Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means all data by which you can be personally identified. Detailed information on the subject of data protection can be found in the privacy policy set out below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the website operator’s contact details in the section “Information on the Controller” in this privacy policy.

How do we collect your data?

On the one hand, your data are collected when you provide them to us. This may, for example, be data that you enter in a contact form.

Other data are collected automatically, or after you have given your consent, by our IT systems when you visit the website. These are primarily technical data, such as your internet browser, operating system, or the time at which the page is accessed. These data are collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data are collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour. Where contracts can be concluded or initiated via the website, the transmitted data are also processed for contractual offers, orders, or other order enquiries.

Online shop and Spreadshop

Where shirts are ordered via the shop embedded on or linked from this website, the shop functions are provided by our partner Spreadshop. The shirts are printed and shipped by Spreadshop. The personal data required for placing and processing an order, such as order data, delivery address, payment information, and communication data, are processed for the purpose of order processing and fulfilment. Further details on data processing in connection with the shop can be found in the information provided within the Spreadshop ordering process and in Spreadshop’s privacy policy.

What rights do you have regarding your data?

You have the right at any time to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification or erasure of these data. If you have given consent to data processing, you may withdraw this consent at any time with effect for the future. In addition, you have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You may contact us at any time regarding this and any further questions on the subject of data protection.

2. Hosting

We host the content of our website with the following provider:

Hetzner

The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter “Hetzner”).

Details can be found in Hetzner’s privacy policy: https://www.hetzner.com/de/legal/privacy-policy/.

The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Sec. 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device, such as device fingerprinting, within the meaning of the TDDDG. Consent may be withdrawn at any time.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data means data by which you can be personally identified. This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this is done.

We point out that data transmission on the internet, for example when communicating by e-mail, may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the Controller

The controller responsible for data processing on this website is:

Alexander Fürgut & Lydia Röntgen GbR
Friedenstr. 8
89073 Ulm
Germany

E-mail: contact@hemahell.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data, such as names, e-mail addresses, or similar data.

Storage Period

Unless a more specific storage period has been stated within this privacy policy, your personal data remain with us until the purpose for data processing no longer applies. If you assert a justified request for erasure or withdraw consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data, such as retention periods under tax or commercial law. In the latter case, erasure will take place once these grounds no longer apply.

General Information on the Legal Bases for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data pursuant to Art. 9 para. 1 GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to access to information on your terminal device, such as via device fingerprinting, data processing is additionally carried out on the basis of Sec. 25 para. 1 TDDDG. Consent may be withdrawn at any time. If your data are required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Recipients of Personal Data

In the course of our business activities, we cooperate with various external parties. In some cases, this also requires the transmission of personal data to these external parties. We disclose personal data to external parties only if this is necessary for the performance of a contract, if we are legally obliged to do so, for example disclosure of data to tax authorities, if we have a legitimate interest in the disclosure pursuant to Art. 6 para. 1 lit. f GDPR, or if another legal basis permits the data disclosure. When using processors, we disclose personal data of our customers only on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are possible only with your express consent. You may withdraw consent that you have already given at any time. The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

WHERE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

WHERE YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEREAFTER NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process by automated means on the basis of your consent or in performance of a contract handed over to you or to a third party in a commonly used, machine-readable format. Where you request the direct transmission of the data to another controller, this will be done only insofar as it is technically feasible.

Access, Rectification, and Erasure

Within the framework of the applicable statutory provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, their origin and recipients, and the purpose of the data processing, and, where applicable, a right to rectification or erasure of these data. You may contact us at any time regarding this and any further questions on the subject of personal data.

Right to Restriction of Processing

You have the right to request restriction of the processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you have restricted the processing of your personal data, these data may, apart from their storage, be processed only with your consent or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies”. Cookies are small data packets and do not cause any damage to your terminal device. They are stored on your terminal device either temporarily for the duration of a session, known as session cookies, or permanently, known as persistent cookies. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies may originate from us, known as first-party cookies, or from third-party companies, known as third-party cookies. Third-party cookies enable the integration of certain services of third-party companies within websites, such as cookies for the processing of payment services.

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them, such as the shopping cart function or the display of videos. Other cookies may be used to evaluate user behaviour or for advertising purposes.

Cookies that are necessary for carrying out the electronic communication process, for providing certain functions requested by you, such as the shopping cart function, or for optimising the website, such as cookies for measuring web audience, known as necessary cookies, are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Where consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent, Art. 6 para. 1 lit. a GDPR and Sec. 25 para. 1 TDDDG; consent may be withdrawn at any time.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If further cookies and services are used on this website, this can be found in this privacy policy.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

These data are not merged with other data sources.

These data are collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website; for this purpose, server log files must be collected.

Contact Form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not disclose these data without your consent.

These data are processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us, Art. 6 para. 1 lit. f GDPR, or on your consent, Art. 6 para. 1 lit. a GDPR, where this has been requested; consent may be withdrawn at any time.

The data you enter in the contact form remain with us until you request us to erase them, withdraw your consent to storage, or the purpose for data storage no longer applies, for example after your enquiry has been fully processed. Mandatory statutory provisions, in particular retention periods, remain unaffected.

Enquiry by E-mail, Telephone, or Fax

If you contact us by e-mail, telephone, or fax, your enquiry, including all personal data arising from it, such as name and enquiry, will be stored and processed by us for the purpose of handling your request. We do not disclose these data without your consent.

These data are processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us, Art. 6 para. 1 lit. f GDPR, or on your consent, Art. 6 para. 1 lit. a GDPR, where this has been requested; consent may be withdrawn at any time.

The data transmitted to us by contact enquiries remain with us until you request us to erase them, withdraw your consent to storage, or the purpose for data storage no longer applies, for example after your request has been fully processed. Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

Shop Functions via Spreadshop

We use shop functions provided by Spreadshop on or via this website. The shirts offered in the shop are printed and shipped by our partner Spreadshop. If you place an order via the shop, the data required for the order, payment, production, shipping, customer communication, and handling of any returns or complaints are processed for the purpose of performing the contract and processing the order.

The legal basis for processing in connection with orders is Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures. Insofar as processing is required to comply with statutory obligations, such as retention obligations under tax or commercial law, processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. Where cookies or comparable technologies are used in connection with the shop, the information in the “Cookies” section also applies.

Further details on data processing by Spreadshop can be found in the information provided during the ordering process and in Spreadshop’s privacy policy.

5. Newsletter

Newsletter Data

If you would like to subscribe to the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. Further data are not collected, or are collected only on a voluntary basis. We use these data exclusively for sending the requested information and do not disclose them to third parties.

The data entered in the newsletter registration form are processed exclusively on the basis of your consent, Art. 6 para. 1 lit. a GDPR. You may withdraw the consent given to the storage of the data, the e-mail address, and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the withdrawal.

The data stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be erased from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to erase or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Data stored by us for other purposes remain unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, where this is necessary to prevent future mailings. The data from the blacklist are used only for this purpose and are not merged with other data. This serves both your interest and our interest in complying with the statutory requirements for sending newsletters, which constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.

6. Plugins and Tools

Google Fonts

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must establish a connection to Google’s servers. As a result, Google becomes aware that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Sec. 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device, such as device fingerprinting, within the meaning of the TDDDG. Consent may be withdrawn at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Source: https://www.e-recht24.de translated to English