We appreciate your trust very much!
Therefore, the protection of your data, your personal rights and the observance of your right to informational self-determination in the collection, processing and use of your personal data are important to us. Our data protection practices are in line with the European General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG), which will come into force on 25 May 2018.
Our employees have been obligated in writing to comply with the relevant regulations and guidelines on data protection and data security.
and guidelines on data protection and data security and to protect data secrecy. In addition
Shirtinator AG employees are also regularly trained in these areas.
1. We are responsible for your data
As a visitor to our website, you expect a high level of quality not only from our products, but also in the processing of your personal data. We are responsible for the handling of your data, which we process according to your wishes and in compliance with German and EU data protection laws. Personal data is data by which you are identified or identifiable. Personal data will only be processed by us if this is permitted by law or if you have given your prior consent.
The person responsible for the collection and processing of personal data is:
Telephone: +49 (0)89 628 25 160
If you have a question about data protection or data security, you can reach our data protection officer at:
Dr. Jochen Notholt
Data protection officer of Shirtinator AG
Our service providers include e.g. printers, logistics companies, data centres, analysis service providers and payment service providers. Our service providers are prohibited from processing your data for other purposes or for themselves. It is important to us that you can find out at any time from the following information which personal data is collected during your visit to our website and when you place an order in our shop, and how we process this data afterwards.
2. Processing of personal data on our website, purposes of processing and legal basis
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the identity of that natural person. Personal data is processed on our website when this is necessary for the following purposes: - based on your request and given consent (legal basis: Art. 6 (1) (a) Data Protection Regulation - hereinafter: DSGVO) - for the use of the website (legal basis: Art. 6 (1) (b) DSGVO), - to protect our interest in improving the user experience, advertising our services and/ or maintaining the security of use (legal basis: Art. 6 (1) (f) DSGVO), - for the use of the services offered on the website as well as for pre-contractual measures, in particular for your enquiries (legal basis: Art. 6 (1) (a) and/or Art. 6 (1) (b) DSGVO), - for the conclusion and performance of a contract (legal basis: Art. 6 (1) (b) DSGVO) and/or - for the fulfilment of a legal obligation to which we are subject (such as tax law requirements and storage obligations, legal basis: Art. 6 (1) (c) DSGVO).
Further details on the processing of data can be found below under the corresponding headings:
Calling up our website
Shirtinator AG - as is usual and necessary for Internet sites - processes so-called server log files when the user calls up our Internet site (Art. 6 (1) (b) DSGVO). This data (browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address) is automatically transmitted to us by your browser and processed by us to enable you to use our website.
This data is also processed by our technical service providers, who support us in providing the website. Without processing this data, you will not be able to use our website. The legal basis for this is our legitimate interest in maintaining the technical operation of our website ((Art. 6 (1) (f) DSGVO). This data is deleted immediately after the connection to our website is terminated. Insofar as further use of data takes place at the same time, this is described below.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data which you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
Purpose of the collection and use of your data
Shirtinator AG specialises in the printing of high-quality textiles and accessories. We store and use the data you provide only for the purpose of fulfilling and processing your order (including payment processing), answering your enquiries and for our own advertising purposes.
Shirtinator AG only passes on personal customer data to third parties (service partners) who absolutely require the transfer of data in order to process the contract. Third parties can be, for example, payment service providers or logistics companies. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. We save the text of the contract and send you the order data by e-mail. You can view the terms and conditions at any time here (https://www.shirtinator.de/agb). You can view past orders in your customer account.
General information about cookies
Usercentrics Cookie Tool (CMP)
Recipient of your data in the sense of Art. 13. para. 1. e) DSGVO (GDPR) is Usercentrics GmbH. In the context of order processing, (YOUR COMPANY) transmits personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as a processor. Consent data means the following data: Date and time of the visit or consent / refusal, device information. The processing of the data is carried out for the purpose of compliance with legal obligations (obligation to provide evidence pursuant to Art. 7 (1) DSGVO) and the associated documentation of consents and thus on the basis of Art. 6 (1) lit. c) DSGVO. Local storage is used to store the data.
The consent data is stored for 1 year. The data is stored in the European Union. For more information about the collected data and contact options, please visit https://usercentrics.com/privacy-policy/.
Shirtinator uses - depending on your selection - the following cookies:
Further information can be found in our Consent Management Tool ("Cookie Tool").
