Privacy policy
This Privacy Policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller”, we refer to the definitions set out in Article 4 of the General Data Protection Regulation (GDPR).
Controller
SensoryBoost, Albert-Einstein-Straße 4, 04600 Altenburg, Germany
Email: support@sensoryboost.de
Owner: Benjamin Zeising
Legal notice: https://sensoryboost.de/policies/legal-notice
Categories of processed data:
– Master data (e.g. names, addresses).
– Contact data (e.g. email addresses, telephone numbers).
– Content data (e.g. text entries, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Metadata/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online offering (hereinafter, the data subjects are collectively also referred to as “users”).
Purposes of processing
– Provision of the online offering, its functions and content.
– Responding to contact enquiries and communicating with users.
– Security measures.
– Reach measurement/marketing
Terminology used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable legal bases
In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not specified in this Privacy Policy, the following applies: the legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing necessary for the performance of our services, the implementation of contractual measures and the handling of enquiries is Article 6(1)(b) GDPR; the legal basis for processing necessary to comply with our legal obligations is Article 6(1)(c) GDPR; and the legal basis for processing necessary for the purposes of our legitimate interests is Article 6(1)(f) GDPR. Where processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
Retention period and deletion of data
We retain personal data only for as long as necessary for the respective processing purposes or where statutory retention obligations apply.
The specific retention period depends in particular on the processing purpose, the category of data and statutory retention obligations: – Order, invoice, accounting and tax records: in accordance with the respective statutory retention periods. Depending on the type of document, these are generally six, eight or ten years. – Contact enquiries: generally for up to one year after final handling, unless longer retention is required. – Marketing and tracking data: service-specific, depending on configuration, purpose, consent status and the retention periods stated in the Cookie Policy. – Customer account data: until the customer account is deleted, unless statutory retention obligations prevent this. – Data from cookies and comparable technologies: according to the respective lifetime and the information provided in the Cookie Policy. After the respective periods have expired, the data are deleted or anonymised in accordance with legal requirements.
Security measures
In accordance with Article 32 GDPR, and taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Such measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, access to and input of data, disclosure, safeguarding availability and separation of data. We have also established procedures that ensure the exercise of data subject rights, deletion of data and responses to risks to data. Furthermore, we take the protection of personal data into account already in the development and selection of hardware, software and procedures, in accordance with the principles of data protection by design and by default (Article 25 GDPR).
Cooperation with processors and third parties
Where, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer data to them or otherwise grant them access to data, this occurs only on the basis of a legal permission (e.g. where transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) GDPR), where you have given consent, where a legal obligation requires this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Where we commission third parties to process data on the basis of a so-called data processing agreement, this is done on the basis of Article 28 GDPR.
Transfers to third countries
We transfer personal data to recipients in third countries (outside the European Union or the European Economic Area) only under the following conditions:
Adequacy decision by the European Commission: Where the European Commission has determined that a third country ensures an adequate level of data protection, the transfer takes place on this basis (e.g. for Canada or Japan, as well as for certified US companies under the EU-US Data Privacy Framework – DPF).
Standard Contractual Clauses (SCCs) pursuant to Article 46 GDPR: Where no adequacy decision exists, we use Standard Contractual Clauses to ensure that recipients provide an adequate level of data protection. This applies in particular to transfers of data to the United States to providers such as Google, Meta (Facebook) or PayPal.
Additional safeguards: Where necessary, we implement additional measures (e.g. encryption and pseudonymisation) to further increase the level of protection.
User consent pursuant to Article 49(1)(a) GDPR: In exceptional cases, transfers take place only with your explicit consent (e.g. where you use a service that is not otherwise adequately safeguarded).
United States and other third countries
Where recipients in the United States participate in the EU-US Data Privacy Framework (DPF), a transfer is based on that adequacy decision. Otherwise, we rely on the EU Standard Contractual Clauses (SCCs) together with appropriate supplementary measures (e.g. encryption/pseudonymisation).
You can disable non-essential tracking, analytics, marketing and other consent-based services at any time through the cookie settings.
