Free Shipping For All Orders Of 75.00 €*
Show/Hide Filters:

Privacy Policy

Privacy Policy

How we handle your personal data is explained in this privacy policy. It is based on the General Data Protection Regulation (GDPR). Except the third party providers that we name in this document, we do not pass any data to third parties. If you have any questions, please contact us.

Content

Controller

The controller for processing of data is

purplespin GmbH
Roxheimerstr. 31
67227 Frankenthal

General Information

Provision of data
As a rule, it is neither legally nor contractually required to provide personal data in order to use our website. Insofar as the provision of data is necessary for the conclusion of a contract or the user is obliged to provide personal data, we shall inform the user of this circumstance and the consequences of not providing the data in this privacy policy.

Data transfer to third countries
We may use service providers and third parties located in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place, unless the user has consented to the data transfer, on the basis of an adequacy decision by the European Commission (Art. 45 GDPR) or we have provided appropriate safeguards to ensure data protection (Art. 46 GDPR). Insofar as there is an adequacy decision by the European Commission for the transfer of data to a third country, we refer to this in this privacy policy. Furthermore, users can obtain a copy of the appropriate safeguards from us, insofar as these are not already contained in the privacy policies of the service providers or third-party providers.

Automated decision-making
If we use automated decision-making, including profiling, this privacy policy will inform you of this fact, the logic involved and the scope and intended effects of such processing. Otherwise, there shall be no automated decision-making process.
Processing for other purposes
Data is generally only processed for the purposes for which it was collected. If, in exceptional cases, data is intended to be further processed for other purposes, we will inform you of these other purposes before such further processing and provide all other relevant information (Art. 13 (3) GDPR).

Website hosting

Every time our website is called up, the user’s browser transmits various data. For the duration of the visit on the website, the following data is processed and stored in log files even after the connection has ended:

  • Browser type and version used
  • Operating system
  • Pages and files accessed
  • Amount of data transmitted
  • Date and time of retrieval
  • User’s provider
  • IP address in anonymous form
  • Referrer URL

The processing of this data is necessary in order to deliver the website to the user and to optimise it for the user’s end device. Storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are rendered anonymous before being stored in log files.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to provide the website and to improve website security. Log files are automatically deleted after 29 days.

Cookies, pixel tags and mobile identifiers

On our website, we use technologies to recognise the used end device. These can be cookies, pixel tags and/or mobile identifiers.

The recognition of an end device can generally be used for different purposes. It may be necessary in order to provide functions of our website, for example to make a shopping cart available. In addition, these technologies can be used to track user behaviour on the site, for example for advertising purposes. We describe the technologies we use and the purpose of their use separately and in detail in this privacy policy.

For a better understanding, we will explain below how cookies, pixel tags and mobile identifiers work in general:

  • Cookies are small text files that contain certain information and are stored on the user’s end device. In most cases, the information consists of an identification number that is assigned to an end device (cookie ID).
  • A pixel tag is a transparent graphic file that is integrated into a page and enables a log file analysis.
  • A mobile identifier is a unique number (mobile ID) stored on a mobile device which can be read out by a website.

Cookies may be required for our website to function properly. The legal basis for the use of cookies of this nature is Art. 6 (1) f) GDPR. Our legitimate interest is to provide the functions of our website.

We use cookies that are not required for the operation of our website in order to make our offer more user-friendly or to be able to trace the use of our website. The legal basis here depends on whether user consent must be obtained or whether we can invoke a legitimate interest. The user can revoke given consent, among other things, by means of browser settings at any time.

The user can prevent and object to the processing of data by means of cookies by choosing suitable browser settings. An objection may lead to some functions on the website no longer being available. We will inform you separately about further possibilities for objecting to the processing of personal data by means of cookies in this privacy policy. Where necessary, we provide links which can be used to state an objection. These are labelled “opt-out”.

Cookiebot

We use the consent management system Cookiebot. Provider: Cybot A/S, Havnegade 39, 1058 Kopenhagen, Dänemark.

Cookiebot is a service that enables us to obtain the consent of our users for the use of cookies. Cookiebot automatically stores up to two cookies on the user’s device. One is the first party cookie “CookieConsent”, which stores the user’s consent. The other is only stored in the case of “mass consent” across certain domains. It is a third party cookie called “CookieConsentBulkTicket”, which stores an encrypted key to activate mass consent across multiple domains.

