P r i v a c y P o l i c y

Responsible for data processing:

Annick & Günther Bauer GbR
Joergstr. 80 B
D-80689 Munich

Introduction

We are pleased to welcome you to our online shop (“Shop”) and appreciate your interest in our products. The protection of your personal data is important to us. We handle your data confidentially and in accordance with legal data protection regulations – particularly the GDPR and the BDSG.
In this privacy notice, we inform you about the nature, scope, and purpose of the processing of personal data in connection with our shop.

Definitions

We use terms such as “personal data,” “processing,” “controller,” etc. in the sense of Art. 4 GDPR.

Collection and Processing of Personal Data

When Visiting the Shop

When you access our shop, your browser automatically transmits data to the server (e.g., IP address, date and time, requested file, referrer, browser type, and operating system). This data is technically necessary to make the shop accessible. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest) – for example, operation and security of the system.
The stored log data will be deleted or anonymized as soon as the purpose has ceased and no legal retention periods are at odds.

When Ordering / Contract Execution

When you place an order in the shop, we collect the personal data necessary for contract execution – such as name, address, payment details, email address, and possibly phone number. The legal basis is Art. 6 para. 1 lit. b GDPR (contract execution).
This data will be used to process your order (shipping, invoicing, payment, and possibly returns) and to fulfill legal obligations (e.g., tax and commercial storage).

For Payment and Credit Checks

When using certain payment methods (e.g., purchase on account, installment purchase), data will be transmitted to payment service providers or credit agencies. Legal basis: contract execution or legitimate interest (e.g., for fraud prevention) according to Art. 6 para. 1 lit. b/f GDPR.

Purposes of Processing & Legal Bases

We process your personal data for the following purposes:

  • Operation and optimization of the online store (Art. 6 para. 1 lit. f GDPR)
  • Fulfilling your order or the contract (Art. 6 para. 1 lit. b GDPR)
  • Compliance with legal obligations (e.g., tax/commercial law retention)
  • Protection of our legitimate interests (e.g., IT security, fraud prevention) (Art. 6 para. 1 lit. f GDPR)
Data Sharing

The transfer of your personal data to third parties (e.g., service providers, payment providers, shipping companies) only occurs if:

  • You have given your consent (Art. 6 para. 1 lit. a GDPR)

  • the transfer is necessary for contract fulfillment (Art. 6 para. 1 lit. b GDPR)

  • there is a legal obligation

  • the transfer is necessary to protect vital interests or to perform a public interest task (Art. 6 para. 1 lit. d/f GDPR)

If we use processors (e.g., hosting, payment service providers, logistics), we conclude a processing agreement in accordance with Art. 28 GDPR.

Cookies & Monitoring

We use cookies and similar technologies. Upon your first visit to the shop, you will receive a consent request (cookie banner) if these technologies are not strictly necessary. You have the option to revoke this consent or adjust your settings.

Tracking technologies (e.g., web analytics, remarketing) are only performed with your consent.

Storage Duration

Personal data will be deleted or anonymized as soon as the purpose of storage ceases – unless there is a statutory retention period (e.g., tax/commercial law) to the contrary.
Example: Order data must generally be retained for 10 years according to § 147 AO or § 257 HGB, after which deletion or anonymization is required.

Technical and organizational measures (TOM)

We have taken appropriate technical and organizational measures to ensure the security of your data – e.g. TLS/SSL encryption, access restrictions, firewalls, regular backups. Legal basis: Art. 32 GDPR.

Rights of the affected persons

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (“right to be forgotten,” Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on legitimate interests (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7 para. 3 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

If you wish to exercise any of these rights, please contact us using the contact details provided above.

Changes to this Privacy Policy

We reserve the right to adjust this privacy policy in case of changes to our services, technology, or legal requirements. The new version will apply for your next visit.

Status: November 2025