1) Information about the collection of personal data and contact details of the data controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about the handling of your personal data when using our website. Personal data refers to any information that can personally identify you.
1.2 The data controller for the processing of personal data on this website, as defined by the General Data Protection Regulation (GDPR), is Beastart-store. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" and the lock symbol in your browser's address bar.
2) Data collection when visiting our website
When you visit our website for informational purposes only, without registering or otherwise providing us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Referring/exit pages from which you accessed the website
- Browser used
- Operating system used
- IP address used (possibly in anonymized form)
The processing is carried out in accordance with Art. 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or used for other purposes. However, we reserve the right to retrospectively review the server log files if there are concrete indications of unlawful use.
"By using our website, you (the visitor) consent to third parties processing your IP address to determine your location for currency conversion. You also agree that this currency will be stored in a session cookie in your browser (a temporary cookie that is automatically removed when you close your browser). We do this so that the selected currency remains selected and consistent while browsing our website, allowing prices to be converted into your (the visitor's) local currency."
In some cases, cookies are used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6(1)(b) of the GDPR for the performance of a contract or in accordance with Art. 6(1)(f) of the GDPR to protect our legitimate interests in the best possible functionality of the website and a user-friendly and effective visit to the site.
We may work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your hard drive during your visit to our website (third-party cookies). If we cooperate with the aforementioned advertising partners, you will be individually and separately informed about the use of such cookies and the extent of the information collected in the following paragraphs.
Please note that you can configure your browser settings to be informed about the setting of cookies and decide on their acceptance on a case-by-case basis or to exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find this information for the respective browsers using the following links:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be restricted.
When contacting us (e.g., via contact form or email), personal data is collected. The specific data collected through the contact form can be found in the respective contact form. This data is stored and used solely for the purpose of responding to your inquiry or contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) of the GDPR. If your contact aims at concluding a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR. Your data will be deleted after the final processing of your inquiry, provided that it is evident from the circumstances that the matter in question has been conclusively resolved and unless there are any legal retention obligations.
5) Data processing for opening a customer account and for contract processing
In accordance with Art. 6(1)(b) of the GDPR, personal data is also collected and processed when you provide it to us for the execution of a contract or when opening a customer account. The data collected can be found in the respective input forms. You can delete your customer account at any time by sending a message to the address of the data controller mentioned above. We store and use the data you provide for contract processing. After complete execution of the contract or deletion of your customer account, your data will be blocked considering tax and commercial retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or unless we reserve the right to further use your data, which is legally permitted, and about which we will inform you accordingly below.
6) Use of Single-Sign-On Methods
On our website, you have the option to create a customer account or register using the social plugin "Facebook Connect" provided by the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), as part of the single sign-on technique, if you have a Facebook profile. You can recognize the "Facebook Connect" social plugins on our website by the blue button with the Facebook logo and the labels "Sign in with Facebook" or "Connect with Facebook" or "Log in with Facebook" or "Sign in with Facebook."
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. These data processing operations are carried out based on Art. 6(1)(f) of the GDPR, in the legitimate interest of Facebook in displaying personalized advertising based on browsing behavior.
Furthermore, by using the "Facebook Connect" button on our website, you have the option to log in or register on our website using your Facebook user data. Only if you give your explicit consent in accordance with Art. 6(1)(a) of the GDPR, based on a corresponding notice regarding the data exchange with Facebook before the login process, we will receive, depending on your privacy settings on Facebook, the general and publicly accessible information stored in your profile. This information includes the user ID, name, profile picture, age, and gender.
The consent granted can be revoked at any time by sending a message to the data controller mentioned at the beginning of this statement.
Facebook Inc., located in the USA, is certified under the EU-U.S. Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.
If you do not want Facebook to directly associate the data collected through our website with your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins by using add-ons for your browser, such as "Adblock Plus" (https://adblockplus.org/de/).
7) Use of Your Data for Direct Advertising
Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The mandatory information for sending the newsletter is solely your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the double opt-in procedure. This means that we will only send you an email newsletter if you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation email asking you to confirm that you wish to receive newsletters by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) of the GDPR. When you subscribe to the newsletter, we store the IP address provided by your internet service provider (ISP) as well as the date and time of registration in order to trace any possible misuse of your email address at a later time. The data collected during the newsletter registration process is used exclusively for the purpose of advertising through the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the data controller mentioned at the beginning. After unsubscribing, your email address will be promptly deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond what is legally permitted, in which case we will inform you accordingly in this statement.
