Privacy Policy

Privacy Policy

The data controller is:

Stefan Wilhelm Münch

Pelzstraße 30

53347 Alfter

Email: s.muench@interfloh.com

Thank you for your interest in our website. The protection of your privacy is very important to us. Below, we inform you in detail about the handling of your data.

1. Access Data and Hosting

You can visit our websites without providing any personal information. Each time a website is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of retrieval, amount of data transferred, and the requesting provider (access data), and documents the retrieval. This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our offer. This serves to protect our legitimate interests in a correct presentation of our offer, which are predominant in the context of a balancing of interests, in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. All access data will be deleted no later than seven days after the end of your visit to the site. All access data will only be processed for as long as necessary to achieve the aforementioned processing purposes.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact options described in this privacy policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Canada, New Zealand, Japan, United Kingdom, USA.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Until certification by our service providers, data transfers continue to be based on the following: Standard contractual clauses of the European Commission.

Our service providers are located and/or use servers in these countries: Australia, India, Singapore.
There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on these safeguards: Standard Contractual Clauses of the European Commission

2. Data Processing for Contract Fulfilment and Contact

2.1 Data Processing for Contract Fulfilment

For the purpose of contract fulfilment (including inquiries about and handling of any existing claims arising from warranty, performance disruptions, and the right of withdrawal, as well as any legal update obligations) in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as in these cases we absolutely need the data for contract fulfilment and cannot send the order without their provision. Which data is collected can be seen from the respective input forms.

Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment, and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract, your data will be restricted for further processing and deleted after the expiry of tax and commercial retention periods in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.

Enterprise Resource Planning System

For order and contract processing, we use ERP systems from external service providers. Our service providers act on our behalf as part of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact options described in this privacy policy.

Data Transfer for Age Verification Purposes

If your order includes goods whose sale is subject to age restrictions, we ensure, through the use of a reliable procedure involving a personal identity and age verification, that the ordering party has reached the required minimum age. For this purpose, the SCHUFA IdentityCheck is used on our website. This service is operated by SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter: SCHUFA).
To ensure the required minimum age, individual personal data (e.g., name, address, and date of birth) are transmitted to SCHUFA Holding AG. Subsequently, a so-called identity check with Q-Bit is carried out, which has been positively evaluated by the Commission for Youth Media Protection (KJM) for age verification. The data transfer to SCHUFA serves, in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, to protect our predominant legitimate interests in ensuring a youth protection-compliant offer and to comply with legal provisions on youth protection, as part of a balancing of interests. No credit check is carried out in this respect.

2.2 Customer Account

If you have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and for storing your data for future orders on our website. You can delete your customer account at any time either by sending a message to the contact option described in this privacy policy or by using a dedicated function in the customer account. After deleting your customer account, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

Contact

In the context of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR when you voluntarily provide it to us when contacting us (e.g., via contact form, live chat tool, or email). Mandatory fields are marked as such, as in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After your inquiry has been fully processed, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

3. Data Processing for Shipping Purposes

For the fulfilment of the contract in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they handle the shipping for us (drop shipping). These are considered shipping service providers within the meaning of this privacy policy.

Data Transfer to Shipping Service Providers for Shipping Notification

If you have given us your express consent to do so during or after your order, we will pass on your email address and telephone number to the selected shipping service provider in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, so that they can contact you before delivery for the purpose of announcing or coordinating the delivery.
Consent can be revoked at any time by sending a message to the contact option described in this privacy policy. After revocation, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this statement. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

4. Data Processing for Payment Processing

For processing payments in our online shop, we cooperate with these partners: technical service providers, credit institutions, payment service providers.

4.1 Data Processing for Transaction Processing

Depending on the selected payment method, we transmit the data necessary for processing the payment transaction to our technical service providers or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves to fulfil the contract in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g., on their own website or via technical integration in the ordering process. The privacy policy of the respective payment service provider applies in this respect.

Depending on the selected payment method, data transfers to third countries outside the EU/EEA may occur, for which the European Commission has determined an adequate level of data protection by decision. Insofar as a data transfer to third countries outside the EU/EEA occurs for which the European Commission has not issued a decision on an adequate level of data protection, cooperation is based on the Standard Contractual Clauses of the European Commission.

If you have any questions about our payment processing partners or the basis of our cooperation with them, please contact us using the contact option mentioned in this privacy policy.

4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes

If necessary, we provide the aforementioned service providers with additional data that they use together with the data necessary for payment processing for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, processing of disputed payments, accounting support). This serves, in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, to protect our overriding legitimate interests in securing ourselves against fraud and in efficient payment management, as part of a balancing of interests.

4.3 Identity and Credit Check when selecting Klarna Payment Services

Klarna Direct Debit, Purchase on Account via Klarna, Klarna Installment Purchase
If you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, that we may transmit the data necessary for processing the payment and an identity and credit check to Klarna. In Germany, for identity and credit checks, the credit bureaus mentioned in Klarna's Privacy Policy may be used. Klarna uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time directly with Klarna.

4.4 Identity and Credit Check when selecting Purchase on Account via PayOne

If you choose the payment method purchase on account (offered via PayOne GmbH, Lyoner Str. 9, 60528 Frankfurt a. M., Germany (hereinafter PayOne)), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, that we may transmit the data necessary for processing the payment and an identity and credit check to PayOne. In Germany, for identity and credit checks, the credit bureaus mentioned in PayOne's Privacy Policy may be used. PayOne uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options.

4.5 Identity and Credit Check when selecting Purchase on Account via PayPal and Ratepay

If you choose the payment method purchase on account (offered via Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (hereinafter Ratepay) and PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter PayPal)), we ask for your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, that we may transmit the data necessary for processing the payment and an identity and credit check to Ratepay. In Germany, for identity and credit checks, the credit bureaus mentioned in Ratepay's Privacy Policy may be used. Ratepay uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this privacy policy. This may result in us no longer being able to offer you certain payment options. Additional information on data protection at PayPal can be found here.

