Privacy policy

Privacy policy

This privacy policy explains how we handle your personal data. It is based on applicable data protection law, particularly the General Data Protection Regulation (GDPR). Apart from service providers and third party suppliers named in this privacy policy, we do not disclose data to third parties. Please feel free to contact us with any questions.


Contents

• Controller

• General information

• Data processed when visiting the website

• Cookies, tracking pixels and mobile identifiers

• Contact

• Newsletter

• Advertising to existing customers

• Orders and payment processing

• Additional third-party services

• Data subject rights


Controller

The party responsible for data processing is

Qunto 1981 GmbH

Liesegangstraße 24

40211 Düsseldorf


General information on providing data

Personal data is typically not required by law or by contract to use our website. If data is required for the conclusion of a contract or if the user is obligated to provide personal data, this privacy policy provides information about this fact and the consequences of not providing the information.


Data transmission to third-party countries

We may use service providers and third-party suppliers located in countries outside the European Union and the European Economic Area. Personal data is transmitted to these third-party countries based on an adequacy decision of the European Commission (Article 45 GDPR) or where we have arranged suitable guarantees to ensure data protection (Article 46 GDPR). If an adequacy decision of the European Commission exists for data transmission to a third-party country, this will be indicated in this privacy policy. Apart from this, the user may obtain a copy of the suitable guarantees from us unless these are already included in the privacy policies of the service providers or third party suppliers.


Automated decision making

In the event we use automated decision making including profiling, this privacy policy will advise you of this fact, the logic involved, and the consequences and pursued objectives of such processing. Apart from this, automated decision making is not used.


Processing for other purposes

Data is in principle only processed for the purposes for which it has been collected. When processed for other purposes in exceptional cases, will advise you of the other purpose prior to processing and provide all other relevant information (Article 13(3) GDPR).


Data processed when visiting the website

When visiting our website, the user's browser transmits a variety of data. Whilst visiting the website, the following data is processed and saved to log files, including after the end of the session:

• Browser type and version used

• Operating system

• Pages and files retrieved

• Data volume transferred

• Date and time accessed

• The user's provider

• IP address

• Referrer URL


Processing this data is required to display the website to the user and optimise it for the user's end device. Data is saved to log files to increase the security of our website (e.g. protection against DDOS attacks). The legal basis for processing is Article 6(1)(1)(f) GDPR. Our legitimate interest is providing the website and increasing website security. Log files are automatically deleted after 30 days.

Our online shop is designed and operated by Shopify. Provider: Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland


Personal data is processed on our behalf. Within this context, Shopify may transmit this data to other companies affiliated with the group located outside the European Economic Area. In this context, these companies will in turn process the data on behalf of Shopify International. With respect to Canada, there is an adequacy decision of the European Commission. If data is transmitted to other regions, suitable guarantees have been arranged in form of intracompany agreements between Shopify International Ltd. and the receiving company to ensure the protection of personal data.

Shopify privacy policy


Cookies, tracking pixels and mobile identifiers

We use technologies on our website to recognise end devices. These can be cookies, tracking pixels and/or mobile identifiers.

Recognising a device may in principle serve different purposes. It may be necessary to provide website functions, for example to offer a shopping cart. In addition, these technologies may be used to track user behaviour on our website, for example for advertising purposes. The specific technologies we use and the purpose for which these are used are explained separately in this privacy policy. To ensure a better understanding, the following is a general explanation of how cookies, tracking pixels and mobile identifiers work:


• Cookies are small text files containing specific information which are stored on the user's device. This is typically an identification number assigned to a device (cookie ID).

• A tracking pixel is a transparent graphic file embedded in a page which enables the analysis of a log file.

• A mobile identifier is a unique number (mobile ID) stored on a mobile device which can be read by a website.

Cookies may be required to ensure our website works properly. The legal basis for using such cookies is Article 6(1)(1)(f) GDPR. Our legitimate interest is providing the functions of our website. We use cookies not required to operate our website to make our service more user-friendly or track the use of our website. In this case the legal basis depends on whether we require the user's consent or if we can rely on a legitimate interest. The user may at any time withdraw consent, among other methods, by changing their browser settings.

