Privacy Policy
Einstein Innovationen GmbH & Co. KG is pleased about your visit to this website and your interest in its products and services. Below, we provide information about the collection of personal data when using the website inlay-shop.com.
Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behavior.
Table of Contents
1. General Information on Data Processing
2. Processing of Personal Data
3. Collection of Access Data
4. Third-Party Websites
5. Cookies & Reach Measurement
6. Contact
7. Data Processing for Order Handling
8. Integration of Third-Party Services and Content
9. Rights of Data Subjects
10. Changes to the Privacy Policy
Controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR):
Einstein Innovationen GmbH & Co. KG
Aichacher Str. 8a
86674 Baar
Germany
Managing Directors: Christine Forster, Thomas Forster
Email: support@einstein-info.de
(hereinafter referred to as the “Provider”, “we”, or “us”).
Further information can be found in our legal notice (Imprint).
The term “user” includes all customers and visitors to our online offering. The terms used, such as “user”, are to be understood as gender-neutral.
1. General Information on Data Processing
We process users’ personal data only in compliance with the relevant data protection regulations and in accordance with the principles of data minimization and data avoidance. This means that users’ data are processed only if there is a legal basis, in particular if the data are required to provide our contractual services and online services, are legally required, or if consent has been given.
We take organizational, contractual, and technical security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or unauthorized access.
If, within the scope of this privacy policy, content, tools, or other means from other providers (hereinafter jointly referred to as “third-party providers”) are used and their stated place of business is abroad, it must be assumed that data are transferred to the countries in which the third-party providers are based. Data transfers to third countries take place either on the basis of a legal authorization, user consent, or special contractual clauses that ensure the legally required level of data security.
2. Processing of Personal Data
In addition to the uses expressly mentioned in this privacy policy, personal data are processed for the following purposes on the basis of legal permissions or user consent:
· Provision, execution, maintenance, optimization, and security of our services, service offerings, and user services;
· Ensuring effective customer service and technical support.
We only pass on users’ data to third parties if this is necessary for billing purposes (e.g. to a payment service provider) or for other purposes necessary to fulfill our contractual obligations to users (e.g. forwarding address data to suppliers).
When contacting us (via contact form or email), the user’s details are stored for the purpose of processing the inquiry and in case follow-up questions arise.
Personal data are deleted once they have fulfilled their purpose and no statutory retention obligations conflict with their deletion.
3. Collection of Access Data
When you access our website, information is automatically transmitted by the browser used on your device to our website server. This information is temporarily stored in a so-called log file. The following information is collected automatically and stored until deletion:
· IP address of the requesting device
· Date and time of access
· Name and URL of the retrieved file
· Website from which access is made (referrer URL)
· Browser used and, if applicable, the operating system of your device and the name of your access provider
The processing of these data is carried out in accordance with Art. 6(1)(f) GDPR. Our legitimate interest arises from ensuring the technical functionality of our website.
The log files are deleted after 14 days.
4. Third-Party Websites
If we provide references (links) to other websites, our privacy policy does not apply to those websites. Please read the respective privacy notices there. Due to lack of influence, we are not liable for the content and effects of external websites. We also do not receive any data about you from third-party websites if you follow links or enter data on the linked pages.
5. Cookies & Reach Measurement
To make visiting our website attractive and to enable certain functions, we use cookies on various pages. These are small text files stored on your device. Some cookies are deleted after the end of the browser session (session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).
If cookies are set, certain user information such as browser and location data as well as IP address values are collected and processed to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
Some cookies serve to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart). If personal data are processed via cookies, processing is carried out pursuant to Art. 6(1)(b) GDPR for contract execution, Art. 6(1)(a) GDPR on the basis of consent, or Art. 6(1)(f) GDPR to safeguard our legitimate interests in the optimal functionality of the website.
You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them, or exclude the acceptance of cookies in certain cases or in general. If cookies are not accepted, the functionality of our website may be limited.
6. Contact
6.1 Contact Form
If you contact us using the contact details provided on our website (e.g. via contact form or email), your contact details and all personal data resulting from your message will be processed for the purpose of handling your request and in case follow-up questions arise.
The personal data processed may include: - Salutation - First and last name - Postal address - Telephone or fax number - Email address
The processing of these data is based on your (implied) consent pursuant to Art. 6(1)(a) GDPR. If the communication serves the initiation or performance of a contract, processing is additionally based on Art. 6(1)(b) GDPR.