------------------------------------------------------------------------------------------------------------------------------
1. Access data and hosting
You can visit our websites without providing any personal information. Each time a website is accessed, the web server automatically stores only a so-called server log file containing, for example, the name of the requested file, your IP address, the date and time of access, the volume of data transferred and the requesting provider (access data), thereby documenting the access. These access data are evaluated exclusively for the purpose of ensuring the smooth operation of the website and improving our offering. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the correct presentation of our offering pursuant to Article 6(1), sentence 1, point (f) GDPR. All access data are deleted no later than seven days after the end of your visit to the website.
For the United States, the following applies: where the service provider participates in the DPF, transfers are based on the DPF; otherwise, they are based on the SCCs together with appropriate supplementary measures.
1.1 Hosting by Shopify
We use the shop system of Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website are processed on Shopify’s servers. Within the scope of the aforementioned Shopify services, data may also be transferred, as part of further processing on our behalf, to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada; Shopify Data Processing (USA) Inc.; Shopify Payments; or Shopify (USA) Inc. In the event of a transfer of data to Shopify Inc. in Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
Further information on Shopify’s privacy practices is available at: https://www.shopify.de/legal/datenschutz. Further processing on servers other than those of Shopify mentioned above takes place only within the scope communicated below.
1.2 Hosting
The services for hosting and displaying the website are partly provided by our service providers as processors acting on our behalf. Unless otherwise explained in this Privacy Policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have questions about our service providers and the basis of our cooperation with them, please use the contact option described in this Privacy Policy.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: Canada.
Our service providers are located and/or use servers in the United States and in other countries outside the EU and the EEA. No adequacy decision by the European Commission exists for these countries. Our cooperation with them is based on the European Commission’s Standard Contractual Clauses.
For the United States, the following applies: where the service provider participates in the DPF, transfers are based on the DPF; otherwise, they are based on the SCCs together with appropriate supplementary measures.
1.3 Content Delivery Network (CDN) – Cloudflare
For shorter loading times, we use a so-called Content Delivery Network (“CDN”) for certain services. With this service, content, such as large media files, is delivered via regionally distributed servers of external CDN service providers. Access data are therefore processed on the providers’ servers. Our service providers act as processors on our behalf. Our service providers are located and/or use servers in countries outside the EU and the EEA. No adequacy decision by the European Commission exists for these countries. Our cooperation with them is based on the European Commission’s Standard Contractual Clauses. If you have questions about our service providers and the basis of our cooperation with them, please use the contact option described in this Privacy Policy.
Where transfers to the United States take place, they are based on the EU-US Data Privacy Framework (DPF) where the respective provider participates in the DPF; otherwise, they are based on the SCCs together with appropriate supplementary measures.
2. Data processing for contract performance and contact
2.1 Data processing for contract performance
For the purpose of contract performance pursuant to Article 6(1), sentence 1, point (b) GDPR, we collect personal data where you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because, in these cases, we require the data for contract performance and cannot dispatch the order without it. The data collected can be seen from the respective input forms.
Further information on the processing of your data, in particular on disclosure to our service providers for order, payment and shipping processing, can be found in the following sections of this Privacy Policy. Once the contract has been fully performed, your data will be restricted for further processing and deleted after the expiry of statutory retention periods under tax and commercial law pursuant to Article 6(1), sentence 1, point (c) GDPR, unless you have expressly consented to further use of your data pursuant to Article 6(1), sentence 1, point (a) GDPR, or we reserve the right to use the data beyond this where permitted by law and where we inform you of this in this Privacy Policy.
2.2 Customer account
Where you have given your consent pursuant to Article 6(1), sentence 1, point (a) GDPR by choosing to open a customer account, we use your data for the purpose of opening the customer account and storing your data for future orders on our website. You can delete your customer account at any time, either by sending a message to the contact option described in this Privacy Policy or by using the function provided in the customer account. After your customer account has been deleted, your data will be deleted unless you have expressly consented to further use of your data pursuant to Article 6(1), sentence 1, point (a) GDPR, or we reserve the right to use the data beyond this where permitted by law and where we inform you of this in this Privacy Policy.
