Privacy Policy

Privacy policy

(September 2022)

1. Section 1- General Information

1.1. Controller & data protection officer

The controller regarding this website within the meaning of Art. 4 (7) GDPR and other national data protection laws of the Member States and other provisions under the GDPR is:

DPI Merchandising GmbH, Lochhamer Str. 9, 82152 Planegg, Germany

e-mail: info@dpimerchandising.com; phone: +49 (0)89 24245 52991

You can also find more information about the controller in the imprint at

DPI has appointed a data protection officer in accordance with Art. 37 GDPR. You can contact our data protection officer Mr. Yao Zhou per e-mail at dpo@plaion.com, by mail at Lochhamer Str. 9, 82152 Planegg / Munich or by phone at –+49 89 24 24 5 235.

1.2. Store data processing

Our site is an online store where you can buy various merchandise items.

As any other online store, we need to collect personal data from you as part of the sales process. This includes, in particular, address data (surname, first name, street, zip code, city, country), contact details (e-mail address, telephone number, if applicable), billing data (surname, first name, street, zip code, city, country, purchased goods, selected payment method, etc.), as well as technical personal data (such as your IP address, the status of your shopping cart, products inserted, etc.).

To fulfill the contract, we will also pass on your personal data to third party companies. Sensitive data in the context of billing will only be transmitted on the basis of encryption that corresponds with the state of the art.

The companies are:

The payment provider you selected;
Postal and parcel service providers (DHL, DPD, etc.)
Our fulfillment service provider - PLAION GmbH, Embracer Platz 1, A-6604 Hoefen, Austria

1.3. Service provider for store operation

In order to make the operation of our platform as secure as possible, we work together with additional service providers on the basis of a data processing agreements in the sense of Art. 28 GDPR. These service providers are:

Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland in connection with its parent company Shopify Inc, 151 O’Connor Street Ground floor, Ottawa, ON K2P 2L8 Canada. Data storage as part of order processing takes place on Shopify's servers in Ireland. The use of Shopify serves to provide our store system and the related (technical) services. Shopify's privacy policy can be found at https://www.shopify.com/legal/privacy/customers.
Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany. The use of Zammad GmbH serves the technical provision and maintenance of our ticket system. Tickets are answered exclusively by our support team. You can find more information in the privacy policy of Zammad GmbH at https://zammad.com/en/company/privacy.
Klaviyo Inc, 49 Southwark Bridge Rd, London SE1 9HH, United Kingdom. Klaviyo is used to improve and support our email marketing. In addition, SMS can be sent via Klaviyo to send verification codes, for example . An advertising contact via the services of Klaviyo only takes place in the case of the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR. More information on data protection at Klaviyo can be found at https://www.klaviyo.com/marketing-resources/data-privacy. Due to the corporate structure of Klaviyo, it cannot be avoided that individual data will be transferred to the USA.In the USA the level of data protection is lower than in Europe, so that, if necessary, access to personal data can take place within the scope of official orders.

1.4. Provision of the website and creation of log files

Each time you visit our website, our system automatically collects data and information from the device (e.g. computer, cell phone, tablet, etc.).

· What personal data is collected and to what extent is it processed?

In the event that you access our online store, we will process various technical data of the accessing device. They are either anonymized or deleted after the expiry of the deletion period in such a way that it is no longer possible to draw conclusions about the individual person.

The following data is collected: Information about the browser type and version used, the operating system of the accessing device, host name of the accessing computer, the IP address of the accessing device, date and time of access, accessed pages and resources (images, files, other page content), websites from which the user's system accessed our website (referrer tracking), notification of whether the access was successful and the amount of data transferred.

This data is not stored together with personal data of a specific user , so that individual website visitors can not be identified. By storing the anonymized data, we can monitor and improve the stability and availability of our online store over a longer period of time. The temporary (automated) storage of the data is necessary for the course of the page visit in order to enable the delivery of the content in a technically correct manner.

· Legal basis for the processing of personal data

Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in the following, outlined purpose.

· Purpose of data processing

The temporary (automated) storage of the data is necessary for the course of a website visit in order to enable delivery of the website. The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. In addition, we use the data to optimise the website and to generally ensure the security of our information technology systems.

· Duration of storage

The aforementioned technical data is erased as soon as it is no longer required to achieve the aforementioned purposes, but at the latest 1 month following the use of our website.