Your data will be deleted immediately after your request has been processed, unless the communication is required for the assertion, exercise, or defense of legal claims or must be retained due to statutory retention obligations (e.g. tax law). In such cases, deletion takes place after three years or after ten years, depending on the applicable legal requirement.
6.2 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and may be used to address you personally.
For newsletter distribution, we use the so-called double opt-in procedure. This ensures that you will only receive the newsletter after you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you give us your consent to process your personal data in accordance with Art. 6(1)(a) GDPR. In this context, we store the IP address assigned by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any potential misuse of your email address at a later point in time.
The data collected for newsletter registration are used strictly for this purpose.
You may unsubscribe from the newsletter at any time via the unsubscribe link contained in the newsletter or by contacting the controller named above. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this privacy policy.
6.3 Email Newsletter to Existing Customers
If you provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for similar goods or services from our range to those you have already purchased.
In accordance with Section 7(3) of the German Act Against Unfair Competition (UWG), no separate consent is required for this. Data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR.
If you initially objected to the use of your email address for this purpose, no such emails will be sent.
You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning of this privacy policy. For this, you will only incur transmission costs according to the basic tariffs.
After receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.
6.4 Shopify Email
Our email newsletters are sent via the following provider:
Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland
Data are also transferred to:
Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada
On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we transfer the data you provided when subscribing to the newsletter to this provider pursuant to Art. 6(1)(f) GDPR so that the provider can send the newsletter on our behalf.
Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also carries out a statistical analysis of the success of newsletter campaigns using web beacons or tracking pixels contained in the emails sent. These can be used to measure open rates and specific interactions with the newsletter content.
In this context, information about end devices (e.g. time of access, IP address, browser type, and operating system) may also be collected and evaluated. This data is not merged with other data sets.
You may revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider to protect the data of our website visitors and to prohibit disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
6.5 Shopping Cart Reminder Emails
If you abandon your purchase before completing an order, you may opt to receive a one-time email reminder of the contents of your virtual shopping cart.
The only mandatory information required to send this reminder is your email address. Providing additional data is voluntary and may be used to address you personally.
For sending reminder emails, we use the double opt-in procedure to ensure that you will only receive a reminder after you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you give us your consent to process your personal data for the purpose of sending shopping cart reminders in accordance with Art. 6(1)(a) GDPR. We store the IP address assigned by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any potential misuse of your email address.
The data collected for the shopping cart reminder service are used strictly for this purpose.
You may unsubscribe from shopping cart reminders at any time by notifying the controller named above. After unsubscribing, your email address will be deleted from the relevant distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this privacy policy.
7. Data Processing for Order Handling
7.1 Use of Shipping Service Providers
For the processing of your order, we work with the following service providers who support us in whole or in part in the performance of concluded contracts. Certain personal data are transferred to these service providers in accordance with the following information.
The personal data collected by us are passed on to the transport company commissioned with delivery, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution or payment service provider as part of payment processing, insofar as this is necessary for payment processing.
The legal basis for data transfer is Art. 6(1)(b) GDPR.
Shipping service providers:
- DHL
- DPD
If delivery is carried out by DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), we will pass on your email address to DHL prior to delivery pursuant to Art. 6(1)(a) GDPR for the purpose of coordinating a delivery date or announcing the delivery, provided that you have given your express consent during the ordering process.
Otherwise, we will only pass on the recipient’s name and delivery address to DHL for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. The data will only be passed on to the extent necessary for delivery of the goods. In this case, prior coordination of a delivery date or delivery announcement by DHL is not possible.
You may revoke your consent at any time with effect for the future by contacting the controller named above or DHL directly.
7.2 Use of Payment Service Providers
- PayPal
If you choose to pay via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – purchase on account or installment payment via PayPal, your payment data will be transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg as part of payment processing pursuant to Art. 6(1)(b) GDPR.
PayPal reserves the right to carry out a credit check for certain payment methods. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6(1)(f) GDPR on the basis of PayPal’s legitimate interest in determining your creditworthiness.
The result of the credit check, including probability values (so-called score values), is used by PayPal to decide on the provision of the respective payment method. Score values are based on scientifically recognized mathematical-statistical procedures and may include address data, among other factors.
Further information on data protection, including information on the credit agencies used, can be found in PayPal’s privacy policy.
