Privacy policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is any data by which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Susanne Frühauf, HYBRIDPUNKBERLIN, c/o POSTFLEX PFX-423-868 – No parcels/returns, Emsdettener Straße 10, 48268 Greven, Germany, Tel.: 017631119879, E-Mail: hybridpunkberlin@web.de. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you visit our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/referral from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymised form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the "https://" string and the padlock symbol in your browser bar.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

3.3 Virtual Postal Service

For the provision of a business address and handling of incoming mail, we use the services of: POSTFLEX GmbH, Emsdettener Straße 10, 48268 Greven, Germany.

Incoming mail is digitised and made available to us electronically. Where such mail contains personal data, processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in professional mail handling. We have concluded a data processing agreement with the provider.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies — small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for longer and allow page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the storage period in your web browser's cookie settings.

Where individual cookies we use also process personal data, this is done pursuant to Art. 6(1)(b) GDPR for the performance of a contract, pursuant to Art. 6(1)(a) GDPR in the case of consent given, or pursuant to Art. 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of your visit.

You can set your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Judge.me

For review reminders, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom.

Solely on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR, we transmit your email address and, if applicable, other customer data to the provider so that they can contact you with a review reminder by email.

You can revoke your consent at any time with future effect towards us or the provider.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2 In the context of contacting us (e.g. via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your enquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter has been conclusively resolved and provided there are no statutory retention obligations.

6) Data Processing When Opening a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us when opening a customer account. The data required to open an account can be found in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the controller's address above. After deletion of your customer account, your data will be deleted provided all contracts concluded through it have been fully processed, there are no statutory retention periods, and we have no legitimate interest in continued storage.

7) Data Processing for Order Fulfilment

7.1 To the extent necessary for contract fulfilment for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution pursuant to Art. 6(1)(b) GDPR.

To fulfil your order, we also work with the following service providers who support us fully or partially in the execution of concluded contracts. Certain personal data is transmitted to these service providers as set out below.

7.2 Payment Service Providers

Apple Pay

If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" function on your iOS, watchOS or macOS device by charging a payment card stored in "Apple Pay". Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. Payment authorisation requires entry of a code you have previously set and verification via the "Face ID" or "Touch ID" function of your device.

For payment processing purposes, your order information is passed to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay. The encryption ensures that only the website through which the purchase was made can access the payment data. After payment, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm payment success.

Where personal data is processed in the described transmissions, processing occurs solely for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.

Apple retains anonymised transaction data including approximate purchase amount, approximate date and time, and whether the transaction was completed successfully. Anonymisation fully excludes personal identification. Apple uses anonymised data to improve Apple Pay and other Apple products and services.

Further information on data protection at Apple Pay: https://support.apple.com/en-us/HT203027

Google Pay

If you choose "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment is processed via the Google Pay app on your mobile device running at least Android 4.4 ("KitKat") with NFC, by charging a payment card or verified payment system stored in Google Pay. Payments over €25 require prior unlocking of your device via your configured verification method.

For payment processing, your order information is passed to Google. Google then transmits your Google Pay payment information as a one-time transaction number to the originating website. This number contains no real payment data but is created and transmitted as a one-time valid numeric token. In all Google Pay transactions, Google acts solely as an intermediary. The transaction is executed exclusively between you and the originating website.

Where personal data is processed, this occurs solely for payment processing pursuant to Art. 6(1)(b) GDPR.

Privacy information: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If you choose a payment method where you pay upfront (e.g. credit card), your payment data (including name, address, bank and card information, currency and transaction number) and order details are passed to the provider pursuant to Art. 6(1)(b) GDPR solely for payment processing.

If you choose a payment method where the provider pays upfront (e.g. invoice, instalment or direct debit), you will be asked to provide certain personal data (first and last name, street, house number, postcode, city, date of birth, email address, phone number, and if applicable alternative payment data).

To protect our legitimate interest in assessing customers' ability to pay, this data is forwarded to the provider pursuant to Art. 6(1)(f) GDPR for a credit assessment. The provider assesses based on your data and additional information (such as basket, invoice amount, order history, payment experience) whether the selected payment option can be granted.

Credit information may contain probability values (score values) based on scientifically recognised mathematical-statistical methods.

You can object to this processing at any time by contacting us or the provider. However, the provider may remain entitled to process your data to the extent necessary for contractual payment processing.

PayPal

One or more online payment methods from the following provider are available: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you choose a payment method where you pay upfront, your payment data and order details are passed to the provider pursuant to Art. 6(1)(b) GDPR solely for payment processing.

If you choose a method where we pay upfront, you will be asked for personal data for a credit assessment, which is forwarded to the provider pursuant to Art. 6(1)(f) GDPR. You can object to this processing at any time.

Shopify Payments

One or more online payment methods from the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

If you choose a payment method where you pay upfront (e.g. credit card), your payment data and order details are passed to the provider pursuant to Art. 6(1)(b) GDPR solely for payment processing.

8) Web Analytics

8.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your use of our website.

When you visit the website, Google Analytics 4 sets cookies that collect certain information including your IP address, which Google shortens to exclude direct personal identification. The information is transmitted to Google's servers and processed there, including possible transfers to Google LLC in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet use. The truncated IP address transmitted by your browser within Google Analytics is not merged with other Google data. Data collected via Google Analytics 4 is stored for two months and then deleted.

