Privacy policy
Privacy Policy
1. Controller
FOREVER GmbH
represented by the Managing Director Ebru Öz
Digital Transfer Applications Technology
Robert Bosch Str. 43
68542 Heddesheim
Germany
E-mail: info@forever-dtf.com
2. General Information on Data Processing
We process the personal data of our customers exclusively in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This includes in particular the collection, storage and use of personal data for the initiation and execution of contractual relationships via our online shop as well as for the fulfillment of legal obligations.
Personal data is all information relating to an identified or identifiable natural person, such as name, address, email address, order data, IP address or payment data.
3. Hosting and Operation of the Shop (Shopify)
Our online shop is operated via the service “Shopify”, a platform of Shopify International Ltd., 2nd Floor, 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, or affiliated companies of the Shopify Group.
Shopify provides the technical infrastructure for the shop, the checkout process as well as partially for payment processing and logistical processing, and processes the personal data collected in the course of using our shop (e.g. order data, IP addresses, browser data) on our behalf as a processor.
The processing is based on Art. 6 para. 1 lit. b GDPR (performance of a contract or pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure and efficient operation of our online shop). A data processing agreement has been concluded with Shopify, which provides appropriate safeguards for an adequate level of data protection.
4. Data Collection When Visiting the Website (Server Log Files)
When accessing our website, Shopify or the hosting service provider used by Shopify automatically collects information transmitted by your browser (so-called server log files). This includes in particular:
• IP address
• Date and time of the request
• Accessed page/file
• Amount of data transmitted
• Browser type and version used
• Operating system used
Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR to ensure a technically secure operation of the website, for error analysis and for defense against attacks.
5. Order in the Online Shop and Customer Account
If you place an order via our online shop, we process in particular the following data for the execution of the contract:
• Salutation, first and last name
• Billing and delivery address
• Email address
• Ordered products, prices, time of order
• Payment information (depending on the selected payment method)
The legal basis is Art. 6 para. 1 lit. b GDPR (performance of the purchase contract). Without this data, we cannot accept and process your order.
If the creation of a customer account is possible in our shop, we process the data provided by you for this purpose in order to facilitate future orders and provide order histories. The legal basis is Art. 6 para. 1 lit. b GDPR insofar as the customer account is necessary for the performance of the contract, as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in a convenient ordering process).
6. Shipping Service Providers DHL and UPS
For the delivery of the ordered goods, we pass on your delivery address as well as – insofar as necessary for delivery – your name to the shipping service providers commissioned by us. The legal basis for this is Art. 6 para. 1 lit. b GDPR, as the transfer is necessary for the performance of the purchase contract.
Delivery is carried out in particular by:
• DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn
• United Parcel Service Deutschland S.à r.l. & Co. OHG (UPS), Görlitzer Straße 1, 41460 Neuss
Your email address or telephone number will only be passed on to DHL or UPS for the purpose of parcel notification or coordination of delivery dates if you have expressly consented to this during the ordering process (Art. 6 para. 1 lit. a GDPR). Without your consent, only your name and delivery address will be transmitted to the shipping service providers.
You may revoke any consent given to the transfer of contact data to the shipping service provider at any time with effect for the future, e.g. by sending a message to the above-mentioned contact details of the controller.
7. Storage Period
We store your personal data only for as long as this is necessary to fulfill contractual and legal obligations. Statutory retention obligations, in particular under commercial and tax law, may provide for storage of up to ten years.
After expiry of the respective periods, the data will be deleted or anonymized, unless they are still required for the assertion, exercise or defense of legal claims (Art. 6 para. 1 lit. f GDPR).
8. Your Rights as a Data Subject
You have the following rights vis-à-vis us with regard to your personal data:
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to certain processing activities (Art. 21 GDPR)
If processing is based on your consent, you may revoke this consent at any time with effect for the future, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, regarding the processing of your personal data (Art. 77 GDPR).
9. Obligation to Provide Data
Within the scope of placing an order in our online shop, you are obliged to provide those personal data that are necessary for the establishment and performance of the purchase contract. Without this data, we cannot conclude or perform a contract with you.
10. Data Security
We implement technical and organizational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. This includes in particular SSL encryption of data transmission as well as internal access restrictions.
11. Amendments to this Privacy Policy
We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or to reflect changes to our services in the privacy policy. The respective current version shall apply to your renewed visit.
12. Payment Services (Shopify Payments/Stripe, PayPal, Klarna, Bank Transfer)
Shopify Payments (Stripe)
We offer the payment method “Shopify Payments” in our online shop. The service provider is Shopify International Ltd., Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Within the scope of payment processing, Shopify Payments may use the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland, to carry out payments.
If payment is made via Shopify Payments, the payment data provided by you (e.g. name, billing address, bank details, credit card data, transaction data) will be transmitted to Shopify and Stripe insofar as this is necessary for payment processing.
The legal basis for processing is Art. 6 para. 1 lit. b GDPR (performance of contract) and, where applicable, Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient payment processing).
Further information on data protection at Shopify can be found at https://www.shopify.com/de/legal/datenschutz.
Information on data protection at Stripe can be found at https://stripe.com/en-de/privacy.
