Privacy policy

1) Introduction and Contact Information for the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to any information that can be used to personally identify you.

1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is Hyapur Deutschland GmbH, Europarc, Teerofendamm 3, 14532 Kleinmachnow, Germany, Tel.: 03030111850, Email: hello@hyapur.de. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

2) Data Collection When You Visit Our Website

2.1 When you use our website solely for informational purposes—that is, if you do not register or otherwise provide us with information—we collect only the data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

 

• The website you visited
• Date and time of access
• Amount of data transmitted (in bytes)
• Source/link from which you accessed the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

2.2 The processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.

 

3) Hosting & Content Delivery Network

For the hosting of our website and the display of its content, we use a provider that delivers its services—either directly or through selected subcontractors—exclusively on servers located within the European Union.

All data collected on our website is processed on these servers.

We have entered into a data processing agreement with the service provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

 

4) Cookies

To make your visit to our website more enjoyable and to enable the use of certain features, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow page settings to be saved (so-called “persistent cookies”). 

In the latter case, you can find the retention period in the overview of your web browser’s cookie settings.

You can configure your browser to notify you when cookies are set, allowing you to decide on a case-by-case basis whether to accept them, or to block cookies in specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Judge.me

For review reminders, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom

We will only transfer your email address and, if applicable, other customer data to the provider based on your explicit consent pursuant to Art. 6(1)(a) GDPR so that the provider can contact you via email with a review reminder.

You may revoke your consent at any time, effective for the future, by notifying us or the provider.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits its unauthorized disclosure to third parties

When data is transferred to the provider’s location, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

5.2 When you contact us (e.g., via the contact form or email), we process your personal data solely for the purpose of handling and responding to your inquiry, and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that no statutory retention obligations preclude this.

 

6) Data Processing When Opening a Customer Account

In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us upon opening a customer account. The data required to open an account is listed in the input fields of the corresponding form on our website.

You may delete your customer account at any time by sending a message to the contact address of the data controller listed above. Once your customer account has been deleted, your data will be deleted provided that all contracts related to it have been fully fulfilled, there are no legal retention periods that prevent this, and we no longer have a legitimate interest in continuing to store the data.

7) Use of Customer Data for Direct Marketing

Subscription to Our Email Newsletter

When you subscribe to our email newsletter, we will send you regular updates about our offers. The only required information for receiving the newsletter is your email address. Providing additional information is optional and will be used to address you personally. We use the so-called double opt-in procedure for sending newsletters, which ensures that you will only receive newsletters once you have explicitly confirmed your consent to receive them by clicking on a verification link sent to the email address you provided.

By clicking the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) of the GDPR. In doing so, we store the IP address assigned to you by your Internet Service Provider (ISP), as well as the date and time of your registration, so that we can investigate any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time by clicking the link provided in the newsletter or by sending a message to the contact person listed at the beginning of this notice. Once you have unsubscribed, your email address will be immediately removed from our newsletter mailing list, unless you have expressly consented to the continued use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

 

8) Data Processing for Order Fulfilment

8.1 To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data we collect will be disclosed to the contracted shipping company and the contracted financial institution in accordance with Article 6(1)(b) of the GDPR.

If, pursuant to a relevant contract, we are obligated to provide you with updates for goods containing digital elements or for digital products, we will process the contact information you provided when placing your order in order to personally notify you in accordance with our legal obligations under Article 6(1)(c) of the GDPR- Your contact information will be used strictly for the purpose of sending you notifications regarding updates we are required to provide, and will be processed by us for this purpose only to the extent necessary to provide the relevant information.

To process your order, we also work with the following service provider(s), who assist us, either fully or partially, in fulfilling the contracts we have entered into. Certain personal data is shared with these service providers in accordance with the information provided below.

8.2 Use of Payment Service Providers

- Google Pay
If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing is handled via the "Google Pay" application on your mobile device, which must be running at least Android 4.4 ("KitKat") and have NFC capability. The payment will be debited from a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, you must first unlock your mobile device using the verification method configured (e.g., facial recognition, password, fingerprint, or pattern).

For payment processing purposes, the information you provide during the ordering process, along with information about your order, will be transmitted to Google. Google then transmits your payment information stored in Google Pay to the originating website in the form of a unique transaction number, which is used to verify the payment. This transaction number contains no information about the actual payment details of your payment method stored in Google Pay, but is created and transmitted as a unique numerical token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The transaction is executed exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed during the described transmissions, this processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) GDPR.

Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, the merchant's location and description, a description of the purchased goods or services provided by the merchant, photos you attached to the transaction, the name and email address of the seller and buyer (or sender and recipient), the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data, and the optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when you use other Google services.

The Google Pay Terms of Service can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de Further information on data protection at Google Pay can be found at the following web address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de - Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method from this provider where you pay in advance (e.g., credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be transmitted to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will only be shared with the provider for the purpose of processing your payment and only to the extent necessary for this purpose.

If you select a payment method where the provider provides advance payment (such as payment by invoice, installment plan, or direct debit), you will also be asked to provide certain personal data during the order process (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, details of an alternative payment method).

To protect our legitimate interest in assessing the creditworthiness of our customers, we forward this data to the provider for a credit check in accordance with Article 6 Paragraph 1 Letter f of the GDPR. Based on the personal data you provide, as well as other data (such as shopping cart contents, invoice amount, order history, and payment history), the provider checks whether your selected payment option can be granted with regard to payment and/or default risks.

