PRIVACY POLICY

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1

We are pleased that you are visiting our website and thank you for your interest. The following provides information on how we handle your personal data when you use our website. Personal data refers to any information that can be used to personally identify you.

1.2

The responsible party for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Velro London. The party responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

When you visit our website for informational purposes only, meaning you do not register or provide us with any other information, we collect only the data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following data, which is necessary for technical reasons to display the website:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referral from which you accessed the page
  • Browser used
  • Operating system used
  • IP address (if applicable, in anonymized form)

Processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. However, we reserve the right to retrospectively review the server log files if there are concrete indications of unlawful use.

3) COOKIES

To make visiting our website more attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after your browser session ends (session cookies), while others remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are placed, they collect and process certain user information such as browser data, location data, and IP addresses. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Some cookies are used to simplify the ordering process (e.g., remembering the contents of a shopping cart for a future visit). If personal data is processed through individual cookies, processing is carried out in accordance with Article 6(1)(b) GDPR (contract execution) or Article 6(1)(f) GDPR (legitimate interest in the best possible website functionality and a user-friendly experience).

We may work with advertising partners who help us make our website more engaging for users. In this case, third-party cookies may be stored on your device when you visit our website. If this occurs, you will be informed individually and separately in the sections below.

You can configure your browser settings to inform you about cookie placement, allow you to accept them on a case-by-case basis, or reject them entirely. Each browser differs in how it manages cookie settings. Below are links to instructions for adjusting cookie settings in different browsers:

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) CONTACTING US

When you contact us (e.g., via contact form or email), personal data is collected. The type of data collected is shown in the contact form. This data is stored and used exclusively to respond to your inquiry and for the necessary technical administration.

The legal basis for processing this data is our legitimate interest in responding to your inquiry under Article 6(1)(f) GDPR. If your contact is aimed at entering into a contract, the additional legal basis is Article 6(1)(b) GDPR. Your data will be deleted after your request has been fully processed unless there are statutory retention obligations that prevent deletion.

5) DATA PROCESSING FOR ACCOUNT CREATION AND CONTRACT EXECUTION

In accordance with Article 6(1)(b) GDPR, personal data is collected and processed if you provide it to us to create a customer account or place an order. The specific data collected is determined by the input fields in our forms.

  • You can delete your customer account at any time by sending a request to the responsible party listed above.
  • We store and use your provided data for contract processing.
  • After contract completion or account deletion, your data will be locked and deleted after tax and commercial retention periods expire, unless you explicitly consent to further use or we reserve the right to legally permitted further use.

6) USE OF YOUR DATA FOR DIRECT MARKETING

6.1 Subscription to Our Email Newsletter

When you subscribe to our email newsletter, we send you regular updates about our offers. The only mandatory information required for sending the newsletter is your email address. Any additional data is voluntary and is used to personalize your newsletter experience.

We use a double opt-in process, meaning we will only send newsletters after you explicitly confirm your subscription via email verification. You can unsubscribe at any time using the link in the newsletter or by contacting us directly.

After unsubscribing, your email address will be removed from our newsletter database unless you have explicitly consented to its further use or we are legally permitted to retain it.

7) DATA PROCESSING FOR ORDER PROCESSING

7.1 Transmission of Personal Data for Order Fulfillment

To fulfill our contractual obligations, we may share your personal data with logistics companies responsible for shipping your order. Additionally, payment-related data may be shared with the bank or payment service provider handling the transaction.

Legal basis: Article 6(1)(b) GDPR.

7.2 Use of Payment Service Providers (Payment Services)

  • PayPal
    When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal, your payment details will be transmitted to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). The transmission takes place in accordance with Article 6(1)(b) GDPR and only insofar as it is necessary for payment processing.

    PayPal reserves the right to conduct a credit check for certain payment methods, such as credit card via PayPal, direct debit via PayPal, or "purchase on account" or "installment payment" via PayPal. For this purpose, your payment details may be transmitted to credit agencies in accordance with Article 6(1)(f) GDPR, based on PayPal's legitimate interest in assessing your creditworthiness. The result of the credit check will determine whether PayPal offers the respective payment method.

    The credit report may include probability values (score values) calculated based on scientifically recognized mathematical-statistical methods. Address data may also be included in these calculations. Further information on data protection, including the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

    You can object to the processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

  • SOFORT
    If you choose the "SOFORT" payment method, the payment will be processed via the SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT").** Your payment details and order information will be transmitted to SOFORT in accordance with Article 6(1)(b) GDPR for payment processing.

    SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The data transfer is conducted solely for payment processing and only to the extent necessary. Further information on SOFORT’s privacy policy can be found here: https://www.klarna.com/sofort/datenschutz

8) CONTACTING FOR REVIEW REMINDERS

Own Review Reminders (No Use of Customer Review Systems)

We use your email address to send a one-time reminder to review your purchase, provided that you have explicitly consented to this during or after placing your order in accordance with Article 6(1)(a) GDPR.

You can revoke your consent at any time by notifying the data controller listed at the beginning of this privacy policy.

9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook Plugins with Shariff Solution

Our website uses social plugins ("plugins") from the Facebook social network, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

To better protect your data, these buttons are not directly integrated as plugins but instead incorporated using an HTML link (Shariff method). This ensures that when you visit a page on our website containing these buttons, no connection is made to Facebook servers. Only when you click on the button does a new browser window open, directing you to Facebook’s page, where you can interact with the plugin.

Facebook Inc. is Privacy Shield certified, ensuring compliance with EU data protection standards. More details can be found here: https://www.facebook.com/policy.php

9.2 Google+ Plugins with Shariff Solution

We also use Google+ social plugins, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Similar to Facebook, we use the Shariff method to prevent immediate connections to Google servers when visiting our site. Clicking on the button will open Google+ in a new window, where you can log in and interact with the plugin.

Google LLC is Privacy Shield certified, ensuring compliance with EU data protection laws. More details can be found at: https://www.google.com/intl/de/policies/privacy/

9.3 Instagram Plugins with Shariff Solution

We use Instagram social plugins, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").

Like Facebook and Google+, the Instagram plugin is integrated using the Shariff method, meaning no direct connection is made to Instagram’s servers until you click on the button.

Instagram LLC is Privacy Shield certified, ensuring compliance with EU data protection regulations. More details can be found at: https://help.instagram.com/155833707900388/

10) ONLINE MARKETING

10.1 DoubleClick by Google

Our website uses DoubleClick by Google, an online marketing tool from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

DoubleClick places cookies to deliver relevant advertisements, optimize campaign performance, and prevent repeated ad displays. Through a cookie ID, Google tracks which ads are shown in which browser. Processing is based on Article 6(1)(f) GDPR due to our legitimate interest in marketing our website effectively.

Google LLC is Privacy Shield certified, ensuring compliance with EU data protection laws. More details can be found at: https://www.google.com/policies/technologies/ads/

10.2 Use of Google AdWords Conversion Tracking

This website uses the online advertising program "Google AdWords" and, as part of Google AdWords, the conversion tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google AdWords). We can determine the success of individual advertising measures in relation to the data of the advertising campaigns. We pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you, and achieving a fair calculation of advertising costs.

The cookie for conversion tracking is set when a user clicks on a Google AdWords ad. Cookies are small text files stored on your computer system. These cookies usually lose their validity after 30 days and do not serve personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Therefore, cookies cannot be tracked across AdWords customers' websites. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in tracking, you can block this use by deactivating the Google Conversion Tracking cookie in your Internet browser under user settings. You will then not be included in the conversion tracking statistics. We use Google AdWords based on our legitimate interest in targeted advertising in accordance with Art. 6 (1) lit. f GDPR.

Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the data protection level applicable in the EU.

Further information on Google's data protection regulations can be found at the following Internet address: https://www.google.de/policies/privacy/

You can permanently deactivate cookies for ad preferences by preventing them through the appropriate settings of your browser software or by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=de

Please note that certain functions of this website may not or only be used to a limited extent if you have deactivated the use of cookies.

11) WEB ANALYSIS SERVICES

Google (Universal) Analytics

  • Google Universal Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies," text files stored on your computer, enabling an analysis of your website usage. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server in the USA and stored there.

This website uses Google Analytics exclusively with the extension "_anonymizeIp()," which ensures the anonymization of the IP address by shortening it and excludes direct personal reference. Through this extension, your IP address is shortened beforehand by Google within member states of the European Union or other contracting states of the European Economic Area Agreement. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.

On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and Internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; however, please note that in this case, you may not be able to fully use all the functions of this website. You can also prevent Google from collecting and processing the data generated by the cookie related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, to the browser plug-in or within browsers on mobile devices, please click the following link to set an opt-out cookie that prevents the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you must click this link again): Deactivate Google Analytics

Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the data protection level applicable in the EU.

This website also uses Google Analytics for a cross-device analysis of visitor flows carried out via a user ID. When a page is accessed for the first time, a unique, permanent, and anonymized ID is assigned to the user, which is applied across devices. This allows interaction data from different devices and sessions to be assigned to a single user. The user ID does not contain personal data and does not transmit such data to Google.

