Privacy Policy
Introduction
We are pleased with your interest in our online shop. Maintaining the security of your data is a priority at Buddy & Selly, and we are committed to respecting your privacy rights.
With the following data protection information, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process and for what purposes and to what extent it is used. The data protection information applies to all processing of personal data carried out by us, both in the context of providing our services as well as on our websites, in mobile applications and within our external online presences, such as social media profiles (hereinafter collectively referred to as “online offer”).
The terms used are not gender-specific.
The person responsible for data processing is:
Buddy & Selly GmbH
Kühnehöfe 3a
22761 Hamburg
E-Mail: buy@buddyandselly.com, sell@buddyandselly.com
Contact details data protection officer
E-Mail: datenschutz@buddyandselly.com
Content
- 1. Data Processing on our websites
- 2. Data processing for contract execution and contact purposes
- 3. Data processing for dispatch handling
- 4. Data processing for payment processing
- 5. Advertising by email or via post
- 6. Our online presence on social media platforms
- 7. Application process
- 8. Transfer of personal data to countries outside the EEA
- 9. Data deletion
- 10. Rights of those affected and contact options
- 11. Contact options
1. Data Processing on our websites
You can visit our online shop without providing any personal information. Every time a website is accessed, the web server automatically saves a so-called server log file, which contains the name of the requested file, your IP address, date and time of retrieval, amount of data transferred plus the requesting provider (access data) and then documents the retrieval.
This access data is evaluated exclusively to ensure a trouble-free operation of the site and to improve our online offer. It serves to protect our legitimate interests, which predominate in context of a balancing of interests, in a correct presentation of our online offer in accordance with Art. 6 Abs. 1 lit. f DSGVO. All access data will be deleted no later than one month after the end of a site visit.
1.1 Hosting
The services for hosting and displaying the website are provided by our service provider as part of processing on our behalf. Unless otherwise stated in this data protection notice, all access data and all data collected in the forms intended for this purpose on this website are processed on our service provider's servers.
Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. Hetzner works for us as a processor.
1.2 Content Delivery Network
To shorten loading times, we use a so-called Content Delivery Network (“CDN”) for some of our offers. With this service, content like large media files, is delivered via regionally distributed servers of external CDN service providers. Access data is therefore processed on the servers of these service providers.
We use the CDN from Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare) to increase both security and delivery speed of our website. Cloudflare acts as a data processor for us.
1.3 The use of Cookies
Cookies are small data files that store information on end devices such as smart phone, tablet or laptop. They extract information from the end devices, e.g. to save the login status in a user account, the contents of a shopping cart in an online shop, the content accessed or functions used in an online offer. Cookies can also be used for other purposes, e.g. for the functionality, security, convenience of online offers and to analyse visitor flows.
We use cookies to ensure the basic functionality of our webpages and to optimize the presentation of our online offers (essential/necessary cookies). Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit us (persistent cookies). We use both our own cookies and those from third-party providers (so-called third-party cookies).
We comply with the legal rules and regulations regarding the use of Cookies. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not necessary if the storage and reading of information, including that of cookies, is absolutely necessary in order to provide users with a media service they have expressly requested (i.e. our website along with the online shop). If the users do consent, the legal basis for the processing of your data is the declared consent, in accordance with Art. 6 Abs. 1 lit. a DSGVO. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests in accordance with Art. 6 Abs. 1 lit. f DSGVO (e.g. in the commercial operation of our online offer and to improve its usability) or, if it’s done as part of the fulfilment of our contractual obligations and the use of cookies is necessary to carry out these contractual obligations (Art. 6 Abs. 1 lit. b DSGVO). We will explain the purposes for which we process cookies in the course of this data protection notice or as part of our consent and handling processes.
You can find a detailed overview of the cookies, other technologies and service providers we use, including their purposes, their storage period and the legal basis for the use of cookies and further information in our Consent Manager.
Consent Manager
We use the Consent Manager Usercentrics, in which the users' consent to the use of cookies, or respectively the processing and providers mentioned as part of the cookie consent management process, can be obtained, managed and revoked by the users. The declaration of consent is saved so that it does not have to be requested again and to be able to prove consent in accordance with the legal obligation. The storage can take place on the server and/or in a cookie (so-called opt-in cookie, or by the use of comparable technologies) in order to be able to assign the consent to a user or their device.
