Privacy policy
1. Data controller (hereinafter: “we”)
Schuhmanufaktur Hackner e.K.
Zwingerstraße 5
91161 Hilpoltstein
Germany
Owner:
Phone: +49 (0) 9174 9766951
Email address: info@schuhmanufaktur-hackner.de
Further details about us can be found in our Legal Notice.
2. Personal data, purposes of processing, and legal basis
It is generally possible to visit our website without having to provide any personal data.
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics that express the identity of that natural person.
The purpose of data processing is to operate our shop and provide contact options.
Personal data is only collected on our website if this is
• necessary for the use of the website (legal basis: Art. 6 (1) (a) and/or Art. 6 (1) (b) of the General Data Protection Regulation (GDPR)),
• to safeguard our interest in improving the user experience and maintaining the security of use (legal basis: Art. 6 (1) (1) (f) GDPR),
• for the use of the services offered on the website and for pre-contractual measures, in particular for form entries (legal basis: Art. 6 (1) (a) and/or Art. 6 (1) (b) GDPR) or
• for the conclusion and performance of a contract (legal basis: Art. 6 (1) (a) and (b) GDPR)
is necessary.
Further details on data processing can be found below under the relevant headings:
3. Shopify
Our website is operated via Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
When you visit our website, we automatically collect data that is necessary for the operation, security, and stability of our shop. This includes, in particular: name of the website accessed, file, date and time of access, notification of successful access, browser type and version, user's operating system, referrer URL, IP address (anonymized), provider.
This data is processed to protect against misuse, for error analysis, and to ensure the functionality of the services. The processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in a secure and functional online store. This data is not merged with other data sources.
4. Shopify CDN
In addition, Shopify uses a content delivery network (CDN) to deliver static content such as images, scripts, and stylesheets via servers that are geographically closer to website visitors. This reduces loading times and improves the stability of the website. When you visit our website, Shopify also collects the following personal data: pages visited and actions taken (e.g., shopping cart, checkout), transaction data (e.g., order and payment information), and, if applicable, name, address, and email address.
The processing is carried out for the operation of our online store, to provide content, to process orders and payments, and for the security and performance optimization of the website. The legal basis for this is Art. 6 (1) (f) GDPR or, if you have given your consent to the use of cookies on the basis of a notice (“cookie banner”) provided by us on the website, the legality of the use is based on Art. 6 (1) (a) GDPR, Section 25 (1) TDDDG.
Within the scope of the aforementioned services provided by Shopify, data may also be transferred to Shopify Inc., 150 Elgin St, Ottawa, ONK2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on our behalf. In the event of data being transferred to Shopify Inc. in Canada, the European Commission's adequacy decision ensures an adequate level of data protection. Further information on Shopify's data protection can be found on the following website: https://www.shopify.com/de/legal/datenschutz?country=de&lang=en.
5. Meta Pixel and Meta Conversion API
Our website uses the Meta Pixel plugin to analyze the effectiveness of our advertisements and to optimize our marketing activities on Facebook and Instagram. Meta Pixel is provided by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. For users within the EU, Meta Platforms Technologies Ireland Limited, Merrion Road, Dublin 4 D04 X2K5, Ireland, is the responsible controller.
Meta Pixel allows us to track the behavior of website visitors after they have been redirected to our website by clicking on a Facebook advertisement. This enables us to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and to optimize future advertising measures. The data collected is anonymous to us as a provider; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Meta/Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). This enables Facebook to place advertisements on Facebook pages and outside of Facebook. As the website operator, we have no influence over this use of the data. We use the advanced matching feature within Meta Pixel. Advanced matching allows us to transmit various types of data (e.g., place of residence, state, zip code, hashed email addresses, names, gender, date of birth, or phone number) about our customers and prospects that we collect via our website to Meta (Facebook). By activating this feature, we can tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, advanced matching improves the attribution of website conversions and expands custom audiences.
In addition to Meta Pixel, we use the Meta Conversions API (CAPI). This is a server-side interface from Meta Platforms, Inc. through which event data (so-called “events”) is transmitted directly from our server or via Shopify (see section 3 of our privacy policy) to Meta (Facebook). This technology is also used to measure conversions and optimize our advertising measures. When using the Meta Conversions API, the following data in particular may be processed and transmitted to Meta: IP address, user agent (e.g., browser and device information), timestamp, information about actions performed on our website (e.g., page views, shopping cart actions, purchases, and newsletter subscriptions triggered after successful registration by calling up a confirmation or thank-you page), customer data such as email address, phone number, first and last name, zip code, city, country, if available, exclusively in hashed (encrypted) form.
Meta Platforms, Inc. is certified under the US-EU data protection agreement Trans-Atlantic Data Privacy Framework (TADPF) and is therefore committed to complying with EU data protection requirements.
