Privacy Policy

1. Data Controller

The data controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

halloichbineine UG (haftungsbeschränkt) Sebastian-Kneipp-Straße 5 65812 Bad Soden am Taunus Germany Email: christian@quasser.com Phone: +49 157 92496824 Commercial Register: Amtsgericht Münster, HRB 22206 Managing Director: Christian Siever

2. General Information and Mandatory Disclosures

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

3. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Hosting & Server Log Files

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, your browser automatically sends certain information to the server (so-called server log files). This includes: IP address, browser type and version, operating system used, referrer URL (the previously visited page), hostname of the accessing computer, date and time of the server request. This data is temporarily stored in so-called log files. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in the technically error-free presentation and optimisation of our website and to ensure system security and stability). The data is automatically deleted after 7 days, unless security incidents require longer retention. For more information about Vercel's data processing, please visit: https://vercel.com/legal/privacy-policy

5. Collection of Personal Data for Orders

When you place a pre-order with us, we collect the following personal data: first name, last name, email address, delivery address (street, house number, postcode, city), phone number (optional), payment information (transmitted directly to Stripe and not stored by us). The legal basis is Art. 6(1)(b) GDPR (performance of a contract). The data is used for processing your order, shipping, and invoicing. We store your order data until the expiry of the statutory retention periods (10 years pursuant to § 147 AO or 6 years pursuant to § 257 HGB). Contact data is deleted thereafter unless you have expressly consented to further use.

6. Payment Processing (Stripe)

For payment processing, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (for European customers) and Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. When you pay by credit card, debit card, or other payment methods offered by Stripe, your payment data is transmitted directly and in encrypted form to Stripe. We do not store complete credit card data ourselves. Stripe processes your data in accordance with their privacy policy: https://stripe.com/privacy. Data transmission is based on Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in secure and efficient payment processing). Insofar as data is transferred to the USA, this is done on the basis of EU Standard Contractual Clauses pursuant to Art. 46 GDPR and the EU-US Data Privacy Framework. For more information, see: https://stripe.com/de/privacy-center/legal#international-data-transfers

7. Cookies and Technically Necessary Data

This website uses a technically necessary cookie to store your language preference (German or English). This cookie is called "locale" and exclusively contains the information of your chosen language (e.g. "de" or "en"). It does not contain personal data and does not expire. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a user-friendly presentation of the website in your preferred language). You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

8. Facebook Pixel / Meta Pixel (Only with Explicit Consent)

This website may use the Facebook Pixel (Meta Pixel) from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (or for users outside the EU: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). The pixel enables us to track user behaviour after they have been redirected to our website by clicking on a Facebook ad, and to measure the effectiveness of Facebook ads for statistical and market research purposes. IMPORTANT: The Facebook Pixel is only activated if you have given your explicit and voluntary consent (e.g. via a cookie consent banner). Simply using our website does not constitute consent. The legal basis is Art. 6(1)(a) GDPR and § 25(1) TTDSG (explicit consent). The collected data is anonymised and aggregated by Meta. However, Meta may link the data to your Facebook account and use it for its own advertising purposes. Meta's privacy policy can be found at: https://www.facebook.com/privacy/policy. Data transfers to the USA are based on EU Standard Contractual Clauses pursuant to Art. 46 GDPR. You can withdraw your consent at any time with effect for the future by changing your cookie settings or deleting cookies in your browser. You can also manage your ad settings directly on Facebook: https://www.facebook.com/settings?tab=ads

9. Storage Duration

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which we are subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. Specific periods: Server log files are deleted after 7 days. Order data is stored for 10 years (§ 147 AO) or 6 years (§ 257 HGB). Facebook Pixel: duration of consent granted, revocation possible at any time.

10. Data Security

We use the widely adopted SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when visiting the website. This is usually 256-bit encryption. We also employ appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

11. Disclosure of Personal Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below. We only share your personal data with third parties if: you have given your express consent (Art. 6(1)(a) GDPR), the transfer is necessary for the performance of a contract (Art. 6(1)(b) GDPR), there is a legal obligation to disclose (Art. 6(1)(c) GDPR), or the transfer is necessary for the establishment, exercise, or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed (Art. 6(1)(f) GDPR). In the context of order processing, we pass on your data to the shipping company commissioned with the delivery and to the payment service provider commissioned with processing payments (Stripe).

12. External Links

This website may contain links to external third-party websites over whose content we have no influence. Therefore, we cannot accept any liability for this third-party content. The respective provider or operator of the linked pages is always responsible for their content. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognisable at the time of linking.

13. Your Rights as a Data Subject

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access (Art. 15 GDPR): You have the right to request information about your personal data processed by us.
• Right to rectification (Art. 16 GDPR): You have the right to demand the immediate rectification of inaccurate or completion of your personal data stored by us.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data stored by us, unless statutory retention periods or other legal grounds prevent deletion.
• Right to restriction of processing (Art. 18 GDPR): You have the right to demand the restriction of processing of your personal data.
• Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR.
• Right to withdraw consent (Art. 7(3) GDPR): If the processing of your data is based on consent, you have the right to withdraw this consent at any time. The lawfulness of processing carried out on the basis of consent before its withdrawal shall not be affected.

To exercise these rights, please contact: christian@quasser.com or write to the address stated above.

14. Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR). The supervisory authority responsible for us is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (The Hessian Commissioner for Data Protection and Freedom of Information) Postfach 3163 65021 Wiesbaden, Germany Phone: +49 611 1408-0 Email: poststelle@datenschutz.hessen.de Website: https://datenschutz.hessen.de

15. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements, our services, or data processing. The current version is always available on this page. In the event of material changes, we will notify you separately.