· Your rights

You may object to this processing according to art. 21 GDPR and demand deletion of data ac-cording to Art. 17 GDPR by following the indications under point 9 of this Privacy Policy.

1.5. General information on how to contact us

Please note that in the case of unencrypted communication by e-mail, a high standard of data security cannot be guaranteed. Regarding information that are requiring a high level of confidentiality, we expressly recommend encrypted communication via our ticket system or by post.

The following risks are associated with e-mail transmission:

personal data could be disclosed to third parties without authorization due to incorrect entry of the e-mail address;
You have no information on the recipient side, e.g. which or how many employees have access to the e-mail.
Due to the transmission of data via several distributed intermediate points, unauthorized third parties may basically be able to access the data without encryption.

2. Section 2 - Special Shop Functions

2.1. Payment methods and credit check

· Credit card

If you have selected the payment method credit card, we will transfer the data necessary for payment processing to the credit institution or credit card provider selected by them due to the purchase in accordance with Art. 6 (1) (b) GDPR. In addition, the respective data protection provisions of your provider apply.

· PayPal

What personal data is collected and to what extent is it processed?

If you have selected "PayPal" as the method of payment, we will forward your personal customer data collected during the order process to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boule-vard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). If you give your consent, the following data is affected by the data transfer: First name and surname, street, house number, postcode, town, date of birth, telephone number and data relating to your order.

Legal basis for the processing of personal data

Art. 6 (1) (b) GDPR (implementation of (pre)contractual measures) in the context of the contract to be concluded with PayPal.

Purpose of data processing

PayPal carries out a creditworthiness check when the payment method “PayPal” is selected. In this process, mathematical-statistical procedures are used to calculate a rating with regard to the probability of a payment default (so-called calculation of a scoring value). PayPal uses the calculated scoring value as a basis for its decision on the provision of the respective payment methods. The calculation of a scoring value is carried out according to recognised scientific pro-cedures. Please also refer to PayPal’s privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Duration of storage

We will store the relevant data for the processing of the payment as long as it is necessary for the execution of the transaction. If the data is subject to statutory retention obligations, it will be deleted after expiry of the retention obligation. The duration of storage of the data by PayPal can be found in PayPal’s privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Your rights

You can find out what rights you have and how to exercise them in the lower section of this privacy policy or in the provider's privacy policy.

· Klarna

What personal data is collected and to what extent is it processed?

If you have selected any type of "Klarna" payment method as the method of payment, we will forward your personal customer data collected during the order process to Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden (hereinafter referred to as “Klarna”). If you give your consent, the following data is affected by the data transfer: First name and surname, street, house number, postcode, town, date of birth, telephone number and data relating to your order.

Legal basis for the processing of personal data

Art. 6 (1) (b) GDPR (implementation of (pre)contractual measures) in the context of the contract to be concluded with Klarna.

Purpose of data processing

For the purpose of checking identity and creditworthiness, Klarna transmits data to credit agencies (credit agencies) and receives from them information and, if necessary, creditworthiness information based on mathematical-statistical methods, in the calculation of which, among other things, address data are included (so-called score values). By doing this, Klarna receives information about the statistical probability of a payment default, which is the basis for the decision on the establishment, implementation or termination of the contractual relationship. However, the selection of one of the offered payment methods before the conclusion of the contract is not dependent on such information.

The credit bureaus are the companies listed at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

For detailed information, please refer to Klarna's Privacy Policy (https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf) and Terms of Use (https://www.klarna.com/de/agb/).

Duration of storage

We will store the relevant data concerning the payment as long as it is necessary for the execution of the transaction. Insofar as the data is subject to statutory retention obligations, the deletion will take place after the expiry of the retention obligation. The storage period of personal data at Klarna can be found in Klarnas privacy policy under https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

Your rights

You can find out what rights you have and how to exercise them in the lower section of this privacy policy or in the provider's privacy policy.

· ShopPay - Shopify Payments by Shopify

If you choose the payment method "Shopify Payments" of Shopify International Limited, Victoria Buildings, 2nd Floor, 2 Haddington Road Dublin 4, D04 XN32, Ireland, you will be asked in the ordering process to confirm the transmission of the data required for the processing of the payment and an identity and creditworthiness check. If you confirm the transmission to Shopify, Shopify will receive the data related to your order as far as it is necessary for the processing of the payment by Shopify itself.

