datenschutzerklärung

Concerning the Collection of Personal Data and Contact Information of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data here refers to all data by which you can be personally identified.

1.2 The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Zoran Karanovic, Vacid, Bürkstr. 68, 78054 Villingen-Schwenningen, Germany, email: info@vacid.com. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser bar.

2. Data Collection When Visiting Our Website

If visiting the website is purely for informational purposes, meaning without registration or the transmission of other information, only the data that your browser transmits to our server will be collected. These are so-called server log files, which are technically necessary to enable the correct display of the website:

• The website visited
• Date and time of access
• Amount of data sent in bytes
• Referrer URL (the site from which the request originated)
• Information about the browser
• Information about the operating system
• Information about your IP address (possibly in anonymized form)
• These data are processed based on Article 6(1)(f) GDPR, on the basis of our legitimate interest in optimizing the stability and functionality of our website. There is no further use or disclosure of this data, but we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

3. Hosting

Hosting by Shopify

The utilized e-commerce system on this website is provided by the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for hosting and the correct presentation of the online shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers. In view of the aforementioned services provided by Shopify, additional processing may also be carried out on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. If data is transferred to Shopify Inc. in Canada, the adequacy decision of the European Commission ensures an adequate level of data protection. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., and Shopify (USA) Inc. in the USA are certified under the US-EU Privacy Shield, ensuring the level of data protection applicable in the EU. Further information regarding Shopify's privacy policy can be found at: https://www.shopify.de/legal/datenschutz.

An exception to the aforementioned further processing of your data by Shopify on other servers only occurs within the following framework.

4. Cookies

We use so-called cookies on various pages to make your browsing experience on our website enjoyable and to enable certain functions. These are small text files that are stored on the device with which you visit the website. Session cookies are deleted after closing the browser, while persistent cookies remain on the device you are using and allow your browser to be recognized in the next session. The cookies set collect and process certain user information such as browser data, location data, and IP addresses to an individual extent. Persistent cookies are deleted after a defined period, although this process may vary depending on the cookie. Please refer to the cookie settings of your browser for further information.

Some cookies also serve to simplify the order process by storing settings. For example, items already in the shopping cart are saved for a later visit to the website. If personal data is processed by some of the cookies used, it is done in accordance with Article 6(1)(b) GDPR for the performance of a contract, Article 6(1)(a) GDPR in case of consent given, or Article 6(1)(f) GDPR exclusively to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can configure your browser settings to be informed about the setting of cookies and to individually decide on their acceptance. Of course, each browser differs in the way it manages cookie settings. You can find the respective help menu of your browser at:

• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
• Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Note: Non-acceptance of cookies may result in limited functionality of our website.

5. Contact

If you contact us, for example via the contact form on our website or by email, personal data will be collected. Please refer to the respective contact form to see which data is collected in case of contact through this means. The collection of personal data serves only the purpose of responding to your inquiry or contacting you. The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) GDPR. If the purpose of your contact is to conclude a contract, Art. 6(1)(b) GDPR is to be considered as an additional legal basis. After the final processing of your request, your data will be deleted.

6. Data Processing for Customer Account Opening and Contract Processing

Furthermore, personal data is collected and processed in accordance with Art. 6(1)(b) GDPR if it is communicated to us for the performance of a contract or when opening a customer account. Please refer to the respective input forms to see which data is taken. A customer account can be deleted at any time. Deletion is carried out by sending a message to the address of the controller mentioned above. The data communicated by you is used for contract processing and is subsequently deleted. Afterward, the data is blocked with regard to tax and commercial retention periods. After the expiry of these periods, the data will be deleted unless you have expressly consented to further use of your data or further data usage has been legally reserved by us.

7. Data Processing for Order Processing

7.1) To process an order, we collaborate with the service providers listed below. They support us wholly or partially in the execution of concluded contracts. According to the following information, specific personal data will be transmitted to these service providers.

These will be passed on to the transport company responsible for delivery if necessary for the delivery of the goods. Your payment data will be passed on to the commissioned bank or payment service provider as part of the payment processing if necessary for the payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for data transfer is Art. 6(1)(b) GDPR.

7.2) Use of Special Service Providers for Order Processing

• DHL Fulfillment
• The processing of the order is carried out via the service provider DHL Home Delivery GmbH, Strässchensweg 10, 53113 Bonn, within the scope of "Shipping by DHL Fulfillment". Your personal data will be passed on to DHL Fulfillment exclusively for the purpose of processing the online order in accordance with Art. 6(1)(b) GDPR.