Price search engines
If you come to our website via a price search engine (e.g. www.idealo.de), we collect this information to display the product you are looking for (legal basis: Art. 6 (1) (f) DSGVO). We also use this information to identify the different interest in our products (legal basis: Art. 6 (1) (f) DSGVO). We have an interest in offering our customers our offers in price search engines in order to compete with other providers there as well. The recipients of this data are also the providers of the price search engines. The IP address is anonymised within 24 hours. All other data is immediately pseudonymised and deleted when the purpose of the processing no longer applies. You can object to this processing at any time.
Shop on our website
We offer you the possibility to register for our online shop on our website. We process the data provided for this purpose in order to provide you with the online shop (legal basis: Art. 6 (1) (b) DSGVO). The mandatory information requested must be provided, otherwise we will refuse registration. We process further voluntary information in accordance with the user's consent (Art. 6 (1) (a) DSGVO). Consent can be revoked at any time with effect for the future. We are supported in this by our technical service providers as order processors. The mandatory data within the scope of registration will be processed by us as long as the registration exists and deleted thereafter, unless there are contractual or legal reasons for storage to the contrary.
Within the scope of our shop, we use the functions of the web analysis service Google Analytics. The provider is Google. Google is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and companies affiliated with Google. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, EU is the responsible party for the Google services. Google Ireland Limited is therefore the company affiliated with Google LLC whose services are integrated and must also comply with the GDPR.
Google Analytics uses so-called "cookies". These are data records that are stored on your terminal device and enable an analysis of your use of the website. The legal basis is Art. 6 (1) (a) DSGVO (consent).
We currently use the versions "Google Universal Analytics" and "Google Analytics 4". "Google Universal Analytics" will only be used for a limited transitional period, after which "Google Analytics 4" will be used exclusively.
Google Analytics 4 enables the data protection-friendly collection of data even without cookies or other "identifiers". As far as this is possible, we have made the appropriate settings. Google Analytics 4 also anonymises the IP address by default. By activating IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
The information collected is used to evaluate your use of the website, to compile reports on website activity and to provide other services to the website operator in connection with website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google Analytics is only used with your prior consent. This consent is voluntary and can be revoked at any time (see below on the rights of data subjects).
You can also prevent the collection of data generated by the cookie and related to your use of the website (incl. IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: Install browser plugin: https://tools.google.com/dlpage/gaoptout?hl=de.
Finally, you can also prevent the collection of data by Google Analytics 4 by deactivating it in the Consent Tool.
https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de&gl=de
In addition, we refer to the following information from Google:
https://policies.google.com/privacy/frameworks?hl=de and https://support.google.com/adspolicy/answer/10042247?hl=de
as well as https://support.google.com/analytics/answer/6004245
Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google Ads, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page.
Each Google Ads customer receives a different cookie. The cookies cannot be tracked across Google Ads clients' websites. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The storage of "conversion cookies" and the use of this tracking tool are based on Art. 6 (1) (a)para. 1 lit. f DSGVO (consent). The website operator also has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Google is entitled to update this list in accordance with the provisions of the Google Advertising Products Order Data Processing Terms.
In relation to the Google Advertising Products Order Data Processing Terms (and depending on which order processing services are used under the relevant agreement), the following types of personal data may constitute customer personal data:
Names, email addresses, telephone numbers, addresses, customer-provided identifiers, online identifiers (including Internet Protocol addresses)
Google Ads customer matching
Names, email addresses, addresses and partner-provided identifiers
Bing Universal Event Tracking (UET)
Our website uses Bing Ads technology to collect and store data that is used to create usage profiles using pseudonyms. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website if they have reached our website via ads from Bing Ads. If you arrive on our website via such an ad, a cookie is set on your computer. A Bing UET tag is integrated on our website. This is a code that, in conjunction with the cookie, stores some non-personal information about your use of the website. This includes, among other things, the length of time spent on the website, which areas of the website were accessed and via which advertisement the users arrived at the website. Information about your identity is not collected. The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data, by deactivating the setting of cookies. This may restrict the functionality of the website under certain circumstances. In addition, Microsoft may be able to track your usage behaviour across multiple electronic devices through cross-device tracking, which enables Microsoft to display personalised advertising on or within Microsoft websites and apps.
AWIN Performance Advertising Network
We participate in the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter "AWIN"). As part of its tracking services, AWIN stores cookies for the documentation of transactions (e.g. of "sales leads") on end devices of users who visit or use websites or other online offers of its customers (e.g. registering subscription to a newsletter or placing an online order). These cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing within the framework of its network.
