§ 1 Information on the collection of personal data

(1) In this privacy policy, we inform you about the collection of personal data when using our website. Personal data is any data that can be related to you personally, e.g., name, address, email addresses, and user behavior.

(2) The controller pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Protected Shops GmbH, Sonnenstraße 23, 80331 Munich, Tel: +49 (0) 89-72989050, Fax: +49 (0) 89-729890520, E-Mail: info@protectedshops.de.

(3) When you contact us by email or via a contact form, the data you provide (your email address, and optionally your name and telephone number) will be stored by us in order to answer your questions. We will delete the data collected in this context once storage is no longer necessary, or restrict processing if there are statutory retention obligations. The legal basis for this data collection is your legitimate interest in having your inquiry answered, pursuant to Art. 6 lit. f GDPR.

(4) If we use contracted service providers for individual functions of our service or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also specify the defined criteria for the storage period.

§ 2 Your rights

(1) You have the following rights with respect to your personal data:

• Right to information
• Right to rectification or erasure
• Right to restriction of processing
• Right to object to processing
• Right to data portability

(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

§ 3 Collection of personal data when visiting our website

(1) When you use our website for purely informational purposes, we only collect the personal data that your browser transmits to our server. This includes IP address, date/time, time zone, content and status of the request, transferred data volume, referrer, browser, OS, and language/version (Art. 6 para. 1 sentence 1 lit. f GDPR).

(2) In addition, cookies are stored on your computer when you use our website. They make the internet experience more user-friendly and effective. Cookies cannot run programs or transmit viruses.

(3) Use of cookies: a) This website uses transient (session) and persistent cookies. b) Transient cookies (session cookies) are deleted when you close your browser. c) Persistent cookies are deleted after a set period; you can remove them in your browser settings. d) You can configure your browser to refuse cookies (third-party or all). Some site functions may be limited. Instructions: Internet Explorer, Firefox, Chrome, Safari, Opera.

Section 3 Data processing during contract conclusion

(1) When you order a protection package contract from us, we collect and store your data for contract performance (Art. 6 lit. b GDPR). Mandatory fields are required; other information is voluntary.

(2) Payment is handled by BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main. We forward necessary order/payment data per Art. 6 para. 1 lit. b GDPR solely for payment processing.

(3) We must store address, payment, and order data for ten years due to commercial/tax law. After two years, processing is restricted to legal obligations.

(4) Ordering is encrypted via TLS to prevent unauthorized access.

§ 4 Newsletter

(1) With your consent you can subscribe to our newsletter for legal changes and offers.

(2) We use double opt-in: after registration we email you to confirm. If not confirmed within 24 hours, data is blocked and deleted after one month. We store IP, date/time for proof of consent.

(3) Mandatory data: email address. Additional data is voluntary. After confirmation we store the email for sending the newsletter (Art. 6 (1)(a) GDPR).

(4) You can withdraw consent at any time via link in the newsletter or by emailing info@protectedshops.de.

(5) We use Mailchimp (The Rocket Science Group, LLC) to send newsletters. Data is transferred to the USA on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). Mailchimp uses web beacons/tracking pixels for pseudonymized analysis; unsubscribe to object. A DPA based on EU SCCs is in place; Mailchimp privacy: https://mailchimp.com/legal/privacy/

§ 5 Evaluation request email

With your explicit permission we may send a one-time review reminder for Ausgezeichnet.org (Art. 6 para. 1 lit. a GDPR). You can revoke consent anytime via info@protectedshops.de.

Section 6 Rating Seal from Ausgezeichnet.org

We integrate the Ausgezeichnet.org rating seal (AUBII GmbH) to display ratings (Art. 6 para. 1 lit. f GDPR). A session cookie is set; no personal data is transmitted.

§ 7 Interface Usage

When you use the AGB Connect interface, data is transferred between our server and your shop server to update legal texts (Art. 6 lit. f GDPR). You can disable transfers anytime in settings.

§ 8 Use of the Livezilla live chat system

We use LiveZilla GmbH technology for web analytics and live chat. Pseudonymized profiles and cookies may be used (Art. 6 para. 1 lit. f GDPR). You can block cookies in your browser. Object to data collection by emailing us (see imprint).

§ 9 Transfer of data to partners

If you access via a partner and order from us, a cookie may link your order to the partner. With your explicit consent (Art. 6(1)(a) GDPR) we may transfer pseudonymized data for commission evaluation. Withdraw consent anytime with future effect.

§ 10 Storage period of your data

Storage duration follows statutory retention periods (e.g., commercial and tax). After expiry, data is routinely deleted unless required for contract fulfillment/initiation or we have a legitimate interest in continued storage.