Privacy policy
1) Introduction and Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. The following explains how we handle your personal data when you use our website.
1.2 The controller within the meaning of the General Data Protection Regulation (GDPR) is: S-shaped UG (haftungsbeschränkt), Rudolfplatz 3 50674 Köln, Germany, Phone: 02241 9052080, Email: office@s-shaped.com.
2) Data Collection When Visiting Our Website
2.1 When you use our website for purely informational purposes, we only collect the data that your browser automatically transmits:
- Page visited
- Date and time of access
- Data volume transmitted
- Origin of the request (referrer)
- Browser used
- Operating system
- IP address (where applicable, anonymised)
Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in the stability and functionality of our website. This data is not passed on to third parties.
2.2 For security reasons, our website uses SSL encryption for the transmission of sensitive data.
3) Hosting and Content Delivery
For the hosting of our website, we use a provider that provides its services exclusively on servers within the EU. All data collected on our website is processed on these servers. We have concluded a data processing agreement with the provider.
4) Cookies
We use cookies to enable and enhance the use of our website. Cookies are small text files stored on your device. Some cookies are technically necessary; others are only set with your consent.
The processing of personal data by cookies is carried out either pursuant to Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent).
You can configure your browser to notify you about cookies and to decide individually whether to accept them. Please note that declining cookies may restrict the functionality of our website.
5) Contact
When you contact us (e.g. by email or contact form), we process the data you provide solely for the purpose of handling your enquiry. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry) or Art. 6(1)(b) GDPR if your enquiry relates to a contract. Your data will be deleted once the matter has been conclusively resolved.
6) Customer Account
If you create a customer account, we process the necessary data pursuant to Art. 6(1)(b) GDPR. Deletion of your account is possible at any time upon request. After deletion, your data will be removed unless statutory retention periods apply.
7) Direct Marketing
7.1 Email Newsletter
If you subscribe to our newsletter, we process your email address to send you regular offers and information. Further details are voluntary. We use the double opt-in procedure: you will only receive the newsletter after verifying your subscription via a confirmation link. The legal basis is Art. 6(1)(a) GDPR. You can unsubscribe at any time via the unsubscribe link in the newsletter or by contacting us.
For the dispatch of our emails and marketing notifications, we use the service Shopify Email provided by Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Your email address and any other voluntarily provided data are transmitted to Shopify and processed there for this purpose. We have concluded a data processing agreement with Shopify. Further information on data protection at Shopify is available at https://www.shopify.com/legal/privacy.
7.2 Stock Availability Notifications
For temporarily unavailable items, you can request an email notification. We will send you a one-time message when the item you selected becomes available again. Here too we use the double opt-in procedure. The legal basis is Art. 6(1)(a) GDPR.
7.3 Abandoned Cart Reminders
If you abandon a purchase before completing your order, you have the option to receive a one-time email reminder about the contents of your shopping cart. Here too we use the double opt-in procedure. The legal basis is Art. 6(1)(a) GDPR.
8) Order Processing
8.1 For the processing of deliveries and payments, we pass on the necessary personal data pursuant to Art. 6(1)(b) GDPR to shipping companies and payment service providers.
8.2 Payment service providers:
Apple Pay
Payment processing is handled by Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Your payment data is transmitted in encrypted form. Apple stores only anonymised transaction data. Further information: https://support.apple.com/en-gb/HT203027
Google Pay
Payment processing is handled by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. A one-time transaction number is transmitted; no real payment data. Further information: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
Klarna
Payment processing via Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. For payment methods where Klarna makes advance payment (e.g. invoice purchase), personal data is transmitted to Klarna for credit assessment purposes. The legal basis is Art. 6(1)(f) GDPR. Further information: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/credit_rating_agencies
PayPal
Payment processing via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. For advance payments via PayPal (invoice, instalment), data is transmitted for credit assessment. The legal basis is Art. 6(1)(f) GDPR.
Shopify Payments
Payment processing via Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Processing is carried out by Stripe Payments Europe Ltd. Further information: https://www.shopify.com/legal/terms-payments-de
9) Web Analytics
Google Analytics 4
We use Google Analytics 4 by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Cookies are set that collect information about your use of our website. Your IP address is truncated. Data may also be transferred to Google LLC servers in the USA. Google has joined the EU-US Data Privacy Framework.
