We appreciate your trust!
Therefore, the protection of your data, your personal rights and the observance of your right to informational self-determination in the collection, processing and use of your personal data is important to us. Our data protection practice complies with the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) from May 25th, 2018. Our employees have been obliged to comply with the relevant regulations and guidelines on data protection and data security and to protect data secrecy. In addition, the employees of Shirtinator AG are regularly trained in these areas.
1. We are responsible for your data
As a visitor to our website, you expect a high level of quality from our products and the processing of your personal data. We are responsible for the handling of your data, which we process in accordance with your wishes and the requirements of German and EU data protection laws. Personal data is data that identifies or can be used to identify you. Personal data will only be processed by us, if permitted by law or if you have given your prior consent.
2. Processing of personal data on our website
Calling up our website
Shirtinator AG processes so-called server log files when a user accesses our website (Art. 6 (1) (b) GDPR). These data (browser type and browser version, operating system used, referred URL, host name of the accessing computer, time of server enquiry, IP address) are automatically transmitted to us by your browser and processed by us to enable you to use our website.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data which you transmit via our website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line and the lock symbol in your browser’s line.
Purpose of collection and use of your data
Shirtinator AG is specialized in printing of high-quality textiles and accessories. We store and use your data only for fulfilment and processing of your order (including payment processing), answering your inquiries and for our own advertising purposes.
General information about cookies
We use functions to encourage our website visitors to buy already viewed products (legal basis: Art. 6 (1) (f) GDPR). Our legitimate interest is to advertise the sale of our products. The IP address is anonymized within 24 hours. All other data will be pseudonymised immediately and deleted when the processing purpose ceases. You can object to this processing at any time.
Price search engines
If you get to our website via a price search engine (e.g. www.idealo.com), we collect this information to display the product you are looking for (legal basis: Art. 6 (1) (f) GDPR). We also use this information to recognize the different interest in our products (legal basis: Art. 6 (1) (f) GDPR). We are interested in offering our products to our customers in price search engines, too, in order to compete with other providers there as well. The recipients of this data also are the providers of the price search engines. The IP address is anonymized within 24 hours. All other data will be pseudonymised immediately and deleted when the processing purpose ceases. You can object to this processing at any time.
Shop on our website
This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool used to analyse your user patterns on our website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website the website visitor reviews with preference.
We are also able to determine how long you have stayed on a page of our website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).
Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.
You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.
The use of Hotjar and the storage of the Hotjar cookies are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising.
Deactivation of Hotjar
If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/opt-out.
Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.
For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy.
Contract data processing
We have entered into a contract data processing agreement with Hotjar to implement the stringent European Data Protection Regulations.
In our shop we use functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information about your use of this website, which is generated by the cookie, is usually transferred to a Google server in the USA and stored there. The Google Analytics cookie (legal basis Art. 6 (1) (f) GDPR) is stored on the basis of our legitimate interest in the analysis of user’s behaviour in order to optimize our Internet offer and our advertising. We are supported by Google as a service provider. Google will use this information to evaluate, how the user use our website, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
The IP anonymization function is activated on our website. Your IP address will be reduced by Google within the European Union or in a state party to the Agreement on the European Economic Area prior to transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The legal basis for the transfer of personal data is the so-called EU-US Privacy Shield.
Objection to data collection
Order data processing
We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics. Demographic features on Google Analytics: This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of site visitors. These data come from interest-related advertising by Google and from visitor data from third-party providers. These data cannot be assigned to a specific person. You can disable this feature from your Google Account’s preferences at any time or disallow Google Analytics to collect your information as described in the " Objection to data collection" section.
Social plugins from social networks as Facebook, Instagram, Twitter, YouTube, Pinterest and Google+ can be used on our website. If you visit page on our website that contains such a plugin, your Internet browser (e.g. Internet Explorer or Safari) establishes a direct connection to the servers of the social network provider. The use of the social plugin (legal basis Art. 6 (1) (f) GDPR) is based on our legitimate interest in the analysis of user behavior in order to optimize our Internet offer and our advertising.