In the context of the Awin Pixel function, the voucher code used, if any, is transmitted to AWIN as additional information, provided that you have made this data available to us and have given your consent for this.
Only the information about when a particular advertising medium was clicked on by an end device is placed in a cookie. In the AWIN tracking cookies, an individual sequence of numbers is stored, which cannot be assigned to the individual user, with which the partner programme of an advertiser, the publisher and the time of the user's action (click or view) are documented. AWIN also collects information about the end device from which a transaction is carried out, e.g. the operating system and the calling browser.
All of the processing described above, in particular the reading of information on the end device used, only takes place if you have given your express consent to this in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with future effect by deactivating this service in the "Cookie Consent Tool" provided on the website.
Content Delivery Network (CDN): cloudimage
We use the CDN cloudimage.io from Scaleflex, 21 Rue du Commandant Fuzier, 69003 Lyon, France. You can find more information about data protection there: https://privacy.scaleflex.com/go/scaleflex-privacy-center/en/privacy-by-design.
A Content Delivery Network, or Content Distribution Network, is a network of regionally distributed servers connected via the Internet to deliver content, especially large media files. This enables us to display our content more quickly and reliably on our website for you and to optimise our marketing measures (Art. 6 (1) (f) DSGVO ).
Objection to data collection
We have concluded an order processing contract with Google. Demographic characteristics with Google Analytics: This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".
Advantage offers from Sovendus GmbH: In order to select an advantage offer that is currently of interest to you regionally, we transmit your title, year of birth, country, postcode, hash value of the e-mail address and your IP address to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus) in pseudonymised and encrypted form (Art. 6 para. 1 f DSGVO). The pseudonymised hash value of the e-mail address will also be used by Sovendus to take into account any objection to advertising (Art. 21 para.3, Art. 6 para.1 c DSGVO). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymised after seven days (Art. 6 para. 1 f DSGVO).
Insofar as necessary for the respective advantage offer, your name, address data, e-mail address and/or telephone number will be transmitted by us in encrypted form to Sovendus when you click on the advantage offer in order to prepare the personalised request for the advantage offer from the product provider (Art. 6 para.1 b, f DSGVO).
For further information on the processing of your data by Sovendus, please refer to the online data protection information at www.sovendus.de/datenschutz.
Meta "visitor action pixel
The "visitor action pixel" is a service provided by Meta Platforms, Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (Meta) or if you are an EU resident, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Meta). This enables us to determine target groups for advertisements on the Meta platforms Facebook and Instagram based on website visits and surfing behaviour there. We also use this pixel to measure the effectiveness of online marketing measures. This allows us to track the actions of users after they have seen and/or clicked on a Facebook ad or Instagram ad and subsequently placed an order. When the website is called up, the pixel is immediately integrated by Meta and can save a cookie on your end device. If you subsequently log in to Facebook/Instagram or are already logged in to Facebook/Instagram, your website visit will be noted in your profile. The user data collected is anonymous for us and therefore does not allow us to draw any conclusions about the user's identity. However, this data is stored and processed by Meta so that it is possible to draw conclusions about the respective user profile. The data processing by Meta is carried out in accordance with Meta's data usage policy. If you are not a member of Facebook/Instagram, you are not affected by this data processing.
Request for information material by letter post
We collect address data for sending information material by post (legal basis: Art. 6 (1) (a) DSGVO). The mandatory data is required to enable addressing. The voluntary indication of the form of address enables us to address you (legal basis: Art. 6 (1) (a) DSGVO). You can revoke your consent at any time with effect for the future. We are supported by our technical service providers as order processors and pass on your address data to logistics, transport and shipping service providers. Your data will be deleted after dispatch. We process the data from orders or registrations and other data collected outside the Internet to the legally permissible extent for advertising by post and for our internal customer analyses (Art. 6 (1) (f) DSGVO). Our analyses are regularly pseudonymised.
Contact / Inquiries
If you have any questions or requests, please do not hesitate to contact us. We process your information to answer your product or service enquiries (Art. 6 (1) (b), (f) DSGVO). The communication of address and telecommunication data marked as mandatory is necessary in order to process and answer your request. The voluntary provision of further data facilitates the processing of your request. We usually store the information from your enquiry for six months after answering the enquiry in case of further enquiries, if it does not concern commercial or business letters, we store these for six years (§ 257 para. 4 HGB, Art. 6 (1) (c) DSGVO). We use the Zendesk Suite software from Zendesk GmbH (c/o TaylorWessing), Neue Schönhauser Str. 3-5, 10178 Berlin, to answer customer enquiries by e-mail. To answer customer enquiries by telephone, we use the software of easybell GmbH, Brückenstraße 5a, 10179 Berlin. Any recording of telephone calls for training purposes and to improve the quality of service will only take place with the customer's prior express consent.
