Data protection declaration

Data protection declaration

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
“Personal data” is any information relating to an identified or identifiable natural person.


Server log files
You can use our websites without submitting personal data. 
Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
 
Contact

Responsible person
Contact us at any time. The person responsible for data processing is: 
Frank Ellenberger c/o Maui Ultra Fins, Krügerstr. 5, 24943 Flensburg Deutschland, 04619993926, frank.ellenberger@mauiultrafins.com


Proactive contact of the customer by e-mail
If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use.
 
Collection and processing when using the contact form 
When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Finally your data will be deleted, unless you have agreed to further processing and use.
 

Customer account      Orders      

Customer account
When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.
 
Collection, processing, and transfer of personal data in orders
When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfilment and handling of your order as well as processing of your queries. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfilment of a contract with you. 
Your data is transferred here for example to the shipping companies and dropshipping providers, payment service providers, service providers for handling the order and IT service providers that you have selected. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.
 

Advertising      

Use of your email address for mailing of newsletters
We use your email address outside of contractual processing exclusively to send you a newsletter for our own marketing purposes, if you have explicitly agreed to this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can unsubscribe from the newsletter at any time using the relevant link in the newsletter or by contacting us. Your email address will then be removed from the distributor.
 
Use of your email address for mailing of direct marketing 
We use your email address, which we obtained in the course of selling a good or service, for the electronic transmission of marketing for our own goods or services which are similar to those you have already purchased from us, unless you have objected to this use. You must provide your email address in order to conclude a contract. Failure to provide it will prevent the conclusion of any contract. The processing will be carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the contact details for exercising your right to object in our imprint. You can also use the link provided in the marketing email. This will not involve any costs other than transmission costs at basic tariffs.
 

Merchandise management      

Use of an external merchandise management system
We use a merchandise management system in the course of order processing for the purposes of contractual processing. For this purpose your personal data as collected in the course of the order will be sent to
JTL-Software-GmbH, Rheinstr. 7, 41836 Hückelhoven, Germany 


Payment service providers      

The use of PayPal Check-Out
We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of payment via PayPal, credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO.

Cookies may be stored that enable your browser to be recognised. The resulting data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in a customer-oriented range of varying payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.

Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal.
For individual payment methods such as credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right, if necessary, to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The credit information may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen.

Local third-party providers
When paying via the payment method of a local third-party provider, the data required for payment processing is transmitted to PayPal. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO.  For the execution of this payment method, the data may then be forwarded by PayPal to the respective provider. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO. Local third-party providers may be, for example:

- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany).
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)

Purchase on account via PayPal
When paying via the payment method purchase on account, the data required to process the payment is first transmitted to PayPal. For the execution of this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO. Ratepay may conduct a credit check on the basis of mathematical-statistical methods using credit agencies according to the procedure already described above. The data processing serves the purpose of credit assessment for contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in protecting against payment default when Ratepay makes advance payments. For more information on data protection and which credit agencies Ratpay uses, please visit https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.

For more information on data processing when using PayPal, please see the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.


Use of SOFORT
On our website we use the payment service provider SOFORT GmbH, (Theresienhöhe 12, 80339 Munich, Germany; "SOFORT") for payment processing. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The data processing serves the purpose of allowing us to offer you various payment methods by processing payments via the payment service provider SOFORT. Once you have chosen the payment option, the data required to process the payment will be transmitted to SOFORT. This data processing is carried out on the basis of Article 6 para. 1 lit. b GDPR. For more information on data processing in connection with the use of the payment service provider SOFORT, please visit https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/ and https://www.klarna.com/sofort/.



Cookies 

Our website uses cookies. Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.


Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac


technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognise your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change.

The use of cookies or comparable technologies is carried out on the basis of Art. 25 para. 2 TTDSG. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services.

You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.

Use of the EU Cookie Plug-in
We use on our website the EU Cookie plug-in from WebStollen GmbH (Prinz-Ludwig-Str. 15, D-93055 Regensburg, Germany; "WebStollen").
The plug-in enables you to give your consent to data processing via the website, in particular to set cookies, as well as to make use of your right of revocation for consents already provided. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies are used for this purpose. Among other things the following information can be collected and stored: encrypted IP address, consent status, date and time of the consent, expiry date of the consent. This data will not be passed on to third parties.
The data processing is carried out on the basis of Article 6 para. 1 lit. c GDPR to comply with a legal obligation.
For more information on data protection at WebStollen, please visit: https://www.webstollen.de/Datenschutzerklaerung.



Analysis      

Use of Google Analytics 4
We use the Google Analytics web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. 
In this context, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google may have about you.
 
Your IP address will first be truncated by us on our own servers. Google thus only receives pseudonymised data.


