PRIVACY POLICY

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Non-provision will have no consequences. This applies only if no other specific information is provided in the subsequent processing procedures.

"Personal data" refers to any information relating to an identified or identifiable natural person.

Server Logfiles

You can visit our website without providing any personal information. Each time you access our website, usage data is transmitted to us or to our web hosting/IT service provider via your internet browser and stored in log files (so-called server logfiles). These stored data may include, for example, the name of the page accessed, the date and time of the request, the IP address, the amount of data transferred, and the requesting provider.
The processing is based on Article 6(1)(f) GDPR due to our legitimate interest in ensuring the smooth operation of our website and improving our service offering.
Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. An adequacy decision has been made by the EU Commission for Canada. For the USA, an adequacy decision by the EU Commission exists under the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's standard contractual clauses.

Contact

Data Controller
You may contact us upon request. The responsible party for data processing is:
William Fan, Große Hamburger Str. 25, 10115 Berlin, Germany,
+49 30 55527292, service@williamfan.com

Customer-Initiated Contact via Email
If you contact us proactively by email, we collect your personal data (name, email address, message content) only to the extent you provide. The data processing is intended for processing and responding to your inquiry.
If the contact is for pre-contractual measures (e.g., advice on purchasing interest, quotation requests) or concerns an already concluded contract between you and us, the data processing is based on Article 6(1)(b) GDPR.
If the contact is for other reasons, the data processing is based on Article 6(1)(f) GDPR due to our legitimate interest in processing and responding to your request. In this case, you have the right to object at any time to the processing of your personal data based on Article 6(1)(f) GDPR for reasons arising from your particular situation.
We use your email address solely for processing your inquiry. Your data will be deleted after the legal retention periods have expired, unless you have consented to further processing and use.

Use of Calendly

We use the appointment booking function “Calendly” provided by Calendly LLC (BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA) on our website.
By using this function, we collect and process your personal data (first and last name, email address, phone number, message content) only to the extent you provide. The data processing is for the purpose of scheduling appointments and improving user convenience.
Calendly uses technologies such as cookies. Among other things, the following information may be collected and transmitted to Calendly: IP address, date and time of the page view, device model, browser information, operating system used, and location.
Your data may be transmitted to third countries such as the USA. An adequacy decision by the EU Commission exists for the USA under the Trans-Atlantic Data Privacy Framework (TADPF). Calendly is certified under the TADPF and thus commits to complying with European data protection principles.
The processing of your personal data for appointment booking is based on Article 6(1)(b) GDPR to fulfill the contract concluded with us or to carry out pre-contractual measures.
The use of cookies or similar technologies is done with your consent, based on Section 25(1) sentence 1 TDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data through cookies is based on your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the withdrawal.

Further Information on Data Protection and Cookie Usage with Calendly
You can find further information on data protection and cookie usage by Calendly at https://calendly.com/privacy.

Customer Account
When opening a customer account, we collect your personal data to the extent provided there. The data processing serves the purpose of improving your shopping experience and simplifying the order processing. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the legality of the processing based on your consent prior to the withdrawal. Your customer account will then be deleted.

Collection, Processing, and Sharing of Personal Data in Orders
When placing an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. The provision of the data is required for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. The processing is based on Article 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data may be shared, for example, with shipping companies, dropshipping or fulfillment providers, payment service providers, order processing services, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transmission is limited to a minimum.
Your data may be transmitted to third countries outside the EU, particularly to Canada and the USA, and processed there.
For Canada, an adequacy decision by the EU Commission exists. For the USA, an adequacy decision by the EU Commission exists under the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s standard contractual clauses.

Advertising

Use of Email Address for Newsletter Distribution
We use your email address solely for our own advertising purposes for sending newsletters, independent of the contractual processing, if you have expressly consented to this. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing based on your consent until the withdrawal. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.

Use of Mailchimp
We use the service of Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308, USA; "Mailchimp") for sending newsletters, within the framework of a data processing agreement.
We share the information you provide during the newsletter sign-up (email address, possibly first and last name) with Mailchimp. The data processing serves the purpose of sending newsletters and performing statistical analysis.
To evaluate newsletter campaigns, the sent newsletters contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked any integrated links. In this context, we collect your personal data such as IP address, browser type, device, and timestamp. Usage profiles may be created from this data under a pseudonym. The collected data is not used to personally identify you. The collected data is solely used for statistical evaluation to improve newsletter campaigns.
Your data is typically transmitted to Mailchimp's servers in the USA and stored there. For the USA, an adequacy decision by the EU Commission exists under the Trans-Atlantic Data Privacy Framework (TADPF). Mailchimp is not certified under the TADPF. The data transfer is based, among other things, on Standard Contractual Clauses as appropriate safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

The processing of your personal data is based on Article 6(1)(f) GDPR due to our legitimate interest in having a targeted, effective, and user-friendly newsletter system. You have the right to object at any time to the processing of your personal data based on Article 6(1)(f) GDPR for reasons arising from your particular situation.