7.3) Use of Payment Service Providers (Payment Services)

• PayPal
• In case of payment via PayPal, credit card via PayPal, direct debit via PayPal, or - if offered - "purchase on account" or "installment payment" via PayPal, we will pass on your payment data as part of the payment processing to PayPal (Europe) S.A.R.L. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The data transfer is carried out exclusively for the purpose of payment processing with PayPal according to Art. 6(1)(b) GDPR.

For payment methods such as credit card via PayPal, direct debit via PayPal, or - if offered - "purchase on account" or "installment payment" via PayPal, PayPal reserves the right to conduct a credit check. In this regard, your payment data may be transferred to credit agencies in accordance with Art. 6(1)(f) GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of this credit check regarding the statistical probability of default to decide on the provision of the respective payment method. The credit check may contain probability values (so-called score values). If these score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is also included in the calculation of the score values. For further information of a data protection nature, including the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

• Stripe
• If you choose a payment method provided by the payment service provider Stripe, the payment processing is carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6(1)(b) GDPR. The data transfer is carried out exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. For more information on Stripe's data protection, please visit the URL: https://stripe.com/de/privacy#translation.

8. Rights of Data Subjects

8.1) Under applicable data protection law, you have comprehensive rights as data subjects regarding the processing of your personal data, which are outlined below:

Right to Information according to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, including the processing purposes, categories of processed personal data, recipients or categories of recipients to whom your data has been or will be disclosed, the planned duration of storage or the criteria for determining the duration of storage, the existence of a right to rectification, erasure, restriction of processing, objection to further processing, complaint to a supervisory authority, the origin of the data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, the significance and the envisaged consequences of such processing, as well as your right to be informed of the safeguards pursuant to Art. 46 GDPR when your data is transferred to third countries.

Right to Rectification according to Art. 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of incomplete data stored by us.

Right to Erasure according to Art. 17 GDPR: You have the right to request the erasure of personal data concerning you under the conditions of Art. 17(1) GDPR. However, this right does not exist, in particular, if the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Right to Restriction of Processing according to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the accuracy of your data contested by you is being verified, if you oppose the erasure of your data due to unlawful data processing and instead request the restriction of processing of your personal data, if you need your data for the assertion, exercise or defense of legal claims after we no longer need this data for the purpose of processing or if you have objected to processing on grounds relating to your particular situation pending the verification whether our legitimate grounds override yours.

Right to Information according to Art. 19 GDPR: If you have asserted your right to rectification, erasure or restriction of processing to the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

Right to Data Portability according to Art. 20 GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller, where technically feasible.

Right to Withdraw Consent according to Art. 7(3) GDPR: You have the right to withdraw your consent to the processing of data at any time with future effect. In case of withdrawal, we will promptly delete the data concerned unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint according to Art. 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

8.2) Right to Object

If we process your personal data based on our overriding legitimate interest within the framework of a balancing of interests, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

If you exercise your right to object, the processing of the data concerned will be terminated. However, further processing remains reserved if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.

If your personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise the objection as described above.

If you exercise your right to object, we will cease the processing of your data for the aforementioned direct marketing purposes.

9. Storage Duration of Personal Data

The storage duration of data with personal reference is determined based on the respective legal basis, the purpose of processing, and, if applicable, additionally based on the respective legal retention period (e.g., commercial and tax retention periods).

In the case of processing data with personal reference based on explicit consent according to Art. 6(1)(a) GDPR, this data will be stored until the data subject revokes their explicit consent.

If there are legal retention periods for data processed in the context of contractual or quasi-contractual obligations based on Art. 6(1)(b) GDPR, these data will be routinely deleted after the expiration of the retention periods, provided they are no longer necessary for the performance or initiation of a contract and/or there is no longer a legitimate interest on our part in continuing to store them.

In the case of processing data with personal reference based on Art. 6(1)(f) GDPR, this data will be stored until the data subject exercises their right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is for the establishment, exercise, or defense of legal claims.

In the case of processing data with personal reference for the purpose of direct marketing based on Art. 6(1)(f) GDPR, such data will be stored until the exercise of the right to object under Art. 21(2) GDPR by the data subject.

If nothing else emerges from the other information in this statement about specific processing situations, stored data with personal reference will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.