8) Data processing for order processing
8.1 The personal data collected by us will be forwarded to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will forward your payment data to the authorized credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the data transfer is Art. 6(1)(b) of the General Data Protection Regulation (GDPR).
8.2 To fulfill our contractual obligations to our customers, we cooperate with external shipping partners. We will only disclose your name and delivery address to a selected shipping partner for the purpose of delivering the goods, pursuant to Art. 6(1)(b) of the GDPR.
8.3 Use of payment service providers
If you choose the payment method "Amazon Pay," the payment processing will be carried out by the payment service provider Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg (hereinafter referred to as "Amazon Payments"), to whom we will disclose the information provided by you during the ordering process, including information about your order, in accordance with Art. 6(1)(b) of the GDPR. The disclosure of your data is exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this purpose. You can find further information about the data protection provisions of Amazon Payments at the following Internet address: https://pay.amazon.com/de/help/201751600
If you choose to pay via PayPal, credit card via PayPal, direct debit via PayPal, or - if offered - "purchase on account" or "installment payment" via PayPal, we will forward your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") as part of the payment processing. The data transfer takes place in accordance with Art. 6(1)(b) of the GDPR and only to the extent necessary for the payment processing.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
If you choose the payment method "SOFORT," the payment processing will be carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT"), to whom we will disclose the information provided by you during the ordering process, including information about your order, in accordance with Art. 6(1)(b) of the General Data Protection Regulation (GDPR). Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The disclosure of your data is exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose. You can find further information about the data protection provisions of SOFORT at the following Internet address: https://www.klarna.com/sofort/datenschutz
If you choose a payment method offered by the payment service provider Stripe, the payment processing will be carried out by the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we will disclose the information provided by you during the ordering process, including information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6(1)(b) of the GDPR. The disclosure of your data is exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. For more information about Stripe's privacy practices, please refer to the URL https://stripe.com/de/terms
9) Rights of the Data Subject
9.1 The applicable data protection law grants you comprehensive rights as a data subject (data subject rights) regarding the processing of your personal data by the data controller. We hereby inform you about these rights:
- Right to information according to Art. 15 of the GDPR: You have the right to obtain information about the processing of your personal data, in particular, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the envisaged storage period or the criteria for determining the storage period, the existence of the right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the source of your data if not collected by us, the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing, and your right to be informed about the safeguards pursuant to Art. 46 of the GDPR relating to the transfer of your data to third countries.
- Right to rectification according to Art. 16 of the GDPR: You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay or to have incomplete personal data completed.
- Right to erasure ("right to be forgotten") according to Art. 17 of the GDPR: You have the right to obtain the erasure of your personal data without undue delay if the requirements of Art. 17(1) of the GDPR are met. However, this right does not apply, in particular, if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
- Right to restriction of processing according to Art. 18 of the GDPR: You have the right to obtain the restriction of processing of your personal data as long as the accuracy of your data contested by you is being verified, if you oppose the erasure of your data due to unlawful processing and request the restriction of their use instead, if you need your data for the establishment, exercise, or defense of legal claims after we no longer need them for the purposes of processing, or if you have objected to processing based on grounds relating to your particular situation, pending the verification whether our legitimate grounds override yours.
- Right to notification according to Art. 19 of the GDPR: If you have exercised your right to rectification, erasure, or restriction of processing against the data controller, the data controller is obliged to communicate any rectification, erasure, or restriction of processing of your personal data to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability according to Art. 20 of the GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to transmit those data to another controller, where technically feasible.
- Right to withdraw consent according to Art. 7(3) of the GDPR: You have the right to withdraw your consent to the processing of your data at any time with effect for the future. In the event of withdrawal, we will promptly erase the affected data, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint according to Art. 77 of the GDPR: If you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work, or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
9.2 Right to Object
If we process your personal data based on our legitimate interests as part of a balancing of interests, you have the right to object to such processing at any time for reasons arising from your particular situation.
If you exercise your right to object, we will cease processing the relevant data. However, further processing may be reserved if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. You can exercise your right to object as described above.
If you exercise your right to object, we will cease processing the relevant data for direct marketing purposes.
10) Duration of Personal Data Storage
The duration of storage of personal data is determined by the respective statutory retention period (e.g., commercial and tax retention periods). After the expiration of the period, the corresponding data will be routinely deleted, provided that they are no longer necessary for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part to continue storing them.