Privacy policy
Unless otherwise stated below, the provision of your personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This only applies if no other information is provided in the following processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.
Server log files
You can visit our website without providing any personal data.
Each time you access our website, usage data is transmitted to us or our web host / IT service provider by your Internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider.
The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in ensuring the trouble-free operation of our website and to improve our offer.
Contact
Responsible
Contact us on request. The person responsible for data processing is: Philipp Engelbreit, Mühllach 11, 90552 Röthenbach Germany, 0911/98237800, philipp.engelbreit@ep-arms.de
Proactive contact by the customer by e-mail
If you contact us by e-mail on your own initiative, we will only collect your personal data (name, e-mail address, message text) to the extent provided by you. The purpose of data processing is to process and respond to your contact request.
If the contact is made for the purpose of implementing pre-contractual measures (e.g. advice in the event of an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we only collect your personal data (name, email address, message text) to the extent that you have provided. The data processing serves the purpose of establishing contact.
If the establishment of contact serves the implementation of pre-contractual measures (e.g. advice in the event of an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR. We will only use your e-mail address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when sending images by e-mail
You have the option of sending us images by email in connection with the order of a personalized product.
By sending your images, we may collect your personal data (image of an identifiable person) only to the extent provided by you. The purpose of data processing is to create personalized products. The image sent serves as a template for the product and is used for this purpose (e.g. T-shirt printing). The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and is necessary for the performance of a contract with you.
Your data will not be passed on.
We only use the image you send us in the context of providing the service. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Customer account Orders
Customer account
When you open a customer account, we collect your personal data to the extent specified therein. The purpose of data processing is to improve your shopping experience and simplify order processing. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your customer account will then be deleted.
Collection, processing and disclosure of personal data for orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to process your inquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and is necessary for the performance of a contract with you.
Your data will be passed on, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transfer is kept to a minimum.
Advertising
Use of your email address for sending newsletters
We use your email address exclusively for our own advertising purposes for sending newsletters, irrespective of contract processing, provided you have expressly consented to this. The processing takes place on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the mailing list.
Shipping service provider Merchandise management
Forwarding of the e-mail address to shipping companies for information about the shipping status
We forward your e-mail address to the shipping company as part of the contract processing, provided that you have expressly agreed to this during the ordering process. The purpose of the transfer is to inform you by e-mail about the shipping status. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us or the transport company without affecting the lawfulness of processing based on consent before its withdrawal.
Use of an external merchandise management system
We use a merchandise management system for contract processing as part of order processing. For this purpose, your personal data collected as part of the order will be transmitted to
orgaMAX, Haufe-Lexware GmbH & Co KG, Munzinger Straße 9, 79111 Freiburg, Germany, and to WooCommerce, Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA.
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
Payment service provider
PayPal
If you decide to pay via PayPal as part of the ordering process, your payment data will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A.. PayPal is an online payment service provider that enables payments to be processed securely and quickly.
Your data will be transmitted to PayPal on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and only to the extent necessary for payment processing. PayPal reserves the right to forward data to credit agencies to check your creditworthiness, but this is done exclusively on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest).
- Operator: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
- Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Direct bank transfer
If you choose the direct bank transfer payment method, we collect and process your bank details exclusively for the purpose of processing the payment. The processing takes place on the basis of Art. 6 para. 1 lit. b GDPR (contract processing). Your bank details will only be stored and processed to the extent necessary to carry out the transfer. Your bank details will not be passed on to third parties. We ensure the confidentiality of your payment data through the use of modern security measures and process them exclusively within the framework of the legal requirements.
Cookies
Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your Internet browser, you can be notified before cookies are set and decide whether to accept them individually and prevent the storage of cookies and transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent.
You can find out how to manage (including deactivating) cookies in the most important browsers by clicking on the links below:
Chrome: https://support.google.com/accounts/answer/61416?hl=de (https://support.google.com/accounts/answer/61416?hl=de)
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09 (https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09)
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen (https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen)
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac (https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac)
Technically necessary cookies
Unless otherwise stated below in the privacy policy, we only use these technically necessary cookies for the purpose of making our website more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.
The use of cookies or comparable technologies is based on Section 25 (2) TDDDG. The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
Use of Complianz GDPR Cookie Consent
We use the Complianz GDPR Cookie Consent plug-in from Complianz B.V. (Atoomweg 6B 9743 AK Groningen, Netherlands; “Complianz”) on our website.
