Privacy Policy

Privacy Policy

1) Information about the collection of personal data and contact details of the responsible person

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Sibolab UG (limited liability), Kastanienallee 4, 10435 Berlin, Germany, Tel .: 0049 (0) 30 49500833, Fax: 0049 (0) 30 41209906, Email: info@sibolab.de. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the character string "https: //" and the lock symbol in your browser line.

2) Data collection when visiting our website

In the case of merely informative use of our website, ie if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following information that is technically necessary for us to display the website:

  • Our visited website
  • Date and time at the time of access
  • Amount of transmitted data in bytes
  • Source/reference from which you accessed the site
  • Used browser
  • Operating system used
  • Used IP address (possibly in anonymous form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to retrospectively check the server logfiles should concrete evidence point to unlawful use.

3) hosting

Hosting through Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online shop on the basis of a Processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data can also be processed in the context of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc . or Shopify (USA) Inc. In the event that data is transmitted to Shopify Inc. in Canada, the European Commission's adequacy decision guarantees the appropriate level of data protection. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned by Shopify will only take place within the framework communicated below.

4) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, ie after closing your browser (so-called session cookies). Other cookies remain on your device and allow you to recognize your browser the next time you visit it (so-called persistent cookies). If cookies are set, they collect and process specific user information, such as browser and location data as well as IP address values, to an individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The duration of each cookie storage can be found in the overview of the cookie settings of your web browser.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of a given consent or according to Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-dispose
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/en-us/guide/safari/sfri11471/mac
Opera: https://help.opera.com/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) contact us

When you contact us (e.g. using the contact form or email), personal data is collected. Which data is collected when a contact form is used can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit.f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention requirements.

6) Data processing when opening a customer account and for contract execution

According to Art. 6 para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide it to us for the purpose of concluding a contract or opening a customer account. The data collected is shown in the respective input forms. A deletion of your customer account is possible at any time and can be done by a message to the above-mentioned address of the person in charge. We store and use the data you have provided for the execution of the contract. After completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or a legally permitted further data use by our side has been.

7) Use of customer data for direct advertising

Registration for our e-mail newsletter

If you subscribe to our e-mail newsletter, we will send you regular information about our offers. Mandatory information for sending the newsletter is your e-mail address alone. The specification of further data is voluntary and will be used to address you personally. For sending the newsletter we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm by clicking on a link that you wish to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we will save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for promotional purposes by means of the newsletter. You can cancel the newsletter at any time via the provided link in the newsletter or by sending a message to the person named above. After cancellation, your e-mail address will be deleted immediately in our newsletter distribution, as far as you have not expressly consented to a further use of your data or we reserve the right to further data usage, which is permitted by law and about which we inform you in this statement.

8) Data processing for order processing

8.1 In order to process your order, we work with the following service provider (s) who support us in whole or in part in the execution of contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of the contract, insofar as this is necessary for the delivery of the goods. We will pass on your payment details to the commissioned bank as part of the processing of payments, if this is necessary for the processing of payments. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.

8.2 Forwarding of personal data to shipping service providers

- German postal service
If the goods are delivered by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will give your e-mail address in accordance with Art. 6 Para. 1 lit. a GDPR to the Deutsche Post before the delivery of the goods for the purpose of agreeing a delivery date or to announce the delivery, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b DSGVO only forward the name of the recipient and the delivery address to Deutsche Post. It will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Deutsche Post or the delivery notification is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis Deutsche Post.
- DHL
If the delivery of the goods is carried out by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will give your email address in accordance with Art. 6 Para. 1 lit. a GDPR to DHL prior to delivery of the goods for the purpose of agreeing a delivery date or to announce the delivery, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR, only the name of the recipient and the delivery address are forwarded to DHL. The transfer only takes place if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible.
The consent can be withdrawn at any time with effect for the future against the person named above or against the transport service provider DHL.

