) (f) GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things but not exclusively, is included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider where you pay in advance, the payment data you provide during the ordering process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postcode, town/city, date of birth, e-mail address, telephone number, where applicable data on an alternative means of payment).

In such cases, in order to safeguard our legitimate interest in determining your solvency, we forward this data to the provider in accordance with Art. 6 (1) (f) GDPR for the purpose of a credit check. On the basis of the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

9) Online marketing

Own affiliate programme

In connection with the product presentations on our website, we operate our own affiliate programme, within the framework of which we provide interested third-party website operators with partner links for placement on their websites that lead to our offers. Cookies are used for the affiliate programme, which are generally set on the partner site after clicking on a corresponding partner link and for which we are therefore not responsible under data protection law. Cookies are small text files that are stored on your device in order to be able to trace the origin of transactions (e.g. “sales leads”) generated via such links. Among other things, we can recognise that you have clicked on the partner link and have been redirected to our website. This information is required for the settlement of payments between us and the affiliate partners. Insofar as the information also contains personal data, the processing described is carried out on the basis of our legitimate financial interest in the settlement of commission payments in accordance with Art. 6 (1) (f) GDPR.

If you wish to block the analysis of user behaviour via cookies, you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or exclude the acceptance of cookies for specific cases or in general.

10) Web analytics services

10.1 Google Tag Manager

This website uses “Google Tag Manager”, a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).

Google Tag Manager provides a technical framework that allows various web applications, including tracking and analytics services, to be bundled and calibrated, controlled and linked to conditions via a unified user interface. Google Tag Manager itself does not store or read any information on user devices. Nor does the service carry out any independent data analyses. However, when a page is accessed, your IP address is transmitted to Google via Google Tag Manager and may be stored there. Data may also be transmitted to servers of Google LLC in the USA.

This processing is only carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. Without this consent, Google Tag Manager will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Tag Manager can be found at https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de

10.2 Shopify Analytics

This website uses the web analytics service of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymised visitor data, including information about the device used such as the IP address and browser information, in order to evaluate it for statistical analyses of user behaviour on our website and to create pseudonymised user profiles. Among other things, this enables the analysis of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks and mouse-overs). Pseudonymisation generally excludes direct personal reference. There is no merging with other clear data collected about you.

All processing described above, in particular the reading or storage of information on the device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

10.3 Google Analytics 4

This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are stored on your device as small text modules and collect certain information. This information includes your IP address, which, however, is truncated by Google by the last digits in order to exclude direct personal reference.

The information is transmitted to Google’s servers and further processed there. Data may also be transferred to Google LLC, based in the USA.

Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us and provide other services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics and truncated will not be merged with other Google data. The data collected in the context of the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google Analytics 4 uses the special “demographic characteristics” function and can use it to create statistics that provide information about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This makes it possible to identify target groups for marketing activities. However, the collected data cannot be assigned to any specific person and is deleted after being stored for a period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have activated personalised ads and linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics in accordance with Art. 6 (1) (a) GDPR, analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can deactivate the “Personalised advertising” function in your Google account settings. To do this, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de
Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

User IDs
As an extension to Google Analytics 4, the “User IDs” function may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) (a) GDPR, created an account on this website and log in to this account on different devices, your activities, including conversions, can be analysed across devices.

11) Retargeting/remarketing and conversion tracking

11.1 Meta Pixel

Within our online offering, we use the “Meta Pixel” service of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”)

If a user clicks on an advertisement we have placed on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using “Meta Pixel”. This URL parameter is then entered into the user’s browser via a cookie that our linked page itself sets after redirection.

This enables Meta, on the one hand, to determine the visitors to our online offering as a target group for the display of ads (so-called “ads”). Accordingly, we use the service to display the Facebook and/or Instagram ads we place only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are determined on the basis of the websites visited) that we transmit to Meta (so-called “custom audiences”).

