PRIVACY

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data includes all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Zia Nadjib, 22 LBLS Zia Nadjib, Kleiner Kielort 8, 20144 Hamburg, dm@22lbls.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock icon in your browser line.

2) Data Collection When Visiting Our Website

When you merely use our website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (possibly in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

3) Cookies

Change cookie settings
To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified duration, which can vary depending on the cookie. You can find the duration of the respective cookie storage in the overview of your web browser’s cookie settings.

In some cases, cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data are also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR for the execution of the contract, in accordance with Art. 6(1)(a) GDPR in the case of given consent, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Please note that the functionality of our website may be limited if cookies are not accepted.

4) Contacting Us

When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected in the case of a contact form can be seen from the respective form. This data is stored and used solely for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once your inquiry has been fully resolved, provided that no statutory retention obligations apply.

5) Data Processing When Opening a Customer Account and for Contract Execution

According to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deleting your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. We store and use the data you provide for contract processing. After the contract has been fully executed or your customer account has been deleted, your data will be blocked with regard to retention periods under tax and commercial law and deleted after these periods expire, unless you have expressly consented to further use of your data or we have reserved the right to further data use as permitted by law.

6) Data Processing for Order Handling

6.1 To process your order, we work with the following service providers who support us wholly or partially in fulfilling concluded contracts. Certain personal data is transferred to these service providers as described below.

The personal data we collect is passed on to the transport company commissioned with the delivery as part of the contract processing, to the extent necessary for the delivery of the goods. Your payment data is passed on to the commissioned credit institution as part of payment processing, provided this is necessary for the payment process. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 6(1)(b) GDPR.

6.2 Transfer of Personal Data to Shipping Service Providers

– Deutsche Post
If delivery is made by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Str. 20, 53113 Bonn), we will forward your email address to Deutsche Post before the delivery of the goods for the purpose of arranging a delivery date or delivery notice, provided you have expressly consented to this during the ordering process, in accordance with Art. 6(1)(a) GDPR. Otherwise, for delivery purposes, we only provide Deutsche Post with the name of the recipient and the delivery address in accordance with Art. 6(1)(b) GDPR. This transfer is only made to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with Deutsche Post or delivery notification is not possible.
Consent can be revoked at any time with effect for the future by contacting the above-mentioned controller or Deutsche Post.

– DHL
If the goods are delivered by DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will forward your email address to DHL before the delivery for the purpose of coordinating a delivery date or delivery notice, provided you have expressly consented to this during the ordering process, in accordance with Art. 6(1)(a) GDPR. Otherwise, we only transmit the recipient’s name and delivery address in accordance with Art. 6(1)(b) GDPR. The data is only shared to the extent required for delivery. Consent can be revoked at any time with effect for the future.

– DPD
If the goods are delivered by DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), your email address and phone number are forwarded before delivery to coordinate the delivery date or send a delivery notice in accordance with Art. 6(1)(a) GDPR, if you have expressly consented. Otherwise, only the recipient's name and delivery address are shared (Art. 6(1)(b) GDPR).
Consent can be withdrawn at any time with effect for the future.

– Hermes
If the goods are delivered by Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg), your email address is forwarded for delivery coordination or notification if you gave consent during the order process (Art. 6(1)(a) GDPR). Otherwise, only the name and address are provided (Art. 6(1)(b) GDPR).
Consent can be withdrawn at any time.

– UPS
If the goods are delivered by UPS (UNITED PARCEL SERVICE DEUTSCHLAND S.à r.l. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), your email address is shared with UPS for coordination/notification purposes if you have consented (Art. 6(1)(a) GDPR). Otherwise, only the name and address are passed on (Art. 6(1)(b) GDPR).
Consent can be revoked at any time with effect for the future.

6.3 Use of Payment Service Providers (Payment Services)

– PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—"purchase on account" or "installment payment" via PayPal, your payment data is passed to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. Transfer is in accordance with Art. 6(1)(b) GDPR.
PayPal may carry out a credit check based on its legitimate interest in determining your ability to pay. This may involve forwarding your payment data under Art. 6(1)(f) GDPR. The credit check can include score values based on mathematical-statistical methods. More details: PayPal Privacy Policy.
You can object to this processing at any time.