Usercentrics is a service provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich.
After submitting your cookie declaration on our website, the Usercentrics web server stores your anonymized IP address, the date and time of your declaration, browser information, the URL from which the declaration was sent, information about your consent behaviour and an anonymous randomised key. A cookie is used that contains information about your consent behaviour and the key.
We process your data to obtain and manage consent in order to comply with our data protection obligations. The basis for this is our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO) in lawful documentation and proof of consent.
You can revoke your consent at any time and also lodge an objection to the processing of your data in accordance with the legal requirements listed in Art. 21 DSGVO.
Alternatively, you can set your browser to inform you about the setting of cookies and make an individual decision whether to accept them or exclude acceptance for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find them for the respective browsers under the following links:
If you do not accept cookies, the functionality of our websites may be restricted.
1.4 Social media plug-ins
Our website uses social media plugins from Facebook and Instagram.
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but rather simply using an HTML link. This integration ensures that when accessing a page on our website that contains such buttons, no connection is established to the servers of the provider of the respective social network.
If you click on one of the buttons, a new window in your browser opens and calls up the page of the respective service provider, where you can press the Like or Share button (if necessary after entering your login data). The purpose and scope of data collection and the further processing and use of the data by the providers on their websites as well as a contact option and your related rights and setting options to protect your privacy can be found in the data protection information of the respective provider.
1.5 Web analysis and online marketing services
We use web analysis tools to perform a so-called “reach measurement”. This serves to evaluate the visitor flows to our online offers, including visitor behaviour, interests or demographic information, such as age or gender, shown as pseudonymous values. This, for example, allows us to estimate peak flow times to our online offers including its functions or content to optimise or invite reuse. These tools give us an understanding of which areas require optimization. In addition to web analysis, we sometimes use other testing procedures to test and optimize different versions of our online offers or its various components.
Criteo
Through our advertising partner Criteo SA, 32 Rue Blanche, 75009 Paris, France (“Criteo”), we advertise this website in search results and on third-party websites.
When you visit our website, a retargeting cookie is automatically set by Criteo or its partners, which enables interest-based advertising using a pseudonymous CookieID, based on pages previously visited by you. Data processing is carried out on basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. We determine the parameters of the respective advertising campaign. Criteo is responsible for the precise implementation (e.g. decision making on the placement of each individual advertisement).
The data automatically collected by Criteo (IP address, time of visit, device and browser information as well as information about your usage of our website) may be combined by Criteo with information from other sources and then transmitted to Criteos advertising partners.
Further information about the usage and data protection guidelines for this product can be found under: https://www.criteo.com/privacy
Google Analytics
We use Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). It enables us to analyse your usage of our website.
By default, when you visit our website, Google Analytics 4 sets cookies that collect certain information. The scope of this information also includes your IP address, which is, however, shortened to the last digits in order to prohibit any direct personal reference.
For more legal information on Google Analytics 4, please visit:
The information is transferred to Google servers and further processed there. Transfers to Google LLC based in the USA are also a possibility.
Google uses the information collected on our behalf to evaluate your usage of our website and to compile reports on website activity for us and to provide other services related to website activity and internet usage.
The shortened IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then automatically deleted.
All processing described above, in particular the setting of cookies on the device used, only takes place based on your consent (Art. 6 Abs. 1 lit. a DSGVO). Without your consent, Google Analytics 4 will not be used during your visit to our website.
To ensures the protection of your data we have concluded an order processing agreement with Google which protects our site visitors' data and prohibits unauthorized disclosure to third parties.
Further legal information about Google Analytics 4 can be found under https://business.safety.google/privacy https://policies.google.com/privacy?hl=en&gl=de and under https://policies.google.com/technologies/partner-sites?hl=en.
Demographical characteristics
Google Analytics 4 uses the special “demographic characteristics” function to create statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third parties. This allows Google to identify target groups for certain marketing activities. However, this data cannot be assigned to a specific person and will be deleted after being stored for a period of two months.
Google Signals
As an extension of Google Analytics 4, Google Signals can be used on this website to create cross-device reports.