Data collection and storage via the user ID can be objected to at any time with effect for the future. To do this, you must deactivate Google Analytics on all systems you use, for example, in another browser or on your mobile device. Deactivation can be carried out using a Google browser plugin (https://tools.google.com/dlpage/gaoptout?hl=de). Alternatively, to the browser plugin or within browsers on mobile devices, please click the following link to set an opt-out cookie that prevents the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you must click this link again): Deactivate Google Analytics

Further information on Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

12) RETARGETING/ REMARKETING/ RECOMMENDATION ADVERTISING

Facebook Custom Audience via the Pixel method

This website uses the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). If explicit consent is given, this allows the behavior of users to be tracked after they have viewed or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures.

The collected data is anonymous for us and does not provide us with any conclusions about the identity of users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/).

You can allow Facebook and its partners to display ads on and off Facebook. For this purpose, a cookie may also be stored on your computer. These processing operations are carried out exclusively with explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent to the use of the Facebook Pixel may only be given by users who are older than 13 years. If you are younger, we ask you to obtain permission from your legal guardians.

Facebook Inc., based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the data protection level applicable in the EU. To deactivate the use of cookies on your computer, you can set your internet browser so that no more cookies are placed on your computer in the future or so that already placed cookies are deleted. However, disabling all cookies may result in some functions on our website no longer being available. You can also deactivate the use of cookies by third-party providers such as Facebook on the Digital Advertising Alliance website at: https://www.aboutads.info/choices/

Google AdWords Remarketing

Our website uses the functions of Google AdWords Remarketing. With this feature, we advertise for this website in Google search results as well as on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google places a cookie in your device's browser, which automatically enables interest-based advertising based on a pseudonymous cookie ID and the pages you have visited. Processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f GDPR. Further data processing only takes place if you have given Google your consent for your internet and app browsing history to be linked to your Google account and for information from your Google account to be used for ad personalization on the web. If you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To this end, your personal data is temporarily linked by Google with Google Analytics data to form target groups.

You can permanently deactivate the setting of cookies for advertising preferences by downloading and installing the browser plugin available at the following link: https://www.google.com/settings/ads/onweb/

Alternatively, you can find out more about the setting of cookies and adjust your preferences at the Digital Advertising Alliance website at www.aboutads.info. Finally, you can configure your browser to notify you when cookies are set and to decide individually whether to accept them or exclude them in certain cases or generally. If cookies are not accepted, the functionality of our website may be restricted.

Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the data protection level applicable in the EU. Further information and Google's privacy policy regarding advertising can be found here: https://www.google.com/policies/technologies/ads/

13) RIGHTS OF THE DATA SUBJECT

13.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) with regard to the processing of your personal data by the controller, about which we inform you below:

  • Right of access (Art. 15 GDPR): You have the right to obtain information about your processed personal data, the purposes of processing, the categories of processed personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage duration or criteria for determining the storage duration, the existence of the right to rectification, deletion, restriction of processing, objection to processing, the right to lodge a complaint with a supervisory authority, the origin of your data if not collected from you, the existence of automated decision-making including profiling, and, if applicable, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you, and the guarantees in accordance with Art. 46 GDPR when transferring your data to third countries.

  • Right to rectification (Art. 16 GDPR): You have the right to immediate correction of inaccurate data concerning you and/or the completion of your incomplete data stored by us.

  • Right to deletion (Art. 17 GDPR): You have the right to request the deletion of your personal data under the conditions of Art. 17 Para. 1 GDPR. However, this right does not apply if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.

  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data under certain conditions, e.g., if the accuracy of your data is disputed, if you reject the deletion of unlawfully processed data and instead request the restriction of processing, if we no longer need your data but you require it to assert, exercise, or defend legal claims, or if you have objected to processing pending verification of whether our legitimate grounds override yours.

  • Right to notification (Art. 19 GDPR): If you have asserted your right to rectification, deletion, or restriction of processing, we are obligated to inform all recipients to whom your personal data has been disclosed unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller where technically feasible.

  • Right to withdraw consent (Art. 7 Para. 3 GDPR): You have the right to withdraw consent at any time with effect for the future. In the event of withdrawal, we will delete the affected data unless further processing can be based on a legal basis that does not require consent. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in the member state of your residence, workplace, or the place of the alleged violation.

13.2 RIGHT TO OBJECT

If we process your personal data based on our overriding legitimate interest, you have the right to object at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate reasons for processing that override your interests or if the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such advertising. If you exercise your right to object, we will stop processing your data for direct marketing purposes.

14) DURATION OF STORAGE OF PERSONAL DATA

The storage duration of personal data depends on the respective statutory retention period (e.g., commercial and tax retention periods). After the period expires, the data is routinely deleted unless it is still required for contract fulfillment or initiation, or if there is a legitimate interest in continued storage.