Plug-ins

Use of social plug-ins via “Shariff”
Our website uses social network plug-ins. We use data protection-compliant “Shariff” buttons to ensure that you retain control over your data.No connection is made to the social network servers and no data submitted without your explicit consent. “Shariff” was developed by specialists at the computer magazine c't. It enables more personal privacy in the network and replaces the usual social network "share" buttons. You can find more information on the Shariff project here https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
When you click the buttons a pop-up window appears, allowing you to log on with the relevant provider using your data. It is only after you actively login that a direct connection to the social network is set up. By logging in, you give your permission for the transfer of your data to the respective social media provider. At this time, information such as your IP address and which websites you have visited is transmitted. Should you be connected simultaneously with one or more of your social network accounts, the information collected is also assigned to your corresponding profiles. Therefore, you can only prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts. The social networks listed below are integrated with the “Shariff” function. You can find more detailed information on the scope and purpose of collection and use of the data, your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.
 
Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://www.facebook.com/policy.php
Your data may be transmitted to the USA. 
For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland)  https://help.instagram.com/155833707900388.
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.

LinkedIn by LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn is not certified under the TADPF.

X (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Irland)
https://twitter.com/privacy
https://twitter.com/personalization
Your data may be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). X is not certified under the TADPF. 

Use of Google reCAPTCHA
Our website uses the reCAPTCHA service by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). The request serves to distinguish whether the input was made by a human or automatic machine processing. For this purpose your input will be transmitted to Google and used by them further. In addition, the IP address and any other data required by Google for the reCAPTCHA service will be transferred to Google. This data will be processed by Google within the EU and potentially also in the USA. 
For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para.1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on Google reCAPTCHA and the associated data protection declaration at: https://www.google.com/recaptcha/intro/android.html and 
Use of GoogleMaps
Our website uses the function for embedding Google Maps by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google")
This feature visually represents geographical information and interactive maps. Google also collects, processes and uses data on visitors to the website when they call up pages with embedded Google maps.
Your data may also be transmitted to the USA. 
For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles. 
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
Further information on the data collected and used by Google, your rights and privacy can be found in Google’s privacy policy at https://www.google.com/privacypolicy.html. You also have the option of changing your settings in the data protection centre, allowing you to administer and protect the data processed by Google.

Use of YouTube
Our website uses the function for embedding YouTube videos by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube"). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
This feature shows YouTube videos in an iFrame on the website. The option "advanced privacy mode" is enabled here. This prevents YouTube from storing information on visitors to the website. It is only if you watch a video that information is transmitted to and stored by YouTube. Your data may be transmitted to the USA. 
For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
Further information on the data collected and used by YouTube and Google and your associated rights and options for protecting your privacy can be found in YouTube’s privacy policy (https://www.youtube.com/t/privacy).


Using Vimeo
Our website uses plug-ins from Vimeo Inc. (555 West 18th Street New York, New York 10011, USA; "Vimeo") to integrate videos into the "Vimeo" portal.
If you access pages on our website that contain this kind of plug-in, this will generate a connection to the Vimeo server and indicate the plug-in on the site by means of a message in your browser. Information such as your IP address and which websites you have visited will be transmitted to the Vimeo server.
If you are logged into Vimeo, Vimeo will assign this information to your personal user account. When using the plug-in functions (e.g. starting a video by pressing the appropriate button), this information will also be assigned to your Vimeo account.

Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo is not certified under the TADPF.
The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: 
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
Further information on the purpose and scope of enquiry and continued use and processing of the data by Vimeo and your associated rights and options for protecting your privacy can be found in the Vimeo data privacy policy: https://vimeo.com/privacy

Use of Adobe Fonts
We use Adobe Fonts from Adobe Systems Software Ireland Limited (4-6 Riverwalk Citywest Business Campus, Dublin 24, Ireland; "Adobe") on our website.
The data processing serves to facilitate the consistent display of fonts on our website. In order to load the fonts, a connection to Adobe servers is established when the page is accessed. In the process, your IP address and information about the browser and operating system you are using are processed and transmitted to Adobe. Your data may be transmitted to third countries, such as the USA and India. For India, no adequacy decision from the EU Commission is available. 
For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Adobe has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
You can find more detailed information on the data processing and data protection at https://www.adobe.com/de/privacy/policy.html and at https://www.adobe.com/de/privacy/policies/adobe-fonts.html.


Rights of persons affected and storage duration

Duration of storage 
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
 
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
 
Right to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
 
You can lodge a complaint with, among others, the supervisory authority responsible for us, which you may reach at the following contact details:Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Postfach 71 16
24171 Kiel
Tel.: +49 431 9881200
Fax: +49 431 9881223
E-Mail: mail@datenschutzzentrum.de

Right to object
If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.
If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
 
If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.

last update: 29.11.2023