Provided you have activated personalized ads and have linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics in accordance with Art. 6 Abs. 1 lit. a DSGVO, analyse your usage behaviour across devices to create database models for cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the "Personalized Advertising" feature in your Google Account settings. To do so, follow the instructions on this page:
https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=en&visit_id=638749818563661709-3999282480&rd=1&sjid=2594142203416621204-EU
You can find further information about Google Signals at the following link:
https://support.google.com/analytics/answer/7532985?hl=en&sjid=2594142203416621204-EU#zippy=%2Cthemen-in-diesem-artikel%2Cin-this-article
UserIDs
As an extension to Google Analytics 4, the “UserIDs” function can be used on this website, if you have consented to the use of Google Analytics 4 in accordance with Art. 6 Abs. 1 lit. a DSGVO. Provided you have set up an account on our website and log in to this account using different devices, your activities, including conversions, may be analysed across these devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with stricter European data protection levels on the basis of an adequacy decision by the European Commission.
Google Ads
When you visit our website, a so-called Google remarketing cookie is set for advertising purposes in the Google search results and on third-party websites. This automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information about your use of our website) and by means of a pseudonymous cookie ID and based on the pages you visit. Any further data processing will only take place if the “personalized advertising” setting in your Google account is activated. In this case, provided you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
If you enter our website via a Google Ads advertisement, we use Google Ads Conversion Tracking to measure your subsequent usage behaviour for website analysis and event tracking. For this purpose, cookies can be used and data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or registering for a newsletter) can be collected. Usage profiles may be created using pseudonyms.
Meta Ads (Facebook Pixel)
We use Facebook pixel as part of technologies provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”). With Facebook pixel, data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or registering for a newsletter) is automatically collected and stored and from which usage profiles are created using pseudonyms. As part of the so-called extended data comparison, information is also hashed and stored for comparison purposes, with which individuals can be identified (e.g. names, email addresses and telephone numbers). For this purpose, when you visit our website, Facebook pixel automatically sets a cookie, which enables your browser to be recognized when you visit other websites using a pseudonymous CookieID. Facebook (by Meta) will use this information and combine it with other data from your Facebook account in order to compile reports on website activity and to provide additional information on Services related website use, in particular to provide personalized and group-based advertising.
The information automatically collected by Facebook (Meta) technologies about your use of our website is usually transmitted to a server at Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Further information about data processing by Facebook can be found in Facebook's data protection information ( https://www.facebook.com/privacy/policy/).
Microsoft/Bing Ads
On our webpages we use conversion tracking technology from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. If you enter our website through a Microsoft Bing Ad, Microsoft will automatically store a cookie on your device. This way, Microsoft Bing, together with us, can recognize that someone clicked on an ad, was redirected to our shop and reached a predetermined target page (conversion page). We only find out the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is shared.
Further information about data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website under
https://www.microsoft.com/en-gb/privacy/privacystatement
NextLevel Defender
This website uses tracking cookies for the NextLevel Defender tool. The service is provided by Next Level S.L., Carrer Llorenc Vicens 3 Planta 3, 07002 Palma de Mallorca. NextLevel Defender is a fraud protection tool that prevents fraudulent purchases by users referred to this store through partners.
Further information about Next Level Defender's data protection can be found here (https://nextleveldefend.com/dataprotection).
The use of this tool is based on our legitimate interests (Art. 6 Abs. 1 lit. f. DSGVO) in preventing fraudulent contracts.
Varify
We use Varify.io from Varify GmbH, Südliche Münchner Straße 55, 82031 Grünwald. Varify is a service that helps us to further develop our website and make need-based adaptations using so-called “A/B tests”.
In order to be able to evaluate and analyse these “A/B tests” we store cookies in your browser. We have ensured that these cookies stored in your browser do not process any of your personal data and that no conclusions can be drawn about your person. These cookies simply record your interaction with our website by allocating it to a user group. The analysis and evaluation of the user group is carried out anonymously. Your IP address will be briefly processed to display the cookie, but will not be saved.
The use of Varify.io is based on our legitimate interest (Art. 6 Abs. 1 lit. f. DSGVO) in efficient provision and optimization of our online offers.
Webgains
We work together with cooperation partners who promote our products on various platforms on the Internet (“affiliate marketing”). By clicking the ad, you will automatically be redirected to our website. The cooperation partners receive a fee for this placement activity. To calculate the fee, we record the sales initiated by the cooperation partner, together with the data relevant to calculating the remuneration. This includes the value of the purchased goods, product information, an internal ID, the relevant currency and details of the remuneration scheme agreed with the cooperation partner as well as details about the agent himself.
