Data protection declaration

––––––––––––––––––––

Privacy Policy

––––––––––––––––––––

1) Introduction and contact details of the responsible person

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data refers to all data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Leonard Brahm, Schumannstr. 7C, 10117 Berlin, Germany, Tel.: 01713515167, Email: support@goldenpump.de Der The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content, this website uses (z.B. Orders or inquiries to the controller) use SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser bar.

2) Data collection when visiting our website

If you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

- Our visited website

- Date and time of access

- Amount of data sent in bytes

- Source/reference from which you came to the page

- Browser used

- Operating system used

- IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. However, we reserve the right to subsequently review the server log files if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

Hosting by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services from Shopify, data may also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. for further processing on our behalf. In the event that data is transmitted to Shopify Inc. in Canada, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.Further information on Shopify’s data protection can be found on the following website: https://www.shopify.de/legal/datenschutz

Further processing on Shopify servers other than those mentioned above will only take place within the framework communicated below.

4) Cookies

To make visiting our website more attractive and enable the use of certain functions, we use cookies, i.e., small text files stored on your device. Some of these cookies are automatically deleted after closing your browser (so-called "session cookies"); others remain on your device for a longer period and allow you to save page settings (so-called "persistent cookies"). In the latter case, you can find out how long cookies are stored in your web browser's cookie settings overview.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either to execute the contract, in accordance with Art. 6 (1) (a) GDPR in the event of consent being given, or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Review reminder by Loox

If you have given us your express consent to do so during or after your order in accordance with Art. 6 (1) (a) GDPR, we will transmit your email address and, if applicable, other previously collected customer data to the Loox rating tool, a service provided by Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel ("Loox"), so that it can send you a review reminder by email. You can revoke your consent at any time by sending a message to the data controller or to the review platform.

For the transmission of data to Loox in Israel, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision.

We have concluded a data processing agreement with Loox, which obligates Loox to protect our customers' data and not share it with third parties. This agreement can be viewed here: https://loox.io/legal/data_processing_addendum.pdf

For more information about Loox’s privacy policy, please visit https://loox.io/legal/privacy_policy_merchants.pdf

5.2 When you contact us (z.B. via contact form or email) personal data will be processed exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention periods to the contrary.

6) Data processing when opening a customer account

According to Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to o.g. address of the responsible party. After your customer account has been deleted, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention periods that conflict with them, and we have no legitimate interest in continuing to store it.

7) Comment function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commenter name you chose will be saved and published on this website. Furthermore, your IP address will be saved for security reasons to enable attribution to the author in the event of illegal comments. Your email address will be saved so that we can contact you if a third party should object to your published content as being illegal.

8) Use of customer data for direct marketing

8.1 Registration for our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required to receive the newsletter is your email address. Providing additional information is voluntary and will be used to address you personally. We use the so-called double opt-in procedure to send the newsletter, which ensures that you only receive the newsletter after you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. We will save your IP address entered by your Internet service provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your email address at a later date. The data we collect when you register for the newsletter will be used strictly for the intended purpose. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the person responsible named above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration.

8.2 - Newsletter distribution via Klaviyo

Our e-mail newsletter is sent via the technical service provider »Klaviyo«, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we will share the data you provided when registering for the newsletter. This sharing occurs in accordance with Art. 6 (1) (f) GDPR and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system.Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.

Klaviyo uses this information to send newsletters on our behalf. Klaviyo does not use the data of our newsletter recipients to contact them directly or to share it with third parties.

To protect your data in the USA, we have a data processing agreement with Klaviyo in which Klaviyo undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties.

You can view Klaviyo’s privacy policy here: https://www.klaviyo.com/legal/privacy

8.3 If you cancel your purchase with us before completing the order, you have the option of being reminded of the contents of your virtual shopping cart by email.

