top of page

Data protection

Privacy Policy

1. Access data and hosting
2. Data processing for contract fulfillment and contact purposes
2.1 Data processing for contract fulfillment
2.2 Customer account
2.3 Making contact
3. Data processing for the purpose of order fulfillment
3.1 Data transfer to shipping service providers for the purpose of shipping notification
4. Data processing for payment processing
4.1 Data processing for transaction processing
4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes
5. Advertising via email
5.1 Email newsletter with registration and newsletter tracking
5.2 Email newsletter without registration and your right to object
5.3 Sending feedback requests via email
6. Cookies and other technologies
6.1 General Information
6.2 Use of the Usercentrics Consent Management Platform for managing consents
6.3 Information on third-country transfers (data transfer to third countries)
7. Use of cookies and other technologies
7.1 Use of Adobe services
7.2 Use of Google services
7.3 Use of Microsoft services
7.4 Use of Facebook services
7.5 Other providers of web analytics and online marketing services
8. Social Media
8.1 Social buttons from Facebook (by Meta), Instagram (by Meta), Whatsapp
8.2 Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn
9. Contact options and your rights
9.1 Your rights
9.2 Contact options

The controller responsible for data processing is:

Alexander Hofmann

Pfingstreiterstrasse 20

93444 Bad Kötzting

Email: Support@HFNgermany.com

Telephone: +49 (0) 15128716667

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Personal data is any data that can be used to personally identify you.
Below we provide you with detailed information about how we handle your data.

1. Access Data and Hosting

You may visit our website without providing personal information. Each time a webpage is accessed, the web server automatically stores a server log file containing, for example, the name of the requested file, your IP address, date and time of access, amount of data transferred, and the requesting provider (access data), and documents the request.

This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the website and improving our offering. This serves to safeguard our legitimate interests in the correct presentation of our services in accordance with Art. 6 (1) sentence 1 lit. f GDPR. All access data is processed only for as long as necessary to achieve the above-mentioned purposes.

Hosting and website display services are partly provided by our service providers within the scope of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected via forms on this website are processed on their servers. If you have questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: Israel, United Kingdom, USA.
The adequacy decision for the USA applies as the basis for transfers to third countries insofar as the respective service provider is certified. Certification is in place.

Our service providers are located and/or use servers in the following countries: Brazil, Mexico, India, Ukraine.
For these countries, no adequacy decision by the European Commission exists. Our cooperation with them is based on EU Standard Contractual Clauses.
 

2. Data Processing for Contract Fulfillment and Contact
 

2.1 Data Processing for Contract Execution

For the purpose of contract processing (including handling warranty claims, service issues, and statutory update obligations) pursuant to Art. 6 (1) sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us as part of your order.

Required fields are marked as such because we need this data to process the contract, and without it we cannot ship the order. The data collected can be seen from the respective input forms.

After complete contract processing, your data will be restricted for further processing and deleted after expiration of tax and commercial retention periods pursuant to Art. 6 (1) sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or we reserve the right to use data beyond this as permitted by law and explained in this policy.
 

2.2 Customer Account

If you consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR by creating a customer account, we use your data for account creation and to store your data for future orders.

Your customer account can be deleted at any time either via the contact option described in this privacy policy or via a function provided in the customer account.

After deletion, your data will be erased unless you have expressly consented to further use or we reserve the right to use data beyond this as permitted by law.
 

2.3 Contacting Us

As part of customer communication, we collect personal data to process your inquiries pursuant to Art. 6 (1) sentence 1 lit. b GDPR if you voluntarily provide this data when contacting us (e.g., contact form, live chat, or email).

Required fields are marked accordingly. The data collected can be seen from the respective input forms.

After your inquiry has been fully processed, your data will be deleted unless you have expressly consented to further use or we reserve the right to further use as permitted by law.
 

Live Chat Tool: Ascend by Wix

For customer communication, we use the live chat tool Ascend by Wix, provided by Wix.com Ltd., 40 Nemal St., Tel Aviv 6350671, Israel.

This serves our legitimate interest in effective and improved customer communication pursuant to Art. 6 (1) sentence 1 lit. f GDPR. Wix acts on our behalf.

Wix servers may be located in:

  • Countries with adequate protection: Israel, United Kingdom, USA

  • Countries without adequacy decision: Brazil, Mexico, India, Ukraine
    → safeguarded by EU Standard Contractual Clauses.
     

3. Data Processing for Shipping

To fulfill the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR, we pass your data to the shipping provider responsible for delivery, insofar as this is necessary to deliver ordered goods.

Data Transfer for Delivery Notification

If you have given explicit consent, we will provide your email address and telephone number to the selected shipping provider so they can contact you prior to delivery.

Consent may be withdrawn at any time.

Shipping providers include:

  • General Logistics Systems Germany GmbH & Co. OHG

  • United Parcel Service Deutschland S.à r.l. & Co. OHG

  • Hermes Germany GmbH

  • DHL Paket GmbH

  • DPD Deutschland GmbH

  • UPS Germany GmbH
     

4. Data Processing for Payment Processing

We work with technical service providers, financial institutions, and payment service providers to process payments.
 

4.1 Transaction Processing

Depending on the selected payment method, we share the data necessary to process the payment with the relevant payment provider. This serves contract fulfillment pursuant to Art. 6 (1) sentence 1 lit. b GDPR.

Some providers collect payment data directly themselves. Their privacy policies apply.
 

