Privacy policy
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when using our website. Personal data refers to all data with which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Vibe Labs LLC, 7901 4th St N, Ste 300, St. Petersburg, FL 33702, USA, email: info@pawvibes.de. The online shop is operated under the brand Paw Vibes®. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/referrer from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable, in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently review the server log files if there are concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
Shopify
For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada; Shopify Data Processing (USA) Inc.; Shopify Payments (USA) Inc.; or Shopify (USA) Inc.
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted again after closing the browser (so-called “session cookies”), while others remain on your device for a longer period and enable the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies used by us, processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contact
5.1 Loox
We use the services of the following provider for review reminders: Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel.
Exclusively on the basis of your explicit consent in accordance with Art. 6(1)(a) GDPR, we transmit your email address and, if applicable, further customer data to the provider so that the provider can contact you by email with a review reminder.
You can revoke your consent at any time with effect for the future either to us or to the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
5.2 When contacting us (e.g. via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
6) Data Processing When Opening a Customer Account
In accordance with Art. 6(1)(b) GDPR, personal data is further collected and processed to the extent required if you provide it to us when opening a customer account. Which data is required for opening an account can be seen from the input mask of the corresponding form on our website.
Deletion of your customer account is possible at any time and can be carried out by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no statutory retention periods conflict with this, and no legitimate interest in further storage persists on our part.
7) Use of Customer Data for Direct Advertising
7.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending newsletters, which ensures that you only receive newsletters after you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We store the IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us when registering for the newsletter is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
7.2 Omnisend
Our email newsletters are sent via the following provider: Soundest Ltd., Unit A3, Gateway Tower, 32 Western Gateway, London E16 1YL, England.
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when subscribing to the newsletter to this provider in accordance with Art. 6(1)(f) GDPR so that the provider can handle the newsletter dispatch on our behalf.
Subject to your explicit consent in accordance with Art. 6(1)(a) GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the content of the newsletter. End device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.
Your consent to newsletter tracking can be revoked at any time with effect for the future.
We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.
For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
7.3 Shopping Cart Reminder Emails
In the event that you abandon your purchase with us before completing the order, you have the option of being reminded once by email of the contents of your virtual shopping cart.
The only mandatory information required for sending this reminder is your email address. Providing additional data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending emails, which ensures that you only receive a notification after you have expressly confirmed your consent by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR for sending a shopping cart reminder. We store the IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us when registering for our email notification service is used strictly for the intended purpose.
You can unsubscribe from shopping cart reminders at any time by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted immediately from the distribution list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.
8) Data Processing for Order Handling
8.1 Transmission of Image Files for Order Processing via Upload Function
On our website, we offer customers the opportunity to commission the personalization of products by transmitting image files via an upload function. The submitted image is used as a template for personalizing the selected product.
Via the upload form on the website, the customer can transmit one or more image files directly from the memory of the device used to us via automated, encrypted data transmission. We then collect, store, and use the transmitted files exclusively for the production of the personalized product within the meaning of the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed of this in the following paragraphs. No further disclosure will take place. If the transmitted files or digital motifs contain personal data (in particular images of identifiable persons), all processing operations mentioned above are carried out exclusively for the purpose of processing your online order in accordance with Art. 6(1)(b) GDPR.
After the order has been fully processed, the transmitted image files are automatically and completely deleted.
8.2 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us is passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.
If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided when placing the order (name, address, email address) in order to inform you personally of upcoming updates within the legally prescribed period in accordance with Art. 6(1)(c) GDPR via an appropriate communication channel (e.g. by post or email). Your contact data is used strictly for the purpose of informing you about updates owed by us and is processed by us only to the extent necessary for the respective information.
For processing your order, we also work with the following service provider(s), who support us wholly or partially in fulfilling concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
8.3 To fulfill our contractual obligations towards our customers, we work with external shipping partners. We pass on your name, delivery address and, if necessary for delivery, your telephone number exclusively for the purpose of goods delivery to a shipping partner selected by us in accordance with Art. 6(1)(b) GDPR.
8.4 Use of Payment Service Providers (Payment Services)
- Shopify Payments
One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
If you select a payment method from the provider that requires advance payment (e.g. credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
9) Tools and Miscellaneous
9.1 - Lexoffice
For accounting purposes, we use the service of the cloud-based accounting software of the following provider: Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany.
The provider processes incoming and outgoing invoices as well as, if applicable, the company’s bank transactions in order to automatically record invoices, match them to transactions, and generate financial accounting in a partially automated process.
If personal data is also processed in this context, processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in efficient organization and documentation of our business transactions.
9.2 Cookie Consent Tool
This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies requiring consent and cookie-based applications. The “cookie consent tool” is displayed to users when they access the page in the form of an interactive user interface, on which consent for certain cookies and/or cookie-based applications can be granted by ticking checkboxes. By using the tool, all cookies/services requiring consent are only loaded if the respective user grants consent by ticking the relevant boxes. This ensures that such cookies are only set on the user’s device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
An additional legal basis for processing is Art. 6(1)(c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the respective user consent.
Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
10) Rights of the Data Subject
10.1 Applicable data protection law grants you the following rights of the data subject with regard to the processing of your personal data by the controller (rights of access and intervention), whereby reference is made to the cited legal basis for the respective requirements for exercising these rights:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent granted pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
10.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
11) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, the data concerned is stored until you revoke your consent.
If statutory retention periods exist for data processed on the basis of Art. 6(1)(b) GDPR in the context of contractual or quasi-contractual obligations, such data is routinely deleted after expiry of the retention periods, provided that it is no longer required for contract fulfillment or initiation and/or there is no longer a legitimate interest in further storage on our part.
When processing personal data on the basis of Art. 6(1)(f) GDPR, such data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
When processing personal data for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, such data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information of this declaration regarding specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