8.3 Use of payment service providers (payment services)

- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your end device operated with iOS, watchOS or macOS by debiting a payment card deposited with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to help protect your transactions. To release a payment, you have to enter a code that you have previously defined, as well as verification using the "Face ID" or "Touch ID" function on your device.
For the purpose of payment processing, the information you provide during the ordering process and the information about your order are passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is sent to the payment service provider of the payment card stored in Apple Pay in order to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the outgoing website to confirm payment success.
If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple retains anonymized transaction information, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal references. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you personally. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
Further information on data protection at Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
- Google Pay
If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment is processed via the "Google Pay" application of your with at least Android 4.4 ("KitKat") operated and with an NFC function mobile devices by debiting a payment card deposited with Google Pay or a payment system verified there (eg PayPal). To release a payment via Google Pay in the amount of more than € 25, it is necessary to unlock your mobile device beforehand by means of the verification measures set up (such as face recognition, password, fingerprint or sample).
For the purpose of payment processing, the information you provide during the ordering process and the information about your order will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the original website, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a one-time numerical token. In all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the initial website by debiting the payment method deposited with Google Pay.
If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Google reserves the right to collect, save and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, location and description of the dealer, a description of the purchased goods or services provided by the dealer, photos that you have attached to the transaction, the name and email address of the seller and buyer or of the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing takes place exclusively in accordance with Art. 6 Para. 1 lit. f GDPR based on the legitimate interest in correct accounting, the verification of process data and the optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed process data with other information that is collected and stored when Google uses other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
When selecting a Klarna payment service, payment is processed through Klarna Bank AB (publ) [https://www.klarna.com], Sveavägen 46, 111 34 Stockholm, Sweden (hereafter "Klarna"). In order to facilitate the processing of the payment, your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, phone number and IP address) as well as data related to the order (eg invoice amount, article, type of delivery) for the purpose of identity and credit checks to Klarna, provided that they are published in accordance with Art. 6 para. 1 lit. a DSGVO in the context of the order process expressly consented. To which credit agencies your data can be forwarded, you can see here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit information can contain probability values ​​(so-called score values). As far as score values ​​are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values ​​includes, but is not limited to, address data. The received information about the statistical probability of a payment default uses Klarna for a balanced decision on the creation, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the controller or to Klarna. However, Klarna may continue to be entitled to process your personal data, if this is necessary for the contractual payment.
Your personal details will be in accordance with the applicable data protection regulations and in accordance with the information in Klarnas Privacy Policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for those affected in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we will transfer your payment data in the course of payment to PayPal (Europe) Sarl et Cie, SCA, 22- 24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), continue. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for the payment process.
PayPal reserves itself for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment" via PayPal the execution of a credit check. If necessary, your payment data will be processed in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of the legitimate interest of PayPal in the determination of their solvency to credit bureaus passed. The result of the credit check for statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values ​​(so-called score values). As far as score values ​​are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values ​​includes, but is not limited to, address data. Further data protection information, among other things to the used credit reference agencies, please refer to the privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if this is necessary for the contractual payment.
- IMMEDIATELY
If you choose the payment method "IMMEDIATELY", payment will be processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "IMMEDIATELY"), to which we will provide your information communicated during the ordering process and the information about your order according to Art. 6 para. 1 lit. b Pass on DSGVO. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data is exclusively for the purpose of processing payments with the payment service provider SOFORT and only insofar as it is necessary for this. Further information on the privacy policy of SOFORT can be found at the following Internet address: https://www.klarna.com/sofort/datenschutz.

9) rights of the person concerned

9.1 The applicable data protection law grants you comprehensive rights of data subjects (information and intervention rights) to the person responsible with regard to the processing of your personal data, about which we inform you below:

