This policy applies to data processing by:
The Data Protection Officer at internetstores can be contacted at the above address. Please address inquiries to Maren Frey, Data Protection Officer, or by email to privacy[at]addnature.co.uk erreichbar.
If you are located in the United Kingdom, you may also contact our UK data protection
representative according to Article 27 UK GDPR:
DP Data Protection Services UK Ltd., Attn: Internetstores 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
1. Web hosting
For the provision of this website (https://www.addnature.co.uk), we use the web hosting service Salesforce Commerce Cloud of Salesforce.com. Inc, The Landmark @ One Market, Suite 300, San Francisco, CA 94105 (hereinafter "Salesforce"). Salesforce stores this website on its servers (hosting). The provision of a website requires the commissioning of a web hosting service. The use of Salesforce takes place in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO on the basis of our legitimate economic interest in making our offer available on this website. In connection with the hosting, Salesforce processes personal data on our behalf, which is generated during the following actions of the user:
- when visiting the website;
- when placing an order as a guest;
- when creating a customer account;
- when registering for the newsletter;
- when using the contact form.
We have concluded an order processing contract with Salesforce for the use of the Commerce Cloud. Through
this contract, Salesforce assures that they process the data in accordance with the General Data Protection
Regulation and ensure the protection of the rights of the data subject. The forwarding of personal data to
Salesforce takes place on the basis of the binding internal data protection regulations of Salesforce
pursuant to Art. 46 (2b), 47 DSGVO (so-called Corporate Binding Rules) as well as the standard data
protection clauses of the European Commission pursuant to Art. 46 (2c) DSGVO. Both sets of rules are
anchored in the Salesforce
Data Processing Addendum, which we have concluded with Salesforce. In addition, the
Salesforce Commerce Cloud is certified by reliable security standards, including PCI-DSS, SOC2, ISO
For more information on data protection in relation to Salesforce Commerce Cloud, please see the Salesforce Privacy Statement.
2. Visiting our website
When you visit our website www.addnature.co.uk your browser will automatically send certain information used on your device to our website's server. This information will be stored temporarily in a so-called log file. The following data will be automatically collected and stored before it's deleted from the log files after 52 days, and then completely deleted after no more than 2 further months.
- I.P. address of the requesting computer,
- Date and time of the request,
- Name and URL of the file retrieved,
- Website accessed (referrer URL),
- Browser type, version and other information sent by the browser (such as your computer's operating system).
We process this data for the following purposes:
- to ensure a smooth connection to the website,
- to ensure our website is easy to use,
- to analyse system security and stability,
- to detect and prevent attacks on our website,
- to continually improve the website
- for various other statistical and administrative purposes.
The legal basis for this data processing is provided by Art. 6 Para. 1 Clause 1 Letter f
GDPR. Our legitimate interest is established by the purposes of the data processing listed above.
3. When you order as a ‘guest’
If you place an order as a guest through our website, we'll collect and process the following information:
- Your title, first name, surname
- A valid email address
- Postal address
- Telephone number
- Depending on the time of payment, payment data (e.g. bank account)
This information is in addition to other information you give voluntarily (e.g. date of birth). We process this data to:
- identify you as our contract partner
- check the validity of the data
- process your payment
- where applicable, personalise our advertising
- process any warranty claims and to assert any claims against you
- arrange the delivery date of your bike by telephone
The data processing takes place upon your request and is necessary pursuant to Art. 6 Para. 1 Clause 1
Letter b and Letter f GDPR for the purposes above for the performance of a contract, to take steps before
entering into a contract as well as our legitimate interests.
We work with the following specialist service provider to send transaction emails relating to your orders and send them the necessary information for your order:
Cheetah Digital Germany GmbH; Speditionstraße 1, 40221 Düsseldorf
The service provider was carefully selected and commissioned by us, is bound by our
instructions, and checked regularly, in particular regarding the implementation of appropriate technical and
organisational measures to protect data.
Data is not transferred to countries outside of the EEA.
The personal data processed for this order will be stored until the end of the statutory warranty period and automatically deleted immediately afterwards, unless we have an obligation to store the data for a longer period pursuant to Article 6 Para. 1 Clause 1 Letter c GDPR due to retention periods and documentation obligations under tax and commercial law (German Commercial Code [HGB], German Criminal Code [StGB] or German Fiscal Code [A.O.]) or you have given consent to the data being stored for a longer period pursuant to Art. 6 Para. 1 Clause 1 Letter a GDPR.
4. When you create a customer account
When you create a customer account in our online store, we ask you to provide the following data:
- Title, first name, surname
- A valid email address
- A password
- Your postal address
- Telephone number
- Payment data (for example, your bank account).
We also ask for other non-obligatory personal information. This data is collected, stored and processed so we can continually improve your individual shopping experience and offer you convenient features in our online shop. These include access to your personal order history, saved shopping basket items and notes for future purchases as well as being able to:
- identify you as our contract partner
- check the validity of the data entered
- process the payment for your order
- personalise advertising for you
- process any warranty claims and to assert any claims against you
- coordinate the delivery date of your bike by telephone (we'll use your telephone number exclusively for this purpose).
Data processing is carried out on the basis of Art. 6 (1) sentence 1 lit. b DSGVO and
Art. 6 (1) sentence 1 lit. f DSGVO due to our legitimate interests for the aforementioned purposes.
We store the personal data collected for registration and login until you submit a deletion request to us. In the event of a request for deletion, we will only retain the necessary information on your orders if storage beyond this is necessary for the fulfilment of the contract on the basis of Article 6 (1) sentence 1 b DSGVO or if we are obliged to store the data for a longer period of time in accordance with Article 6 (1) sentence 1 c DSGVO due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO).
5. When creating customer profiles
When you use our online shop, we create a customer profile for you using your data, in particular
- information about you
- statistical information (e.g. the nature, frequency and intensity of your visits to the website)
- offers, brands and suppliers viewed
- resulting information about your interests
We use this information
- for statistical analyses
- for market research
- to optimise our services
- to send you advertising tailored to your actual or presumed needs and thus not bother you with unwanted or inappropriate advertising
This data processing is necessary according to Art. 6 Para. 1 Clause 1 Letter f GDPR to
pursue our legitimate interests and achieve these purposes. These purposes are also served by the storage
and analysis of usage data from the online area on a pseudonymised basis.