2.3 Contacting us
As part of customer communication, we collect personal data for the purpose of handling your enquiries pursuant to Article 6(1), sentence 1, point (b) GDPR where you voluntarily provide it to us when contacting us (e.g. by contact form or email). Mandatory fields are marked as such because, in these cases, we require the data in order to process your contact enquiry. The data collected can be seen from the respective input forms. Once your enquiry has been fully handled, your data will be deleted unless you have expressly consented to further use of your data pursuant to Article 6(1), sentence 1, point (a) GDPR, or we reserve the right to use the data beyond this where permitted by law and where we inform you of this in this Privacy Policy.
2.3.1 Shopify Inbox
This website uses the live chat system of the following provider: Shopify International Ltd., Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Personal data transmitted via the chat are processed either pursuant to Article 6(1)(b) GDPR because processing is necessary for initiating or performing a contract, or pursuant to Article 6(1)(f) GDPR on the basis of our legitimate interest in effectively supporting our website visitors. The data processed include chat content (e.g. messages, voluntarily transmitted contact/order data such as name, email address and order number) as well as metadata such as IP address, timestamps, browser/device information and, where applicable, the referrer URL. Subject to conflicting statutory retention periods, the data transmitted in this way are deleted once the relevant matter has been conclusively resolved.
Only with consent: Where non-essential cookies/tracking are used for the chat to create pseudonymised user profiles, this takes place only after your consent (Section 25 TDDDG / Article 6(1)(a) GDPR). Until consent is given, the chat function remains technically disabled (consent tool). Consent can be withdrawn at any time in the consent tool with effect for the future. The setting of cookies may also be prevented through the relevant browser settings; this may limit the functionality of our website.
Recipients / third-country transfer: Data are also transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. A transfer to affiliated companies in the United States may also take place (including Shopify (USA) Inc. and Shopify Data Processing (USA) Inc.). Where a transfer to the United States takes place, it is based on the DPF where the recipient participates in the EU-US Data Privacy Framework (DPF); otherwise, it is based on the EU Standard Contractual Clauses (SCCs) together with appropriate supplementary measures. Where data are transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
We have entered into a data processing agreement with the provider pursuant to Article 28 GDPR, which ensures protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.
2.3.2 EU withdrawal button / electronic withdrawal function
We use the Shopify app “EU Withdrawal Button & Form” of 4O1layers UG (limited liability), Dorothea-Erxleben-Str. 1a, 40721 Hilden, Germany, to provide you with an electronic option for exercising your right of withdrawal and to record, assign, document and process incoming withdrawal declarations. The withdrawal function can be used without a customer account.
When using the withdrawal function, the following data in particular may be processed: name, email address, order and/or contract data, selected items, content of the withdrawal declaration, timestamp, IP address, browser and device information, as well as other technical data where required for the secure provision, assignment and documentation of the process. The app may also send an acknowledgement of receipt by email and document withdrawal processes for verification purposes.
Processing takes place pursuant to Article 6(1)(b) GDPR where necessary to receive and process your withdrawal and to assign it to your order. Where the electronic withdrawal function and acknowledgement of receipt are required by law, processing takes place pursuant to Article 6(1)(c) GDPR. Documentation and evidentiary records are also processed on the basis of our legitimate interest in the legally compliant handling and verifiability of withdrawal processes pursuant to Article 6(1)(f) GDPR.
The provider processes the data as a processor pursuant to Article 28 GDPR. In providing the app, the provider may access data from our Shopify store where necessary for operating the withdrawal function, in particular customer, order, product and return data. Processing by Shopify and by the provider’s sub-processors, including outside the European Union or the European Economic Area, cannot be excluded. Where transfers to third countries take place, they are made, according to the provider, on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses or an adequacy decision, where applicable.
We retain withdrawal and verification data only for as long as necessary to process the withdrawal and fulfil statutory evidentiary, limitation and retention obligations. Further information on processing by the provider is available at: https://euwiderrufsbutton.de/privacypolicy
2.4 Shipping processing
In order to perform and fulfil the purchase contract, we transfer the personal data required for delivery to the shipping service provider commissioned with the specific shipment.
This may include, in particular, the following data:
– First and last name
– Delivery address
– Order and shipment data
– Information required for delivery, shipment tracking or complaint handling
Data are transferred for contract performance pursuant to Article 6(1), sentence 1, point (b) GDPR.