All processing described above, in particular the setting of cookies, only takes place if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You can revoke your consent at any time by deactivating this service via the Cookie Consent Tool on the website.

We have concluded a data processing agreement with Google ensuring protection of our visitors' data and prohibiting unauthorised disclosure.

Further information: https://business.safety.google/intl/en/privacy/, https://policies.google.com/privacy and https://policies.google.com/technologies/partner-sites

Demographic Features Google Analytics 4 uses the "demographic features" function to generate statistics about the age, gender and interests of site visitors through analysis of advertising and third-party information. The collected data cannot be attributed to any specific person and is deleted after two months.

Google Signals As an extension to Google Analytics 4, Google Signals may be used on this website for cross-device reporting. If you have enabled personalised ads and linked your devices to your Google account, Google may, subject to your consent pursuant to Art. 6(1)(a) GDPR, analyse your usage behaviour across devices. We receive only statistics, not personal data. To stop cross-device analysis, disable "Personalised advertising" in your Google account settings: https://support.google.com/My-Ad-Center-Help/answer/12155764

UserIDs As an extension to Google Analytics 4, the "UserIDs" function may be used. If you have consented to Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, created an account on this website and log in on different devices, your activities including conversions may be analysed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework ensuring compliance with the European level of data protection.

8.2 Shopify Analytics

This website uses the web analytics service of: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

Using cookies and/or comparable technologies, the service collects and stores pseudonymised visitor data to evaluate usage behaviour and create pseudonymised usage profiles. Pseudonymisation fundamentally excludes direct personal identification. No merging with other personal data takes place.

All processing described above only takes place if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time via the Cookie Consent Tool on the website.

We have concluded a data processing agreement with the provider. For data transfers to Canada, an adequate level of protection is ensured by an adequacy decision of the European Commission.

9) Retargeting / Remarketing and Conversion Tracking

Meta Pixel with Advanced Matching

Within our online offering, we use the "Meta Pixel" service in advanced matching mode from: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

When you click on an ad we place on Facebook or Instagram, Meta Pixel extends the URL of our linked page with a parameter. This parameter is then stored in a cookie set by our linked page. This cookie also captures specific customer data such as your email address collected on our website during purchases, account logins or registrations (advanced matching). The cookie is then read and enables transmission of this data including your specific customer data to Meta.

We use Meta Pixel with advanced matching to make our ads on Facebook and/or Instagram more effective and to ensure they match your interests or certain characteristics, which we transmit to Meta ("Custom Audiences"). We also analyse the effectiveness of our ads by tracking whether users were directed to our website after clicking an ad (conversion tracking).

All transmitted data is stored and processed by Meta, enabling assignment to the respective user profile, and Meta may use the data for its own advertising purposes pursuant to Meta's data use policy (https://www.facebook.com/about/privacy/).

We have concluded a data processing agreement with the provider. Information generated by Meta is transferred to and stored on Meta's servers, including possible transfers to Meta Platforms Inc. servers in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework ensuring compliance with the European level of data protection.

Pinterest Tag

On this website we use the "Pinterest Tag" from the following provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest Tag allows us to track the actions of users after they have seen or clicked a Pinterest ad, enabling us to evaluate user behaviour and optimise our Pinterest ads (conversion tracking). The data collected is anonymous to us and does not allow conclusions about individual persons. However, the data is stored and processed by Pinterest, enabling a connection to the respective user profile.

Further information on Pinterest's privacy policy: https://policy.pinterest.com/en/privacy-policy

10) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called "Cookie Consent Tool" to obtain effective user consent for cookies and cookie-based applications requiring consent. The tool is displayed to you when you visit the website as an interactive interface through which you can give consent for specific cookies and/or cookie-based applications. The tool ensures that all cookies/services requiring consent are only loaded when you give the corresponding consent. This ensures that such cookies are only set on your device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed.

Where personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies.

A further legal basis is Art. 6(1)(c) GDPR. As controller, we are under a legal obligation to make the use of technically unnecessary cookies dependent on user consent.

Where required, we have concluded a data processing agreement with the provider ensuring protection of our visitors' data and prohibiting unauthorised disclosure.

Further information about the operator and settings options of the Cookie Consent Tool can be found directly in the corresponding interface on our website.

11) Rights of the Data Subject

11.1 Applicable data protection law grants you the following data subject rights (rights of access and intervention) against us as controller regarding the processing of your personal data:

Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to notification pursuant to Art. 19 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to withdraw consent pursuant to Art. 7(3) GDPR
Right to lodge a complaint pursuant to Art. 77 GDPR

11.2 RIGHT TO OBJECT

WHERE WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS PURSUANT TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME WITH FUTURE EFFECT ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. CONTINUED PROCESSING REMAINS RESERVED WHERE WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR WHERE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

WHERE YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

12) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the applicable legal basis, the processing purpose and, where applicable, the statutory retention period (e.g. commercial and tax law retention periods).

Where personal data is processed on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, the data is stored until you withdraw your consent.

Where statutory retention periods exist for data processed on the basis of Art. 6(1)(b) GDPR, the data is routinely deleted after expiry of the retention periods, provided it is no longer required for contract performance or initiation and we have no legitimate interest in continued storage.

Where personal data is processed on the basis of Art. 6(1)(f) GDPR, the data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or processing serves the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, the data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this policy about specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Item added to your cart

Privacy policy

Country/region

Language