Privacy Policy
1) Information on the Collection of Personal Data and Contact Information of the Data Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can be used to personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is: Email: contact@kaevon.co. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the lock icon in your browser address bar.
2) Data Collection When Visiting Our Website
When using our website for informational purposes only—that is, if you do not register or otherwise provide us with information—we collect only the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
The page visited
Date and time of access
Amount of data transferred in bytes
Source/referrer from which you accessed the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.
3) Hosting and Content Delivery Network
Hosting by Shopify
We use the online store platform provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online store on a processing-on-behalf-of-us basis. All data collected on our website is processed on Shopify’s servers. As part of the aforementioned services provided by Shopify, data may also be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on our behalf. In the event of data transfer to Shopify Inc. in Canada, an adequacy decision by the European Commission ensures an adequate level of data protection. Further information on Shopify’s data protection practices is available at the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify takes place only within the scope described below.
4) Cookies
To make your visit to our website more engaging and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.
If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, in accordance with Article 6(1)(a) of the GDPR in the event that consent has been given, or in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website as well as a user-friendly and effective design of the site visit.
You can configure your browser to notify you when cookies are set and decide individually whether to accept them, or to exclude the acceptance of cookies in specific cases or generally.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contacting Us
When you contact us (e.g., via the contact form or email), personal data is processed—exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary for that purpose. The legal basis for the processing of this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that no statutory retention obligations preclude this.
6) Use of Customer Data for Direct Marketing
Subscription to Our Email Newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for receiving the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For newsletter distribution, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters once you have explicitly confirmed your consent to receive them by clicking on a verification link sent to the email address you provided
By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, to enable us to trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this scope, which is permitted by law and about which we inform you in this statement.
7) Data Processing for Order Processing
7.1 To the extent necessary for contract fulfillment for delivery and payment purposes, the personal data we collect will be transferred to the contracted shipping company and the contracted financial institution in accordance with Art. 6(1)(b) GDPR.
If, based on a corresponding contract, we are obligated to provide updates for goods with digital elements or for digital products, we process the contact details you provided when placing your order (name, address, email address) to personally inform you, within the scope of our statutory information obligations pursuant to Article 6(1)(c) of the GDPR, via an appropriate communication channel (such as by mail or email) about upcoming updates within the period prescribed by law. Your contact details are used strictly for the specific purpose of communicating updates we are obligated to provide and are processed by us for this purpose only to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s), who assist us in whole or in part with the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
7.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We disclose your name, delivery address, and, if necessary for delivery, your phone number to a shipping partner selected by us, exclusively for the purpose of delivering the goods (Art. 6(1)(b) GDPR).
7.3 Use of Payment Service Providers
- Amazon Pay
If you select the “Amazon Pay” payment method, payment processing is handled by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: “Amazon Payments”), to whom we will disclose the information you provided during the ordering process, along with information about your order, in accordance with Art. 6(1)(b) GDPR. Your data will be disclosed exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this purpose. If cookies—i.e., small text files stored on your device—are set when using Amazon Pay, this is done exclusively on the basis of your explicit consent pursuant to Article 6(1)(a) of the GDPR. This consent may be revoked at any time via the “Cookie Consent Tool” implemented on the website. You can find further information about Amazon Payments’ privacy policy at the following web address: https://pay.amazon.de/help/82974
- EPS Bank Transfer
If you select the “EPS Bank Transfer” payment method, payment processing is handled by the payment service provider PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria, to whom we will disclose the information you provided during the ordering process, along with information about your order, in accordance with Article 6(1)(b) of the GDPR. Your data is transferred exclusively for the purpose of payment processing with the aforementioned payment service provider and only to the extent necessary for this purpose. You can find further information about the relevant data protection provisions of PSA Payment Services Austria GmbH at the following web address: https://eservice.psa.at/de/datenschutzerklaerung.html
- giropay
When paying via “giropay,” payment processing is handled by giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to whom we disclose the information you provided during the ordering process along with the details of your order. The transfer of your data is carried out in accordance with Art. 6(1)(b) GDPR exclusively for the purpose of payment processing and only to the extent necessary for this purpose. You can find further information about the privacy policy of giropay GmbH at the following web address: https://www.giropay.de/rechtliches/datenschutzerklaerung
- Klarna
If you select a Klarna payment service, payment processing is handled by Klarna Bank AB (publ), https://www.klarna.com/de/, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). To enable payment processing, your personal data (first and last name, street, house number, ZIP code, city, gender, email address, phone number, and IP address) as well as data related to the order (e.g., invoice amount, items, delivery method) will be shared with Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this during the ordering process in accordance with Article 6(1)(a) of the GDPR. You can view which credit bureaus your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). To the extent that score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but not exclusively, address data. Klarna uses the information received regarding the statistical probability of a payment default to make a balanced decision regarding the establishment, performance, or termination of the contractual relationship.