The microblogging service Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. The plugins are marked with a Twitter logo, e.g. in the form of a blue "Twitter bird". An overview of the Twitter plugins and their appearance can be found here: https://about.twitter.com/en_us/company/brand-resources.html. When you visit a page of our website that contains a Twitter plugin, your browser establishes a direct connection to the Twitter servers. The content of the plugin is transmitted directly from Twitter to your browser and integrated into the page. The integration gives Twitter the information that your browser has called up the corresponding page of our website, even if you do not have a Twitter profile or are not currently logged in to Twitter. This information (including your IP address) is transmitted directly from your browser to a Twitter server in the USA and stored there. If you are logged in to Twitter, Twitter can immediately associate your visit to our website with your Twitter account. If you interact with the plugins, for example by pressing the "Twitter" button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information will also be published on your Twitter account and displayed to your contacts. The purpose and scope of the data collection and the further processing and use of the data by Twitter as well as your relevant rights and setting options for the protection of your privacy can be found in the Twitter data protection information: https://twitter.com/privacy.
We provide videos published on Youtube.com on our websites. Youtube is a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. The purpose and scope of data collection and use by Google as well as your rights and setting options for protection as a YouTube customer can be found in the YouTube data protection information: (https://www.youtube.com/t/privacy).
Request for information material by letter post
We collect address data for sending information material by post (legal basis: Art. 6 (1) (a) GDPR). The mandatory information is required to enable addressing. The voluntary indication of the salutation enables us to use the title (legal basis: Art. 6 (1) (a) GDPR). You can revoke your consent at any time with effect for the future. We are supported by our technical service providers as contract processors and pass on your address data to logistics, transport and shipping service providers. Your data will be deleted after dispatch. We process the data from orders or registrations and other data collected outside the Internet to the legally permissible extent for advertising by post and for our internal customer analyses (Art. 6 (1) (f) GDPR). Our analyses are regularly pseudonymised.
Contact / Inquiries
If you have any questions or requests, please do not hesitate to contact us. We process your data to answer your product or service enquiries (Art. 6 (1) (b), (f) GDPR). The communication of address and telecommunication data marked as mandatory is necessary in order to be able to process and answer your request. The voluntary provision of further data makes it easier for us to process your request. As a rule, we store the information from your enquiry after answering the enquiry for six months in the event of further enquiries, if these are not commercial or business letters, we store these for six years (§ 257 (4) HGB, Art. 6 (1) (c) GDPR). We use the novomind iAGENT software from novomind AG, Bramfelder Chaussee 45, 22177 Hamburg, Germany, to answer customer inquiries by e-mail. We use the software of IN-telegence GmbH, Oskar-Jäger-Strasse 125, 50825 Köln, Germany, to answer customer inquiries by telephone. Any recording of telephone calls for training purposes and to improve the quality of service shall only take place with the prior express consent of the customer.
We process your required registration data (mandatory data, e.g. name, e-mail address) as well as the further data voluntarily provided within the scope of your use for setting up and using the functions of our online shop (Art. 6 (1) (b) GDPR). We store your registration data for the shop until you cancel your access, as long as there are no other retention periods to the contrary. These can result, for example, from your orders or registrations (see Orders or registrations).
Orders or registrations
By ordering by express delivery and confirming the data protection declaration on our website, you consent to the forwarding of your e-mail address and your telephone number to our postal service providers. They use these in order to offer you the tracking of your order and to be able to continuously inform you about the whereabouts of your ordered goods and the exact delivery time (§ 28 Paragraph 1 Sentence 1 No. 2 BDSG or Art. 6 (1) (f) GDPR)
Use of personal data after selection of payment method
By selecting the method of payment while ordering, you consent to the transfer of the personal data to the payment service provider of your choice, which are necessary for payment, identity check and credit check. These can be: first and last name, address, date of birth, gender, e-mail address, telephone number and, if necessary, data necessary for processing the order, such as the number of articles, article number, invoice amount and taxes in percent. Your data will be transmitted on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing to fulfil a contract).
With your explicit consent, which can be revoked at any time, we inform you by e-mail about our products and promotions such as campaigns and events in our shop and/or about our various product newsletters (§ 7 (2) No.3 UWG). When you give your consent, we process your mandatory data in order to send you the newsletter(s) you have chosen and to address you personally (Art. 6 (1) (f) GDPR). To receive certain newsletters, you first have to register (see explanation under Registration.). When obtaining your consent, we use online the so-called double opt-in procedure to prevent our e-mail messages being sent to e-mail addresses of persons who have not requested them or do not wish to receive them. Your IP address is also recorded and stored for documentation purposes in accordance with the requirements of the data protection supervisory authorities. (Art. 7 (1), Art. 6 (1) (c) GPDR). If you provided us with your e-mail address when you registered or ordered, we will also inform you by e-mail about our products, which are similar to those you purchased. You can of course object to this at any time at basic rates. (§ 7 (3) UWG.) We store your data collected for advertising purposes as long as the advertising purpose exists or until we receive a revocation of your consent or your objection to the processing of your data for advertising purposes (see section 3.).
