Privacy Policy
According to Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation; “GDPR”), the controller must inform data subjects about the processing of personal data. With this statement, we inform you about the personal data being processed.
1. Definitions
To enhance the understanding of this privacy policy, a brief explanation of the terms used is provided below.
1.1. Personal data (“data”) refers to any information relating to an identified or identifiable natural person, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, etc. Data relating to legal entities is not subject to the GDPR.
1.2. Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
1.3. Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.4. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1.5. Recipient means a natural or legal person, public authority, agency or another body, to whom the personal data are disclosed, whether a third party or not.
2. Our Contact Details
If you have any further questions, we, as the controller of the data processing described herein, are happy to assist you at the following contact details:
Lifestyle Distribution GmbH
Raboisen 38, 20095 Hamburg, Germany
Commercial Register Hamburg-Mitte HRB 165195
Phone: +49 40 32027170
Email: datenschutz@lifestyle-distribution.de
3. Purposes and Legal Basis of Processing
3.1. Data may only be processed for a specific purpose and only if the processing can rely on a corresponding legal basis. Processing may be justified for the following reasons:
| Justification | Legal Basis |
|---|---|
| based on your voluntary consent for a specific purpose | Art 6 para 1 lit a |
| for the performance of a contract if you are a party to it, or for the initiation of a contract based on your request | Art 6 para 1 lit b |
| due to a legal obligation we are subject to | Art 6 para 1 lit c |
| to protect your vital interests or the vital interests of another person | Art 6 para 1 lit d |
| to perform a task carried out in the public interest or in the exercise of official authority vested in us | Art 6 para 1 lit e |
| based on a balance of interests between our interest or that of a third party in processing and your interests or fundamental rights and freedoms | Art 6 para 1 lit f |
3.2. We process your data for the following purposes based on the following legal bases:
| Categories of Data Collected | Purpose of Processing | Legal Basis |
|---|---|---|
| Contact data (name, address, email address, telephone number, social media data) | These data are necessary to use our services or initiate a contract and are collected when you contact us. | Art 6 para 1 lit a and b GDPR |
| Technical information (IP address, operating system) | These data are necessary to display the website you initiated correctly. | Art 6 para 1 lit f GDPR |
4. Recipients
4.1. Recipients support us in complying with legal obligations, in initiating and fulfilling contracts, in services requiring your consent, or in processing based on our legitimate interest. We may disclose or transmit the data in particular to the following recipients (processors or controllers):
| Recipient | Description |
|---|---|
| IT service providers | Operation of our IT system, particularly email services, hosting services, etc. |
| Subcontractors | If and to the extent that services are not provided by us and a justification exists |
| Tax consultants, accountants | Processing of data for tax or accounting reasons |
| Lawyers, courts, collection agencies | Possibly for the assertion or defense of claims |
| Real Cookie Banner | We use the consent management tool Real Cookie Banner on our website. The service provider is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. More information can be found in the privacy policy of Real Cookie Banner at: https://devowl.io/de/datenschutzerklaerung/?tid=331744032441. |
4.2. We only transfer your data to other recipients if you have given your explicit consent according to Art 6 para 1 lit a GDPR, if this is legally permitted and necessary for fulfilling a contractual relationship with you under Art. 6 para 1 lit. b GDPR, if we are legally obligated under Art 6 para 1 lit c GDPR, or if the transfer is necessary under Art 6 para 1 lit f GDPR to protect our legitimate interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.
4.3. We intend to transfer the data to the following third countries: United States of America.
4.4. An adequacy decision by the European Commission exists for the United States of America. On 10 July 2023, the European Commission decided (C(2023) 4745 final) that the United States of America offers an adequate level of data protection within the meaning of Art 45 GDPR, if our contractual partner is listed in the EU/US Data Privacy Framework. You can find information on individual providers listed in this framework in the respective section of this privacy policy.
4.5. If no adequacy decision is available, we may only transfer data based on appropriate safeguards such as standard contractual clauses, binding corporate rules, approved codes of conduct, approved certification mechanisms, etc. Under the conditions of Art 49 GDPR, a transfer may still be permissible. A copy of these safeguards for your specific case is available from us upon request.
4.6. We do not intend to transfer data to an international organization.
5. Storage Duration
5.1. Data is generally stored only for as long as is necessary due to legal retention obligations. Additionally, storage may occur if it is necessary for asserting or defending claims by third parties.
6. Google Services
6.1. General
6.1.1. The provider of the following services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. The privacy policy of Google can be found here.
6.1.2. However, some services (such as Google Search or Google Maps) are provided or transferred to the following company: Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043-1351, USA. Google LLC is based in a third country. Google LLC is listed in the EU/US Data Privacy Framework, making data transfers to the USA GDPR-compliant under Art 45. Further information on Google LLC’s certification can be found here.
6.1.3. Some Google services use cookies. An overview of the cookies used, their purposes, and duration can be found in the cookies section of this privacy policy. Consent pursuant to Art 6 para 1 lit a GDPR is obtained before using Google services and setting the necessary cookies. Consent can be withdrawn at any time.
6.1.4. Prior consent is not required for cookies only used to transmit a message or when absolutely necessary to provide a service you explicitly requested.
6.2. Google Analytics 4
6.2.1. Google Analytics is a service used to collect and evaluate data on website visitor behavior. Google uses the data to evaluate how our website is used.
