Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This applies only insofar as no other indication is made in the processing operations described below.

“Personal data” means all information relating to an identified or identifiable natural person.

Server Log Files

You can visit our website without providing information about yourself.

Whenever you access our website, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log files (so-called server log files). These stored data include, for example, the name of the page accessed, date and time of access, IP address, the amount of data transferred and the requesting provider. Processing takes place on the basis of Art. 6(1)(f) GDPR from our overriding legitimate interest in ensuring the trouble-free operation of our website as well as improving our offering.

Your data are transmitted, among other places, to Canada. For data transfers to Canada, an adequacy decision by the EU Commission exists.

Contact

Controller

TANARAS, Tempelhofer Weg 5, 78056 Villingen-Schwenningen, Germany,

+49 152 52843474, team@tanaras.de

Customer’s Voluntary Contact by Email

If you contact us on your own initiative by email, we collect your personal data (name, email address, message text) only to the extent you provide. The processing serves the purpose of handling and responding to your inquiry.

If the contact serves to carry out pre-contractual measures (e.g. consultation regarding purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this processing is based on Art. 6(1)(b) GDPR.

If the contact occurs for other reasons, this processing is carried out on the basis of Art. 6(1)(f) GDPR from our overriding legitimate interest in handling and responding to your inquiry. In this case, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Art. 6(1)(f) GDPR.

We use your email address only to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and Processing When Using the Contact Form

When using the contact form, we collect your personal data (name, email address, message text) only to the extent you provide. Processing serves the purpose of contacting you.

We use your email address only to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Orders

Collection, Processing and Disclosure of Personal Data in the Course of Order

When you place an order, we collect and process your personal data only to the extent necessary to fulfill and handle your order and to process your inquiries. The provision of data is required for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. Processing is carried out on the basis of Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.

Your data are disclosed, for example, to the shipping companies and dropshipping providers you select, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to the minimum necessary.

Your data are transmitted, among other places, to Canada. For data transfers to Canada, an adequacy decision by the EU Commission exists.

Reviews & Advertising

Data Collection When Submitting a Comment or Review

When commenting on/reviewing an article or a post, we collect your personal data (name, email address, comment text) only to the extent you provide. Processing serves the purpose of enabling comments/reviews and displaying them.

By submitting the comment/review, you consent to the processing of the data transmitted. Processing is based on Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time by notifying us, without affecting the lawfulness of processing based on consent before its withdrawal. Your personal data will then be deleted.

When your comment is published, only the name you provide will be displayed.

Use of Email Address for Sending Newsletters

We use your email address, independently of contract processing, exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. Processing is based on Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe at any time via the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

Use of Klaviyo

We use the service of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; “Klaviyo”) for sending newsletters under a data processing agreement.

We pass on the information you provided during newsletter sign-up (email address, if applicable first and last name) to Klaviyo. Processing serves the purpose of sending the newsletter and its statistical evaluation.

To evaluate newsletter campaigns, the newsletters sent contain a 1×1-pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you opened the newsletter and whether you clicked integrated links. In this context we collect personal data such as IP address, browser type and device, and the time. Usage profiles can be created under a pseudonym from these data. The data collected are not used to identify you personally. The data are used solely for statistical evaluation to improve newsletter campaigns.

Your data are generally transmitted to Klaviyo servers in the USA and stored there. There is no adequacy decision by the EU Commission for the USA. The transfer is based, among other things, on Standard Contractual Clauses as appropriate safeguards for the protection of personal data, available at:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

The processing of your personal data is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in a targeted, effective and user-friendly newsletter system. You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data.

Further information on data protection at Klaviyo can be found at https://www.klaviyo.com/legal/privacy-notice and https://www.klaviyo.com/legal/data-processing-agreement.

Shipping Service Providers

Disclosure of Email Address to Shipping Companies to Provide Shipment Status

We pass on your email address to the transport company within the scope of contract processing if you expressly consented to this during the order process. The disclosure serves the purpose of informing you by email about the shipment status. Processing is based on Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time by notifying us or the transport company, without affecting the lawfulness of processing based on consent before its withdrawal.

Payment Service Providers

Use of PayPal Express

We use on our website the payment service PayPal Express of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; “PayPal”). Processing serves the purpose of enabling you to make payments via PayPal Express.

To integrate this payment service, it is necessary for PayPal to collect, store and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when the website is accessed. Cookies may also be used. Cookies enable the recognition of your browser.

The use of cookies or comparable technologies occurs with your consent on the basis of Section 25(1) sentence 1 TTDSG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

When selecting and using PayPal Express, the data necessary for payment processing are transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Art. 6(1)(b) GDPR.

Further information on data processing when using PayPal Express can be found in the corresponding privacy policy at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS

Use of PayPal Checkout

We use on our website the payment service PayPal Checkout of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; “PayPal”). Processing serves the purpose of enabling you to pay via this service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, the data required for payment processing are transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is based on Art. 6(1)(b) GDPR.

Credit Card via PayPal, Direct Debit via PayPal & “Pay Later” via PayPal

For certain payment methods such as credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, PayPal reserves the right to obtain a credit report on the basis of mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures and in whose calculation, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with statutory provisions. Processing serves the purpose of credit checking for the initiation of a contract. Processing is carried out on the basis of Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when PayPal performs in advance.

You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data based on Art. 6(1)(f) GDPR by notifying PayPal. The provision of the data is required for the conclusion of the contract with the payment method you have chosen. Failure to provide the data means that the contract cannot be concluded using the payment method you selected.