Your data will be shared solely for the purpose of processing payments with the service provider. For more information about Shopify Payments' privacy policy, please visit: https://www.shopify.com/legal/privacy.

2.2. Registration, User Account & Wishlist

· What personal data is collected and to what extent is it processed?

Through our registration form you can register as for our store. The registration itself can be completed by providing an e-mail address and password.

After registration of the user account, further data such as address data, billing data, etc. can be stored in the account.

· Legal basis for the processing of personal data

The registration form and the wishlist are part of the contract regarding the user account. Art. 6 (1) (b) GDPR (performance of (pre)contractual measures)

· Purpose of data processing

The registration regarding our online store is mainly for easier and faster processing of future orders and the comfort functionto save the address data and billing information for each order. In addition, the customer can create wishlists and view his past orders.

· Duration of storage

The data collected will be stored for as long as you maintain a user account. Please note, however, that we must retain some data for up to ten years due to statutory retention obligations (e.g. for purchases made) as part of tax law obligations. The data will be deleted when there are no longer legal deadlines preventing the deletion.

· Your rights

You can find out what rights you have and how to exercise them in the lower section of this privacy statement.

· Necessity of providing personal data

The use of the registration form on our site and the creation of an account is contractually required for the use of the protected area. The use of the content protected by the login area is not possible without entering the requested personal data. If you wish to use our login area, you must fill in the fields marked as mandatory. Registration is not possible if the data you have entered are obviously incorrect.

However, an order in the online store is also possible without a user account.

2.3. Ticket system

· What personal data is collected and to what extent is it processed?

With regard to our ticket system, we process the following personal data from you: First name, last name, e-mail address, form data entered, date of ticket creation. In addition, we may process additional data voluntarily provided by you, such as a telephone number for call-backs, order number, etc.

· Legal basis for the processing of personal data

Art. 6 (1) (b) GDPR (implementation of (pre)contractual measures) in the context of responding to tickets posted by the customer.

· Purpose of data processing

The personal data collected via the ticket system are needed to create an inquiry via our ticket system. The specification of name and first name, serves the personal address of the customer and - if necessary - the assignment of the ticket to an order the user made via our online store. The information in the ticket itself represents the customer's query.

The e-mail address is used to inform the user about changes in his query (like an answer within the ticket).

The voluntary fields can help us to process the ticket faster and more effectively or to open up further contact options (e.g. via telephone) if necessary.

· Duration of storage

We keep the ticket system data at least until the support request has been fully answered. The deletion of the personal data depends on several factors.

If they relate to a contract, we will keep them for at least 3 years and delete them accordingly after the statutory periods have expired.

In the case of tickets relating to payment or order processing, we may store them for a longer period (up to 10 years). In all other cases, we will delete the ticket when the purpose of the ticket has been achieved, but no later than after 1 years.

· Your rights

You can find out what rights you have and how to exercise them in the lower section of this privacy statement.

· Necessity of providing personal data

The use of the ticket system is neither contractually nor legally required. Alternatively, you can also use other contact methods (mail, telephone, post). If you wish to use the ticket system, you must at least fill in the mandatory information.

2.4. Newsletter

What personal data is collected and to what extent is it processed?

By registering for the newsletter on our website, we receive the e-mail address entered by you in the registration field and, if applicable and provided by you, further contact data.

Legal basis for the processing of personal data

Art. 6 (1) (a) GDPRconsent through clear confirming action or behavior)

Purpose of data processing

The data recorded within the registration mask of our newsletter will be used by us exclusively to send out our newsletter, in which we inform you about all our services and news. After registration, we will send you a confirmation e-mail containing a link that you need to click to complete the registration regarding our newsletter (double opt-in).

Duration of storage

Our newsletter can be unsubscribed at any time by clicking on the unsubscribe link, which is also included in every newsletter. Your data will be deleted by us immediately after unsubscription. Likewise, your data will be deleted by us immediately in the event that your subscription is not completed. We reserve the right to delete without giving reasons and without prior or subsequent information.