The only mandatory information required to send this reminder is your email address. Providing additional information is voluntary and may be used to contact you personally. We use the so-called double opt-in process to send emails, which ensures that you will only receive a notification after you have expressly confirmed your consent by clicking on a verification link sent to the specified email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR to send you a shopping cart reminder. We save your IP address entered by your Internet service provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your email address at a later date. The data we collect when you register for our email notification service is used strictly for the intended purpose. You can unsubscribe from the shopping cart reminders at any time by sending a corresponding message to the person responsible named above. After unsubscribing, your email address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we inform you in this declaration.

9) Data processing for order processing

9.1 - Transmission of image files for order processing via upload function

On our website, we offer customers the opportunity to request product personalization by submitting image files via an upload function. The submitted image will be used as a template for personalizing the selected product.

Using the upload form on the website, the customer can send one or more image files directly to us via automated, encrypted data transfer from the memory of the device used. We then collect, store, and use the transmitted files exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed of this in the following paragraphs. No further transfer will take place. If the transmitted files orIf the digital images contain personal data (in particular images of identifiable persons), all processing operations described above are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 (1) (b) GDPR. After the order has been processed, the transmitted image files will be automatically and completely deleted.

9.2 To the extent necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we will process the contact information you provided when placing your order (name, address, email address) in order to inform you personally about upcoming updates within the legally stipulated period via a suitable communication channel (e.g., by post or email) within the scope of our statutory information obligations pursuant to Art. 6 (1) (c) GDPR. Your contact information will be used strictly for the purpose of notifying you about updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

9.3 To fulfill our contractual obligations to our customers, we work with external shipping partners. We will share your name, delivery address, and, if necessary for delivery, your telephone number, with a shipping partner selected by us exclusively for the purpose of delivering the goods in accordance with Art. 6 (1) (b) GDPR.

9.4 Use of payment service providers (payment services)

- Klarna

If you select a Klarna payment service, the payment will be processed via Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable payment processing, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address, and if applicable, your date of birth and bank details) as well as data related to the order (e.g., invoice amount, item, delivery method) will be passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 (1) (a) GDPR during the ordering process. You can see which credit agencies your data may be forwarded to here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the credit report results, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Klarna uses the information obtained regarding the statistical probability of a payment default to make a considered decision regarding the establishment, implementation, or termination of the contractual relationship.

You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual payment processing.

Your personal data will be processed in accordance with applicable data protection regulations and in accordance with the information in Klarna’s privacy policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or for those affected based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy

treated.

- Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "payment by installments" via PayPal, we pass your payment data to PayPal (Europe) as part of the payment processing. S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to conduct a credit check for payment methods such as credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of default to decide whether to provide the respective payment method. The credit check may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is used in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

- Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, payment processing will be carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We will forward the information you provide during the ordering process, along with information about your order (name, address, account number, bank sort code, credit card number (if applicable), invoice amount, currency, and transaction number), to them in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Shopify Payments' data protection policy can be found at the following website address: https://www.shopify.com/legal/privacy.

Data protection information about Stripe Payments Europe Ltd.can be found here: https://stripe.com/de/privacy

- IMMEDIATELY

If you select the "SOFORT" payment method, payment processing will be handled by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we will forward the information you provided during the ordering process, along with information about your order, in accordance with Art. 6 (1) (b) GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be transferred exclusively for the purpose of processing payments with the payment service provider SOFORT and only to the extent necessary for this purpose. You can find further information about SOFORT's privacy policy at the following website address: https://www.klarna.com/sofort/datenschutz.

- Stripe

If you choose a payment method from the payment service provider Stripe, payment processing will be carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will forward the information you provided during the order process, along with information about your order (name, address, account number, bank sort code, credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 (1) (b) GDPR. Further information on Stripe's data protection policy can be found at the URL https://stripe.com/de/privacy#translation.

Stripe reserves the right to conduct a credit check based on mathematical and statistical procedures in order to protect its legitimate interest in determining the user's ability to pay. Stripe may transmit the personal data required for a credit check and obtained during payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the result of the credit report, these are based on a scientifically recognized mathematical and statistical procedure. Address data, among other things, but not exclusively, is used in calculating the score values. Stripe uses the result of the credit check with regard to the statistical probability of default to decide on eligibility for the selected payment method.