6.2.2. By setting the cookie, Google and we can analyze the use of our website. This cookie causes your browser to transmit data for online analysis to Google. Google gains knowledge about the person concerned and the origin of visits and clicks to create statistics and determine personal interests.
6.2.3. Google Analytics 4 does not store IP addresses of our website visitors. Instead, it derives rough geographic data from IP metadata: city (and derived latitude and longitude), continent, country, region, subcontinent (and corresponding IDs). These IP-derived data are used solely for geolocation and are immediately discarded. They are not logged, not accessible, and not used for other purposes.
6.2.4. Additionally, we have configured Google Analytics 4 in compliance with data protection: Google Signals data is disabled, and no detailed location or device data are collected. Data is not shared with other Google services like Google Ads.
6.2.5. User and event data are stored for 3 months, unless renewed by a new activity. If renewed, the retention period resets.
6.2.6. More information on Google Analytics 4 can be found here.
6.3. Google Tag Manager
6.3.1. We use Google Tag Manager as an organizational tool to manage website tags centrally via an interface. Tags track your activity on our site. Most tags originate from Google products like Google Ads or Google Analytics.
6.3.2. Google Tag Manager itself does not set cookies or store data. It acts solely as a manager for the tags. Data are passed through to the tracking tools but not stored by the Tag Manager.
7. Cookies
7.1. Cookies are text files stored on your device to recognize it. Cookies may contain information about your use of our services. Following the ECJ Planet49 GmbH ruling, consent is obtained for cookies even if they are not personal.
7.2. Some cookies are stored only while you use our site (session cookies), while others may be stored for longer to recognize you (persistent cookies). Some cookies are essential for the site to function (essential cookies); others track visits and user origin without referencing personal data (performance cookies). Certain cookies are used for marketing purposes (marketing cookies).
7.3. If personal data is processed through cookies, the processing is done under Art. 6 para. 1 lit. b GDPR (for contract performance), Art. 6 para. 1 lit. a GDPR (if consented), or Art. 6 para. 1 lit. f GDPR (to ensure optimal site functionality and user experience).
7.4. Upon your first visit, a cookie declaration allows you to select which cookies to accept. Consent is required for marketing cookies. You can withdraw consent or change your cookie settings directly in your browser.
8. Legal Rights
8.1. Right of Access
You have the right to request confirmation as to whether personal data concerning you are being processed; if so, you have the right to access this personal data. This includes the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients; if possible, the intended storage period or, if not possible, the criteria used to determine this period; the existence of a right to rectification or erasure of the data or to restriction of processing by the controller or to object to such processing; the right to lodge a complaint with a supervisory authority; all available information about the data source; the existence of automated decision-making including profiling.
8.2. Right to Rectification
You have the right to request that the controller correct inaccurate personal data concerning you and complete incomplete data.
8.3. Right to Erasure
You have the right to request that the controller delete personal data without undue delay if one of the following reasons applies: The data are no longer necessary for the purposes for which they were collected. You withdraw your consent on which the processing was based and there is no other legal ground. You object to the processing (Art 21 para 1 GDPR) and there are no overriding legitimate grounds, or you object pursuant to Art 21 para 2 GDPR. The personal data were processed unlawfully. The deletion is required to comply with a legal obligation. The data were collected in relation to services offered to children under Article 8 para 1. The right to erasure does not apply if processing is necessary for freedom of expression and information; to comply with a legal obligation; for tasks carried out in the public interest; for reasons of public health; for archiving purposes in the public interest, scientific or historical research, or statistical purposes; or for the establishment, exercise, or defense of legal claims.
8.4. Right to Restriction of Processing
You have the right to request restriction of processing if one of the following applies: the accuracy of the personal data is contested, for a period enabling the controller to verify it; the processing is unlawful and you oppose the erasure and request restriction instead; the controller no longer needs the data, but you require it for legal claims; or you have objected under Art 21 para 1 and verification of the controller’s legitimate grounds is pending.
If processing is restricted, such data shall only be processed — apart from storage — with your consent or for legal claims or to protect the rights of another natural or legal person or for reasons of important public interest.
8.5. Right to Data Portability
You have the right to receive the personal data you have provided to a controller in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance, if the processing is based on consent or a contract and carried out by automated means.
You also have the right to request direct transmission of the data from one controller to another, where technically feasible.
8.6. Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to processing based on Art 6 para 1 lit e or f GDPR, including profiling. The controller shall no longer process the data unless compelling legitimate grounds override your interests, rights, and freedoms or the processing serves legal claims.
If data are processed for direct marketing, you have the right to object at any time, including profiling related to such marketing.
8.7. Right to Withdraw Consent
You have the right to withdraw your consent under Art 6 para 1 lit a or Art 9 para 2 lit a GDPR at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
8.8. Right to Lodge a Complaint
If you believe that your personal data is being processed in violation of data protection law, you can file a complaint with the Hamburg Commissioner for Data Protection and Freedom of Information (supervisory authority).
Supervisory authority:
Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard Str. 22, 7th floor, 20459 Hamburg
Phone: 040 42854 4040
Fax: 040 42854 000
Email: mailbox@datenschutz.hamburg.de
9. Other Information
9.1. Providing personal data is partly required by law or necessary for concluding a contract. Generally, you are not obligated to provide data. However, without it, a contract may not be concluded.
9.2. There is no automated decision-making, including profiling, as referred to in Article 22 paragraphs 1 and 4.