PayPal
We offer the payment method “PayPal”. The service provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
If you choose payment via PayPal, the payment data entered by you as well as further order data will be transmitted to PayPal insofar as this is necessary for payment processing. This may include in particular: name, address, email address, IP address as well as payment information (e.g. bank account or credit card data) and transaction-related data.
Data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (performance of contract) and, insofar as fraud prevention and risk analysis are concerned, on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Further information on data protection at PayPal can be found in PayPal’s privacy policy at https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE.
Klarna
We offer payment methods of the payment service provider Klarna for certain orders (e.g. “purchase on account”, “installment purchase” or “pay now”). The service provider is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.
If you select a Klarna payment method, personal data (e.g. name, address, email address, telephone number, bank details, credit card data, order information, payment and creditworthiness data) will be transmitted to Klarna.
Klarna uses this data under its own responsibility in particular for identity and creditworthiness checks, for payment processing and, if applicable, for fraud prevention.
The legal basis for the transfer is Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures and performance of contract) as well as our legitimate interest in secure payment processing pursuant to Art. 6 para. 1 lit. f GDPR.
Further information on data processing by Klarna can be found in Klarna’s privacy policy at https://www.klarna.com/uk/privacy/ or in the respective current version.
Payment by Bank Transfer
If you select payment by bank transfer, we process your payment data (e.g. name, bank details, IBAN, BIC, reference, transaction amount, date) for the purpose of processing the payment via our bank account.
The legal basis for this is Art. 6 para. 1 lit. b GDPR (performance of contract).
The data will be transmitted to the credit institution used by us insofar as this is necessary for payment processing. No further transfer will take place unless we are legally obliged to do so (e.g. tax retention obligations).
13. Google Analytics
We use the web analysis service “Google Analytics” on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies and comparable technologies that enable an analysis of your use of the website.
The information generated about your use of the website (e.g. pages accessed, your usage behavior, browser type, operating system, referrer URL, time of the server request) may be transmitted to servers of Google LLC in the USA and stored there.
We use Google Analytics with activated IP anonymization. In this case, your IP address is shortened within Member States of the European Union or in other contracting states of the EEA prior to transmission; only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG, which we obtain via a corresponding consent tool.
You may revoke your consent at any time with effect for the future via our consent tool. In addition, you may prevent the collection of data generated by the cookie by installing the browser add-on offered at https://tools.google.com/dlpage/gaoptout.
Further information on data processing by Google in connection with Google Analytics can be found at https://policies.google.com/privacy and at https://support.google.com/analytics.
14. Meta Pixel (Facebook/Instagram)
We use the “Meta Pixel” (also “Facebook Pixel”) on our website. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With the help of the Meta Pixel, the behavior of users can be tracked after they have been redirected to our website by clicking on a Meta advertisement (e.g. on Facebook or Instagram). This enables us to evaluate the effectiveness of our advertisements for statistical and market research purposes and to optimize our advertising activities.
Meta processes this data under its own responsibility in order to display personalized advertising to users in the Meta network, as well as for its own market research purposes.
When using the Meta Pixel, the following data is processed, among others: pages accessed, actions (e.g. purchases, form submissions), browser information, device information, IP address, if applicable Meta ID, referrer URL.
It cannot be excluded that data may be transmitted to servers of Meta Platforms, Inc. in the USA.
The legal basis for the use of the Meta Pixel is your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG, which we obtain via a consent tool.
You may revoke your consent at any time with effect for the future via our consent tool. In addition, you may specify in the settings of your Meta account which types of advertisements are displayed to you.
Further information on data processing by Meta can be found in Meta’s data policy at https://www.facebook.com/privacy/policy and in the information on the Meta Pixel and Custom Audiences at https://www.facebook.com/business/tools/meta-pixel.
15. Newsletter Distribution via Mailchimp
If you subscribe to our newsletter, we process your email address as well as, where applicable, further voluntary information (e.g. name) for the purpose of sending the newsletter. Our newsletters are sent with the help of the service provider “Mailchimp”. The service provider is Intuit Inc. (formerly The Rocket Science Group LLC), 2700 Coast Avenue, Mountain View, CA 94043, USA.
For the administration of subscriber data and the dispatch of newsletters, your data is processed on Mailchimp servers.
Mailchimp thus receives access to your newsletter data (email address, if applicable name, technical information on openings and clicks) in order to send the newsletter on our behalf and to evaluate it statistically.
The legal basis for sending the newsletter is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you grant when registering for the newsletter.
You may revoke your consent at any time with effect for the future by using the unsubscribe link contained in every newsletter.
Since Mailchimp is a service based in the USA, data is transferred to a third country.
Mailchimp relies on the standard contractual clauses adopted by the EU Commission pursuant to Art. 46 GDPR for these transfers, which are included in Mailchimp’s data processing terms.
Nevertheless, in the USA a lower level of data protection may exist compared to the EU, e.g. due to access rights of US authorities.
Further information on data protection at Mailchimp can be found at https://mailchimp.com/de/legal/privacy/ as well as on European data transfers at https://mailchimp.com/en/help/mailchimp-european-data-transfers/.