You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.

However, Stripe may still be entitled to process your personal data if this is necessary for the contractual payment processing.

10) Online Marketing

Facebook Pixel for creating custom audiences (with Cookie Consent Tool)

Our online offering uses the so-called “Facebook Pixel” of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).

If a user clicks on an ad placed by us that is displayed on Facebook, a suffix is ​​added to the URL of our linked page via Facebook Pixel. If our page allows data sharing with Facebook via Pixel, this URL parameter is written into the user's browser via a cookie, which our linked page itself sets. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.

With the help of the Facebook pixel, Facebook is able to determine visitors to our online offering as a target group for displaying advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (z.B. Interests in specific topics or products, which are determined based on the websites visited), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The data collected is anonymous to us, meaning it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to serve ads on and off Facebook.

The data processing associated with the use of the Facebook Pixel takes place exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service using the "Cookie Consent Tool" provided on the website.

11) Web analysis services

Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses "cookies," which are text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your shortened IP address) is typically transferred to a Google server and stored there. This may also include transmission to Google LLC servers in the USA.

This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes direct personal reference. This extension will shorten your IP address beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server. LLC.in transferred to the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.

Google Analytics enables a special function, the so-called"Demographic characteristics" also allow us to compile statistics with information about the age, gender, and interests of site visitors based on an analysis of interest-based advertising and with the use of third-party information. This allows us to define and differentiate website user groups for the purpose of targeting marketing measures. However, data collected using "demographic characteristics" cannot be assigned to a specific person.

Details on the processing initiated by Google Analytics and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

All processing described above, in particular the setting of Google Analytics cookies for reading information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. Without this consent, Google Analytics will not be used during your visit to the site.

You can revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics, which obligates Google to protect the data of our website visitors and not to share it with third parties.

For the transfer of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de

12) Rights of the data subject

12.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis stated for the respective conditions for exercising these rights:

- Right to information pursuant to Art. 15 GDPR;

- Right to rectification pursuant to Art. 16 GDPR;

- Right to erasure pursuant to Art. 17 GDPR;

- Right to restriction of processing pursuant to Art. 18 GDPR;

- Right to information pursuant to Art. 19 GDPR;

- Right to data portability pursuant to Art. 20 GDPR;

- Right to revoke consent given in accordance with Art. 7 (3) GDPR;

- Right to lodge a complaint pursuant to Art. 77 GDPR.

12.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

If you exercise your right to object, we will stop processing the data in question. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise your right of objection as described above.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – also by the respective statutory retention period (z.B. commercial and tax retention periods).

When personal data is processed on the basis of an express consent in accordance with Art. 6 (1) (a) GDPR, this data will be stored until the data subject revokes his or her consent.

If there are statutory retention periods for data that are processed within the framework of legal transactions or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we no longer have a legitimate interest in continuing to store them.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When personal data is processed for the purpose of direct marketing on the basis of Art. 6 (1) (f) GDPR, this data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

To improve the interaction with our visitors, we use a Java-Script plugin from uptain GmbH (“uptain-Plugin”). https://www.uptain.de). This allows us to analyze your use of the website and improve our customer service (z.B. through a dialog window). For this purpose, we collect information about your usage behavior, d.hCursor movement, length of stay, links clicked, and any information provided. The legal basis for processing is our legitimate interest in direct marketing and the provision of our website (Art. 6 (1) (f) GDPR). As a processor, uptain GmbH is strictly bound by our instructions. The information collected will not be passed on to third parties unless we are legally obliged to do so. If the information collected by the uptain plugin contains personal data, it will be deleted immediately after your visit to our website.

You can deactivate the use of the uptain plugin at any time via the following link: https://www.goldenpump.de/datenschutz?__up_tracking_unsubscribe