We process your required registration data (mandatory data, e.g. name, e-mail address) as well as the further data voluntarily provided within the scope of your use for the set-up and your use of the functions of our online shop (Art. 6 (1) (b) DSGVO). We store your registration details for the shop until you cancel your access, insofar as this does not conflict with other retention periods. These can result, for example, from your orders or registrations (see point Orders or registrations).
Orders or registrations
In the case of an order or registration or other contract-related enquiries, we first process your personal data for the processing or handling of the order or registration or other contract-related enquiry and, if necessary, for the corresponding invoicing (Art. 6 (1) (b) DSGVO). Insofar as data are marked as mandatory, they are required for the processing or handling of the corresponding contract or for invoicing. By completing an order and confirming the data protection declaration on our website, you consent to the forwarding of your personal data necessary for production, address verification and correction as well as dispatch of your order to our service providers. We store your data relevant to the order, registration or other contract-related enquiries and the associated documents (e.g. commercial letters, invoices) in accordance with the legal requirements after conclusion of the contract for six years (§ 257 para. 4 HGB, Art. 6 (1) (c) DSGVO) or ten years (§ 147 para. 3 AO, Art. 6 (1) (c) DSGVO).
By ordering express delivery and confirming the data protection declaration on our website, you consent to your e-mail address and telephone number being passed on to our postal service providers. They use these to offer you tracking of your order and to be able to keep themselves informed about the whereabouts of your ordered goods and the exact time of delivery (§ 28 para. 1 sentence 1 no. 2 BDSG and Art. 6 (1) (f) DSGVO).
Use of personal data after selection of the payment method
By selecting the payment method when placing your order, you consent to the transfer of the personal data required for the payment and any identity and credit checks to the payment service provider selected by you. This may include: first and last name, address, date of birth, gender, e-mail address, telephone number and, if necessary, data required for the processing of the order, such as the number of items, item number, invoice amount and tax percentage. The transmission of your data is based on Art. 6 (1) (a) DSGVO (consent) and Art. 6 (1) (b) DSGVO (processing for the performance of a contract).
The legal basis for processing by us is Art. 6 (1) (b) DSGVO (pre-contractual measures, performance of a contract) as well as 6 (1) (f) and (c) DSGVO (legitimate interest and legal obligations to provide evidence). In addition, we have the legitimate interest via the payment functionalities to be able to offer you effective, widespread and secure payment options, Article (1) (f) DSGVO.
You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
You can find detailed information about the security of your data with the payment providers we offer for selection via the following links:
Credit card: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA
PayPal: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Invoice: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
Sofort bank transfer: Sofort GmbH (part of the Klarna Group), Theresienhöhe 12, 80339 Munich, Germany
Giropay (via Stripe), Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt (available in Germany only)
ApplePay (via Stripe)
GooglePay (via Stripe)
If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we will pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b DSGVO. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this purpose. You can find more information about Stripe's data protection at the URL https://stripe.com/de/terms.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of PayPal's legitimate interest in determining your solvency or on the basis of your consent, Art. 6 Para. 1 lit. a DSGVO. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
Instant bank transfer
If you choose the payment method "SOFORT", the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT"), to whom we pass on the information you provided during the ordering process, together with information about your order, in accordance with Art. 6 Para. 1 lit. b DSGVO. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT and only insofar as it is necessary for this purpose. You can obtain further information about the data protection provisions of SOFORT at the following Internet address: https://www.klarna.com/sofort/datenschutz
If you select a Klarna payment service, the payment will be processed by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable the processing of the payment, your personal data (first name and surname, street, house number, postcode, town, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be passed on to Klarna for the purpose of checking your identity and creditworthiness, provided that you have expressly consented to this in accordance with Art. 6 Para. 1 lit. a DSGVO during the ordering process. You can find out which credit agencies your data may be forwarded to here:
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship.
You can withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the processing of payments in accordance with the contract.
Your personal data will be handled in accordance with the applicable data protection regulations and as specified in Klarna's data protection policy for data subjects located in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy and for data subjects located in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.