Possibility of revocation and removal

You may revoke your consent in accordance with Art. 7 (3) GDPR at any time. However, the processing carried out up to the time of the revocation remains unaffected by this. With regard to your further rights, we refer to the overview at the end of this privacy policy.

Necessity of providing personal data

If you like to use our newsletter, you need to fill in the fields marked as mandatory and confirm the e-mail address by clicking on the double opt-in link we send to the e-mail adress. The newsletter registration information is neither necessary to enter into a contract with us, nor legally required. The registration is used exclusively for sending our newsletter. If you do not fill in the necessary information, we will not be able to provide you with our newsletter service.

2.5. Web services

· Facebook Custom Audience

Within our online offer, we implemented the so-called "Facebook pixel" of the social network Facebook ("Facebook"), which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Mail: impressum-support@support.facebook.com, Website: http://facebook.com/. The processing also takes place in a third country (Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or) for which there is no adequacy decision of the European Commission. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be excluded that in the third country, authorities would be able to access the collected data.

The pixel is also operated under the joint responsibility of the responsible party within its corporate alliance. Our joint partner is: Bethesda Softworks LLC. of 1370 Piccard Dr # 120, Rockville, Maryland 20850, United States. Bethesda is the licensor of the merchandising items sold through the Shop. The responsible party is responsible for the operationof the store and the concerning data protection inquiries.

Facebook Custom Audience is an advertising tool of the company Facebook, with which targeted advertising campaigns can be made to page visitors. Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The processing of data by Facebook takes place within the framework of Facebook's data usage policy. For more information about the display of Facebook ads and how the Facebook Pixel works, please see Facebook's data usage policy at https://www.facebook.com/about/privacy.

The legal basis for the transmission of personal data is your consent pursuant to Art. 6 (1) lit. a GDPR, which you have given on our website. The cookies are stored for a period of approximately 3 months.

The collection by the Facebook pixel and the use of the data to display Facebook ads can be revoked at any time. In order to set which types of ads are displayed within Facebook, the page set up by Facebook can be accessed and the instructions on the settings for usage-based advertising followed there. The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices. If you are logged in to Facebook, you can manage your advertising settings yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

· Social Plug-In - "Twitter

What personal data is collected and to what extent is it processed?

On our website, we have integrated a social plug-in of the social network "Twitter", which is operated by Twitter International Company, One Cumberland Place Fenian Street, 2 Dublin, Ireland, e-mail: de-support@twitter.de, website: https://twitter.com ("Twitter"). When you call up a page that contains the plug-in, your browser automatically establishes a background connection to the Twitter servers. The content of the plug-in is transmitted directly by Twitter to your browser and only integrated into our site.

Through this integration, Twitter receives the information that your browser has loaded a specific page of our website. This also applies if you do not have a Twitter profile or are not currently logged into Twitter. This information (including your IP address) is transmitted by your browser directly to a Twitter server in Ireland and stored there. If you are logged in to Twitter, Twitter can immediately assign your visit to our website to your Twitter profile. If you interact with the plug-ins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter profile and displayed to your Twitter contacts that you have enabled this purpose.

The plugin is also operated under the joint responsibility of the responsible party with its corporate alliance with Bethesda Softworks LLC, 1370 Piccard Dr # 120, Rockville, Maryland 20850, United States, which is the licensor of the merchandising items sold through the store. The responsible party is responsible for the operation and data protection inquiries.

Legal basis for the processing of personal data

Art. 6 (1) (b) GDPR (if you have registered with "Twitter") and Art. 6 (1) (a) GDPR (if you have not registered with Twitter).

Purpose of data processing

The primary purpose of the data collection is to offer you a possibility of social interaction linked to Twitter and thus to make our website interactive. The scope of data collection and the further processing and use of the data you leave behind by Twitter, as well as your rights in this regard and setting options for protecting your privacy, can be found in Twitter's privacy policy: https://twitter.com/de/privacy.

Duration of storage

Twitter will store the data relevant for the provision of the web service for as long as it is necessary. Insofar as the data is subject to statutory retention obligations, it will be deleted after the retention obligation has expired.

Possibility of objection and deletion

If you do not want the social plug-in from Twitter to run, you can also prevent it from running by installing an appropriate addon or script blocker. If you do not want Twitter to assign the data collected via our website to your Twitter profile, you must log out of Twitter before visiting our website. The options for objection and removal are also based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.