You may object to this processing of your data at any time by contacting PayPal. However, PayPal may remain entitled to process your personal data if this is necessary for contractual payment processing.
- Shopify Payments
We use the payment service provider Shopify Payments, provided by Shopify International Limited, Dublin, Ireland. If you choose a payment method offered via Shopify Payments, payment processing is carried out by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
The information you provide during the order process, together with information about your order (name, address, account number, bank code, credit card number where applicable, invoice amount, currency, and transaction number), is transferred to Stripe Payments Europe Ltd. pursuant to Art. 6(1)(b) GDPR exclusively for the purpose of payment processing and only to the extent necessary.
Further information on data protection at Shopify Payments and Stripe can be found in their respective privacy policies.
8. Integration of Third-Party Services and Content
Within our online offering, content, services, or tools from third-party providers may be integrated, such as maps, fonts, analytics services, marketing tools, or social media plugins.
The integration of such third-party content always requires that the respective third-party providers are able to perceive the IP address of users, as without the IP address they would not be able to transmit the content to the users’ browsers. The IP address is therefore technically required for the display of these contents.
In addition, providers of third-party content may set their own cookies and process users’ data for their own purposes. In this context, usage profiles of users may be created from the processed data.
We endeavor to use such content in a data‑minimizing and data‑avoiding manner and to select reliable third‑party providers with regard to data security.
Below you will find an overview of the third‑party providers used, their respective services, and links to their privacy policies. These privacy policies contain further information on data processing and, in some cases, options for objection (so‑called opt‑out options).
8.1 Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so‑called cookies, which are text files stored on your computer that enable an analysis of your use of the website.
The information generated by the cookies about your use of this website, such as: - browser type and version, - operating system used, - referrer URL (the previously visited page), - host name of the accessing device (IP address), - time of the server request,
is usually transmitted to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on website activity, and to provide us with other services related to website and internet usage. In this context, pseudonymous user profiles may be created from the processed data.
These purposes also constitute our legitimate interest in data processing. The legal basis for the use of Google Analytics is Art. 6(1)(f) GDPR. Data transmitted by us and linked to cookies, user IDs, or advertising IDs are automatically deleted after 14 months. Data whose retention period has expired are automatically deleted once per month.
We use Google Analytics only with IP anonymization activated. This means that users’ IP addresses are truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users may prevent the storage of cookies by adjusting their browser software settings. Users may also prevent Google from collecting and processing the data generated by the cookie relating to their use of the website by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout.
Alternatively, users may prevent data collection by Google Analytics by clicking the corresponding opt‑out link on our website. An opt‑out cookie will then be set to prevent future collection of your data when visiting this website.
Further information on Google’s use of data for advertising purposes, setting options, and objection options can be found in Google’s privacy information.
8.2 Google Fonts
For the uniform display of fonts and icons, this website uses Google Fonts via the Google Font API. When you access our website, a connection to Google’s servers is established, during which your IP address is transmitted.
This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The transfer of personal data is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in the uniform presentation of the website and the optimization of our online presence.
The IP address is not stored by us.
8.3 Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags via an interface (e.g. for integrating Google Analytics or other Google marketing services). The Tag Manager itself does not process any personal data of users. With regard to the processing of users’ personal data, reference is made to the respective Google services integrated via the Tag Manager.
8.4 GA Audiences
On this website, data are collected and stored by GA Audiences, a web analytics service provided by Google Inc., from which pseudonymous usage profiles are created.
This technology enables users who have previously visited our website or used our online services to be shown targeted advertisements on other external websites within the Google partner network. For this purpose, a cookie is stored on your device, which analyzes user behavior when visiting the website and subsequently uses this information for targeted product recommendations and interest‑based advertising.
Before such cookies are set, we request your consent via our cookie banner. The legal basis for processing is your consent pursuant to Art. 6(1)(a) GDPR.
If you do not wish to receive interest‑based advertising, you can deactivate the use of cookies by Google for these purposes by following the instructions provided by Google.
8.5 DoubleClick
This website uses DoubleClick, an online marketing tool provided by Google Ireland Limited. DoubleClick uses cookies to display advertisements that are relevant to users.
A pseudonymous identification number is assigned to your browser to check which ads have been displayed and which ads have been accessed. The cookies do not contain personal data. They merely enable Google and its partner websites to display ads based on previous visits to this or other websites.
The information generated by the cookies is transmitted to a Google server in the USA and stored there. Google only transfers this data to third parties on the basis of legal requirements or within the scope of commissioned data processing.