If you object to the analysis and personalisation of our service and advertising, which you can do at any time, the processing will be stopped and your data will be deleted, unless we have an obligation to store it for a longer period based on Art. 6 Para. 1 Clause 1 Letter b GDPR for the performance of the contract or pursuant to Article 6 Para. 1 Clause 1 Letter c GDPR due to retention periods and documentation obligations under tax and commercial law (German Commercial Code [HGB], German Criminal Code [StGB] or German Fiscal Code [A.O.]).
6. When you use our contact form/ customer services
You can send us general enquiries using the contact form provided on our site. In addition to your title, your name, a valid email address and an existing order number (if applicable), we also ask for a subject with your query. We need this information to be able to answer your enquiry.
If you submit a support ticket or enquiry without using the contact form and use one of our email addresses "example"@bikester.co.uk, your enquiry will also be sent to our customer services. This does not apply to the privacy email addresses (addnature[at]gdpr-rep.com; privacy[at]addnature.co.uk.).
Data processing for the purpose of contacting us is carried out in response to your enquiry and on the basis of Art. 6 (1) sentence 1 lit. b GDPR or to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to be able to respond to enquiries from our customers and thus ensure a functioning customer service.
We work together with the following specialised service provider to process your enquiry:
Freshdesk from Freshworks Inc, 2950S. Delaware Street, Suite 201, San Mateo, CA 94403 (hereinafter "Freshdesk").
We have entered into an order processing agreement with Freshdesk for the use of Freshdesk software. Freshdesk is the name of the customer service system used to accept, process and manage contact requests. Through this contract, Freshdesk assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.
The server location is within the Federal Republic of Germany. Information about this can be found here.
The forwarding of personal data to Freshdesk takes place on the basis of an order data processing agreement. If Freshdesk processes personal data in the USA, this is done on the basis of so-called standard contractual clauses in accordance with Art. 46 Para. 2 c) GDPR, as well as further measures to protect your data.
Both sets of regulations are anchored in the Master Service Agreement we have with Freshdesk. In principle, however, data hosted in the European Economic Area also remains in this area, as Freshdesk guarantees. You can find more information this here. In addition, Freshworks, the provider of Freshdesk, is certified by reliable security standards, including SOC2, ISO 27001.
Personal data collected by us for the contact form will be deleted after the request you have made has been dealt with, unless we have to retain it due to the nature of your request or we are obliged to retain it for a longer period of time pursuant to Article 6 (1) sentence 1 lit. c GDPR due to retention and documentation obligations under tax and commercial law (from HGB, StGB or AO).
7. Telephone customer contact/customer services
You can make general enquiries via one of the telephone numbers provided by us.
We work with the following specialist service provider to handle your enquiry:
Freshcaller from Freshworks Inc, 2950S. Delaware Street, Suite 201, San Mateo, CA 94403 (hereinafter "Freshcaller").
Freshcaller is a system used to communicate with customers over an IP telephone system.
A call placed with the Freshcaller service will automatically create a support request with Freshdesk, which will include your telephone number. Freshcaller may also collect the time (timestamp) and duration of the call and call records for the provision of this service. The provisions on Freshdesk under point II. 7. apply to the support request made.
Calls are not recorded.
We have concluded an order processing contract with Freshcaller for the use of the Freshcaller software. Through this contract, Freshcaller assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.
The server location is within the Federal Republic of Germany. Information about this can be found here.
The forwarding of personal data to Freshcaller takes place on the basis of an order data processing agreement. If Freshcaller processes personal data in the USA, this is done on the basis of so-called standard contractual clauses in accordance with Art. 46 Para. 2 c) GDPR, as well as further measures to protect your data.
Both sets of regulations are anchored in the Master Service Agreement that we have concluded with Freshcaller. In principle, however, data hosted in the European Economic Area (EAA) remains in this area, as Freshcaller guarantees. You can find more information about this here. In addition, Freshworks, the provider of Freshcaller, is certified by reliable security standards, including SOC2, ISO 27001.
Data processing for the purpose of contacting us is carried out in response to your request and on the basis of Art. 6 (1) p. 1 lit. b GDPR or to protect our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR. Our legitimate interest is to be able to respond to enquiries from our customers and thus ensure a functioning customer service.
8. In connection with our newsletters
As a customer or interested party, we would like to send you our newsletter. If you are already a customer of ours, we will therefore also use your e-mail address to send you our personalised newsletter about similar product offers. If you are not a customer of ours but would still like to receive the newsletter, we only need your e-mail address to send you the newsletter. The sending is based on your explicit consent (Art. 6 para. 1 p. 1 lit. a DSGVO) or, if you are already our customer, based on our legitimate interests in informing you about current product recommendations for you (direct marketing).
If you have given us your express consent to send newsletters (Art. 6 para. 1 p. 1 lit. a DSGVO), we evaluate your user behaviour in connection with our newsletters in order to be able to tailor our advertising approach to your interests and to optimise our offers on our website for you. For this purpose, we use the following specialised service providers to whom we transmit the personal data required for this purpose (order data, product detail pages, checkout activities):
Emarsys, Stralauer Platz 34, 10243 Berlin (hereinafter ‘Emarsys’);
Oracle DMP of Oracle Corporation 500 Oracle Parkway Redwood Shores,
CA 94065 / USA (hereinafter "Oracle").
b. Objection to personalisation / revocation of consent/unsubscribing from the
You can revoke your consent to the personalisation of our newsletter at any time by sending us an email to service[at]addnature.co.uk. If you do so, we will no longer send you a personalised newsletter but will continue to send you our general newsletter.
Furthermore, it is also possible to unsubscribe from our newsletters completely at any time, e.g. via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time by e-mail to privacy[at]addnature.co.uk / addnature[at]gdpr-rep.com. As well as to service[at]addnature.co.uk. Your personal data collected in connection with and exclusively for the purpose of sending the newsletter will be deleted immediately after unsubscribing.
9. SurveyMonkey survey with sweepstake
SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland (hereinafter 'SurveyMonkey')
to generate web-based online surveys.
Participation in online surveys is voluntary. If you participate in an online survey, we log your IP
address, operating system, device type and other personal information that you provide as part of the
We only collect necessary data and only share this data with third parties in response to regulations or court orders to conduct the survey (SurveyMonkey) and, where applicable, send out prizes.
SurveyMonkey may collect data itself. This can include contact information, usage data, device and browser data, information from 'page tags', referral data and data from third parties and integration partners. We have no influence or control over this. You can find more information about this here.