For shipping, we use national and international postal, parcel, express and freight service providers. We currently use DHL and Deutsche Post in particular. Depending on the shipping destination, shipping method, delivery speed and availability, another suitable shipping provider may be commissioned in individual cases.
Where personal data are transferred to recipients outside the European Union or the European Economic Area for international shipments, this is done in compliance with the requirements of Articles 44 et seq. GDPR.
3. Data processing for payment and transaction processing
When processing payments in our online store, we work with the following partners: technical service providers, credit institutions and payment service providers.
3.1 Data processing for transaction processing
Depending on the payment method selected, we transfer the data necessary for payment transaction processing to our technical service providers acting as processors on our behalf, or to the commissioned credit institutions or the selected payment service provider, where necessary for payment processing. This serves contract performance pursuant to Article 6(1), sentence 1, point (b) GDPR. In some cases, payment service providers collect the data necessary for payment processing themselves, e.g. on their own website or through a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
If you have questions about our payment-processing partners and the basis of our cooperation with them, please use the contact option described in this Privacy Policy.
3.2 Data processing for fraud prevention and optimisation of our payment processes
Where applicable, we provide our service providers with additional data which they use, together with the data necessary for payment processing, as processors on our behalf for the purpose of fraud prevention and optimisation of our payment processes (e.g. invoicing, handling disputed payments and accounting support). Pursuant to Article 6(1), sentence 1, point (f) GDPR, this serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in protection against fraud and efficient payment management.
3.3 Identity and credit assessment by Klarna
Klarna (direct debit)
If you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”), we ask for your consent pursuant to Article 6(1), sentence 1, point (a) GDPR to transfer to Klarna the data necessary for payment processing and identity and credit assessment. In Germany, the credit agencies named in Klarna’s privacy policy may be used for identity and credit assessment. Klarna uses the information obtained on the statistical probability of payment default to make a balanced decision on the establishment, performance or termination of the contractual relationship. You may withdraw your consent at any time by sending a message to the contact option stated in this Privacy Policy. This may result in us no longer being able to offer you certain payment options. You may also withdraw your consent to this use of personal data directly from Klarna at any time.
3.4 Amazon Pay payment service
1) Where payment is made via Amazon Pay, we transfer your payment data, in the context of payment processing, primarily to Amazon Payments Europe s.c.a. and secondarily to Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all located at 5, Rue Plaetis, L-2338 Luxembourg (hereinafter “Amazon Payments”).
2) Amazon Payments reserves the right to carry out a credit assessment. Amazon Payments uses the result of the credit assessment concerning the statistical probability of payment default to decide whether to provide the respective payment method. The credit assessment may contain probability values (so-called score values). Where score values are included in the result of the credit assessment, they are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things, are included in the calculation of score values.
3) In addition, Amazon Payments is entitled to disclose your data to unnamed third parties, including banks, e-service providers, service partners, auditors, analytics services, credit agencies, marketing partners, cloud service providers, retargeting providers and affiliated companies.
4) Further data protection information, including information on the credit agencies used, can be found in Amazon Payments’ privacy policy: pay.amazon.com/de/help/201751600. The legal basis for this is Article 6(1), sentence 1, point (b) GDPR.
3.5 PayPal payment service
1) In the context of payment processing, where payment is made via PayPal, credit card via PayPal, direct debit via PayPal or — where offered — “purchase on account” via PayPal, we transfer your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). For the payment methods credit card via PayPal, direct debit via PayPal or — where offered — “purchase on account” via PayPal, PayPal reserves the right to carry out a credit assessment: www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#rAnnex.
2) PayPal uses the result of the credit assessment concerning the statistical probability of payment default to decide whether to provide the respective payment method. The credit assessment may contain probability values (so-called score values). Where score values are included in the result of the credit assessment, they are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things, are included in the calculation of score values.
3) In addition, PayPal is entitled to disclose your data to named third parties, including banks, e-service providers, service partners, auditors, analytics services, credit agencies, marketing partners, cloud service providers, retargeting providers and affiliated companies, as well as unnamed third parties (www.paypal.com/de/webapps/mpp/ua/third-parties-list).
