Privacy policy
Privacy Policy
Unless stated otherwise below, providing your personal data is neither a legal nor contractual requirement, nor is it necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to provide it will have no consequences, unless otherwise stated in the subsequent processing operations. "Personal data" refers to any information related to an identified or identifiable natural person.
Server Log Files
You can visit our website without providing any personal information. When you access our website, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log files (so-called server log files). These stored data may include the name of the accessed page, the date and time of access, the IP address, the amount of data transmitted, and the requesting provider. The processing is carried out based on Art. 6 (1) lit. f GDPR, driven by our overriding legitimate interest in ensuring the uninterrupted operation of our website and improving our services.
Your data may be transmitted to third countries outside the EU, particularly to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, the adequacy decision is the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under TADPF. This data transfer takes place based on contractual obligations that are comparable to the standard contractual clauses of the EU Commission.
Contact
Responsible Entity
If you wish, you can contact us. The responsible entity for data processing is:
c/o IP-Management #35714
Ludwig-Erhard-Straße 18
20459 Hamburg
Germany
+4915219332777
support@kratoein.com
VAT Identification Number pursuant to § 27a UStG: DE452165256
Customer-Initiated Contact via Email
If you contact us via email, we collect your personal data (name, email address, message text) only to the extent you provide it. The data processing serves the purpose of processing and responding to your inquiry. If the contact is related to pre-contractual measures (e.g., advice on purchase interest, creating an offer) or concerns a contract already concluded between you and us, the data processing is based on Art. 6 (1) lit. b GDPR. If the contact is for other reasons, the processing is based on Art. 6 (1) lit. f GDPR, due to our overriding legitimate interest in processing and answering your inquiry.
Your email address is used only to process your inquiry. Your data will be deleted after the statutory retention periods, unless you consent to further processing.
Address Validation via Endereco
We use the address validation service of Endereco UG (limited liability), Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany. The data processing aims to verify your input in our address forms in real-time, correcting typographical errors and filling in missing information. If incorrect data is entered, alternative suggestions are displayed for correction.
The processing of your personal data occurs based on Art. 6 (1) lit. f GDPR due to our legitimate interest in having correct data for fulfilling our contractual obligations. You have the right to object to the processing of your personal data at any time for reasons related to your particular situation.
The data is processed separately by Endereco and is not merged with other data. The data is deleted by the provider once the status of the entered data is determined, at the latest after 30 days.
Usage of Google Maps API Address Validation
We use Google’s address validation service (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) on our website. The data processing aims to verify your input in our address forms for typos and missing information. Your entered address data will be transmitted to Google, stored, and processed there. Your data may also be transferred to the USA. For the USA, there is an adequacy decision from the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under TADPF and adheres to European data protection principles.
The processing of your personal data occurs based on Art. 6 (1) lit. f GDPR due to our legitimate interest in having accurate data for fulfilling our contractual obligations. You have the right to object to the processing of your personal data at any time.
Customer Account and Orders
When creating a customer account, we collect your personal data as specified. The data processing aims to improve your shopping experience and simplify order processing. The processing is carried out based on your consent (Art. 6 (1) lit. a GDPR), which you may revoke at any time. Your customer account will be deleted after that.
Data Collection, Processing, and Transfer with Orders
When placing an order, we collect and process your personal data only as necessary to fulfill and process your order and address any inquiries. Providing your data is required to conclude the contract. If you do not provide the data, the contract cannot be concluded. The processing occurs based on Art. 6 (1) lit. b GDPR and is necessary for fulfilling a contract with you.
Your data may be transferred to third parties, such as chosen shipping companies, payment service providers, and IT service providers. In all cases, we strictly follow legal regulations, and the data transfer is limited to a minimum.
Advertising
We use your personal data (name, address) to send postal advertising unless you object to this use. The data processing is based on Art. 6 (1) lit. f GDPR due to our legitimate interest in direct marketing. You can object to this use at any time by contacting us.
Use of Email Address for Newsletter and Direct Marketing
We use your email address for newsletter purposes if you have explicitly agreed to this. You may withdraw your consent at any time without affecting the lawfulness of the processing that was based on consent prior to withdrawal. You can unsubscribe from the newsletter using the link in the email or by contacting us directly.
We may also use your email for sending direct marketing emails about similar products or services unless you have objected to this. If you do not provide your email address, the contract cannot be concluded.
Payment Service Providers, Credit Checks
We use PayPal Express and PayPal Check-Out for payments. Data processing takes place for the purpose of offering payment services. If you select payment via PayPal, the necessary data will be transmitted to PayPal to fulfill the contract. Data processing occurs based on Art. 6 (1) lit. b GDPR. Additionally, PayPal may perform credit checks based on mathematical-statistical procedures using credit agencies.
Cookie Usage
Our website uses cookies. Cookies are small text files stored by your browser. By selecting appropriate settings in your browser, you can control cookie usage and prevent their storage. However, some functions of our website may not be available without cookies.
Analytics, Tracking, and Third-Party Use
We use Google Analytics, Shopify Statistics, and other third-party tools for website analytics and marketing purposes. Data is processed based on your consent under Art. 6 (1) lit. a GDPR.
User Rights and Retention Period
You have the right to access, rectify, delete, restrict processing, and request data portability. You can also object to processing for direct marketing purposes.
If you believe the processing of your personal data is unlawful, you can lodge a complaint with the relevant authority.
This Privacy Policy was last updated on 29th November 2024.