On the other hand, “Meta Pixel” can be used to track whether users were redirected to our website after clicking on an advertisement and what actions they take there (so-called “conversion tracking”).

The data collected is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.

All processing described above, in particular the setting of cookies for reading information on the device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

The information generated by Meta is generally transmitted to a Meta server and stored there; in this context, data may also be transferred to servers of Meta Platforms Inc. in the USA.

11.2 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and on the basis of the pages you have visited. Further data processing only takes place if you have agreed with Google that your web and app browsing history will be linked to your Google account and information from your Google account will be used to personalise ads you see on the web. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data to form target groups. In the context of the use of Google Ads Remarketing, personal data may also be transferred to servers of Google LLC in the USA.

All processing described above, in particular the setting of cookies for reading information on the device used, is only carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service in the “cookie consent tool” provided on the website.

Details of the processing operations initiated by Google and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11.3 Google Ads Conversion Tracking

This website uses the online advertising programme “Google Ads” and, within the framework of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use the services of Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google AdWords). In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we pursue the aim of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.

The cookie for conversion tracking is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your device. These cookies generally lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Google Ads customers. The information collected with the help of the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. The customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. In the context of the use of Google Ads, personal data may also be transferred to servers of Google LLC in the USA.

Details of the processing operations initiated by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in from Google available at the following link:
https://support.google.com/My-Ad-Center-Help/answer/12155656?hl=de

Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies.
Google’s privacy policies can be viewed here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

12) Site functionalities

12.1 Judge.me

To display external customer reviews and/or an externally awarded quality seal, graphic elements from the following provider are integrated on our website: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom

When you access a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider’s servers in order to load the elements correctly. In doing so, certain browser information, including your IP address, is transmitted to the provider.

If personal data is processed in this context, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the optimal marketing of our offer and the attractive design of our online presence.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

12.2 Trustpilot

To display external customer reviews and/or an externally awarded quality seal, graphic elements from the following provider are integrated on our website: Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark

13) Tools and miscellaneous

13.1 sevDesk

To handle our accounting, we use the service of the cloud-based accounting software of the following provider: sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany

The provider processes incoming and outgoing invoices and, where applicable, the bank transactions of our company in order to automatically record invoices, match them to transactions and thereby create the financial accounting in a partially automated process.

We have concluded a data processing agreement with the provider, which ensures the protection of our customers’ data and prohibits unauthorised disclosure to third parties.

Insofar as personal data is processed in this context, the processing is carried out on the basis of our legal obligation to maintain proper accounting in accordance with Art. 6 (1) (c) GDPR.

13.2 Cookie consent tool

This website uses a so-called “cookie consent tool” to obtain valid user consents for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users in the form of an interactive user interface when they access the site, via which consents for certain cookies and/or cookie-based applications can be given by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user has given the corresponding consent by ticking the box. This ensures that such cookies are only set on the respective user’s device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our online presence.

Another legal basis for the processing is Art. 6 (1) (c) GDPR. As controllers, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user’s consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

14) Rights of the data subject

14.1 The applicable data protection law grants you the following rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective conditions for exercising these rights:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent given pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

14.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

15) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – also by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you withdraw your consent.

If there are statutory retention periods for data that is processed on the basis of Art. 6 (1) (b) GDPR within the scope of legal or quasi-legal obligations, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfilment of the contract or the initiation of a contract and/or we have no legitimate interest in continuing to store it.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Last updated: 04/06/2026, 05:31:26

Brushing your teeth you’ll actually look forward to.

Privacy policy

1) Introduction and contact details of the controller

2) Data collection when visiting our website

3) Hosting & content delivery network

4) Cookies

5) Contact

6) Data processing when opening a customer account

7) Use of customer data for direct marketing

8) Data processing for order handling

9) Online marketing

10) Web analytics services

11) Retargeting/remarketing and conversion tracking

12) Site functionalities

13) Tools and miscellaneous

14) Rights of the data subject

15) Duration of storage of personal data

Your shopping cart