For more information and Mailchimp’s privacy policy, please visit:

• https://mailchimp.com/de/legal/data-processing-addendum/
• https://www.intuit.com/privacy/statement/

Shipping Service Providers

Sharing the Email Address with Shipping Companies to Inform About the Shipping Status
We share your email address with the shipping company as part of the contract processing, provided you have expressly consented to this during the order process. The purpose of the data sharing is to inform you via email about the shipping status. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us or the shipping company, without affecting the legality of the processing carried out based on your consent until the withdrawal.

Use of an External Inventory Management System
We use an inventory management system for contract processing as part of a data processing agreement. For this purpose, your personal data collected during the order process is transmitted to
weclapp GmbH, Friedrich-Ebert-Straße 28, 97318 Kitzingen, Germany.
The processing of your personal data serves the purpose of fulfilling the contract with you and is based on Article 6(1)(b) GDPR.

Payment Service Providers and Credit Information

Use of PayPal Checkout
We use PayPal Checkout on our website, provided by PayPal (Europe) S.à r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you payment through this service. When selecting and using PayPal for payment, including credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data necessary for the payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.
Cookies may be stored during this process, allowing for the recognition of your browser. The data processing resulting from this is based on Article 6(1)(f) GDPR due to our legitimate interest in providing a customer-oriented offering of different payment methods. You have the right to object to the processing of your personal data based on Article 6(1)(f) GDPR at any time for reasons related to your particular situation.

Credit Card via PayPal, Direct Debit via PayPal & “Pay Later” via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies. PayPal will transmit the personal data required for a credit check to a credit agency and use the received information about the statistical likelihood of payment default to make a balanced decision regarding the initiation, execution, or termination of the contractual relationship. The credit report may include probability values (score values) based on scientifically recognized mathematical-statistical methods, and may include address data in the calculation. Your legitimate interests will be considered according to legal provisions. The data processing serves the purpose of credit checking for contract initiation and is based on Article 6(1)(f) GDPR due to our legitimate interest in protecting against payment defaults when PayPal makes advance payments.
You have the right to object to this processing of your personal data based on Article 6(1)(f) GDPR at any time, for reasons arising from your particular situation, by notifying PayPal.
Providing the data is necessary to conclude the contract with the desired payment method. Failure to provide the data will result in the contract not being concluded with the selected payment method.

Third-party Providers
When paying through a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. To carry out the payment, PayPal may then forward the data to the respective provider. This processing is based on Article 6(1)(b) GDPR. Local third-party providers may include:

• Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
• Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
• giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)

Invoice Purchase via PayPal
For payments via invoice purchase, the data required for payment processing is first transmitted to PayPal. To process this payment method, PayPal will then forward the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; “Ratepay”) to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.
Ratepay may conduct a credit check based on mathematical-statistical methods (probability or score values) using credit agencies, as described earlier. The data processing serves the purpose of credit checking for contract initiation and is based on Article 6(1)(f) GDPR due to our legitimate interest in protecting against payment defaults when Ratepay makes advance payments.
For more information on data protection and the credit agencies used by Ratepay, please visit:

• https://www.ratepay.com/legal-payment-dataprivacy/
• https://www.ratepay.com/legal-payment-creditagencies/

For further details on data processing when using PayPal, please refer to their privacy policy at:

• https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of Klarna Payment Options
We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; "Klarna") on our website. By selecting and using payment via Klarna, the data necessary for processing the payment will be transmitted to Klarna to fulfill the contract with you using the chosen payment method. This processing is based on Article 6(1)(b) GDPR.
Cookies may be stored during this process, allowing for the recognition of your browser. The data processing resulting from this is based on Article 6(1)(f) GDPR due to our legitimate interest in offering a customer-friendly range of payment methods. You have the right to object to this processing of your personal data based on Article 6(1)(f) GDPR at any time for reasons related to your particular situation.

"Pay Later" (Invoice), "Pay Now" (Direct Debit, Credit Card, Instant Transfer), "Financing" (Installment Payments)
For certain payment methods such as "Pay Later" (Invoice), "Pay Now" (Direct Debit, Credit Card, Instant Transfer), or "Financing" (Installment Payments), Klarna reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies.
For this purpose, Klarna will transmit personal data such as first and last name, address, gender, email address, IP address, and other order-related data to a credit agency for identity and credit checks. Klarna will use the received information about the statistical probability of payment default to make a balanced decision regarding the initiation, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, with address data being included in the calculation. Your legitimate interests will be considered in accordance with legal requirements. The data processing serves the purpose of credit checks for contract initiation and is based on Article 6(1)(f) GDPR due to our legitimate interest in protecting against payment defaults when Klarna makes advance payments.
You have the right to object to this processing of your personal data based on Article 6(1)(f) GDPR at any time, for reasons arising from your particular situation, by notifying Klarna.
Providing the data is necessary for concluding the contract with the desired payment method. Failure to provide the data will result in the contract not being concluded with the selected payment method.
For further information, particularly about which credit agencies Klarna shares your personal data with, visit:

• https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

General information about Klarna is available at:

• https://www.klarna.com/de/.