The exact calculation of the remuneration for the cooperation partners is carried out by our service provider Webgains GmbH, FrankenstraĂźe 150C, 90461 Nuremberg.
The legal basis for the data processing is Art. 6 Abs. 1 lit. b DSGVO. In order to do so, you will be asked to accept a cookie. This cookie is placed on your device with your consent (Art. 6 Abs. 1 lit. a DSGVO) to allow the resulting data to be transferred to our cooperation partners. The data listed above will be retained for verification purposes after the compensation has been processed in accordance with the provisions of tax and commercial law. This is also done by our service provider Webgains. The legal basis for this is Article 6 Paragraph 1 Letter c GDPR.
In the event of any ambiguity in the processing of the brokered sale, further information about the sale can be provided by our cooperation partner in order to clarify the matter. Legal grounds for this can be found in Art. 6 Abs. 1 lit. f DSGVO. If you participate in a cashback program, we will issue the program provider with the data required to pay out the remuneration.
2. Data processing for contract execution and contact purposes
In order to execute the contract (including inquiries about and processing of any existing warranty claims and/or any service disruption claims as well as our statutory updating obligations), we collect personal data in accordance to Art. 6 Abs. 1 lit. b DSGVO, provided you have voluntarily given these as part of the sale of goods to us including associated services or when placing your order. Mandatory fields are marked as such; We absolutely need this data in order to process the contract, and without providing it the contract cannot be executed. The respective input forms will show which specific data is collected.
Further information on the processing of your data, in particular on its transfer to our service providers for order, payment and shipping purposes, can be found in the following sections of this data protection notice.
Has the contract fully been processed, the use of your data will be restricted for further processing and deleted after the expiry of the tax and commercial law retention periods in accordance to Art. 6 Abs. 1 lit. c DSGVO, unless you have expressly consented to further use of your data in accordance to Art. 6 Abs. 1 lit. a DSGVO. We reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
2.1 Merchandise management system
We use merchandise management systems from external service providers to process both orders and contracts. Our service providers work for us as part of our order processing. If you have any questions about the service providers we use or about the grounds for our cooperation, please use one of the contact options described in this data protection notice.
2.2 Customer account
Provided you have given your consent in accordance to Art. 6 Abs. 1 lit. a DSGVO by opening up a customer account, we will use your data to open such account and store your data for further future sales of goods to us or orders on our website.
Deleting your customer account is possible at any given time and can be done either by sending a message to the contact option described in this data protection notice or by using the delete function provided for this purpose in the customer account.
After deleting your customer account, your data will also be deleted unless you have expressly consented to further use of your data in accordance to Art. 6 Abs. 1 lit. a DSGVO, or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
The statutory retention period is ten years for documents relevant to tax law as well as for commercial books, inventories, opening balance sheets, annual financial statements, plus the work instructions required to understand these documents and other organizational documents and accounting documents. For both, commercial and business letters received and copies of the commercial and business letters sent the retention period is six years. Both periods begin at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting document was created, the recording was also made or the other documents were created.
2.3 Contacting us
When contacting us by using our contact form, via email, telephone or social media as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent that is necessary to answer the contact request or any requested measures.
In order to process your inquiries, we collect data in accordance to Art. 6 Abs. 1 lit. b DSGVO provided you have voluntarily given this data when contacting us. Mandatory fields are marked as such; We absolutely need this data to process your contact request. Whatever data is collected can be seen from the respective input fields.
Once your request has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance to Art. 6 Abs. 1 lit. a DSGVO. For most customer communication we use the Zendesks tool. Zendesk is a service provided by Zendesk Inc., 989 Market St, San Francisco, CA 94103 United States. The service provider works for us as a processor and is certified according to the EU-US Privacy Framework. Zendesk has also implemented company wide data protection guidelines (so-called Binding Corporate Rules), which have been approved by the responsible supervisory authority. We have entered a contract with Zendesk for order processing in accordance with Art. 28 DSGVO, which includes the standard data protection clauses.
3. Data processing for dispatch handling
To fulfil the contract, we will pass on your data to the shipping service provider commissioned with the delivery in accordance to Art. 6 Abs. 1 lit. b DSGVO to the extent that this is necessary for the delivery of the ordered goods.