The plug-in enables you to give consent to data processing via the website, in particular the setting of cookies, and to exercise your right of withdrawal for consent already given. The purpose of data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations. Cookies may be used for this purpose. The following information may be collected and transmitted to Complianz: uniquely assignable ID, consent status. This data is not passed on to other third parties.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.
You can find more information on data protection at Complianz at: https://complianz.io/legal/privacy-statement/?cmplz_region_redirect=true®ion=eu (https://complianz.io/legal/privacy-statement/?cmplz_region_redirect=true®ion=eu)
Plug-ins and miscellaneous
Use of Google reCAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. The purpose of the query is to distinguish between human input and automated, machine processing. For this purpose, your input is transmitted to Google and used there. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transmitted to Google. This data is processed by Google within the European Union and may also be transmitted to servers of Google LLC in the USA. An adequacy decision of the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find more information about Google reCAPTCHA and the associated privacy policy at: https://www.google.com/recaptcha/intro/android.html (https://www.google.com/recaptcha/intro/android.html) and https://www.google.com/privacy (https://www.google.com/privacy).
Use of Wordfence
We use the Wordfence security plugin from Defiant Inc (00 5th Ave Ste 4100, Seattle, WA 98104, USA “Wordfence”) on our website as part of order processing. The data processing serves in particular to protect against viruses and malware, the detection of and defense against brute force and DDoS attacks. For this purpose, Wordfence uses cookies to classify website visitors as questionable or harmless. For this purpose, the IP address of the website visitor is stored on Wordfence’s servers. IP addresses classified as harmless are placed on a white list. Dubious IP addresses, on the other hand, are placed on a blacklist. For this purpose, our website establishes a permanent connection to the Wordfence servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary.
Your data will be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Wordfence is not certified under the TADPF. Data is transferred on the basis of standard contractual clauses, among others, as suitable guarantees for the protection of personal data, which can be viewed at: https://www.wordfence.com/standard-contractual-clauses/ (https://www.wordfence.com/standard-contractual-clauses/).
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information on the collection and use of data by Wordfence, your rights in this regard and options for protecting your privacy, please refer to Wordfence’s privacy policy at https://www.wordfence.com/privacy-policy/ (https://www.wordfence.com/privacy-policy/) and https://www.wordfence.com/help/general-data-protection-regulation/#standard-contractual-clauses (https://www.wordfence.com/help/general-data-protection-regulation/#standard-contractual-clauses).
Use of YouTube
We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website.YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The function displays videos stored on YouTube in an iFrame on the website. The “Extended data protection mode” option is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video is information about it transmitted to YouTube and stored there. Your data may be transmitted to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and is thus committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information on the collection and use of data by YouTube and Google, your rights in this regard and ways to protect your privacy, please refer to YouTube’s privacy policy at https://www.youtube.com/t/privacy (https://www.youtube.com/t/privacy).
Use of FontAwesome
We use Font Awesome from Fonticons Inc (307 S Main St., Suite 202, Bentonville, AR, 72712-9214 USA “Font Awesome”) on our website. The purpose of data processing is to ensure the uniform display of fonts and icons on our website. To load the fonts, a connection to FontAwesome servers is established when the page is accessed.
Cookies may be used for this purpose. Among other things, your IP address and information about the browser you are using will be processed and transmitted to Font Awesome. Your data may be transferred to third countries, such as the USA. An adequacy decision of the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Font Awesome is not certified under the TADPF.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data processing and data protection can be found at https://fontawesome.com/privacy (https://fontawesome.com/privacy) and https://fontawesome.com/support (https://fontawesome.com/support).
Data subject rights and storage duration
Duration of storage
Once the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular under tax and commercial law, and then deleted after the period has expired, unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
You also have the right to object to processing based on Art. 6(1)(f) GDPR and to processing for the purposes of direct marketing in accordance with Art. 21(1) GDPR.
Right to lodge a complaint with the supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that your personal data is being processed unlawfully.
You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 981 1800930
Fax: +49 981 180093800
E-mail: poststelle@lda.bayern.de
Right to object
If the personal data processing listed here is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation.
Once you have objected, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
last update: December 21, 2024