With your explicit consent, which can be revoked at any time, we will inform you by e-mail about our products and promotions such as competitions and events in our shop and/or about our various product newsletters (§ 7 para. 2 no. 3 UWG). We process your obligatory details when you give your consent in order to send you the newsletter(s) you have selected and to be able to address you personally (Art. 6 (1) (f) DSGVO). In order to receive certain newsletters, you must first register (see explanation under point Registration.). When obtaining your consent, we use the so-called double opt-in procedure online to prevent our e-mail messages from being sent to e-mail addresses of persons who have not requested or do not wish to receive them. In accordance with the requirements of the data protection supervisory authorities, your IP address is also recorded and stored for documentation purposes. (Art. 7 (1), Art. 6 (1) (c) DSGVO). If you have provided us with your e-mail address when registering or ordering, we will also inform you by e-mail about our products that are similar to the ones you have purchased. Of course, you can object to this at any time at basic rates. (We store your data collected for advertising purposes for as long as the advertising purpose exists or until we receive a revocation of your consent or your objection to the processing of your data for advertising purposes (see section 3).
The technical processing of the newsletter dispatch is carried out by our partner company, Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna, to which we transmit the aforementioned data for this purpose. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the e-mail address email@example.com or via a link provided for this purpose in the newsletter.
Product recommendations by e-mail
We send our customers information and offers by e-mail. You will receive these product recommendations if you are our customer, regardless of whether you have subscribed to a newsletter. For the selection of individual product recommendations, we use information about your previous orders and, if you have participated in them, information from your participation in customer surveys as well as your e-mail address.
With our product recommendations, we can make you offers that are better suited to your interests and needs. This is also the purpose we pursue with the product recommendations. The legal basis for the processing of your data in connection with product recommendations is Art. 6 para. 1 p. 1 lit. f. DSGVO.
If you no longer wish to receive individual product recommendations from us, you can object informally at any time without incurring transmission costs other than those according to the basic rates, e.g. by e-mail. Of course, you can also use the unsubscribe link contained in every e-mail.
Changes of purpose
If we change the purposes of processing over time, we will inform you in advance by updating this privacy notice.
Extended storage periods
The specified storage periods may be extended accordingly if, in individual cases, in particular if the data is processed for different purposes, there is a longer statutory or contractual retention period. 3.
4. Right of objection and revocation at any time
You have the right to object to the processing of your data at any time for reasons arising from your particular situation, if the legal requirements are met. If you object to the processing of your data for advertising purposes or wish to revoke a consent you have given, it is sufficient at any time to send a short message to our data protection officer named under point 1, by e-mail to firstname.lastname@example.org or by post to Shirtinator AG, Department of Data Protection, Frai-Otto-Str. 18, 80797 Munich. Your data will then no longer be processed for the advertising purposes covered by the objection to advertising or the revocation of consent. The lawfulness of the processing carried out until the objection or revocation remains unaffected. After your objection to the processing of your personal data for advertising purposes or the revocation of your consent, we are obliged under data protection law, in accordance with the requirements of the German data protection supervisory authorities, to include the data required for this purpose (name, address, e-mail address) in our internal advertising blacklist and to store (block) it permanently - only for this purpose - and to use it for comparison with our future advertising files. (Art. 21 (3), Art. 17 (3) (b), Art. 6 (1) (c) DSGVO). In this way, we can ensure that your objection to advertising or revocation of your consent is permanently respected.
5. Rejection/deletion of cookies
You can set your web browser so that it notifies you when cookies are set or generally rejects or restricts the setting of cookies. If you deactivate or restrict cookies using your browser, you will no longer be able to use various functions on our website. If you have not made or do not make any other settings, temporary cookies, which are intended to enable and ensure the necessary technical functions, will delete themselves once they have reached the end of their life. You can delete both permanently and temporarily stored cookies at any time using your web browser, even automatically. You can find out about this option for the most commonly used browsers via the following links:
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
6. Newsletter registration, if you are not a customer of ours
Shirtinator AG processes your data from the newsletter registration to send you the newsletter (Art. 6 (1) (a) DSGVO) and for personalised communication with you in the newsletter (Art. 6 (1) (a) DSGVO). We process the data from the double opt-in procedure to prove that you have given your consent (Art. 6 (1) (f) DSGVO, Art. 13 (1) (d) DSGVO). We are supported in this by our e-mail service provider and other IT service providers as order processors. We process your data for this purpose until you revoke your consent to this processing. It is not possible to send the newsletter without providing the e-mail address and the double opt-in procedure. The other details are not mandatory for this purpose, but enable us to address you personally in the newsletter. All rights to which you are entitled with regard to the processing of personal data can be found in this data protection declaration. You will receive a confirmation e-mail to confirm your consent (so-called double opt-in procedure). If this remains unanswered, your data will be deleted after 48 hours. This procedure is only used if you register for our newsletter without already being a customer of Shirtinator AG.