Provided you have given us your explicit consent during or after your order, we will pass on your email address and telephone number to the selected shipping service provider in accordance to Art. 6 Abs. 1 lit. a DSGVO, so that the service provider can contact you before delivery to announce or coordinate the pending delivery.
Consent can be revoked at any time by sending a message using the contact option described in this data protection notice or directly to the shipping service provider at the contact address listed below.
After revoking, we will delete the data you provided for this purpose unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.
Our shipping service providers are:
4. Data processing for payment processing
To process payments in our online shop, we cooperate with following partners: technical service providers, credit institutions and payment service providers. You can find detailed information about our respective partners in the “Our payment methods” section.
4.1 Data processing for transaction processing
Depending on the payment method selected, we will pass on the data necessary in order to process the payment transaction to our technical service providers who work for us as part of the order processing, or to the commissioned credit institutions or to the selected payment service provider, to the extent that this is necessary to process the payment. This solely serves to fulfil the contract. The legal ground for processing the data is Art. 6 Abs. 1 lit. b DSGVO. In some cases, the payment service providers collect the data required to process the payment themselves, e.g. on their own website or through a technically integrated part of their ordering process. In this respect, the data protection notice of the respective payment service provider applies. If you have any questions about our payment processing partners and the basis of our cooperation, please use the contact option described in this data protection notice.
4.2 Data processing to prevent fraud and optimize our payment processes
If necessary, we give our service providers further data, which is then used together with the necessary data to process the payment for us, to prevent fraud and optimize our payment processes (e.g. invoicing, processing disputed payments, accounting support). In accordance to Art. 6 Abs. 1 lit. f DSGVO, this serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the protection against fraud and an efficient payment management.
4.3 Data processing for instalment payment options
When selecting the instalment payment option and granting the necessary data protection consent in accordance to Art. 6 Abs. 1 lit. a DSGVO, Personal data (first name, last name, address, email, telephone number, date of birth, IP address, gender) is used together with the with data required for transaction processing (product, invoice amount, due dates, total amount, invoice number, taxes, currency, order date and order time) to process this payment method to our partner Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
By selecting the instalment payment option and granting the necessary data protection consent in accordance to Art. 6 Abs. 1 lit. a DSGVO, personal data (first name, last name, address, email, telephone number, date of birth, IP address, gender) together with data required for the transaction processing (product, invoice amount, due dates, total amount, invoice number, taxes, currency, order date and order time) will be submitted to our partner Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden, to process this payment method.
To verify the customer's identity and creditworthiness, our partner carries out queries and obtains information on publicly accessible databases and credit reporting agencies. Information about the service providers from whom information and, if necessary, creditworthiness data is obtained on the basis of mathematical and statistical methods, as well as further details on the processing of your data after transferral to our partner Klarna, can be found in their respective data protection information, which is available under: https://www.klarna.com/uk/privacy/.
Our partner Klarna uses the received information about the statistical probability of non-payment to make a balanced decision about the establishment, implementation or termination of the contractual relationship. By contacting Klarna you have the opportunity to explain your point of view and if applicable contest the decision. The consent to the transfer of data, which was given during the ordering process, can be revoked at any time, even without giving any reason, with immediate effect for the future.
5. Advertising by email or via post
5.1 The email newsletter with registration and newsletter tracking
If you subscribe to one of our newsletters, we will use the data required for the registration or the data provided by you separately to regularly send you our email newsletter based on your consent in accordance to Art. 6 Abs. 1 lit. a DSGVO.
For a newsletter registration, it is generally sufficient to provide your email address. However, we may ask you to provide a name so you can be personally addressed in the newsletter. Other information might be necessary for the purposes of the newsletter.
The registration for our newsletter generally takes place in a so-called double opt-in process. This indicates that after your registration you will receive an email asking you to confirm the registration. The confirmation is necessary to assure no one can log in with someone else's email address. Every newsletter registration is logged in order to be able to provide evidence of the registration process in accordance to the legal requirements. This process includes storing the registration and confirmation times as well as the IP address. Changes to your saved data are also logged.
You can unsubscribe from the newsletter at any given time. This can either be done by sending a message to the available contact option described below or via a link provided in the newsletter itself. After successfully unsubscribing, we will delete your email address from the recipient list unless you have expressly consented to further use of your data in accordance to Art. 6 Abs. 1 lit. a DSGVO. We reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.