Before such cookies are set, we request your consent via our cookie banner. The legal basis for processing is your consent pursuant to Art. 6(1)(a) GDPR. You may prevent data collection by Google by adjusting your ad settings.
8.6 Google Ads
Our website uses Google Ads conversion tracking. If you reach our website via a Google advertisement, Google Ads places a cookie on your device. This cookie expires after 30 days and does not serve personal identification.
If the user visits certain pages of our website while the cookie is still valid, Google and we can recognize that the user clicked on the ad and was redirected to that page. Each Google Ads customer receives a different cookie, which cannot be tracked across Ads customers’ websites.
The information collected via the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Advertisers receive information about the total number of users who clicked on their ad and were redirected to a conversion‑tracked page, but no information that personally identifies users.
Users who do not wish to participate in tracking may object by adjusting their browser settings or blocking cookies from the domain “googleleadservices.com”.
8.7 Facebook Plugins
Our website integrates social media plugins of the social network Facebook, operated by Meta Platforms Inc.
When visiting our website, Facebook receives information that you have accessed our website using your IP address. If you click the Facebook “Like” button while logged into your Facebook account, the content of our website may be linked to your Facebook profile. This allows Facebook to associate your visit to our website with your user account.
We have no influence on the data collected by Facebook or on how Facebook processes this data. Facebook stores the data collected about you as usage profiles and uses them for advertising, market research, and the design of its services.
The use of Facebook plugins is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in making our online offering more attractive and interactive.
8.8 Instagram
Our website uses functions of the Instagram service, operated by Instagram Inc.
If you are logged into your Instagram account, you can link content from our website to your Instagram profile. Instagram stores the data collected about you as usage profiles and uses them for advertising, market research, and the design of its services.
We have no influence on the scope or further use of data processed by Instagram. Further information can be found in Instagram’s privacy policy.
8.9 YouTube
Our website embeds videos from YouTube LLC. When you visit a page containing an embedded YouTube video, YouTube receives information that you have accessed the corresponding subpage of our website.
YouTube stores the data collected about you as usage profiles and uses them for market research, advertising, and the design of its services. This applies regardless of whether you are logged into a YouTube account.
If you do not wish this association, you must log out of your YouTube account before activating the video.
8.10 Meta Pixel
Within our online offering, the Meta Pixel is used for conversion measurement as well as for analyzing and optimizing advertising measures. This is a service provided by Meta Platforms Ireland Limited.
The Meta Pixel enables Meta to identify visitors to our website as a target group for displaying advertisements on Facebook and Instagram. In addition, it allows us to evaluate the effectiveness of our advertising campaigns for statistical and market research purposes.
When visiting our website, a direct connection to Meta’s servers is established via the Meta Pixel. Meta receives information that you have visited our website and which actions you have performed. If you are logged into Facebook or Instagram, Meta may associate this information with your user account.
The data processed are anonymous for us as the website operator, meaning we cannot identify individual users.
9. Rights of Data Subjects
As a data subject, you have the following rights:
- Right to withdraw consent
Pursuant to Art. 7(3) GDPR, you have the right to withdraw any consent you have given to us at any time with effect for the future. This means that we may no longer continue the data processing based on this consent in the future. - Right of access
Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom the data have been or will be disclosed, the planned storage period, the existence of rights to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if not collected from you, and the existence of automated decision-making, including profiling, and meaningful information about its details, if applicable. - Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data concerning you or the completion of incomplete personal data stored by us. - Right to erasure (right to be forgotten)
Pursuant to Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims. - Right to restriction of processing
Pursuant to Art. 18 GDPR, you have the right to request restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful and you oppose erasure, if we no longer need the data but you require them for the establishment, exercise, or defense of legal claims, or if you have objected to processing pursuant to Art. 21 GDPR. - Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request transmission of those data to another controller. - Right to object
Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data, insofar as the processing is based on our legitimate interests, provided that reasons arise from your particular situation. -
Right to lodge a complaint
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your habitual residence, your place of work, or the registered office of our company.
10. Changes to the Privacy Policy
This privacy policy may be saved or printed at any time.
We reserve the right to amend this privacy policy at any time in compliance with applicable data protection regulations in order to reflect legal changes or the further development of our website.
If you visit our website again, we therefore recommend that you review this privacy policy again to stay informed about the processing of your personal data.