4) Further data protection information, including information on the credit agencies used, can be found in PayPal’s privacy policy: www.paypal.com/de/webapps/mpp/ua/privacy-full. The legal basis for this is Article 6(1), sentence 1, point (b) GDPR.
3.6 Shopify Payments (Apple Pay, Google Pay, etc.)
We use the payment service provider “Shopify Payments”, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered through Shopify Payments, payment processing is carried out through the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We transfer to Stripe the information you provide during the ordering process together with information about your order (name, address, account number, bank code, where applicable credit card number, invoice amount, currency and transaction number) pursuant to Article 6(1)(b) GDPR. Your data are transferred exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for that purpose. Further information on the privacy practices of Shopify Payments is available at: https://www.shopify.com/legal/privacy. Privacy information for Stripe Payments Europe Ltd. is available here: https://stripe.com/de/privacy.
4. Integration of third-party services and content
Within our online offering, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e. our interest in analysing, optimising and operating our online offering economically within the meaning of Article 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).
This always requires that the third-party providers of such content receive users’ IP addresses, as they could not send the content to users’ browsers without the IP address. The IP address is therefore required to display such content. We endeavour to use only content whose respective providers use the IP address solely for delivery of that content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, time of visit and other information concerning use of our online offering, and may be combined with such information from other sources.
4.1 Product reviews via “Judge.me”
We use the “Judge.me” review platform of Judge.me Ltd, C/O Buckworths, 2nd Floor, 1–3 Worship Street, London EC2A 2AB, United Kingdom, to display, manage and obtain voluntary product reviews.
Where you voluntarily submit a review through our website, we may process your name, the connection to the order or product, the review text, any uploaded media and technical data. Processing takes place for the display, management and verification of reviews and the prevention of misuse on the basis of Article 6(1)(f) GDPR.
Where, at checkout, you have consented to receive offers and review invitations by email, we may send you an email invitation to submit a review. For this purpose, we may transfer your email address, your name and the connection to the order or product to Judge.me.
The processing and transfer of data for sending review invitations take place on the basis of your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future via the unsubscribe link in the relevant email or by sending a message to support@sensoryboost.de.
Judge.me may use sub-processors. Where personal data are transferred to third countries in this context, the transfer is based on appropriate safeguards pursuant to Articles 44 et seq. GDPR. Further information is available in Judge.me’s privacy notice at: https://judge.me/privacy
4.2 Product reviews via “Trustpilot”
We use the “Trustpilot” review platform to display customer reviews. The provider is Trustpilot A/S, Pilestræde 58, 5th floor, DK-1112 Copenhagen, Denmark (“Trustpilot”).
Integration of Trustpilot widgets
Trustpilot widgets (e.g. star ratings or review boxes) may be embedded on our website. When a page is accessed, a connection to Trustpilot’s servers is established. Technical data such as IP address, browser and device information, pages visited, timestamps and, where applicable, cookie information may be transmitted to Trustpilot in order to correctly display the requested content.
Where cookies or comparable technologies are used in this context, they are used only with your consent via our cookie/consent tool (Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR). The legal basis for displaying the reviews is our legitimate interest in transparent public presentation and genuine customer opinions (Article 6(1)(f) GDPR).
Further information on the processing of personal data by Trustpilot is available at:
https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms
4.3 YouTube
Only with consent (two-click): Data are transferred to Google only once you actively consent (two-click solution/consent banner). Legal basis: Article 6(1)(a) GDPR / Section 25 TDDDG.
We embed videos from the “YouTube” platform of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/; opt-out: https://adssettings.google.com/authenticated.
4.4 GOOGLE
Provider (EU): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; where applicable, transfer to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA, USA (DPF/SCCs).
4.4.1 Google reCAPTCHA
Only with consent (two-click): Data are transferred to Google only once you actively consent (consent banner/two-click). Legal basis: Article 6(1)(a) GDPR / Section 25 TDDDG.
Provider (EU): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; where applicable, transfer to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA, USA (DPF/SCCs).
We integrate the bot-detection function, e.g. for entries in online forms (“reCAPTCHA”), of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/; opt-out: https://adssettings.google.com/authenticated.