We would like to point out that we evaluate your user behaviour when sending the newsletter. In order to do so, we also analyse your use of our newsletter by measuring, storing and evaluating opening rates and click rates to design future improved newsletter campaigns (“newsletter tracking”).
For this evaluation, the emails sent contain certain single-pixel technologies (e.g. so-called web beacons, tracking pixels) which are stored on our website. For the evaluations, we link the following newsletter data in particular: the page from which the page was requested (so-called referrer URL), the date and time of access, the description of the type of web browser used, the IP address of the requesting computer, the email address, date and time of registration plus confirmation and the single-pixel technologies with your email or IP address and, if applicable, an individual ID. Newsletter links may also contain this ID.
If you do not want newsletter tracking, it is possible to unsubscribe from the newsletter at any time - as described above.
The information will be stored for as long as you have subscribed to the newsletter.
5.2 Newsletter dispatch
The newsletter and respective newsletter tracking presented above are sent as part of a processing on our behalf by the service provider Klick-Tipp Ltd., 15 Cambridge Court, 210 Shepherd's Bush Road, London W6 7NJ, United Kingdom, to whom we pass on your email address as part of the process.
Further information on Klick-Tipp’s data protection information can be found under https://www.klicktipp.com/datenschutzerklarung/.
5.3 Sending review requests via email
Provided you have given us your specific consent to this during or after your order in accordance with Art. 6 Abs. 1 lit. a DSGVO, we will use your email address to ask you to submit a review of your order via the review system we use. This consent can be revoked at any time by sending a message to the contact option described in this data protection notice or via a link provided in the review request.
The review requests may also be sent by our service provider Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany, (“Trusted Shops”).
When we send review requests, we receive information about the respective status from Trusted Shops (e.g. whether the review request was sent and if it was received). This is done in accordance to Art. 6 Abs. 1 lit. f DSGVO to fulfil our legitimate interest in receiving information about the review invitations in order to make optimizations based on this, if necessary, and to fulfil the legitimate interest of Trusted Shops in being able to offer this service.
Together with Trusted Shops, we are responsible for sending review requests and for collecting and displaying review and status information.
As part of the joint responsibility that exists between us and the Trusted Shops, any questions regarding data protection or to assert your rights, should be preferably addressed to Trusted Shops, whose contact details you can find here. Further information on data protection can be found under the following link: https://www.trustedshops.co.uk/imprint/. Regardless of this, you can always contact us using the contact option described in this data protection notice. If necessary, your request will then be passed on to the other person responsible for answering any requests.
5.4 Postal advertising and the right to object
In addition to the above, we reserve the right to use your first and last name and your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in advertising to our customers in accordance to Art. 6 Abs. 1 lit. f DSGVO. You can object to the storage and use of your data for these purposes at any time by sending a message to the contact option described in this data protection notice.
The postal advertising mail is provided as part of processing on our behalf by a service provider to whom we pass on your data for this purpose. If you have any questions about our service providers or the basis of our cooperation with them, please use the contact option described in this data protection notice.
5.5 Integration of Trusted Shops Trustbadges
Provided you have given your consent, Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seals of approval, collected reviews) and to offer Trusted Shops products to buyers after an order.
The Trustbadge and the services advertised with it are an offer from the Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we are jointly responsible for data protection in accordance to Art. 26 DSGVO. As part of this data protection information, we will inform you below about the essential contractual contents in accordance to Art. 26 Abs. 2 DSGVO. As part of the joint responsibility between us and the Trusted Shops AG, any questions about data protection and on how to assert your rights, should be preferably directed towards Trusted Shops using the contact options provided in the data protection information. Regardless of this, you can always contact the responsible person of your choice. If necessary, your request will then be passed on to the other person responsible for answering.
6. Our online presence on social media platforms
We are present on various social media platforms. We use these platforms to provide information about our products and ongoing special promotions. By visiting our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms which presumably correspond to your interests. Cookies are usually used on your device for this purpose. These cookies store visitor behaviour and user interests. In accordance with Art. 6 Abs. 1 lit. f. DSGVO, this serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in an optimized presentation of our offer and effective communication with customers and interested parties. In case the respective social media platform operators ask for your consent to data processing, e.g. with the help of a checkbox, the legal basis for the respective data processing is Art. 6 Abs. 1 lit. a DSGVO.
For certain processing activities on our social media profiles on Facebook, we are jointly responsible with the platform operator in accordance to Art. 26 DSGVO. You can find the essential information about the agreement concluded between us and Facebook and your associated rights here.