In each case, Article 6(1)(b) GDPR applies. In this case, RatePay conducts an identity and credit check on its own behalf to determine creditworthiness in accordance with the principle already mentioned above and forwards your payment data to credit agencies based on its legitimate interest in determining creditworthiness pursuant to Article 6(1)(f) GDPR. A list of the credit agencies that RatePay may consult can be found here: https://www.ratepay.com/legal-payment-creditagencies/

 

When using a payment method from a local third-party provider, your payment data will first be forwarded to PayPal in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of preparing the payment. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the respective provider in accordance with Article 6 Paragraph 1 Letter b GDPR for the purpose of processing the payment:

- Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 21200 Vienna, Austria)- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France) - Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further information on data protection, please refer to PayPal's privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full - Shopify Payments
This website offers one or more online payment methods from the following provider: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

If you select a payment method from this provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the contents of your order will be transmitted to them in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will only be shared with the provider for the purpose of payment processing and only to the extent necessary for this purpose.

9) Website Functionalities

9.1 Judge.me
Our website uses graphic elements from the following provider to display external customer reviews and/or an externally awarded quality seal: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom.

When you access a page on our website that contains such graphic elements, your browser establishes a direct connection to the provider's servers to load the elements correctly. In doing so, certain browser information, including your IP address, is transmitted to the provider.

If personal data is also processed in this context, this is done in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in the optimal marketing of our services and the appealing design of our website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

9.2 - Access Measurement by Linotype

This website uses access measurement from Linotype, a service of Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA, to quantify access to fonts licensed to us.

Because Monotype's compensation for providing the fonts is calculated based on the individual access volume of the website, the user's IP address is recorded via a tracking code when a page is accessed and transmitted to the server host of this website for counting purposes. Monotype itself does not collect, store, or transmit the IP address or other personal data of users at any time.

This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Monotype's legitimate interest in determining access figures for the proper calculation of the compensation claim.

9.3 - Fast Bundle

This website uses a service provided by VConvert Solutions Limited, 13353 Commerce Parkway, Unit 2353, 3rd floor, Richmond, BC, V6V 3A1, Canada, to organize and manage shopping carts.

This service enables the linking of related products in the shopping cart, the product-dependent application of promotions, and the provision of purchase suggestions for compatible products.

For visitor-specific shopping cart management, the service collects and stores pseudonymized visitor data using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information). This includes information about the device used, such as the IP address and browser information. Pseudonymization generally prevents direct identification of individuals.

Information is only read or stored on the device used if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

An adequate level of data protection is guaranteed by an adequacy decision of the European Commission when data is transferred to the provider's location.

 

10) Tools and Other Services

10.1 - DATEV
For our accounting, we use the cloud-based accounting software service of the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany.

The provider processes incoming and outgoing invoices, as well as, where applicable, our company's bank transactions, in order to automatically record invoices, match them to transactions, and generate the financial accounting records in a semi-automated process.

If personal data is processed in this context, the processing is based on our legitimate interest in the efficient organization and documentation of our business transactions in accordance with Art. 6 Para. 1 lit. f GDPR.

10.2 Cookie Consent Tool
This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users upon visiting the website as an interactive interface, allowing them to grant consent for specific cookies and/or cookie-based applications by ticking boxes. Using this tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by ticking the boxes. This ensures that such cookies are only placed on the user's device if consent has been given.

The tool uses technically necessary cookies to save your cookie preferences. No personal user data is processed in this process.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management and thus in the legally compliant design of our website.

A further legal basis for processing is Article 6(1)(c) GDPR. As the data controller, we are legally obligated to make the use of cookies that are not technically necessary contingent upon the respective user's consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

10.3 Judge.me
For the verification and publication of customer reviews, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom.

When you submit a review on our website, your first and last name, email address, order date and number, as well as your name and international reference (GTIN/ISDN) are collected, transmitted to the provider, and evaluated there to determine the legitimacy of a customer review for a specific order. This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in ensuring the authenticity of customer reviews by guaranteeing transaction-relatedness and preventing review abuse. After the review has been completed and approved, the data is deleted by the provider.

An adequate level of data protection is ensured by an adequacy decision of the European Commission when data is transferred to the provider's location.

 

11) Data Subject Rights

11.1 Applicable data protection law grants you the following data subject rights (rights of access and intervention) with regard to the processing of your personal data by the controller. The respective legal bases for exercising these rights are listed below:

• Right of access pursuant to Article 15 GDPR;
• Right to rectification pursuant to Article 16 GDPR;
• Right to erasure pursuant to Article 17 GDPR;
• Right to restriction of processing pursuant to Article 18 GDPR;
• Right to be informed pursuant to Article 19 GDPR;
• Right to data portability pursuant to Article 20 GDPR;
• Right to withdraw consent pursuant to Article 7(3) GDPR;
• Right to lodge a complaint pursuant to Article 77 GDPR.
• Right to object 11.2 Right to Object

If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time, on grounds relating to your particular situation, with effect for the future.

If you exercise your right to object, we will cease processing the data in question. Further processing will only be permitted if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. You can exercise your right to object as described above.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. If you exercise your right to object, we will cease processing the data in question for direct marketing purposes.

 

12) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data based on explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data in question will be stored until you withdraw your consent.

If statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the expiry of the retention periods, unless it is still required for the performance of a contract or for initiating a contract and/or we have a legitimate interest in its continued storage.

When processing personal data based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

When processing personal data for direct marketing purposes based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Article 21(2) GDPR.

Unless otherwise specified in this privacy policy regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.