The user can prevent and object to data processing through cookies by changing the browser settings. If objecting, you may not be able to use all functions of our website. Other options regarding objecting to the processing of personal data through cookies are listed separately in this privacy policy. We may provide links allowing you to object. These are labelled "Opt-Out".


Contact

When contacting us, we process the user information, date and time for the purpose of processing the request including possible queries.

The legal basis for data processing is Article 6(1)(1)(f) GDPR. Our legitimate interest is answering user queries. A further legal basis is Article 6(1)(1)(b) GDPR if processing is required for the performance of a contract or the implementation of pre-contractual measures.

The data is erased once the request including any queries is completed. We regularly, at least every two years, check whether data collected within the context of contact should be deleted.


Newsletter

Users have the option to subscribe to our newsletter on our website. In this case, we process the data provided when subscribing to be able to send the confirmation email to the user's email address. Once confirmed, we process data to be able to send the newsletters. For customisation purposes we may also process the user’s name if provided by the user. When subscribing, the date, time and the user's IP address are saved to be able to establish a registration. After unsubscribing, this data is processed for compliance purposes and deleted after three years, at the end of the year.


To improve our content, we measure how successful our newsletters are, for example how often they are opened by users and which links are clicked. Emails contain a tracking pixel for this purpose. We do not track the activities of individual users.


The legal basis for processing is the user's consent pursuant to Article 6(1)(1)(a) GDPR. Apart from this, processing is based on Article 6(1)(1)(f) GDPR. Our legitimate interests are sending newsletters, addressing the user personally, and establishing that the user has subscribed to the newsletter.


Advertising to existing customers

If the users provided their email address when purchasing goods or services, we reserve the right to use it pursuant to § 7(3) UWG (Law Against Unfair Competition) for direct advertising related to similar products or services. This does not apply if the user has objected to this use.


The legal basis for processing is Article 6(1)(1)(f) GDPR. Our legitimate interest is promoting sales. The user may at any time object to future use of their email address for advertising to existing customers at no charge apart from the base rate of transmission cost.


Orders and payment processing

When placing an order through our online shop, we process the data provided when placing the order, e.g. name, bank details or payment details, to process the order. We only transmit payment data to our payment service provider where required to process the payment.

The legal basis for processing purchase data is Article 6(1)(1)(b) GDPR. If the users adds their order data to a user account, the legal basis is Article 6(1)(1)(a) GDPR. Apart from this, processing is based on Article 6(1)(1)(f) GDPR. Our legitimate interest is processing refunds and following up on claims.

Order and payment data is erased once it is no longer required to process the order including refunding payments (e.g. due to cancellation or withdrawing from the contract) and processing warranty claims, and no statutory retention obligations apply. In the event that the user has saved their order data to their user account for future orders, the data along with the user account will be erased if they are no longer required to process a specific order.


Stripe

Payments are processed through Stripe Payments Europe Ltd., C/O A & L Goodbody, Ifsc, North Wall Quay Dublin D01 H104, Ireland. Stripe privacy policy


Additional third-party services

Data subject rights


If the user's personal data is processed, the GDPR considers this person the data subject. Data subjects have the following rights:

Right of access: The data subject has the right to obtain confirmation on whether personal data concerning them is processed. If personal data is processed, the data subject has a right to obtain information and a copy of the personal data that is the subject of processing, free of charge.


Right to rectification: The data subject has the right to request prompt rectification of inaccurate or incomplete personal data.


Right to erasure: The data subject has the right to request erasure of personal data concerning them within the legal limits.


Right to restriction of processing: The data subject has the right to restrict processing of personal data concerning them within the legal limits. Right to data portability: The data subject has the right to obtain the personal data you have provided in a structured, common and machine-readable format or to request that the data is transmitted to another controller.


Right to object: The data subject has the right to object to the processing of personal data concerning them at any time, on grounds relating to their particular situation based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of their personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.


Right to withdraw consent The data subject has the right to withdraw consent at any time.

Right to lodge a complaint: The data subject has the right to lodge a complaint with a supervisory authority.


Privacy policy date: 13th November 2020