The use of Meta Pixel and Conversion API is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in promoting our website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. The Meta Pixel cookie is therefore only activated if you agree to it via opt-in in the cookie banner. When using Facebook Pixel, this is therefore done on the basis of your express consent, with information about the risks associated with possible transfer to third countries.
Insofar as personal data is collected on our website using the tools described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection laws. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.
You can find more information about data protection on Facebook at https://www.facebook.com/about/privacy/. Further information about the transfer of personal data to third countries by Facebook can be found at: https://www.facebook.com/about/privacy/. You can also deactivate the “Custom Audiences” remarketing function in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/ie/your-ad-choices.
6. Cookies
Our website stores cookies. Cookies are small files that enable specific information relating to the device to be stored on the user's access device (PC, smartphone, etc.). They serve to improve the user-friendliness of websites and thus benefit users (e.g., storage of login data). On the other hand, they serve to collect statistical data on website usage and to analyze it for the purpose of improving the offer. You can find more detailed information in the following sections of our privacy policy. If you give your consent to non-essential cookies, the legal basis is Section 25 (1) TDDDG, Article 6 (1) (a) GDPR (consent). You can find more information on this and on the cookies and services used in our consent management tool, and you can revoke your consent at any time, freely and without disadvantage, with effect for the future.
As a user, you can influence the use of cookies. Most browsers have an option that restricts or completely prevents the storage of cookies. However, please note that the use and, in particular, the ease of use will be restricted without cookies.
7. Contact via email and contact form
If you send us inquiries by email or via the contact form, your details there, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions in accordance with Art. 6 (1) (b) GDPR. We will never pass on this data without your consent.
8. Customer account
On our website, you have the option of setting up a customer account to place, view, and manage your orders and maintain your profile data. To create your account, you will be asked to provide an email address. A 6-digit code will be sent to this email address, which you can use to log in to your customer account. You will then have access to our protected customer area. We process the data you provide there exclusively for the purpose of providing you with access to the customer area. Your data is processed for the purposes arising from the registration contract for the performance of the contract in accordance with Art. 6 (1) (b) GDPR.
9. Payment methods
a) Shop Pay
We use Shopify's “Shop Pay” payment service provider to process payments. Shop Pay is an accelerated checkout process that allows you to save your email address, credit card details, and delivery and billing information. You can enter an email address at checkout to save your payment information. When you check out with Shop Pay, you will be redirected to the order review page. You will then receive a six-digit code via text message or email. Once you have opted for Shop Pay and completed the verification process, you can use your stored information for any Shopify checkout where the feature is enabled. The transmission and processing are carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
For details on payment to Shop Pay, please refer to the payment provider's terms and conditions and privacy policy at: https://www.shopify.com/de/legal/privacy/consumers?country=de&lang=en.
b) PayPal
We use PayPal, among other things, for the purpose of payment processing. This is an online payment service provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. Your payment details will only be transferred to PayPal if this is necessary for payment processing. The legal basis is Art. 6 (1) (b) GDPR. If you use PayPal as your payment method, the bank details you have stored with PayPal will be used by PayPal for payment. We have no access to this data. You can find PayPal's privacy policy here.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, and purchase on account. For this purpose, your payment data will be passed on to credit agencies in accordance with Art. 6 (1) (a) GDPR on the basis of your consent to determine your solvency. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. For further information on data protection, including the credit agencies used, please refer to PayPal's privacy policy here: https://www.paypal.com/ie/legalhub/paypal/privacy-full.
You can object to this processing of your data at any time by sending a message to us or to PayPal. However, PayPal may then still be entitled to process your personal data if this is necessary for contractual payment processing in accordance with Art. 6 (1) (b) GDPR.
c) Apple Pay and Google Pay
We also offer Apple Pay and Google Pay as payment methods.
The provider of “Apple Pay” is Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Payment processing via the “Apple Pay” function of your iOS, watchOS, or macOS device is carried out by debiting a payment card stored with “Apple Pay.”
If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing is carried out via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g., PayPal).
If personal data is processed during the transfers described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
Further information on data protection at Google Pay can be found at: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en and on Apple Pay at: https://www.apple.com/legal/privacy/data/en/apple-pay/.
d) Mastercard, Visa, Amex, and UnionPay
If you make a payment by credit card or suitable debit card, the payment will be processed by your respective card provider as the payment provider. The data required for this (card number, validity, and verification number) is forwarded to the payment provider in encrypted form and cannot be viewed by the website operator. The payment provider transfers, processes, and, if necessary, stores personal data outside the EU that is required to process the payment. Your payment provider is solely responsible for processing this data.