· klaviyo

We use on our site the service klaviyo of the company Klaviyo, Inc, 125 Summer St Floor 7 , 02110 Boston, United States, e-mail: privacy@klaviyo.com, website: https://www.klaviyo.com/. The processing also takes place in a third country for which there is no Commission adequacy decision. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be excluded that in the third country, authorities may be able to access the collected data.

The legal basis for the transmission of personal data is your consent pursuant to Art. 6 (1) (a) GDPR which you have given on our website.

The service allows us to collect, analyze, and use customer data to engage with our customers in certain ways, including sending emails about discounts, emails with updates on the shipment of ordered goods, or abandoned carts.

You can revoke your consent at any time. You can find more information on revoking your consent either within the consent itself or at the end of this privacy policy. For more information on the handling of transferred data, please refer to the provider's privacy policy at https://www.klaviyo.com/legal/privacy-notice.

· searchspring

We use on our site the service searchspring of the company B7 Interactive, LLC., 122 E. Houston Street, Suite 105, TX, 78205 San Antonio, United States, e-mail: privacy@searchspring.com, website: https://searchspring.com/. The processing takes place in a third country for which there is no Commission adequacy decision. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

The legal basis for the transmission of personal data is your consent pursuant to Art. 6 (1) (a) GDPR that you have given on our website.

This plugin is used to provide search and recommendation features on our website, improve our methods regarding merchandising and analyze online interactions with people that visit our website. You can revoke your consent at any time. You can find more information about revoking your consent either with the consent itself or at the end of this privacy policy.

For more information on the handling of transmitted data, please refer to the provider's privacy policy at https://searchspring.com/legal/privacy-policy/.

· Klarna

We have also implemented the service Klarna of the company Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. The transmission and processing of personal data takes place exclusively on servers within in the European Union. We use Klarna as a payment method in the checkout process of the online store.

The legal basis for the transmission of personal data is the contract already concluded or to be concluded between you and us pursuant to Art. 6 (1) (b) GDPR.

You can find out what rights you have with regard to the processing at the end of this privacy policy. For more information on the handling of transferred data, please refer to the provider's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

· PayPal

We use the PayPal service of the company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg on our website. According to PayPal, the transmission and processing of personal data takes place on servers within in the European Union. We use PayPal as a payment method in the checkout process of the online store.

Pursuant to Art. 6 (1) lit. b GDPR, the legal basis for the transmission of personal data is the contract already concluded or to be concluded between you and us. The rights regarding the processing you are entitled to, can be found at the end of this privacy policy.

For more information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

· Zammad

We use the service Zammad of the company Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany on our site. The transmission and processing of personal data takes place exclusively on servers within the European Union.

The legal basis for the transmission of personal data is your consent pursuant to Art. 6 (1) (a) GDPR which you have given on our website.

You can revoke your consent at any time. You can find more information about revoking your consent either with the consent itself or at the end of this privacy policy.

For more information on the handling of transmitted data, please refer to the provider's privacy policy at https://zammad.com/en/company/privacy.

As soon as you create a ticket, the ticket is subject to the legal basis of Art. 6 (1) (b) GDPR (cf. para. 2.3).

2.6. Cookies

· What personal data is collected and to what extent is it processed?

On various pages, we integrate and use cookies to enable certain functions of our website and to integrate external web services. The so-called "cookies" are small text files that your browser can store on your access device. These text files contain a characteristic string that uniquely identifies the browser when you return to our website. The process of saving a cookie file is also referred to as "setting a cookie". Cookies can be set both by the website itself and by external web services. The cookies are set by our website or the external web services in order to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors using pseudonyms, such as a unique or random IDs, so that we can provide more customized services. You can find more information and setting options in our cookie banner, which you can reopen at any time by clicking on the link in the footer.

· Legal basis for the processing of personal data

Insofar as the cookies are processed on the basis of consent pursuant to Art. 6 (1) (a) GDPR. Regarding German customers this consent shall also be deemed as a consent within the meaning of §25 (1) TTDSG for the setting of the cookie on the user's terminal device. Insofar as another legal basis is mentioned according to the GDPR (e.g. for the fulfillment of a contract or for the fulfillment of legal obligations), the storage or setting is based on an exception according to § 25 (2) TTDSG. The relevant legal basis is listed in in our cookie banner, which you can reopen at any time by clicking on the link in the footer.