We have entered into a data processing contract with SurveyMonkey. Through this contract, SurveyMonkey ensures that they will process all data in accordance with data protection regulations and ensure the protection of the rights of the data subject. If SurveyMonkey processes personal data in the USA, this is done based on so-called standard contractual clauses in accordance with Art. 46 Para. 2 c) DSGVO (General Data Protection Regulation), as well as further measures to protect your data. See here for more details.
The legal basis for the data processing described above is your consent in accordance with Article 6(1)(a)
In principle, we store your data concerning a survey or a survey with the possibility of a prize draw for an appropriate period after collection.
If you are uncomfortable with this, you can contact our customer service directly by telephone at any time. You can revoke your consent at any time without reason. Please contact Internetstores GmbH, Friedrichstraße 6, 70174 Stuttgart or via email at service[at]addnature.co.uk or privacy[at]addnature.co.uk / addnature[at]gdpr-rep.com with effect for the future.
You can find more information about cookies used on survey pages here.
1. For payment processing
As part of the fulfilment of the contract in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we use various payment service providers to process payments. For this processing, it may be necessary for us to forward the personal data collected in the payment process, such as name, address, telephone number, email address, credit card or bank account data and transaction data to the payment service provider. In some cases, the payment service providers also collect this data themselves.
As part of the performance of the contract pursuant to Art. 6 (1) sentence 1 lit. b DSGVO, we use the payment service providers listed below for the processing of payments:
a. Payments with Adyen
We offer payment processing by means of the full payment service provider
Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam (hereinafter "Adyen").
Adyen is a payment service provider and as such Adyen offers acquiring services. Being an acquirer means that Adyen accepts payment on behalf of the relevant merchant and then transfers the amounts paid by the buyer (‘you’) to the merchant. Adyen's role is to request the relevant payment system, such as Mastercard, Visa or iDeal, authorise the transaction and send it to the buyer's bank for approval. If the bank gives approval, Adyen is informed of this by the relevant payment system and makes the payment to the merchant's bank. By selecting a payment option, you consent to the transmission of personal data during the payment process.
The personal data transmitted to Adyen is usually: first name, surname, address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data necessary to process a payment. Personal data that’s related to the respective order, such as the browser language or shipping method, is also necessary to process the purchase contract. In particular, there may be a mutual exchange of payment information, such as bank details, card number, validity date and CVC code, data on goods, services and prices.
The purposes of this data transfer are identity verification, payment administration and fraud prevention. The controller will transfer personal data to Adyen if there is a legitimate interest for the transfer. The personal data exchanged between Adyen and the controller may be transferred by Adyen to credit reference agencies. The purpose of this transfer is to check identity and credit score.
Adyen also discloses personal data to service providers or subcontractors to the extent necessary to fulfil
contractual obligations or to process the data.
We use Adyen for the following payment methods:
i. Payments with Paypal
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L- 2449 Luxembourg (hereinafter ‘Paypal’).
If you pay with your PayPal account, you will still be redirected to the PayPal website. There you can log
in with your account details and approve the payment. If you choose the payment options ‘direct debit’,
‘credit card’ or ‘purchase on account’, you will also be redirected to the PayPal website. There you can
approve the payment with or without a PayPal account by providing the payment information. We have no access
to personal data collected by PayPal. PayPal is responsible for their processing.
ii. Credit card payments
When paying by credit card, the payment data you enter will be stored at ‘Adyen’ and only passed on to the companies involved in the payment process.
By paying by credit card, you accept the terms and conditions of the payment provider. In this case, we do not collect or store payment data.
Further information on this can be found in your credit card company’s data protection regulations.
iii. Klarna Pay Later
We offer you the possibility to pay your order ‘on account’. In doing so, we make an advance payment. When you select these payment options, your personal data will therefore be passed on by Adyen to:
Klarna GmbH, Theresienhöhe 12, 80339 Munich (hereinafter ‘Klarna‘).
for the purpose of assessing our credit risk.
Klarna has the credit risk assessed by credit agencies and receives information and, if necessary, creditworthiness information based on mathematical, statistical procedures (scoring), the calculation of which includes, among other things, address data and your date of birth.
Klarna works together with the following credit agencies:
- Deltavista GmbH, Freisinger Landstraße 74, 80939 Munich, Tel.: +49 (0)721-25511-777
- Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Tel.: +49 (0)2131-109-501, Fax: -557
- infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Tel.: +49 (0)7221-5040-1000, Fax: -1001c
- Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstraße 18, 22761 Hamburg, Tel.: +49 (0)40-89803-0, Fax: -777
- Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf, Germany
- Regis24 GmbH, Wallstraße 58, 10719 Berlin, Tel.: +49 (0)30 44350-240, Fax: -249c
- CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Tel.: +49 40 89803-0, Fax: -777/ 778
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden (information about your stored data can be obtained from SCHUFA Holding AG, Consumer Service, P.O. Box 5640, 30056 Hanover).
The collection, storage and forwarding of this data is therefore carried out for the purpose of checking your creditworthiness and to avoid a payment default as well as for fraud prevention on the basis of Art. 6 Para. 1 Sentence 1 lit. f DSGVO. Based on this information, statistical probability of credit default and thus your solvency (credit rating) is calculated. If this creditworthiness check is positive, an order on account is possible. If the credit check is negative, our shop system will not allow you to pay on account. The decision as to whether an order is also possible on account is based solely on an automated decision by our online shop system, which is carried out by Klarna or the credit agencies commissioned by it, so that a manual checking of your documents by one of our employees isn’t required.
Insofar as we make automated decisions with legal effect, you have the right to receive information about the logic involved, as well as the scope and intended effects of this data processing. You can have this automated decision reviewed against us, explaining your point of view, and have the right to human intervention by us. To do so, please contact email@example.com.
iv. Klarna Pay Now
1) Klarna instant transfer
We also offer payment by instant bank transfer. To do this, all you need is your account number, BIC or sort code, and the PIN and TAN for your online banking account. During the ordering process, you will automatically be redirected to a secure payment form from Klarna Bank AB (‘Klarna’). Immediately afterwards, you will receive confirmation of the transaction. We will then directly receive the transfer credit. Anyone who has an activated online banking account with PIN/TAN procedure can use Sofortüberweisung as a payment method. Please note that a few banks do not yet support payment by instant transfer.