If personal data is processed during the transfers described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
For details, please refer to the privacy policy of your payment provider at:
https://www.visa.ie/legal/global-privacy-notice.html
https://www.mastercard.ie/en-ie/vision/terms-of-use/commitment-to-privacy/privacy.html
https://www.americanexpress.com/en-gb/company/legal/privacy-centre/?inav=en_gb_legalfooter_privacy_centre
https://www.unionpayintl.com/en/privacyNotice/
e) Invoice with Klarna
Payment by invoice with Klarna is also possible. The provider is Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden. By selecting Klarna as your payment method, you do not have to pay for your order immediately upon purchase, but only upon receipt of the invoice and goods or services. Furthermore, you do not have to enter your bank details online. For this purpose, we will pass on the personal data you have entered and the details of your order to Klarna for invoicing and collection of the amount. This usually includes your name, address, date of birth, gender, email address, and telephone number, as well as details of your order. These are used by Klarna in particular for identity and credit checks, payment administration, and fraud prevention.
Art. 6 (1) (b) GDPR provides the legal basis for the processing of personal data, as the transfer of data to Klarna is necessary for the performance of the contract.
Klarna uses scoring to decide on the possibility of payment by invoice. For this purpose, information about your past payment behavior and probabilities for future payment behavior is collected and processed. This is done using recognized mathematical-statistical methods. We have no influence on the type, scope, and purposes of the processing and deletion of the data collected by the service provider. You have the option to object to the processing of your personal data; however, you must exercise this right with Klarna. The objection does not affect the personal data that is absolutely necessary for invoicing and payment processing.
You can find more information on the type and scope of data processing in Klarna's privacy policy. Further rights and other information on the protection of your data can be found at: https://www.klarna.com/ie/privacy/.
10. Recipients of personal data
Notwithstanding the above paragraphs, we only disclose personal data to the following categories of recipients:
To our employees and to the host of our website. The host is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, see section 3 of our privacy policy. We have concluded a data processing agreement (DPA) with our host.
Beyond that, your personal data will not be disclosed to third parties unless we are legally obliged to do so within the meaning of Art. 6 (1) (c) GDPR or the disclosure of data is absolutely necessary for the performance of a contractual relationship in accordance with Art. 6 (1) (b) GDPR.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.
11. Duration of storage
We delete your personal data immediately after the purpose has been fulfilled. We store your data from your emails until your request has been fully processed and completed. After that, the information is usually deleted.
In addition, we check annually whether your stored data can be deleted.
Session cookies are automatically deleted by us after your visit to our website. Access data and server log files are deleted after one week.
Please note that certain data is subject to commercial and tax law retention requirements of at least six (§ 257 HGB) or ten (§147 AO) years.
12. Rights of data subjects
You are not legally obliged to provide your personal data. However, the provision of such data may be necessary for the conclusion of a contract or for functions of the website. If you do not provide your data, a contract or a function on the website may not be offered.
There is no automated decision-making on the website and no profiling takes place.
The rights of data subjects arise in particular from Articles 15 to 23 and Article 77 of the GDPR and from Sections 32 to 37 of the new Federal Data Protection Act (BDSG).
With regard to your personal data, you have the right to
• Information, Art. 15 GDPR
• Correction, Art. 16 GDPR
• Deletion, Art. 17 GDPR
• Restriction of processing, Art. 18 GDPR
• Transferability, Art. 20 GDPR.
If you have given your consent to the processing of personal data, you have the right to
• withdraw your consent, Art. 7 GDPR
with effect for the future.
You also have the right to object to the processing of personal data
• object, Art. 21 GDPR.
1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR (data processing based on a balancing of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
2. In individual cases, we process personal data for the purpose of direct marketing. If this is the case for you, you have the right to object at any time to the processing of data concerning you for the purpose of such advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and should be addressed to us, see 1 above.
If you believe that the processing of your personal data violates data protection law, you always have the
• right to lodge a complaint
with the competent supervisory authority, cf. Art. 77 GDPR. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
The contact details of the data protection officers in the federal states, the supervisory authorities for the non-public sector, broadcasting, churches, in Europe and other countries, and the Virtual Data Protection Office can be found here:
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
The supervisory authority responsible for us is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich.
13. Withdrawal form
If you complete and submit the electronic withdrawal form via the “Withdraw from Contract” button, the data you provide will be transmitted to widerrufonline.de, operated by Alexander Kerscher, Fritz-Graef-Weg 10, 24939 Flensburg, Germany, before being forwarded to us. Your data will not be stored permanently by the provider. The processing of your data is carried out exclusively for the purpose of handling your withdrawal in accordance with Art. 6 (1) sentence 1 lit. b GDPR. We have concluded a Data Processing Agreement (DPA) with the provider. Further information is available at: https://www.widerrufonline.de/faq/.