· Purpose of data processing

The cookies are set by our website or the external web services to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors using pseudo-nyms, such as an individual or random IDs, so that we can provide more indi-vidualized services. Details are listed in our cookie banner, which you can reopen at any time by clicking on the link in the footer..

· Duration of storage

· Our cookies are stored until deleted in your browser or, if it is a session cookie, until the session expires. Details are listed witin our cookie banner..Possibility of objection and removal

You can set your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on a case-by-case basis whether to accept cookies or accept cookies in principle. Cookies can be used for various purposes, e.g. to recognize that your access device is already connected to our website (permanent cookies) or to store recently viewed offers (session cookies). If you have expressly given us permission to process your personal data, you can revoke this consent at any time. Please note that the legality of the processing carried out on the basis of the consent until the revocation is not affected. The consent can be withdrawn at any time within our cookie banner.

3. Section 3 - Your rights

3.1. Right of access

You have the right to request confirmation as to whether we process your personal data. If this is the case, you have a right of access and information specified in Art. 15 (1), (2) GDPR, provided that the rights and freedoms of other persons are not affected (Art. 15 (1), (4) GDPR).

3.2. Right to correction

In accordance with Art. 16 GDPR, you have the right to have any incorrect personal data we store (such as address, name, etc.) corrected. You can also request a completion of the data at any time. A corresponding adjustment will be made immediately. Some data, such as your address data, billing address, registration data, etc., can be adjusted by yourself if you are a registerd customer. The changes can be made in the user profile.

3.3. Right to erasure

Pursuant to Art. 17 (1) GDPR, you have the right to demand that we delete the personal data we have collected about you where one of the following grounds applies:

o the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
the legal basis for the processing has ceased to exist due to the revocation of your consent;
you have objected to the processing and there are no overriding legitimate grounds for processing;
the personal data have been unlawfully processed
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
the personal data have been collected in relation to the offer of information society ser-vices referred to in art. 8 (1) GDPR

According to Art. 17 (3) of the GDPR, the right does not exist if

the processing is necessary for the exercise of the right to freedom of expression and information;
Your data has been collected on the basis of a legal obligation;
the processing is necessary for reasons of public interest;
the data is required for the assertion, exercise or defense of legal claims.

3.4. Right to limitation of processing

According to art. 18 (1) GDPR you have the right in individual cases to demand the restriction of the processing of your personal data.

This is the case if:

o the accuracy of the personal data is disputed
the processing is unlawful
the data are no longer required for the processing purpose but are used for the assertion, exercise or defence of legal claims
an objection has been filed against the processing pursuant to Art. 21 (1) GDPR and it is still unclear which interests predominate.

3.5. Right to withdraw consent

If you have given us express permission to process your personal data (Art. 6 (1) a GDPR or art. 9 (2) (a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.

3.6. Right to object to data processing

Pursuant to Art. 21 GDPR, you may at any time object to the processing of your personal data if such processing is carried out on the basis of Art. 6(1) (f) GDPR e.g. where the processing is carried out on the basis of the legitimate interests.

3.7. Data Portability

We will provide you or a responsible person designated by you with the following data in a common machine-readable format upon request pursuant to Art. 20 (1) GDPR:

Data collected on the basis of explicit consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR;
Data that we have received from you in accordance with Art. 6 (1) (b) GDPR within the framework of existing contracts;

insofar as the data have been processed within the framework of an automated procedure.

3.8. How can I obtain my rights?

You can obtain your rights at any time by contacting us using the contact details below or by contacting our data protection officer:

Mail: DPI Merchandising GmbH, Lochhamer Str. 9, 82152 Planegg, Germany

E-mail: info@dpimerchandising.com;; Tel: +49 (0)89 24245 52991

Data protection officer: dpo@kochmedia.com

3.9. Right of appeal to the supervisory authority pursuant to Art. 77 (1) GDPR

If you suspect that your data is being processed illegally on our site, you can, of course, bring about a judicial clarification of the issue at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Art. 77 (1) GDPR. The right of complaint pursuant to Art. 77 GDPR is available to you in the EU member state of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority from the places mentioned above. The supervisory authority to which your complaint has been submitted will then inform you about the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.