2) Direct debit
If you select the direct debit payment method when placing your order, you must provide your account details (IBAN and BIC), which will be passed on to Klarna. The payment is due by direct debit upon conclusion of the contract and will be debited by Klarna from your specified account. The debit will take place after the goods have been dispatched. You will be notified of the date by email . The direct debit payment method requires, among other things, a successful identity and credit check (see below under iii).
2. For delivery of your order
To ship your order (Art. 6 Para. 1 Clause 1 Letter b GDPR) and make delivery as convenient as possible (Art. 6 Para. 1 Clause 1 Letter f GDPR), we forward the data you provide for your delivery address as well as your email address and where applicable, your telephone number to shipping service providers, who dispatch your consignment solely for the purpose of delivery and notification of delivery. These service providers handle your information subject to data protection laws.
3. For internal administrative and advertising purposes
We are part of the SIGNA Sports United Group.and a wholly-owned subsidiary of SIGNA Retail GmbH. As such, we sometimes supply personal data (pseudonymous usage profiles) within a contractual relationship to
SIGNA Retail GmbH, Freyung 3, 1010 Vienna (hereafter: "SIGNA")
for analysis and marketing purposes (e.g. Google Analytics and Salesforce DMP). The data
is transferred based on Art. 6 Para. 1 Clause 1 Letter f GDPR and to pursue our legitimate interests of a
pseudonymous analysis of data by the SIGNA Sports Group.
You can object to the use of your personal data for advertising purposes at any time without stating reasons. In this case, SIGNA will also no longer be able to view your personal data.
4. For coupon offers by Sovendus GmbH
For a coupon offer to be selected, the hash value of your email address and I.P. address is sent pseudonymised and encrypted to:
Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Art. 6 Para. 1 f GDPR).
The pseudonymised hash value of the email address is used to consider any possible
objection against the advertising by Sovendus (Art. 21 Para. 3, Art. 6 Para. 1 c GDPR). The I.P. address is
used by Sovendus solely for data security purposes and is as a rule anonymised after seven days (Art. 6
Para. 1 f GDPR). We also send for billing purposes, the pseudonymised order number, order value with
currency, session I.D., coupon code and time stamp to Sovendus (Art. 6 Para. 1 f GDPR).
If you are interested in a coupon offer from Sovendus, have not objected to advertising for your email address and click on the voucher banner displayed in this case, your title, name and email address will be sent encrypted to Sovendus in order to prepare for the coupon (Art. 6 Para. 1 b, f GDPR).
5. For the integration of the Trusted Shops badge
To display our Trusted Shops quality seal and Trusted Shops products to buyers after ordering, the Trusted Shops badge is integrated into this website.
This helps to protect our, in the balancing of various interests, overriding legitimate interest to ensure the optimal marketing of our offering (Art. 6 Para. 1 Clause 1 Letter f GDPR). The trust badge and the services purchased with it are provided by:
Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne
When you access the trust badge, the web server automatically stores a so-called log
file which contains, e.g. your I.P. address, date and time of access, data volume transmitted and the
requesting provider (access data) and documents this access. This access data is not analysed and will be
overwritten automatically no later than seven days after your visit.
Additional personal data is only forwarded to Trusted Shops if, after completing an order, you decide to use Trusted Shops products or if you have already registered to use Trusted Shops products. In this case, the contractual agreement concluded between you and Trusted Shops will apply.
6. To rate our shop using Google reviews
You can rate the purchasing process on our website using the Google reviews survey. If you consent to taking part (Art. 6 Para. 1 Clause 1 Letter a GDPR), you will be sent a survey by Google after delivery of your order. For this purpose, we send the following information about your order
- the order I.D.
- your email address
- the country in which the order will be delivered
- the delivery date for your order
- the Global Trade Item Number so that the review data can be attributed to our item
We send this information to
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: "Google")
The processing of personal data by Google is carried out under Google's own responsibility on the basis of the standard data protection clauses of the European Commission pursuant to Art. 46 (2c) DSGVO. Google has also implemented extensive technical and organisational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access. These Google measures are certified in accordance with the ISO/IEC 27001:2013 standard.
You can withdraw your consent given to us at any time. This has the consequence that we may no longer continue the data processing described above, which is based on this consent, in the future. Further information on Google's data protection in connection with the Google Customer Reviews programme can be found here.
7. When you access integrated YouTube videos
We use, on our website, on the basis of Art. 6 Para. 1 Clause 1 Letter f GDPR and to pursue our legitimate interests of making our website interesting for you, components (videos) from the company
YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereafter: "YouTube"), a company
Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: "Google").
Here we use the "enhanced data protection mode" option provided by YouTube. If you visit
a page which has an embedded video, a connection is established with YouTube’s servers and this content is
displayed on the website by a message via your browser.
According to YouTube, in "enhanced data protection mode", your data, in particular which of our internet pages you have visited and device-specific information including the I.P. address, will only be sent to the YouTube server in the USA when you view the video. The data is not sent until you click the video.
If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
The processing of personal data by Google is carried out on the basis of the standard data protection clauses of the European Commission in accordance with Art. 46 (2c) DSGVO. Google has also implemented extensive technical and organisational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access.
These Google measures are certified to the ISO/IEC 27001:2013 standard.
8. Google Maps
We use the Google Maps service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website to display an interactive map. Due to the implementation, Google collects device-related information, log data including the IP address as well as location-related information.
No data is transmitted to Google by simply accessing our website. Only by clicking on the map do you activate the interactive map from Google Maps and thus consent to the transmission of data to Google.
The processing of personal data by Google takes place under Google's own responsibility on the basis of the standard data protection clauses of the European Commission in accordance with Art. 46 (2c) DSGVO. Google has also implemented extensive technical and organisational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access. These Google measures are certified in accordance with the ISO/IEC 27001:2013 standard.
Google uses personal data to evaluate the use of the website, to compile reports on
website activity and to provide other services associated with the use of the website and the Internet for
the purposes of market research and the design of these websites in line with requirements.
9. Google reCAPTCHA
To protect our website, we use the services of Google reCAPTCHA, a product of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google reCAPTCHA can be used to check whether the file input, for example in a contact form, is made by a human or by an automated program (a so-called "bot").