Integration of the Trusted Shops Trustbadge
We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops products to customers after placing an order.
Changes of purpose
If we change the purposes of the processing in the course of time, we will inform you in advance by updating this data protection notice.
Extended storage periods
The indicated storage periods may be extended accordingly if in individual cases, in particular if the data are processed for different purposes, a longer legal or contractual retention period exists.
3. Right to object and revoke at any time
You have the right to object to the processing of your data at any time for reasons arising from your particular situation, provided that the legal requirements are met. If you object to the processing of your data for advertising purposes or would like to revoke a given consent, a short message to our data protection officer named under point 1, by e-mail to firstname.lastname@example.org or by post to Shirtinator AG, department data protection, Frei-Otto-Straße 18, 80797 Munich is sufficient at any time. Your data will then no longer be processed for the purposes of advertising covered by the advertising objection or revocation of consent. This does not affect the legality of the processing until the objection or revocation. After your objection to the processing of your personal data for advertising purposes or the revocation of your consent, we are obliged under data protection law in accordance with the requirements of the German data protection supervisory authorities to include the data required for this (name, address, e-mail address) in our internal advertising blacklist and to store (block) it permanently - only for this purpose - and to use it for comparison with our future advertising files. (Art. 21 (3), Art. 17 (3) (b), Art. 6 (1) (c) GDPR). In this way, the observance of your advertising objection or the revocation of your consent can be permanently ensured.
4. Rejection/deletion of cookies
You can set up your browser to notify you when cookies are set or to generally refuse or restrict the setting of cookies. If you disable or restrict cookies using your browser, certain functions on our website will not be available to you anymore. If you have not made or do not make any other settings, temporary cookies that enable and ensure the necessary technical functions will delete themselves once they have reached the end of their lifetime. You can delete both permanently and temporarily stored cookies at any time using your web browser, even automatically.
5. Newsletter registration, if you not our customer yet
Shirtinator AG processes your data from the registration for the newsletter to send you the newsletter (Art. 6 (1) (a) GDPR) and for personalized communication with you in the newsletter (Art. 6 (1) (a) GDPR). We process the data from the double opt-in procedure as proof of your consent (Art. 6 (1) (f) GDPR, Art. 13 (1) (d) GDPR). We are supported by our e-mail service provider and other IT service providers as contract processors. We process your data for this purpose until you withdraw your consent to this processing. Sending the newsletter is not possible without providing the e-mail address and the double opt-in procedure. Further information is not absolutely necessary, but allows us to address you personally in the newsletter. All rights to which you are entitled with regard to the processing of personal data can be found in this data protection declaration. You will receive a confirmation e-mail (so-called double opt-in procedure) to confirm your consent. If this remains unanswered, your data will be deleted after 48 hours. This procedure only applies if you register for our newsletter without already being a customer of Shirtinator AG.
Product recommendations via e-mail
6. How secure is your data?
We take technical and organizational security precautions to protect your personal data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons and to guarantee the protection of your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany. The measures taken are intended to ensure the confidentiality and integrity of your data, as well as the long-term availability and resilience of the systems and services used to process your data. They should also quickly restore data availability and access in the event of a physical or technical incident. Our security measures also include encryption of your data. All information you enter online is technically encrypted and only then transmitted. As a result, this information cannot be viewed by unauthorized third parties at any time. Our data processing and security measures are continuously improved in line with technological developments. The employees of Shirtinator AG are or will be obliged in written form to maintain confidentiality and to comply with the data protection requirements of the GPDR.
7. What are mandatory fields?
If certain data fields are designated as mandatory and/or marked with an asterisk ( * ), the provision of this data is either required by law or contract, or we require this data for the conclusion of the contract, the desired service or the stated purpose. The indication of the data is of course also at your discretion in the mandatory fields. Non-disclosure may result in the contract not being fulfilled by us or the requested service not being provided or the stated purpose not being achieved.
8. How can you exercise your privacy rights?
If you have any questions about our processing with your personal data we of course will be happy to provide you with information about the data concerning you. Furthermore, you have the right of correction, deletion, restriction of processing, objection and the right of data communication if the legal requirements are met. In all these cases, please contact our data protection officer (see contact details under item 1.) at the communication addresses listed there. Finally, you have the right of appeal to a competent data protection supervisory authority.
Status: May 2020