Given consent is logged and documented by storing the anonymized IP address of the User, the user agent, the website URL, the date and time of the consent and the unique encrypted key stored in the data center of the Cybot Cloud Vendor, Microsoft Ireland Operations Ltd. in Dublin, Ireland.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to obtain the consent of our users required for the storage of cookies and to prove that we process personal data in connection with the use of cookies in a lawful manner.

The cookies expire automatically for renewal after 12 months from the date of the user’s consent. Other data will be deleted at the end of the year after three years.

Privacy Policy of Cookiebot

Establishing contact

In the event contact is established, we process the user’s details, date and time for the purpose of processing the enquiry, including any queries.

The legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest is to answer our user’s enquiries. Additional legal basis is provided by Art. 6(1) b) GDPR, if processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.

The data will be deleted as soon as the enquiry, including any queries, has been answered. We will check at regular intervals, but at least every two years, whether any data accumulated in connection with contacts must be deleted.

Newsletter

Users have the possibility to register for newsletters on our site. In this context, we process the data entered during registration in order to send a confirmation e-mail to the user’s e-mail address. Upon confirmation, we process the data in order to be able to send newsletters. For the purpose of personalisation, we may also process the name of the user, if the user has provided it.

At registration, date and time as well as the IP address of the user are stored to be able to prove an entry. Upon deregistration, we process this data for verification purposes and delete it after three years at the end of the year.

To improve our content, we measure how successful our newsletters are, for example how often they are opened by users and which links are clicked on. For this purpose, e-mails contain a pixel tag. We do not track the activities of individual users.

The legal basis for the processing is user consent according to Art. 6 (1) a) GDPR. Otherwise, the legal basis for the processing is Art. 6 (1) f) GDPR. Legitimate interests on our part are sending newsletters, personalised addressing of the user and proof that the user has registered for the newsletter.

Mailchimp

We use Mailchimp to send newsletters. Provider: The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

Privacy Policy of MailChimp

Advertising to existing customers

If the user has provided an e-mail address while purchasing goods or services, we reserve the right to use this e-mail address for direct advertising in connection with similar goods or services in accordance with Section 7 para. 3 UWG [German Act against Unfair Competition]. This does not apply if the user has objected to the use.

The legal basis for the processing is Art. 6 (1) f) GDPR. A justified interest on our part is the promotion of our sales. The user can object to the use of the specified e-mail address for the purpose of advertising to existing customers at any time with future effect, without incurring any costs other than the transmission costs according to the basic rates.

Comments

On our website, we give users the opportunity to leave their own comments. If a comment is transmitted to us, we process the user’s data. To protect against misuse of the comment function (e.g. through spam or criminal content), we also process the date, time and IP address of the user.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to be able to offer the comment function and to protect against misuse.

Registration for a user account

Users can register for our offer on our website. In this context, we will process the data entered during registration. We have the specified e-mail address confirmed by sending a link (double opt-in) to prevent misuse of the registration function. For this purpose, we also process the date and time and the IP address of the user. For verification purposes, we also process the date, time and IP address of the user when the confirmation link is clicked.

The data will be deleted when the user account is deleted after three years at the end of the year, unless a longer legal obligation to retain the data is opposed.

The legal basis for the processing is Art. 6 (1) a) GDPR insofar as we obtain user consent. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is based on Art. 6 (1) b) GDPR. Otherwise, the legal basis is Art. 6 (1) f) GDPR. Our legitimate interest is to provide users with access to our offer requiring registration, to protect us from misuse of the registration function and to be able to prove proper registration. After the deletion of the user account, our legitimate interest also consists in the defence of possible claims.

Orders and payment processing

When you place an order in our online shop, we will process the data provided when the order was placed, such as name, bank details or payment data, in order to process the order. We only transfer payment data to our payment service providers as far as this is necessary to process the payment.

The legal basis for the processing is Art. 6 (1) b) GDPR. If the user deposits order data in a user account, Art. 6 (1) a) GDPR shall be the legal basis. Otherwise, the processing is based on Art. 6 (1) f) GDPR. Our legitimate interest lies in the processing of refunds and the pursuit of claims.

Order and payment data will be deleted as soon as they are no longer necessary for the processing of the order, including a reversal of the payment (e.g. due to a revocation or a withdrawal from the contract) and a processing of warranty cases, and no legal storage obligations exist. In the event that the user has stored order data for a repeat order in a user account, the data will be deleted together with the user account if they are not required for the processing of a specific order.