4.4.2 Google Fonts
Where integrated via Google servers (United States), this takes place only with consent (Section 25 TDDDG / Article 6(1)(a) GDPR). Transfers to the United States may take place and are based on the recipient’s DPF participation or otherwise on SCCs together with appropriate supplementary measures. Consent may be withdrawn at any time in the consent tool.
Provider (EU): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; where applicable, transfer to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA, USA (DPF/SCCs).
4.4.3 Google Maps
Only with consent (two-click): Data are transferred to Google only once you actively consent (two-click solution/consent banner). Legal basis: Article 6(1)(a) GDPR / Section 25 TDDDG.
For the visual presentation of geographic information, Google Maps collects data about your use of Maps functions, in particular the IP address and location data, transfers these data to Google and subsequently processes them. We have no influence over this subsequent processing of data.
4.4.4 Google Ads
Only with consent: Remarketing/conversion cookies and comparable identifiers are set only after consent has been given (Section 25 TDDDG / Article 6(1)(a) GDPR). Consent may be withdrawn at any time in the consent tool. Any transfers to the United States are based on the DPF or SCCs.
Once you have given your consent, the so-called Google Remarketing cookie is set for advertising purposes in Google search results and on third-party websites. By automatically collecting and processing data (IP address, time of visit, device and browser information, and information on your use of our website) and using a pseudonymous cookie ID and the pages you visit, it enables interest-based advertising. Further processing takes place only if you have enabled the “personalised advertising” setting in your Google account. If you are logged in to Google while visiting our website in that case, Google uses your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent usage behaviour where you have accessed our website via a Google Ads advertisement. Cookies may be used for this purpose and data may be collected (IP address, time of visit, device and browser information, and information on your use of our website based on events defined by us, such as visiting a website or subscribing to a newsletter), from which user profiles may be created using pseudonyms.
4.4.5 Google Analytics
We use Google Analytics only with consent (Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR). Consent may be withdrawn at any time in the consent tool. We use Google Analytics with IP anonymisation. A transfer to the United States may take place and is based on the EU Standard Contractual Clauses or, where the recipient participates, the EU-US Data Privacy Framework. Further details are available from Google.
Google will use this information on our behalf to evaluate use of our online offering by users, compile reports on activities within this online offering and provide us with further services relating to the use of this online offering and use of the internet. Pseudonymised user profiles may be created from the processed data.
We use Google Analytics only with IP anonymisation enabled. This means that users’ IP addresses are truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the United States and truncated there.
The IP address transmitted by the user’s browser is not merged with other data held by Google. Users can prevent the storage of cookies by selecting the relevant setting in their browser software; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offering, as well as Google’s processing of such data, by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on Google’s use of data, settings and objection options is available in Google’s privacy policy (https://policies.google.com/technologies/ads) and in Google’s settings for displaying advertisements (https://adssettings.google.com/authenticated).
Marketing and tracking data: service-specific; e.g. Google Analytics 14 months (unless configured otherwise). For details, see the sections on the respective services.
4.4.6 Google Tag Manager
In this Privacy Policy, we would like to explain in more detail the role played by Google Tag Manager, why it is used on our website and how data are processed in this context.
About Google Tag Manager: This tool enables us to manage website tags through a central interface. Tags are small code snippets that, among other things, serve to record your interaction with our website. These codes often originate from Google services such as Google Ads or Google Analytics, but may also come from other providers. They perform various functions, such as collecting browser data, supplying marketing tools with information, inserting buttons, setting cookies or tracking users across different websites.
Tag Manager itself does not set cookies or collect personal data; however, it can trigger tags (e.g. analytics/marketing tags). These tags are activated only after consent has been granted through the consent tool.
Use on our website: Efficient organisation and management of our website are very important to us in order to offer you and other interested parties the best possible experience. This includes various tracking tools that provide us with insight into user preferences and opportunities for improvement. Google Tag Manager significantly facilitates the integration and management of these tools by providing a user-friendly interface without requiring programming knowledge.
Data storage and management: It is important to emphasise that Tag Manager itself does not set cookies or store data. It merely acts as an intermediary for the tags of the various web analytics tools, which collect data independently. In the Tag Manager settings, we have agreed to provide Google with anonymised data on the use of Tag Manager; however, these data do not relate to information collected through the tags.