To the extent that the aforementioned social media platforms are headquartered in the USA, an appropriate level of data protection is ensured by an adequacy decision by the EU Commission, which is available for the USA here.
Detailed information on the processing and use of data by the providers on their pages as well as contact options and your related rights and setting options to protect your privacy, in particular objection options (opt-out), can be found in the providers' data protection information linked below.
Objection options (Opt-Out):
7. Application process
We are always looking for new employees and would be happy if you applied to us. During the application process we will collect and process your data for the purpose of deciding on the establishment of a contractual relationship.
Legal grounds for processing the data lies within the DSGVO in conjunction with § 26 BDSG (Federal Data Protection Act). If the job you are applying for is not part of an employment relationship in the sense of § 26 Abs. 8 BDSG, the legal basis for the processing of your data is Art. 6 Abs. 1 lit. b DSGVO. Personal data may also be processed based on other legal provisions, in particular labour law, vocational training law and social law, in their respective versions. If the processing of the data is necessary to fulfil a legal obligation which we are subject to, the legal basis lies within Art. 6 Abs. 1 lit. c DSGVO. If you consent to the processing of your data, the legal basis for such processing is Art. 6 Abs. 1 lit. a DSGVO.
Your personal data from an application process will be stored until a decision is made and then deleted after six months at the latest or, if your application is successful, transferred to your personnel file.
If you have consented to the processing of your data, the storage period resulting from your consent and the possible exercise of your right of revocation are decisive criteria for the storage period, whereby the revocation does not affect processing based on other legal grounds.
In the event of arising legal disputes in the context of the application process, the legal basis for the processing of the data lies within Art. 6 Abs. 1 lit. f DSGVO. Our legitimate interests then lie in the assertion, exercise or defence of legal claims. In this case, storage periods may extend beyond the decision to establish a contractual relationship. The data will therefore be stored for as long as the processing of the data is necessary to assert, exercise or defend legal claims.
8. Transfer of personal data to countries outside the EEA
To the extent necessary for our purposes, we also transmit your data to recipients outside the European Economic Area (EEA), so-called “third countries”.
If we transfer data to third countries, we ensure that the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 DSGVO or suitable guarantees within the meaning of Art. 46 Abs. 2 and Abs. 3 DSGVO and that no other legitimate interests speak against the data transfer.
9. Data deletion
We will delete your personal data as soon as it is no longer required for the previously mentioned purposes of processing, or in the event of an objection there are no compelling legitimate reasons on our part, or in the event of a revocation, there is no other legal ground for the processing of the data. In certain cases, e.g. if there is a legal retention requirement, your personal data will initially be blocked and later deleted when the retention period expires.
10. Rights of those affected and contact options
As a subject of data processing, you have the right to receive confirmation as to whether data relating to your person is being processed by us. If this is the case you have the right to obtain information about such personal data (Art. 15 DSGVO), and a right to correct incorrect data (Art. 16 DSGVO), a right to have such data deleted (Art. 17 DSGVO) and a right to restriction (blocking) of your data (Art. 18 DSGVO). Apart from this and in the case of processing based on Art. 6 Abs. 1 lit. e or f DSGVO you have the right to object to the processing (Art. 21 DSGVO), except in the case of direct advertising, where you must provide a special reason. If you have provided such data, you can request a transfer of the data (Art. 20 DSGVO). If the processing is based on consent within the meaning of Art. 6 S. 1 Abs. 1 lit. a or Art. 9 Abs. 2 lit. a DSGVO, you can revoke this at any time in the future (Art. 7 Abs. 3 DSGVO). In addition to this, you also have the right to contact the responsible data protection supervisory authority (Art. 77 DSGVO).
Whether and to what extend these rights exist in the individual case and to what extent they apply is legally determined in the named standards. If you have any questions or complaints about data protection at Buddy & Selly, we recommend that you first contact our data protection officer (see contact details).
11. Contact options
If you have any questions about the collection, processing or use of your personal data, regarding information, correction, restriction or deletion of that data as well as the revocation of any consent that may have been given or objection to a specific use of that data, please feel free to contact our company data protection officer.
Buddy & Selly GmbH
Kühnehöfe 3a
22761 Hamburg
E-Mail: datenschutz@buddyandselly.com
As of January 2025