Third-Party Providers

When paying via a third-party provider’s payment method, the data required for payment processing are transmitted to PayPal. This processing is based on Art. 6(1)(b) GDPR. To execute this payment method, the data may then be passed on by PayPal to the respective provider. This processing is based on Art. 6(1)(b) GDPR. Local third-party providers can include, for example:

Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
giropay (Paydirekt GmbH, Stephanstr. 14–16, 60313 Frankfurt am Main)

Purchase on Account via PayPal

When paying by the “purchase on account” payment method, the data required for payment processing are first transmitted to PayPal. To execute this payment method, the data are then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28–29, 10587 Berlin; “Ratepay”) in order to fulfill the contract with you using the chosen payment method. This processing is based on Art. 6(1)(b) GDPR. Ratepay may carry out a credit check on the basis of mathematical-statistical procedures (probability or score values) using credit agencies as described above. Processing serves the purpose of credit checking for the initiation of a contract. Processing is carried out on the basis of Art. 6(1)(f) GDPR from our overriding legitimate interest in protection against payment default when Ratepay performs in advance. Further information on data protection and which credit agencies Ratepay uses can be found at:

https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/

Further information on data processing when using PayPal can be found in the corresponding privacy policy at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of SOFORT

We use the payment service provider SOFORT GmbH (Theresienhöhe 12, 80339 Munich, Germany; “SOFORT”) for payment processing on our website. SOFORT GmbH is a company of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Processing serves the purpose of offering you various payment methods by handling payment processing via SOFORT. If you choose this payment option, the data required for payment processing are transmitted to SOFORT. This data processing is based on Art. 6(1)(b) GDPR. Further information on data processing when using SOFORT can be found at:

https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/ and https://www.klarna.com/sofort/

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before cookies are set, decide on acceptance on a case-by-case basis, and prevent the storage of cookies and the transmission of the data contained therein. Cookies already stored can be deleted at any time. However, we point out that you may then not be able to use all functions of this website to their full extent.

You can find information on managing (including disabling) cookies in the most important browsers at the following links:

Chrome: https://support.google.com/accounts/answer/61416?hl=de

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically Necessary Cookies

Unless otherwise stated in this privacy policy, we use only these technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Cookies also enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.

The use of cookies or comparable technologies takes place on the basis of Section 25(2) TTDSG. The processing of your personal data takes place on the basis of Art. 6(1)(f) GDPR from our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our offering. You have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data.

Advertising Tracking

Use of the Facebook Pixel

We use on our website the remarketing function “Custom Audiences” of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Facebook”).

Meta Platforms Ireland and we are joint controllers for the collection of your data that occurs when the service is integrated and for the transmission of these data to Facebook. The basis for this is an agreement between us and Meta Platforms Ireland on joint processing of personal data, which sets out the respective responsibilities. The agreement is available at: https://www.facebook.com/legal/controller_addendum. According to this, we are in particular responsible for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, as well as for compliance with the obligations under Art. 33, 34 GDPR insofar as a personal data breach concerns our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling data subject rights pursuant to Art. 15–20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for the obligations under Art. 33, 34 GDPR insofar as a personal data breach concerns Meta Platforms Ireland’s obligations under the joint processing agreement.

The application serves the purpose of targeting visitors to the website with interest-based advertising on the social network Facebook. For this purpose, the Facebook remarketing tag has been implemented on the website. When you visit the website, a direct connection to Facebook’s servers is established via this tag. It is thereby transmitted to the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the social network Facebook, you are then shown personalized, interest-based Facebook ads. Your data may be transmitted to the USA. There is no adequacy decision by the EU Commission for the USA. The transfer is based, among other things, on Standard Contractual Clauses as appropriate safeguards for the protection of personal data, available at: https://www.facebook.com/legal/EU_data_transfer_addendum.

The use of cookies or comparable technologies takes place with your consent on the basis of Section 25(1) sentence 1 TTDSG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Further information on the collection and use of data by Facebook, your rights in this respect and options for protecting your privacy can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/

Plug-ins and Other Services

Use of YouTube

We use on our website the function for embedding YouTube videos of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

The function displays videos stored on YouTube in an iFrame on the website. The “enhanced privacy mode” option is activated. As a result, YouTube does not store information about visitors to the website. Information is only transmitted to YouTube and stored there when you actually watch a video. Your data may be transmitted to the USA. There is no adequacy decision by the EU Commission for the USA. The transfer is based, among other things, on Standard Contractual Clauses as appropriate safeguards for the protection of personal data, available at: https://policies.google.com/privacy/frameworks.

The processing of your personal data is carried out on the basis of Art. 6(1)(f) GDPR from our overriding legitimate interest in the demand-oriented and targeted design of the website. You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data.

Further information on the collection and use of data by YouTube and Google, your rights in this respect and options for protecting your privacy can be found in YouTube’s privacy policy at https://www.youtube.com/t/privacy.

Data Subject Rights and Retention Period

Duration of Storage

After the contract has been fully processed, the data will initially be stored for the duration of the warranty period and thereafter in consideration of statutory, in particular tax and commercial law retention periods, and then deleted after the expiry of these periods unless you have consented to further processing and use.

Rights of the Data Subject

Subject to the legal requirements, you have the following rights under Art. 15 to 20 GDPR: right of access, rectification, erasure, restriction of processing, data portability.

You also have, under Art. 21(1) GDPR, a right to object to processing based on Art. 6(1)(f) GDPR, as well as to processing for direct marketing purposes.

Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful.

You can submit a complaint, among others, to the supervisory authority responsible for us at the following contact details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Königstrasse 10 a

70173 Stuttgart

Tel.: +49 711 6155410

Fax: +49 711 61554115

Email: poststelle@lfdi.bwl.de

Right to Object

Where the personal data processing listed here is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, for reasons arising from your particular situation, to object to such processing at any time with effect for the future.

After an objection has been made, the processing of the data concerned will be ceased unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defense of legal claims.

Last updated: 01/08/2024