Server locations and data protection: Google stores data on servers distributed worldwide. For more detailed information on server locations and data retention periods, please visit Google’s relevant pages.
Your privacy options: Although Google Tag Manager itself does not collect data, the individual tracking tools we use provide options for managing or preventing data collection. Details can be found in our specific privacy notices for those tools.
Third-country connection/DPF: Tag Manager itself does not set cookies or process personal data for its own purposes; it merely triggers tags. Tags that require consent (analytics/marketing) are activated only after consent has been granted. Any transfers to third countries are based on the DPF where the recipient participates; otherwise, they are based on SCCs together with appropriate supplementary measures.
4.5 Shopify Analytics
We use the integrated statistics function “Shopify Analytics” of Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), to analyse user behaviour in our online store and optimise our offering from both a technical and commercial perspective.
The following data may be processed: pages and products viewed, click paths, cart and order events, browser and device information, referrer URL, approximate location data (country/region), timestamps and a pseudonymous identifier (e.g. through Shopify Analytics cookies such as _shopify_s, _shopify_y, _shopify_sa_t, _shopify_sa_p).
Where Shopify Analytics sets non-essential cookies, it is used only with your express consent via our consent tool (Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR). Without consent, analysis is limited exclusively to technically necessary data, which we process on the basis of our legitimate interest in secure and stable provision of the store (Article 6(1)(f) GDPR).
Shopify may transfer data to Shopify-affiliated companies outside the EU, in particular in Canada and the United States. An adequacy decision by the European Commission exists for Canada. For the United States, Shopify relies on the EU-US Data Privacy Framework as well as EU Standard Contractual Clauses and additional safeguards.
Further information is available in Shopify’s privacy policy at:
https://www.shopify.com/legal/privacy
4.6 Shopify Messaging / email and SMS marketing
We use “Shopify Messaging”, a service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), to create, send and evaluate email and SMS marketing campaigns. These may include newsletters, product information, promotional communications, cart and checkout reminders, browse-abandonment messages and follow-up communications.
Within Shopify Messaging, the following data in particular may be processed: name, email address, telephone number, customer account and contact data, marketing preferences and consent status, order and cart data, checkout data, purchased or viewed products, discount and campaign data, communication data, open, click and conversion data, unsubscribe information, and technical data such as IP address, device and browser information, timestamps, referrer information and pseudonymous identifiers. Where necessary for technical provision, administrative data of store employees or contributors may also be processed, e.g. user ID, roles, permissions and activity data in the Shopify Admin.
Email and SMS marketing is generally sent only where you have expressly consented or another legal permission exists. The legal basis is Article 6(1)(a) GDPR. You may withdraw consent at any time with effect for the future, e.g. via the unsubscribe link in the relevant message or by notifying support@sensoryboost.de. Where we use marketing to existing customers in legally permissible cases, processing takes place on the basis of our legitimate interest in direct advertising for our own similar goods pursuant to Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG. You may object to such use at any time.
Campaign analysis, in particular of open, click and conversion rates, serves to measure the success of and optimise our communications. Where cookies, pixels or comparable tracking technologies are used on our website for this purpose, this takes place only with your consent via our consent tool pursuant to Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future through the cookie settings.
Where Shopify Network Intelligence is enabled, Shopify may securely use customer data together with other Shopify data and data from interactions with Shopify and other merchants to provide enhanced Shopify services. This may include improving products and personalisation, improving store performance and optimising advertising targeting. Other merchants do not receive access to your customer data.
Shopify initially processes personal data through Shopify International Limited in Ireland. Processing by Shopify’s affiliated companies and sub-processors, in particular in Canada, the United States and other third countries, cannot be excluded. An adequacy decision by the European Commission exists for Canada. Where data are transferred to the United States or other third countries, the transfer is made, where applicable, on the basis of the EU-US Data Privacy Framework, EU Standard Contractual Clauses or other appropriate safeguards pursuant to Articles 44 et seq. GDPR.