5. Advertising by Email

5.1 Email Newsletter with Registration

If you subscribe to our newsletter, we will use the data required for this or separately communicated by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time either by sending a message to the contact option described below or via a dedicated link in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

5.2 Newsletter Dispatch

The newsletter may also be sent by our service providers as part of processing on our behalf. If you have questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

6. Cookies and other Technologies

 General Information

To make visiting our website attractive and to enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies). You can find the storage duration in the overview in your web browser's cookie settings.

Protection of Privacy on End Devices

When using our online offering, we use strictly necessary technologies to provide the expressly desired digital service. The storage of information on your device or access to information already stored on your device does not require consent in this respect.

For non-strictly necessary functions, the storage of information on your device or access to information already stored on your device requires your consent. We point out that if consent is not given, parts of the website may not be fully usable. Any consents you have given remain valid until you adjust or reset the respective settings on your device.

Any Subsequent Data Processing by Cookies and other Technologies

We use technologies that are strictly necessary for the use of certain functions of our website. Through these technologies, IP address, time of visit, device and browser information, as well as information about your use of our website, are collected and processed. This serves predominantly legitimate interests in an optimized presentation of our offer within the framework of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

In addition, we use technologies to fulfill legal obligations to which we are subject (e.g., to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

Cookie Settings

You can find the cookie settings for your browser under the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.

7. Use of Cookies and other Technologies

On our website, we use the following cookies and other technologies from third-party providers. Unless otherwise stated for individual technologies, this is done based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. After the purpose ceases to apply and the use of the respective technology by us ends, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other Technologies". Further information, including the basis of our cooperation with the individual providers, can be found with the individual technologies. If you have questions about the providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

7.1 Use of Google Services

We use the technologies described below from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information about your use of our website automatically collected by Google technologies is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Unless otherwise stated for individual technologies, data processing is carried out based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information on data processing by Google can be found in Google's privacy policy.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard contractual clauses of the European Commission. 

 YouTube Video Plugin

For the integration of third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube video plugin in the extended data protection mode we use, transmitted to Google, and then processed by Google, only if you play a video.

7.2 Other Providers of Web Analytics and Online Marketing Services

 Use of Vimeo Video Plugin for the integration of third-party content

For the integration of third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin from Vimeo Inc., 330 West 34th Street, 5th Floor, New York 10011, USA ("Vimeo"), transmitted to Vimeo, and then processed by Vimeo. Data processing is carried out based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Google Analytics is automatically integrated into the Vimeo Video Plugin. For the purpose of website analysis, data (IP address, time of visit, device and browser information, as well as information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information about your use of our website automatically collected by Google is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. If you visit our website from the EU, your IP address is stored on a server located in the EU for the derivation of location data and then immediately deleted before the traffic is forwarded to other Google servers for processing. We have no influence on and access to data processing by Vimeo, including the settings and results of Google Analytics.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard contractual clauses of the European Commission. 

8. Social Media

 Social Buttons from Facebook (by Meta), X (formerly: Twitter), Instagram (by Meta), Pinterest, Whatsapp

Social buttons from social networks are used on our website. These are only integrated as HTML links on the page, so no connection to the servers of the respective provider is established when our website is accessed. If you click on one of the buttons, the website of the respective social network will open in a new window of your browser. There you can, for example, click the Like or Share button.

 Our Online Presence on Facebook (by Meta), X (formerly: Twitter), Instagram (by Meta), Youtube

Provided you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, when visiting our online presences on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which usage profiles will be created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. Detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your related rights and setting options for protecting your privacy, can be found in the privacy notices of the providers linked below. Should you still need assistance in this regard, you can contact us.

Facebook (by Meta) is offered by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information about your use of our online presence on Facebook (by Meta) automatically collected by Meta Platforms Ireland is generally transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Data processing during a visit to a Facebook (by Meta) fan page is carried out based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Brazil, USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.

X is offered by X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("X"). The information about your use of our online presence on X automatically collected by X is generally transferred to a server of X Corp., FM 1209, Building 2, Bastrop, TX 78602, USA and stored there.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard contractual clauses of the European Commission. 

Instagram (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information about your use of our online presence on Instagram, which is automatically collected by Meta Platforms Ireland, is generally transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Data processing in the context of visiting an Instagram (by Meta) fan page is carried out based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: Brazil, USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is in place.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Mexico.
For these countries, there is no adequacy decision from the European Commission. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.

YouTube is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information about your use of our online presence on YouTube, which is automatically collected by Google, is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there.

Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and EEA. For these countries, there is no adequacy decision from the European Commission. Our cooperation with them is based on the Standard Contractual Clauses of the European Commission. 

9. Contact options and your rights

9.1 Your rights

As a data subject, you have the following rights:

• pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
• pursuant to Art. 16 GDPR, the right to request the immediate rectification of inaccurate or completion of your personal data stored by us;
• pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is
  • for exercising the right to freedom of expression and information;
  • for compliance with a legal obligation;
  • for reasons of public interest or
  • for the establishment, exercise or defence of legal claims;
• pursuant to Art. 18 GDPR, the right to request the restriction of processing of your personal data, if
  • the accuracy of the data is contested by you;
  • the processing is unlawful, but you oppose its erasure;
  • we no longer need the data, but you require them for the establishment, exercise or defence of legal claims, or
  • you have objected to the processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR, the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller;
• pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

9.2 Contact options

For questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of granted consents or objection to a specific data use, please contact us directly via the contact details in our imprint.