Google reCAPTCHA analyses and evaluates various information for this purpose. This information includes:
- IP address
- Referrer URL
- Device and application data
- Dwell time of the website visitor
- Mouse movements and keystrokes made by the user
- Information about operating systems and browsers
- Screen resolution, as well as language settings
- Location data
- Interactions with Google reCAPTCHA on other websites
- As well as results of manual recognition processes, for example, the answers of questions asked or the selection of objects
The data collected during this analysis is forwarded to Google and may also be shared with other third parties. The analysis by Google reCAPTCHA takes place in the background. The website visitor learns about Google reCAPTCHA when solving the task posed by Google reCAPTCHA or when confirming "I am not a robot".
IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data reaches a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA.
The storage and analysis of the data are based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and spam. In addition, there is a legitimate interest to protect our website from automated entries (attacks).
We use a service of
Zenloop GmbH, Pappelallee 78-79 10437 Berlin (hereinafter "Zenloop").
The legal basis for the use of this service is our legitimate interest in conducting customer surveys to improve our offerings, based on Art. 6 para. 1 S.1 lit. f DSGVO.
We will delete this data after it has served its purpose. This will usually be the end of the survey and after we have drawn any necessary conclusions from the survey. After that, this data will be deleted.
Zenloop does not transfer data to third parties in the context of processing activities carried out on our behalf. Should a transfer to a third party take place through subcontractors of Zenloop, this will only take place on the basis of adequate safeguards within the meaning of Art. 46 DSGVO.
You can reach Zenloop's data protection officer at dpo[at]zenloop.com.
12. Fit Finder online size advisor
We use Fit Finder from Fit Analytics GmbH, Frankfurter Allee 77, 10247 Berlin
(hereinafter ‘Fit Analytics’) on this website. Fit Analytics is an online size advisor. When you click the
link on a product detail page, a separate window will open.
To help you get sizing advice, you can provide the following information to Fit Analytics:
- Body type
- Clothes fit preference
- Reference brand (optional)
- Reference article (optional)
- Reference size (optional)
- Age (optional)
- Bra size (optional)
In addition, the following data can be collected after entering your basic information:
To help you get sizing advice, you can provide the following information to Fit Analytics:
- Session ID (encryption of the IP address using a hashing process)
- Anonymised purchase and return data
- Order ID
- Article ID
- Ordered size
- Reason for return)
Fit Analytics calculates individual size recommendations based on statistical
evaluations, anonymised shopping data and returns behaviour. This data is stored in a Fit Analytics cookie
for a period of 90 days. At the end of these 90 days, it’s automatically deleted. Please note that you may
be shown size recommendations for other items on future visits or your current visit to our website.
Fit Analytics processes this data temporarily to provide you with the requested content pursuant to art. 6 para. 1 lit. f DSGVO. Furthermore, this data processing is necessary to provide you with the service pursuant to art. 6 para. 1 lit. b DSGVO. The embedding of this cookie is controlled by our OneTrust consent management tool (see point V).
Find more information on data protection at Fit Analytics here.
To exercise your rights against Fit Analytics, please contact the following email address: privacy[at]fitanalytics.com
Internetstores GmbH’s data protection officer can be reached at the following email address: privacy[at]addnature.co.uk
12. Information on possible risks with data transfers to insecure third
countries, in particular the USA.
With the ECJ ruling of 16 July 2020 (C-311/18), the (partial) adequacy decision for the USA according to Art. 45 (1) GDPR, the so-called Privacy Shield was declared null and void.
The USA is thus a so-called unsafe third country. A "third country" is a state outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered "insecure" if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45(1) GDPR confirming that adequate protection for personal data exists in the country. This means that the USA currently does not offer a level of data protection comparable to that of the EU.
In particular, when transferring personal data to the US, there is a risk that US authorities may gain access to personal data on the basis of the surveillance programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens do not have effective legal protection against this in the US or the EU.
In this privacy notice, we inform you when and how we transfer personal data to the US or other unsecure third countries. We only transfer your personal data if
- the recipient provides sufficient guarantees in accordance with Art. 46 (1) DSGVO for the protection of the personal data;
- you have expressly consented to the transfer after we have informed you of the risks in accordance with Art. 49 (1) a) DSGVO;
- the transfer is necessary for the performance of contractual obligations between you and us (Art. 49 (1) (b) DSGVO);
- another exception from Art. 49 DSGVO applies.
Guarantees according to Art. 46 (1) of the GDPR can be so-called Binding Corporate
Rules, i.e. binding internal data protection regulations of a provider agreed with the supervisory
authorities. Likewise, according to Art. 46 (2) (c) of the GDPR, so-called standard contractual clauses
issued by the European Commission pursuant to Art. 93 (2) of the GDPR may be considered as suitable
guarantees. In these standard contractual clauses, the recipient assures to sufficiently protect the data
and thus to guarantee a level of protection comparable to the GDPR. We ensure beforehand that the recipient
can also fulfil the agreed guarantees.
At the moment, we base a transfer of data to the USA exclusively on guarantees according to Art. 46 (1) of the GDPR. Should this no longer be possible in the future and we would have to base a transfer of personal data to third parties on your consent pursuant to Art. 49 (1) a) DSGVO, we would only do so temporarily, in particular only until such time as the third parties concerned have either issued binding internal data protection rules pursuant to Art. 46 (2) b), 47 DSGVO or allow the conclusion of standard data protection clauses issued by the European Commission pursuant to Art. 46 (2) c), 93 (2) DSGVO.
13. For other purposes
In addition, we only pass on your personal data to third parties if:
- you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO,
- there is a legal obligation to pass on the data in accordance with Art. 6 Para. 1 Sentence 1 lit. c DSGVO, as well as
- the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 (1) sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
1. What are cookies and pixel tags?
We use pixel tags (also called tracking pixels) in our online offerings. Pixels are small graphics which are integrated using the HTML code of our webpage. The pixel tag does not store or change any information on your device; pixels also do not damage your device and do not contain viruses, Trojans or any other malware.
Pixels can send personal data such as your I.P. address, the referrer URL of the website visited, the time the pixel was viewed, the browser used and previously placed cookie information to a web server. As a result, reach measurements and other statistical analyses used to optimise and refine our product selection can also be conducted.
2. What is the legal basis for processing using cookies and pixel
Our website uses the consent management service OneTrust of 2020 OneTrust, LLC (Dixon House, 1 Lloyd's
Avenue, London EC3N 3DQ, United Kingdom).