The technical processing of the newsletter dispatch is carried out by our partner company, Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna, to which we transmit the aforementioned data for this purpose. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the e-mail address email@example.com or via a link provided for this purpose in the newsletter.
7. Recipients of personal data and third country transfers
Personal data is disclosed to the following categories of recipients: Our employees as well as our order processors to the extent necessary, in particular the hoster of our website as well as the third-party services named above depending on which you have agreed to or use.
Beyond this, the personal data concerning you will not be passed on to third parties without your express consent (Art. 6 (1) (a) DSGVO), unless we are legally obliged to do so (Art. 6 (1) (c) DSGVO) or the passing on of data is absolutely necessary for the implementation of a contractual relationship (Art. 6 (1) (b) DSGVO). We do not intend to process personal data in a third country beyond the services described above.
We otherwise only process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) if it is necessary for the fulfilment of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. The same applies to processing by third parties on our behalf, the disclosure of personal data concerning you to third parties and the transfer of such data to third parties. Service providers who process personal data on our behalf in a third country are also only used if an "adequacy decision" of the European Commission (Art. 45 GDPR) exists for this third country, "appropriate safeguards" (Art. 46 GDPR) such as "internal data protection rules" (Art. 47 GDPR) are in place at the recipient or we have so-called "standard data protection clauses" (Art. 46 (2) (c) GDPR).
Information on the adequacy decisions can be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_de, on suitable guarantees at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de and on internal data protection regulations at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_de. Standard data protection clauses can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de.
8. How secure is your data?
We take technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany. The measures taken are intended to guarantee the confidentiality and integrity of your data and to ensure the availability and resilience of the systems and services when processing your data in the long term. Our security measures also include encryption of your data. All information that you enter online is technically encrypted and only then transmitted. This means that this information cannot be viewed by unauthorised third parties at any time. Our data processing and security measures are continuously improved in line with technological developments. The employees of Shirtinator AG are or will be obligated in writing to maintain confidentiality and to comply with the data protection requirements of the DSGVO.
9. What are mandatory data or mandatory fields?
If certain data fields are designated as mandatory fields and/or marked with an asterisk ( * ), the provision of this data is either required by law or contract, or we require this data for the conclusion of the contract, the desired service or the stated purpose. The provision of data is of course at your discretion, even in the case of mandatory fields. Failure to provide this information may result in us not being able to fulfil the contract, provide the requested service or achieve the stated purpose.
10. How can you exercise your data protection rights?
You are not legally obliged to provide personal data relating to yourself. However, the provision of such data may be necessary for the conclusion of a contract or for website functions. If you do not provide it, a contract or a function on the website may not be offered.
No automated decision-making takes place on our website.
Your rights as a person affected by data protection law result in particular from Art. 15 to 23 and Art. 77 DSGVO as well as from §§ 32 to 37 Federal Data Protection Act.
With regard to personal data concerning you, you have the right to information, Art. 15 of the Data Protection Regulation and, if the legal requirements are met, the right to rectification, Art. 16 of the Data Protection Regulation, deletion, Art. 17 of the Data Protection Regulation, restriction of processing, Art. 18 of the Data Protection Regulation and data portability, Art. 20 of the Data Protection Regulation.
Finally, you have the right to object to the processing of personal data, Art. 21 of the GDPR, see further information below. If you have given your consent to the processing of personal data, you have the right of revocation, Art. 7 of the GDPR, with effect for the future.
You can address all enquiries, requests and notifications to us.
If you are of the opinion that the processing of personal data concerning you violates data protection law, you always have the right to lodge a complaint with the competent supervisory authority, cf. Art. 77 DSGVO. Without prejudice to any other administrative or judicial remedy, you have this right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement.
The data protection declaration must be adapted to the actual circumstances and the legal situation from time to time. Please check the data protection declaration before using our shop in order to be up to date with possible changes or updates.
Information about the right of objection according to Article 21 DSGVO
1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of data concerning you for the purpose of such marketing. If you object to the processing for direct marketing purposes, we will no longer process the personal data concerning you for these purposes.
The objection can be made form-free and should preferably be addressed to us.
Status: July 2023