Paypal

When paying via PayPal, the payment will be processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg.

Privacy Policy of Paypal

Mollie

When paying via Mollie, the payment will be processed by Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands.

Privacy Policy of Mollie

Other third-party services

Google Analytics

We use Google Analytics to analyse the use of our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

To be able to track user activities on the website, a cookie is placed on the end device. We use Google Analytics with the extension anonymize IP. The user’s IP address is automatically truncated before being transmitted to servers in the USA. Among other things, the approximate geographical location, end device, screen resolution, browser and visited pages including the length of stay are evaluated.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interests are optimising our website, improving our offers and online marketing.

The data collected by Google Analytics is automatically deleted after 14 months.

Opt-Out

Privacy Policy of Google Analytics

Cloudflare

We utilise the content delivery network (CDN) Cloudflare. Provider: Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA.

Content is loaded from CDN servers. In order to establish a connection, it is technically necessary to transmit the user’s IP address.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to improve the speed and availability of our website.

Privacy Policy of Cloudflare

Facebook Social Plugins

We integrate contents and buttons of the social network Facebook on our website via a plugin. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.

To load content from Facebook, it is necessary to transfer the user’s IP address to the company in terms of technology. If the user is logged in to Facebook, the visit of a page can be attached to the account.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest for the integration of Facebook content and buttons is making our website user-friendly.

Privacy Policy of Facebook Social Plugins

Instagram

We integrate contents and buttons of the social network Instagram on our website via a plugin. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

To load content from Instagram, it is necessary to transfer the user’s IP address to the company in terms of technology. If the user is logged in to Instagram, the visit of a page can be attached to the account.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest for the integration of Instagram content and buttons is making our website user-friendly.

Privacy Policy of Instagram

Twitter

We integrate contents and buttons of the social network Twitter on our website via a plugin. Provider: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland.

To load content from Twitter, it is necessary to transfer the user’s IP address to the company in terms of technology. If the user is logged in to Twitter, the visit of a page can be attached to the account.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest for the integration of Twitter content and buttons is making our website user-friendly.

Privacy Policy of Twitter

WordPress Emoji

We use WordPress Emoji to display emojis. Provider: Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.

Emojis are downloaded as graphic files from the Automattic server. For this purpose it is technically necessary to transmit the IP address of the user.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to improve the user experience.

Privacy policy of Automattic

Google Maps

To be able to display geographical maps, we use Google Maps. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This necessitates transmitting the user’s IP address to Google for reasons of technology. In addition, the company places various cookies to identify the user and to display personalised advertising.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest is to make our website user-friendly.

We have concluded an agreement on shared responsibility with Google.

Opt-Out

Privacy Policy of Google Maps

Google Fonts

On our website we use fonts from Google Fonts. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Fonts are loaded from the Google server. In order to establish a connection, it is technically necessary to transmit the user’s IP address.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to make our website user-friendly and to improve its speed and availability.

Privacy Policy of Google Fonts

Profiles in social networks

We are present in one or more social networks. In detail, these are: Facebook, Instagram or Twitter. When contacting us, we process personal data as described above under “Establishing contact”.

Social network providers process data according to their data protection regulations, which can be accessed here:

If a user is logged in with an account, the activities on our profile in the respective social network may be attached to said user. This can take place across devices and without login as the case may be, for example when using cookies or mobile identifiers. Social network providers use the data collected to create pseudonymised user profiles, which they can use in particular to display personalised advertising.

Rights of the data subject

Where personal data relating to a user is being processed, the user has the following rights:

Right of access: The user has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and a copy of the personal data undergoing processing.

Right to rectification: The user has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to erasure: The user has the right in accordance with the law to obtain from the controller the erasure of personal data concerning him or her without undue delay.

Right to restriction of processing: The user has the right in accordance with the law to obtain from the controller restriction of processing.

Right to data portability: The user has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right in accordance with the law to transmit those data to another controller.

Right to object: The user has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the user has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdrawal: The user has the right to withdraw his or her consent at any time.

Right to lodge a complaint: The user has the right to lodge a complaint with a supervisory authority.

Last Updated: 27/03/2023

SUBSCRIBE

Subscribe to newsletter & secure advantages