4.2 Fraud Prevention & Payment Optimization

Where necessary, additional data may be shared with service providers for fraud prevention and payment process optimization. This serves our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR.
 

5. Email Advertising
 

5.1 Newsletter Subscription & Tracking

If you subscribe to our newsletter, we use the data required to send it based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

You may unsubscribe at any time.

We analyze newsletter usage (open rates & clicks) to improve campaigns. Tracking uses pixel technologies and may include:

  • Referrer URL

  • access date/time

  • browser type

  • IP address

  • email address

  • registration & confirmation timestamps

Tracking can be avoided by unsubscribing.
 

5.2 Newsletter Without Subscription (Existing Customers)

If we receive your email address in connection with a purchase, we may send offers for similar products pursuant to §7(3) UWG and Art. 6 (1) lit. f GDPR.

You may object at any time.
 

5.3 Review Request Emails

With your consent, we may send review requests after purchase.

Review invitations may be sent via Trusted Shops SE, Cologne, Germany.

We receive status information (e.g., delivery status of review requests) to optimize the process.

We share responsibility with Trusted Shops for this processing.
 

6. Cookies and Technologies (General Overview)

We use cookies and similar technologies to:

  • ensure website functionality

  • improve user experience

  • analyze usage

  • fulfill legal obligations

Some cookies are essential and do not require consent. Others require your consent and may be revoked at any time.

If cookies are disabled, website functionality may be limited.


8. Social Media
 

8.1 Social Buttons from Facebook (by Meta), Instagram (by Meta), WhatsApp

Our website uses social media buttons. These are integrated solely as HTML links, meaning that no connection to the servers of the respective provider is established when you access our website.

When you click one of the buttons, the website of the respective social network opens in a new browser window, where you can, for example, use the Like or Share function.
 

8.2 Our Online Presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn

If you have given your consent to the respective social media operator pursuant to Art. 6 (1) sentence 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when visiting our online profiles on the above-mentioned social media platforms. Pseudonymous user profiles may be created from this data and used, for example, to display advertisements within and outside the platforms that are presumed to match your interests.

Cookies are generally used for this purpose.

Detailed information about data processing and usage by the respective social media operator, as well as contact options and your related rights and privacy settings, can be found in the privacy policies of the respective providers linked below. If you still require assistance, you may contact us.

Facebook (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland. Information automatically collected by Meta Platforms Ireland about your use of our Facebook presence is generally transmitted to and stored on servers of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA.

Data processing in connection with visiting a Facebook fan page is based on a joint controller agreement pursuant to Art. 26 GDPR. Further information (including Insights data) is available from Facebook.

Service providers may be located in countries for which the European Commission has determined an adequate level of data protection, including: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

Where service providers are certified, the adequacy decision for the USA serves as the legal basis for data transfers.

Service providers may also operate in countries without an adequacy decision, including: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
In such cases, cooperation is based on EU Standard Contractual Clauses.

Instagram (by Meta) is provided by Meta Platforms Ireland Ltd., Dublin, Ireland. Information collected regarding your use of our Instagram presence is generally transmitted to and stored on servers of Meta Platforms, Inc., Menlo Park, California, USA.

Processing is carried out under a joint controller agreement pursuant to Art. 26 GDPR. Further information on Insights data is available from Instagram.

Data transfers and safeguards correspond to those described for Facebook above.

YouTube is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Information collected automatically regarding your use of our YouTube presence is generally transmitted to and stored on servers of Google LLC, Mountain View, California, USA.

Service providers may use servers outside the EU/EEA. Where no adequacy decision exists, transfers are safeguarded by EU Standard Contractual Clauses.

LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Information collected about your use of our LinkedIn presence is generally transmitted to and stored on servers of LinkedIn Corporation, Sunnyvale, California, USA.

The USA adequacy decision applies where the provider is certified.
 

9. Contact Options and Your Rights
 

9.1 Your Rights

As a data subject, you have the following rights:

  • Art. 15 GDPR – the right to obtain information about your personal data processed by us

  • Art. 16 GDPR – the right to request correction of inaccurate or incomplete data

  • Art. 17 GDPR – the right to request deletion of your stored personal data, unless processing is necessary:

    • for exercising the right of freedom of expression and information

    • for compliance with a legal obligation

    • for reasons of public interest

    • for the establishment, exercise, or defense of legal claims

  • Art. 18 GDPR – the right to request restriction of processing where:

    • you contest the accuracy of the data

    • processing is unlawful but you oppose deletion

    • we no longer need the data but you require it for legal claims

    • you have objected pursuant to Art. 21 GDPR

  • Art. 20 GDPR – the right to receive your data in a structured, commonly used, machine-readable format or request transfer to another controller

  • Art. 77 GDPR – the right to lodge a complaint with a supervisory authority. You may contact the authority at your place of residence, workplace, or our company headquarters.

Right to Object
 

If we process personal data based on legitimate interests as explained above, you have the right to object to this processing with future effect.

If processing is carried out for direct marketing purposes, you may exercise this right at any time. If processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing serves the establishment, exercise, or defense of legal claims.

This does not apply to processing for direct marketing purposes. In that case, your personal data will no longer be processed for such purposes.


9.2 Contact Options

If you have questions regarding the collection, processing, or use of your personal data, or if you wish to request information, correction, restriction, deletion of data, withdraw consent, or object to a specific use of data, please contact us directly using the contact details provided in our legal notice (Imprint).

bottom of page