  • Right of access according to Art. 15 GDPR: In particular, you have the right to obtain information about the personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or is being disclosed Period of storage or the criteria for determining the duration of storage, the right of rectification, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if they were not collected by us, the Existence of automated decision-making including profiling and, where appropriate, meaningful information about the logic and scope involved and the intended effects of such processing, as well as your right to be informed of what guarantees under Art. 46 DSGVO in case of assignment your data to third countries;
  • Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and / or completion of your incomplete data stored by us;
  • Right to cancellation according to Art. 17 GDPR: You have the right to demand the deletion of your personal data in the presence of the requirements of Art. 17 para. 1 GDPR. However, that right does not apply, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the pursuit, exercise or defense of rights;
  • Right to restriction of the processing according to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data, as long as the correctness of your data challenged by you is checked, if you refuse a deletion of your data because of inadmissible data processing and instead the Restricting the processing of your data require, if you need your data for the assertion, exercise or defense of legal rights, after we no longer need these data after purpose or if you have objected for reasons of your particular situation, as long as it is not certain, whether our entitled Reasons predominate;
  • Right to be informed in accordance with Art. 19 GDPR: If you have the right to rectify, delete or limit the processing to the controller, he / she is obligated to rectify or delete the data or all recipients to whom the personal data relating to you have been disclosed Notify of limitation of the processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
  • Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, as far as technically feasible;
  • Right to revoke granted consent in accordance with Art. 7 para. 3 GDPR: You have the right to revoke a consent once given in the processing of data at any time with future effect. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing can not be based on a legal basis for consentless processing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
  • Right to complain under Art. 77 DSGVO: If you consider that the processing of your personal data violates the GDPR, you have the right to complain to a supervisory authority, in particular in the case of an administrative or judicial remedy Member State of your whereabouts, place of work or place of alleged infringement.

9.2 RIGHT TO OBJECT

IF, IN THE CONTEXT OF INTEREST ACCOUNTABILITY, WE PROCESS OUR PERSONAL DATA BASED ON OUR MAJOR LEGITIMATE INTEREST, YOU HAVE ANY PRESENT RIGHT TO SUBMIT AGAINST THIS PROCESSING FOR CONSEQUENCES WITH EFFECT ON THE FUTURE FOR REASONS OBTAINED FROM YOUR SPECIFIC SITUATION.
MAKE USE OF YOUR OPPOSITION RIGHT, WE FINISH THE PROCESSING OF THE AFFECTED DATA. FURTHER PROCESSING REMAINS SUBJECT TO EXERCISE WHEN WE MAY PROVIDE IMPERATIVE REASONABLE REASONS FOR PROCESSING WHICH EXCEED ITS INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE PRESENTATION, EXERCISE OR DEFENSE OF LEGAL CHARGES.

IF YOUR PERSONAL DATA IS PROCESSED BY US TO OPERATE DIRECT ADVERTISING, YOU HAVE THE RIGHT TO INTRODUCE ANY CONTESTING AGAINST THE PROCESSING OF YOU OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE THE OPPOSITE AS DESCRIBED ABOVE.

MAKE USE OF YOUR CONTINGENCY RIGHT, WE FINISH THE PROCESSING OF THE DATA CONCERNED FOR DIRECT ACCEPTANCE.

10) Art. 9 GDPR processing of special categories of personal data

(1) The processing of personal data from which the racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership emerge, as well as the processing of genetic data, biometric data for the unique identification of a natural person, health data or data on sexual life or the sexual orientation of a natural person is prohibited.

(2) Paragraph 1 does not apply in the following cases:

a) The person concerned has expressly consented to the processing of the personal data mentioned for one or more specified purposes, unless, under Union law or the law of the member states, the prohibition under paragraph 1 cannot be lifted with the consent of the person concerned.

11) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and - if applicable - additionally based on the respective legal retention period (eg commercial and tax retention periods).

In the processing of personal data based on an explicit consent in accordance with Art. 6 para. 1 lit. a DSGVO, these data are stored until the person withdraws his consent.

There are statutory retention periods for data which, in the context of legal or similar obligations, are based on Art. 6 para. 1 lit. b DSGVO are processed, these data are routinely deleted after expiry of the retention periods, if they are no longer required for fulfillment of the contract or for initiating a contract and / or if there is no legitimate interest in the re-storage on our part.

In the processing of personal data on the basis of Art. 6 para. 1 lit. f DSGVO, these data will be stored until the person concerned exercises his right of objection under Art. 21 para. 1 DSGVO, unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the person concerned, or the processing serves the assertion, exercise or defense of legal claims.

In the processing of personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f DSGVO these data will be stored until the person concerned exercises his right of objection under Art. 21 para. 2 DSGVO.

Unless otherwise stated in the other information in this Declaration on Specific Processing Situations, stored personal data will be erased if they are no longer necessary for the purposes for which they were collected or otherwise processed.