In this context, the date and time of the visit, browser information, consent information, device information and IP address of the requesting device are processed. The legal basis is Art. 6 para. 1 p. 1. lit. f DSGVO (legitimate interest). Obtaining and managing legally required consents is considered a legitimate interest in the sense of the aforementioned provision, as the interference with the rights of users as a result of the use of anonymised IP addresses and the involvement of a service provider based in Germany is very low.
OneTrust stores consents and revocations on our behalf and on our instructions. The storage is based on Art. 6 para. 1 p. 1 lit. f DSGVO. Being able to comply with the accountability obligation pursuant to Art. 5 (2) DSGVO is a legitimate interest. Further information on data protection at OneTrust can be found here.
The tracking and targeting measures listed below and used by us are carried out if you
have given us your consent for this (see above under IV. 2).
With the tracking measures used, we want to ensure a needs-based design and continuous optimisation of our website.
On the other hand, we use the tracking measures to statistically record the use of our website. Through the targeting measures used, we also want to ensure that you are only shown advertising on your end devices that is oriented to your actual or presumed interests.
The respective data processing purposes and data categories can be found in the description of the corresponding tracking tools. You can revoke or adjust your consent at any time with effect for the future.
We use the online marketing tool Adform from Adform A/S, Wildersgade 10B, 1st sal. DK-1408 Copenhagen, Denmark.. Adform, as a so-called demand side platform, enables us to automate the purchase of advertising inventory and thereby use our advertising budget as efficiently as possible. When you click on an ad, Adform leaves cookies on your machine. Via the cookie ID, Adform records which ads are displayed in which browser and can thus prevent them from being displayed to the same user more than once. In addition, Adform can use cookie IDs to record so-called conversions that are related to ad requests, such as when a user clicks on an Adform ad and later visits the advertiser's website with the same browser and makes a purchase there. This allows us to improve campaign performance reports. Adform cookies do not contain any personal information such as email addresses, names or postal addresses.
We have entered into an order processing agreement with Adform. In it, Adform assures us that they will process the data in accordance with our instructions and ensure the protection of the data subject's rights.
You can find more information about data protection at Adform here.
2. Adobe Media Optimizer
We use the Media Optimizer tool from the Adobe Advertising Cloud of Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. If you click on an advertisement in a search engine, Adobe Media Optimizer sets cookies which are stored on your computer or other end device. The cookie IDs allow us to track conversions related to specific ads, such as when a user clicks on an ad in a search engine and later visits our website and makes a purchase. This enables us to improve the marketing of our website in the organic search results of internet search engines and thus increase the number of visitors to our website and the conversion rate. In the course of using Adobe Media Optimizer, data, such as in particular the IP address, order value and activities of the user, are transmitted to a server of Adobe Systems Software Ireland Limited and stored there. We have concluded an order processing agreement with Adobe. In it, Adobe assures us that they will process the data in accordance with our instructions and ensure the protection of the rights of the data subject. In the event personal data is transferred from Adobe to the USA, this is done on the basis of the standard data protection clauses of the European Commission in accordance with Art. 46 (2c) DSGVO. Adobe has also implemented extensive technical and organisational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access. These Adobe measures are certified to the ISO/IEC 27001:2013 standard.
For more information about Adobe's privacy practices, click here.
3. Channel Pilot
On this website, we use technologies from Channel Pilot Solutions GmbH, Überseeallee 1, 20457 Hamburg to collect and store data from which usage profiles are created using pseudonyms. These usage profiles help us analyse visitor behaviour to improve our website and ensure it’s tailored to the needs of our users. For this purpose, cookies can be used. The pseudonymised usage profiles are not directly combined with personal data about the bearer of the pseudonym.
Further information on data protection at Channel Pilot can be found here.
On this website, we use technologies from Epoq Internet Services GmbH (www.epoq.de) to collect and store data from which usage profiles are created using pseudonyms. These usage profiles facilitate the analysis of visitor behaviour to improve our website and ensure that it is tailored to the needs of users.
For this purpose, cookies can be used. The information produced is sent to a server in Germany, where it is stored. With the Epoq Engine, neither we nor the operator of the respective analysis tool can directly collect personal information which allows us to reveal the identity of the user.
5. Facebook advertising
We use Facebook Website Custom Audiences from Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).
This is a marketing service provided by Facebook. It enables us to display individually tailored and interest-based advertising on Facebook to certain groups of pseudonymised visitors to our website who also use Facebook. A Facebook Custom Audience pixel tag is integrated into our website. This is a Java script code that stores non-personal data about the use of the website. This includes your IP address, the browser used and the source and target pages. This information is transmitted to Facebook servers in the USA.
The transfer of this information to the USA is done so on the basis of the standard data protection clauses of the European Commission pursuant to Art. 46 (2c) DSGVO. Facebook has also implemented extensive technical and organisational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access.
The system automatically checks whether you have saved a Facebook cookie. The Facebook cookie is used to automatically determine whether you belong to the target group relevant to us. If you belong to the target group, you will be shown corresponding ads from us on Facebook. During this process, you will not be personally identified either by us or by Facebook through the matching of data.
You can object to the use of the Custom Audiences service on the Facebook website. After logging in to your Facebook account, you will be taken to the settings for Facebook ads.
If you do not have a Facebook account, you can prevent data from being sent to Facebook by clicking on this link By clicking, a blocking cookie is created in the background to ensure this. No pop-up or similar will appear when the function is triggered.
You can revoke your consent at any time. This has the consequence that we may no longer continue the data processing described above, which is based on this consent, in the future.
6. Google Marketing Platform
We use the Google Marketing Platform on our website, a web analytics and advertising service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google").
The service combines the Google products Google Analytics 360 Suite, Search Ads 360, Display & Video 360, Optimize 360, Tag Manager 360, Attribution 360 and Data Studio. In this context, pseudonymised usage profiles are created and cookies and pixel tags (see above under IV) are used.
The information processed in this way about your use of this website such as
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
as well as other information about the use of our website. The IP addresses are
anonymised so an assignment to your person is not possible (IP masking)..
We have concluded order processing agreements with Google for the use of the marketing platform. In these, Google assures that they process the data in accordance with our instructions and ensure the protection of the rights of the data subject. The information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.
Note: The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there. The USA are so-called unsafe third countries (see also corresponding section of this data protection declaration). This means that there is no adequacy decision by the European Commission for the USA. Your data is therefore not subject to a level of data protection in the USA comparable to that of the EU. Google does not currently offer any guarantees pursuant to Article 46 of the GDPR that could compensate for this data protection deficit. Your data is therefore exposed to the risk of government access as described in section III. 1.