Klarna processes your personal data in accordance with applicable data protection regulations and Klarna’s privacy policy, which can be found here:

• https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

Cookies
Our website uses cookies. Cookies are small text files that are stored in the user's web browser or on the user's computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows for the unique identification of the browser upon returning to the website.
Cookies are stored on your computer, so you have full control over the use of cookies. By adjusting the relevant settings in your web browser, you can be notified before cookies are set and can decide individually whether to accept them, as well as prevent the storage of cookies and transmission of the contained data. Any cookies already stored can be deleted at any time. However, please note that you may not be able to fully use all the features of this website without them.
Below are links where you can find out how to manage cookies in the most popular browsers (including disabling them):
Browser-specific instructions for managing cookies:

• Chrome: https://support.google.com/accounts/answer/61416?hl=en
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
• Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-allow-and-disallow
• Safari: https://support.apple.com/en-us/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically Necessary Cookies
Unless otherwise specified in this privacy policy, we only use technically necessary cookies to make our offer more user-friendly, efficient, and secure. Cookies also allow our systems to recognize your browser after switching pages and offer you services. Some features of our website cannot be offered without the use of cookies. It is necessary for the browser to be recognized even after changing pages.
The use of cookies or similar technologies is based on § 25(2) TDDG. The processing of your personal data is based on Article 6(1)(f) GDPR due to our legitimate interest in ensuring optimal website functionality and offering a user-friendly and effective service. You have the right to object to this processing of your personal data at any time for reasons related to your particular situation.

Communication
Use of the Live-Chat System Chatra
We use the live-chat system Chatra from Roger Wilco LLC (2200 Clarendon Blvd., Suite 1400A, Arlington, VA 22201, USA; "Chatra") on our website as part of a data processing agreement.
The data processing serves the purpose of direct and efficient communication between you and us as the provider. To operate the live chat system, cookies are used to allow browser recognition. Among other things, the following information may be processed and possibly transmitted to Chatra: individual user ID, pages visited on our website, number of website visits, information about the device you are using, as well as other personal data you provide when using the chat system (e.g., chosen username, email address). Usage profiles can be created from the data collected using pseudonyms.
Your data may be transmitted to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Chatra is certified under the TADPF and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies occurs with your consent based on § 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is based on your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out based on your consent until the withdrawal.
For more information on data processing by Chatra, visit:

• https://chatra.com/privacy-policy/

Use of Google Maps
We use the Google Maps embedding feature on our website, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google").
This feature enables the visual representation of geographic information and interactive maps. When visiting pages with embedded Google Maps, Google collects, processes, and uses visitor data.
Your data may be transmitted to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies occurs with your consent based on § 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is based on your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out based on your consent until the withdrawal.
For more information about the collection and use of data by Google, visit Google’s privacy policy:

• https://www.google.com/privacypolicy.html.

In the Privacy Center, you can also adjust your settings to manage and protect your data processed by Google.

Use of Vimeo
We use Vimeo Inc. plug-ins (555 West 18th Street New York, New York 10011, USA; "Vimeo") on our website to embed videos from the "Vimeo" portal.
When you visit a page with a plug-in, a connection to Vimeo's servers is established, and the plug-in is displayed by notifying your browser. Your IP address and the information about which pages you visited are transmitted to Vimeo's servers.
If you are logged into Vimeo, this information will be assigned to your personal Vimeo account. Using the plug-in features (e.g., starting a video by clicking the

Rights of Data Subjects and Retention Period

Retention Period
After the complete fulfillment of the contract, the data will initially be stored for the duration of the warranty period. Subsequently, the data will be stored considering statutory retention periods, particularly those related to tax and commercial law, and will be deleted after the expiration of the retention period, unless you have consented to further processing and use.

Rights of Data Subjects
In accordance with the legal requirements, you have the following rights under Articles 15 to 20 of the GDPR: the right to access, rectify, erase, restrict processing, and data portability.
Additionally, under Article 21(1) GDPR, you have the right to object to processing based on Article 6(1)(f) GDPR, as well as to processing for direct marketing purposes.

Right to Lodge a Complaint with the Supervisory Authority
You have the right to lodge a complaint with the supervisory authority pursuant to Article 77 GDPR if you believe that the processing of your personal data is not lawful.

You can file a complaint with the supervisory authority responsible for us, which can be reached at the following contact details:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
Visitor entrance: Puttkamerstr. 16 – 18 (5th floor)
10969 Berlin

Tel: +49 30 138890
Fax: +49 30 2155050
Email: mailbox@datenschutz-berlin.de

Right to Object
If the processing of your personal data is based on our legitimate interest under Article 6(1)(f) GDPR, you have the right to object to the processing at any time, for reasons arising from your particular situation.
After such an objection, the processing of the affected data will be terminated unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

Last updated: 22.10.2024