– SOFORT
If you select "SOFORT" as your payment method, payment is processed via SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (part of Klarna Group, Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Data is transferred in accordance with Art. 6(1)(b) GDPR. More info: SOFORT Privacy

– Stripe
If you choose a Stripe payment method, processing is handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Data including name, address, IBAN, credit card number, etc. is forwarded per Art. 6(1)(b) GDPR. More info: Stripe Privacy
Stripe may perform a credit check using mathematical-statistical methods. This can include address data. You can object to this at any time, but Stripe may still process your data if required for the contract.

7) Web Analytics Services

Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies," which are text files stored on your device that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your shortened IP address) is generally transmitted to and stored on a Google server, possibly also in the USA.

This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and prevents direct personal reference. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide further services related to website usage and internet usage. The IP address transmitted by your browser within the scope of Google (Universal) Analytics will not be merged with other data from Google.

In addition, Google Analytics allows the creation of statistics with statements about age, gender, and interests of site visitors based on an evaluation of interest-based advertising and the use of third-party information via the "demographic features" function. This allows for the definition and differentiation of user groups for marketing purposes. However, the collected datasets cannot be assigned to a specific person.

All processing described above, especially the setting of Google Analytics cookies for reading information on the device used, will only occur if you have given your explicit consent in accordance with Art. 6(1)(a) GDPR. Without this consent, the use of Google Analytics during your visit to the site will be omitted.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with Google for the use of Google Analytics, requiring Google to protect the data of our website visitors and not to disclose it to third parties.

Google relies on standard contractual clauses approved by the European Commission for data transfers to the USA, which are intended to ensure compliance with the European level of data protection.

Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=en

8) Rights of the Data Subject

8.1
The applicable data protection law grants you extensive rights with regard to the processing of your personal data, which we inform you about below:

Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data, the recipients or categories of recipients, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected from you, the existence of automated decision-making including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as your right to be informed of what guarantees exist in accordance with Art. 46 GDPR when your data is transferred to third countries.
Right to rectification (Art. 16 GDPR): You have the right to the immediate correction of incorrect data and/or completion of your incomplete data stored by us.
Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data under the conditions of Art. 17(1) GDPR. However, this right does not exist if the processing is necessary for exercising the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing your personal data as long as the accuracy of your data is being verified, if you oppose the deletion of your data due to unlawful processing and instead request restriction, if you need your data for the establishment, exercise, or defense of legal claims after we no longer need this data for the original purpose, or if you have objected based on your particular situation pending the verification whether our legitimate grounds override yours.
Right to notification (Art. 19 GDPR): If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to inform all recipients to whom your personal data has been disclosed of this rectification or erasure or restriction, unless this proves impossible or involves disproportionate effort.
Right to data portability (Art. 20 GDPR): You have the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller where technically feasible.
Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw your previously given consent to data processing at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority.

8.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA.
HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR SUCH MARKETING PURPOSES.
IF YOU OBJECT, WE WILL IMMEDIATELY STOP PROCESSING YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.

9) Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and—if applicable—also on the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent in accordance with Art. 6(1)(a) GDPR, these data are stored until the data subject revokes their consent.
If there are statutory retention periods for data processed within the framework of legal or similar obligations on the basis of Art. 6(1)(b) GDPR, these data will be routinely deleted after expiry of the retention periods, provided they are no longer required for the fulfillment or initiation of a contract and/or we have no legitimate interest in further storage.
When processing personal data on the basis of Art. 6(1)(f) GDPR, these data are stored until the data subject exercises their right to object according to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves the assertion, exercise, or defense of legal claims.
When processing personal data for direct marketing purposes based on Art. 6(1)(f) GDPR, these data are stored until the data subject exercises their right to object in accordance with Art. 21(2) GDPR.

Unless otherwise specified in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.