If you consent to processing by Google, you therefore consent at the same time to your data being transferred to the USA in accordance with Art. 49 (1) a DSGVO.
Further information on data protection in connection with the Google Marketing Platform can be found here.
a. Analytics 360 Suite
By using Google Analytics, Google processes the information on our behalf in order to evaluate the use of the website, to compile reports on the website activities and to provide us with further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We have activated the advertising functions of Google Analytics. This generates reports on target groups, demographic characteristics such as age, gender and interests of site visitors, as well as on our marketing campaigns. The data for this comes from campaigns carried out via Google services, interest-based advertising from Google, the Google Display Network and visitor data from third-party providers. This does not directly reveal your identity to us. With the help of these reports, we can better evaluate user behaviour in connection with our online offers and optimise the addressing of target groups.
If you do not wish your user behaviour to be taken into account in these reports, you can deactivate this, for example, via the ad settings in your own Google account or prevent the collection of data by Google Analytics as described below. You can also limit the collection of data by not logging into your own Google account when you visit our website.
We do not use the Universal Analytics with User ID offered by Google.
If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on our behalf.
The user data collected via cookies is automatically deleted after 14 months.
b. Google Optimize 360
Our website uses the web analysis and optimisation service "Google Optimize 360", which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google Optimize").
We use Google Optimize to increase the attractiveness, content and functionality of our website by displaying new functions and content to a percentage of our users and statistically evaluating the change in usage. Google Optimize is a sub-service of Google Analytics (see section Google Analytics).
Google Optimize evaluates your use of our website in order to compile reports on optimisation tests and related website activities and to provide us with other services related to website and internet use.
c. DoubleClick Digital Marketing
Within the framework of DoubleClick Digital Marketing, information is collected and analysed in order to optimise advertising. The technologies used enable us to target you with individual interest-related advertising. For example, we record which of our content you were interested in. Based on this information, we can also show you offers on third-party sites that are specifically geared to your interests, as determined by your previous user behaviour. The collection and analysis of your user behaviour is exclusively pseudonymous and does not enable us to identify you.
You can also make settings for the display of interest-based advertising by DoubleClick Digital Marketing via Google's ad settings manager.
7. Google Ads (with remarketing)
We use Google Conversion Tracking and Remarketing Pixel from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google") on our website.
The service enables us to design, statistically record, optimise and play out advertising content in line with demand. To ensure the visibility of our offer, we are dependent on such advertising content.
Google Ads installs a cookie on your computer if you have accessed our website via a Google ad. These cookies lose their validity after 30 days. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page. In addition, we use information about your use of this website that Google collects and analyses on our behalf (see here for more details). This enables us to target you on other websites with content that is relevant to you.
In addition, we use the remarketing pixel, which collects and evaluates information
about your use of this website. This enables us to address you on other websites with content that is
relevant to you. According to Google, the data collected during remarketing is not merged with personal data
that may be stored by Google. Google also pseudonymises this data. Tag-based remarketing data is stored for
Each Ads customer receives a different cookie. Cookies can therefore not be tracked across Ads customers' websites. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted in for conversion tracking. As an Ads client, we learn the total number of users who clicked on an ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information with which we can personally identify you.
The information generated by the cookie about your use of this website, such as click behaviour on texts and products or interactions with videos, is transmitted to a Google server in the USA and stored there.
The processing of personal data by Google in this regard takes place under Google's own responsibility based on the standard data protection clauses of the European Commission pursuant to Art. 46 (2c) DSGVO. Google has also implemented extensive technical and organisational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access.
These Google measures are certified in accordance with the ISO/IEC 27001:2013 standard.
Google's privacy information can be found here.
8. Microsoft Advertising
We use Microsoft Bing Ads and Universal Event Tracking (UET) from the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter: "Microsoft") on our website.
This service enables us to design, statistically record, optimise and play out advertising content according to demand. In order to ensure the visibility of our offerings, we are dependent on such advertising content.
Microsoft places a cookie on your computer if you have accessed our website via a Microsoft ad. These cookies expire after 13 months. Microsoft stores data on the use of the website (e.g. length of visit, which areas of the website were accessed and which ad you used to access our website) and, in the case of an order from this visit, the order value and time of the order.
In addition, we use Microsoft's UET, which collects and analyses information about your use of this website. This enables us to target you on other websites with content that is relevant to you. Microsoft uses this information to display interest-based advertising to users on websites and for its own purposes, such as improving Microsoft services and analysing performance. We use this information to learn which keyword or ad brought you to our site. The information collected by the UET is stored by Microsoft for 390 days. However, we do not receive any information that can identify you personally. If you have a Microsoft account, this information may be linked to your account. For example, Microsoft may recognise and store your IP address. In addition, Microsoft may be able to track your usage behaviour across several of your electronic devices through so-called cross-device tracking, which enables Microsoft to display personalised ads on or within Microsoft websites and apps. You can disable this at https://choice.microsoft.com/de-de/opt-out.
You can revoke your consent at any time with effect for the future. To do so, click on the "cookie settings" link on our website.
In the event that personal data is transferred from Microsoft to the United States, this will be done on the basis of the European Commission's standard data protection clauses pursuant to Article 46 (2c) DSGVO. Microsoft has also implemented extensive technical and organisational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure, or access. These Microsoft measures are certified to the ISO/IEC 27001:2013 standard.
In addition, we have concluded an order processing contract with Microsoft for the use of Bing Ads. Through this contract, Microsoft assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.
We also use Kameleeon. This is a web analytics service provided by Kameleeon SAS. It allows us to run A/B and multivariate tests.
to see which version of our website users are more likely to like. For this purpose,
anonymised by Kameleeon before it is transmitted to Kameleeon. Kameleeon does not store or process any
personally identifiable information.
You can prevent the storage of cookies by setting your browser software accordingly (see IV. 3a above) or by making the appropriate settings via our cookie consent tool. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
Information is not passed on to third parties unless there is a legal obligation to do so or third parties process the data on our behalf (e.g. a computer centre).
For the statistical analysis of data traffic, we use an analysis tool from
webtrekk GmbH, Boxhagener Str. 76-78, 10245 Berlin.