You may revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
Your personal data will be processed in accordance with applicable data protection regulations and in accordance with the information provided in Klarna’s Privacy Policy for data subjects residing in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects residing in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy - - PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—“purchase on account” or “installment payment” via PayPal, we will disclose your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). This transfer is made in accordance with Art. 6(1)(b) of the GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or—if offered—“purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be transferred to credit bureaus in accordance with Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check—specifically the statistical probability of payment default—to decide whether to provide the respective payment method. The credit report may contain probability values (so-called score values). To the extent that score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things, but not exclusively, address data. For further information regarding data protection, including details on the credit bureaus used, please refer to PayPal’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
- SOFORT
If you select the “SOFORT” payment method, payment processing is handled by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we transfer the information you provided during the ordering process, along with information about your order, in accordance with Art. 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transferred exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose. You can find further information about SOFORT’s privacy policy at the following web address: https://www.klarna.com/sofort/datenschutz.
- Skrill
If you choose a payment method offered by the payment service provider Skrill, payment processing is handled by the payment service provider Skrill Ltd., Floor 27, 25 Canada Square, London, E14 5LQ, England, to whom we will transfer the information you provided during the ordering process, along with information about your order (name, address, account number, bank routing number, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Article 6(1)(b) of the GDPR. Your data is transferred exclusively for the purpose of payment processing with the payment service provider Skrill Ltd. and only to the extent necessary for this purpose. - - Stripe
If you choose to pay via the payment service provider Stripe, payment processing will be handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will transfer the information you provided during the ordering process, along with information about your order (name, address, account number, bank routing number, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Article 6(1)(b) of the GDPR. Further information on Stripe’s privacy policy can be found at https://stripe.com/de/privacy#translation.
Stripe reserves the right to conduct a credit check based on mathematical-statistical methods to safeguard its legitimate interest in determining the user’s solvency. Stripe may transmit the personal data necessary for a credit check and obtained in the course of payment processing to selected credit reporting agencies, which Stripe discloses to users upon request. The credit report may contain probability values (so-called score values). To the extent that score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of the score values includes, among other things but not exclusively, address data. Stripe uses the result of the credit check regarding the statistical probability of default to determine eligibility to use the selected payment method.
You may object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
8) Online Marketing
Facebook Pixel for Creating Custom Audiences (with Cookie Consent Tool)
Our website uses the so-called “Facebook Pixel” from the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).
If a user clicks on an advertisement placed by us that is displayed on Facebook, the Facebook Pixel adds a parameter to the URL of our linked page. If our page allows data sharing with Facebook via the Pixel, this URL parameter is stored in the user’s browser via a cookie set by our linked page itself. This cookie is then read by the Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook Pixel, Facebook is able, on the one hand, to identify visitors to our online offering as a target group for the display of ads (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to display the Facebook Ads we place only to those Facebook users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also aim to ensure that our Facebook Ads align with users’ potential interests and do not come across as intrusive. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The collected data is anonymous to us, meaning it does not allow us to identify individual users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile and enabling Facebook to use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to display advertisements on and off Facebook.
The data processing associated with the use of the Facebook Pixel takes place exclusively with your express consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.
9) Rights of the Data Subject
9.1 Under applicable data protection law, you have the following rights as a data subject (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data; please refer to the cited legal basis for the respective conditions for exercising these rights:
Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to be informed pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent pursuant to Art. 7(3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.
9.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.
10) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and—where applicable—additionally by the respective statutory retention period (e.g., retention periods under commercial and tax law).
When processing personal data based on explicit consent pursuant to Art. 6(1)(a) GDPR, this data is stored until the data subject revokes their consent.
If statutory retention periods exist for data processed within the scope of contractual or quasi-contractual obligations based on Article 6(1)(b) of the GDPR, this data is routinely deleted upon expiration of the retention periods, provided they are no longer necessary for the performance or initiation of a contract and/or we no longer have a legitimate interest in further storage.
When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data is stored until the data subject exercises their right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.
When processing personal data for the purpose of direct marketing based on Article 6(1)(f) of the GDPR, this data is stored until the data subject exercises their right to object under Article 21(2) of the GDPR.
Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.