Google Analytics 4 is used solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future via our cookie consent tool. Collected data is deleted after two months.
Google Analytics 4 can evaluate demographic characteristics (age, gender, interests) to identify target groups for marketing purposes. This data cannot be attributed to any specific person.
10) Retargeting and Conversion Tracking
Meta Pixel (Enhanced Matching)
We use the "Meta Pixel" service with enhanced matching by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. When you click on our Meta ads, a cookie is set that collects certain customer data (e.g. email address) and transmits it to Meta. The purpose is to make our ads more effective and to measure the success of campaigns (conversion tracking).
Processing is carried out solely on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time via the cookie consent tool. We have concluded a data processing agreement with Meta. Meta has joined the EU-US Data Privacy Framework.
11) TikTok
11.1 TikTok Pixel and Conversion Tracking
We use the TikTok Pixel of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (for users in the European Economic Area). The TikTok Pixel is a JavaScript code snippet embedded on our website that records certain user actions (e.g. page views, adding to cart, purchases) and transmits them to TikTok. The purpose is to measure the success of our TikTok advertising campaigns (conversion tracking) as well as to optimise and retarget advertisements.
The following data may be processed: IP address (truncated), browser information, pages visited, purchase data and – where enhanced matching is enabled – hashed customer data such as email address or phone number.
The TikTok Pixel is used solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future via our cookie consent tool.
We expressly draw attention to the fact that TikTok (ByteDance Ltd.) may transfer data to servers in the USA and possibly to other third countries, including the People's Republic of China. There are currently no adequacy decisions by the European Commission for these data transfers. TikTok bases data transfers to third countries on standard contractual clauses pursuant to Art. 46(2)(c) GDPR. We have concluded a data processing agreement with TikTok. Further information is available in TikTok's privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/en.
11.2 TikTok Shop
We operate a shop via the TikTok Shop platform of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. When you place an order via TikTok Shop, the data required for contract processing (e.g. name, delivery address, payment data, order details) is transmitted to TikTok and processed there. The legal basis is Art. 6(1)(b) GDPR.
TikTok acts as an independent controller for data processing on the platform. We have concluded a joint controller agreement with TikTok pursuant to Art. 26 GDPR. Information on data processing by TikTok Shop is available at https://www.tiktok.com/legal/page/eea/privacy-policy/en.
11.3 TikTok Organic Content and Profile
We maintain a company profile on TikTok. When you visit our profile or interact with our content, TikTok processes personal data as an independent controller in accordance with its own privacy policy. We have no influence over this data processing. The legal basis for our presence on TikTok is Art. 6(1)(f) GDPR (legitimate interest in communicating with customers and marketing our products).
12) Website Analytics with Microsoft Clarity
We use Microsoft Clarity, a web analytics service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Clarity records user behaviour on our website through session recordings and heatmaps. Mouse movements, clicks, scroll behaviour and page interactions are recorded in order to improve the usability of our website. The data processed may also include a truncated IP address.
Microsoft Clarity is used solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future via our cookie consent tool. Data may also be transferred to Microsoft Corporation servers in the USA. Microsoft has joined the EU-US Data Privacy Framework, which ensures the European level of data protection on the basis of an adequacy decision by the European Commission.
We have concluded a data processing agreement with Microsoft. Further information on data protection at Microsoft Clarity is available at https://privacy.microsoft.com/en-gb/privacystatement.
13) Cookie Consent Tool
We use a cookie consent tool to obtain valid consent for cookies that require consent. The tool is displayed as an interactive user interface when the page is accessed. Cookies that require consent are only loaded after the corresponding consent has been given. The tool itself sets technically necessary cookies to store your preferences. The legal basis is Art. 6(1)(f) and (c) GDPR.
14) Your Rights
14.1 Under the GDPR you have the following rights against the controller:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to notification (Art. 19 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
14.2 RIGHT TO OBJECT: WHERE WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS PURSUANT TO ART. 6(1)(F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. IN THE EVENT OF AN OBJECTION, WE WILL CEASE PROCESSING UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS.
WHERE YOUR DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME.
15) Retention Period
Personal data is stored for as long as necessary for the respective processing purpose: for consent-based processing until consent is withdrawn; for statutory retention periods until they expire; for legitimate interest until the right of objection is exercised. Otherwise, data is deleted as soon as it is no longer required for the processing purpose.