This website uses technologies of
idealo internet GmbH, Zimmerstraße 50, 10888 Berlin, Germany (hereinafter "idealo").
idealo uses tracking technology from
Ingenious Technologies AG, Französische Straße 48, 10117 Berlin,
in order to establish a connection between a click by the user on an advertising medium
or a display of an advertising medium (touchpoint) and action by the customer (e.g. a purchase in the online
shop or a newsletter registration). At each touchpoint, the browser of the customer's end device sends an
HTTP request to the Ingenious server, with which certain information is transmitted. This information
includes the website URL on which the advertising material is placed (referrer URL) and, in some
circumstances, together with the referrer URL, an individual click ID, the browser ID (user agent) of the
end device (including information about the device type and operating system), the IP address of the end
device (this IP address is anonymised by Ingenious before storage), HTTP header (data package with various
technical information automatically transmitted by your browser), the time of the request and, if already
stored on the end device, the cookie with its entire content.
This website uses technologies of
Solute GmbH, Zeppelinstr. 15, 76158 Karlsruhe, Germany (hereinafter referred to as "billiger.de").
If you access our website via billiger.de and purchase a product, we transmit
information about the purchased product. This can be the item name, the number of items, as well as the
shopping basket value. For this purpose, a graphic pixel is used on the order confirmation page to track
orders and for billing purposes. billiger.de stores information for this purpose in so-called server log
files, which your browser automatically transmits to billiger.de. These are browser type and version,
operating system used, referrer URL, host name of the accessing computer, time of the server request and IP
address. These server log files are automatically deleted after 30 days. The IP address is only stored by
billiger.de in abbreviated form, which means that it's not possible to draw conclusions about the person.
The graphic pixel generates a so-called 'referrer URL'. From this, billiger.de collects and stores the shop
ID, order numbers and the total shopping cart value, in particular for billing purposes with the partner
shop. We have concluded an order data processing agreement with billiger.de.
13. Emarsys Webextend
We use the cookie/pixel tag from Emarsys Webextend
Emarsys, Stralauer Platz 34, 10243 Berlin
to create newsletters tailored to you and your interests. We use existing information for this purpose, such as confirmation of receipt and reading of emails, information about your computer and internet connection, operating system and platform, browsing history, date and time of your visit to the homepage, and products/articles you have viewed. We generally use this information in pseudonymised form but may also use it to send you newsletters that correspond to your areas of interest. If you do not wish to receive personalised advertising by newsletter, you can object to this at any time by sending an email to
In order to exercise your data subject rights against us, please contact privacy[at]addnature.co.uk.Alternatively, you can unsubscribe via the unsubscribe link at the end of each newsletter.
14. Advertising marketing
On our website, information about your surfing behaviour (so-called tracking data), among other things, is collected via the tracking instruments described in this section VI. if you have given your consent (see already above under IV. 2 d)). In addition, data about you is collected on this website when you create a customer account and/or purchase goods via this website (customer account/contract and processing data, see above in section II.5). Tracking data may be combined by us with other customer account/contract and settlement data (including via the injection of hashed email addresses, customer IDs into analytics tools such as Google Analytics and the combination of client IDs from analytics tools with other analytics tools such as Google Analytics and Adform).
This is to enable us to offer you more customised advertising and to enable us to better target our marketing spend.
The combined tracking data and customer account/contract and settlement data are only stored by us in pseudonymised form. Personal data such as your name, e-mail address, date of birth etc. are not processed as clear data.
Based on the pseudonymised data, we receive information about your behaviour and consumption preferences. No information on particularly sensitive data (e.g. political views, health, racial or ethnic origin) is formed and no such sensitive data is used in the context of forming preferences.
We may also use this information about your preferences to enable third parties (advertisers) to serve personalised advertisements to you on third-party websites (so-called "publishers"). In this case, the data will not be passed on to the advertisers or the website operators (publishers). Neither we nor the third parties are able to directly assign certain preferences to your person. Furthermore, a minimum number of persons (20 persons) for whom information on preferences is stored by the aforementioned companies must have the same preferences (K-anonymity). The legal basis for the data processing described above is your consent in accordance with Article 6(1)(a) DSGVO.
Insofar as you no longer wish to have tracking data collected across websites for the aforementioned purpose, you can revoke the consent you have given in this regard at any time via the consent management tool we use.
You have the right:
- pursuant to Art. 7 Para. 3 GDPR to withdraw your consent from us at any time. As a result, we will in future no longer be allowed to continue the data processing based on this consent;
- pursuant to Art. 15 GDPR to ask for information about your personal data processed by us. In particular you can ask for information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data, if this was not collected by us, and about the existence of automated decision-making including profiling and if applicable meaningful information about its details;
- pursuant to Art. 16 GDPR to ask for the immediate rectification of inaccurate or immediate completion of incomplete personal data stored by us;
- pursuant to Art. 17 GDPR to ask for the erasure of your data stored by us, unless the processing is necessary to exercise the right of freedom of expression and information, to meet a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR to ask for the restriction of the processing of your personal data, if the accuracy of the personal data is contested by you, the processing is unlawful and you oppose its erasure and we no longer need the data, but it is required to assert, exercise or defend legal claims or you have objected to the processing pursuant to Article 21 GDPR;
- pursuant to Art. 20 GDPR to ask to receive your personal data which you have provided us in a structured, commonly used and machine-readable format or transmit it to another controller and
- pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule you can contact for this purpose the supervisory authority for your habitual residence, place of work or our headquarters.
If your personal data is processed on the basis of legitimate interests pursuant to Art.
6 Para. 1 Clause 1 Letter f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing
of your personal data if there are grounds relating to your situation or you object to direct marketing. In
the latter case you have a general right to object which will be acted upon by us without you needing to
state grounds relating to your situation.
If you would like to exercise your right to object, please send an e-mail to privacy[at]addnature.co.uk / addnature[at]gdpr-rep.com.
All data transmitted personally by you is transmitted in encrypted form with the
customary secure standard TLS (Transport Layer Security). TLS is a secure and tested standard which is also
used in online banking. You can recognise a secure TLS connection by among other things the s after http
(i.e. https://..) in your browser's address bar or by the padlock symbol at the top of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are improved continuously in line with technological developments.
This data protection declaration is current as at June 2022.
Due to the development of our website, offers via the website or changes in statutory or regulatory requirements, it may be necessary to amend this data protection declaration. The current data protection declaration as amended can be downloaded at any time from the website and printed out.