Further information on processing by Shopify is available in Shopify’s privacy policy at:
https://www.shopify.com/legal/privacy
Information on your data protection rights vis-à-vis Shopify and on objection or opt-out options in connection with Shopify services is also available in the Shopify Privacy Portal:
https://privacy.shopify.com
We retain marketing and campaign data only for as long as necessary for the stated purposes or where statutory retention obligations apply. Where you withdraw your consent or object to direct marketing, your data will be blocked or deleted for future marketing communications unless statutory retention obligations prevent this.
4.7 Zigpoll (post-purchase survey on the thank-you/order status page)
Only with consent: After completion of an order, we integrate a post-purchase survey through “Zigpoll Customer Surveys” on the thank-you/order status page. Participation is voluntary; you can ignore or close the survey. Where Zigpoll uses cookies/similar identifiers or comparable technologies in this context, the integration takes place only with your consent via our consent tool (Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR; consent may be withdrawn at any time through the cookie settings).
Provider: Argonautic Labs (Zigpoll), 400 E 67th Street, New York, NY 10065, USA.
Purpose: Obtaining and evaluating feedback immediately after purchase (e.g. satisfaction/NPS, purchase reasons/attribution) in order to optimise our offering, our store and our service.
Processed data (depending on your input and survey configuration):
– Survey responses (including free-text responses)
– Where applicable, order/transaction reference (e.g. order reference, purchased products/variants, timestamps) so that responses can be assigned to the order
– Technical usage/metadata (e.g. IP address, timestamps, device/browser data, online identifiers, interaction/engagement data)
– Where applicable, cookie ID/comparable identifiers, insofar as technically used by Zigpoll
Recipients/processing on our behalf: Zigpoll processes data as a processor on our behalf (Article 28 GDPR) and may use sub-processors for this purpose (e.g. hosting/storage, security/CDN, email/logging services).
Third-country transfer: Zigpoll is based in the United States; processing/transfers to the United States may take place. They are based on appropriate safeguards (in particular EU Standard Contractual Clauses) in accordance with Zigpoll’s agreements.
Retention period: We retain survey/feedback data only for as long as necessary for the stated purposes; we then delete or anonymise the data unless statutory retention obligations prevent this. After use ends, data are deleted or returned in accordance with Zigpoll’s agreements.
Further information:
Privacy policy/terms: https://www.zigpoll.com/terms-and-policies
DPA: https://www.zigpoll.com/dpa
4.8 SSL encryption
To protect the security of your data during transmission, we use encryption procedures in line with the state of the art (e.g. SSL) via HTTPS.
4.9 Pandectes GDPR Compliance Cookie Consent Tool
Our website uses cookies to improve your user experience. Our cookie consent tool allows you to choose at any time which cookies you wish to allow and which you do not. You can adjust your settings at any time.
4.10 Cookies and the right to object to direct marketing
“Cookies” are small files stored on users’ computers. Different information may be stored in cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, also called “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login status. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, a login status may be stored where users return after several days. Similarly, such a cookie may store users’ interests, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (otherwise, where they are only the controller’s own cookies, they are referred to as “first-party cookies”).
Provider of the consent tool: Pudisoo küla, Männimäe/1, 74626, Kuusalu vald, Estonia
Contact: https://pandectes.io/contact-us/
We may use temporary and permanent cookies and provide information about them in this Privacy Policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the relevant option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies may limit the functionality of this online offering.
A general objection to the use of cookies for online marketing purposes can be exercised for a large number of services, especially in the case of tracking, through the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in browser settings. Please note that this may mean that not all functions of this online offering can be used.
– Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
– Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
– Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
– Opera: http://www.opera.com/de/help
– Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
Opt-out for tracking and advertising
If you do not want your data to be processed for analytics or advertising purposes, you can disable this here:
Disable Google Analytics: Google opt-out https://tools.google.com/dlpage/gaoptout
Disable Facebook advertising: Facebook Ad Preferences https://www.facebook.com/adpreferences/
Disable personalised advertising: Your Online Choices https://www.youronlinechoices.com/de/
Further information is available in our cookie declaration: https://sensoryboost.de/pages/cookie-erklarung
4.11 Facebook (META) services
4.11.1 Facebook Pixel
Only with consent: Used exclusively with consent (Section 25 TDDDG / Article 6(1)(a) GDPR); consent may be withdrawn at any time in the consent tool. Transfers to the United States: DPF or SCCs.
Joint controllership: Where the parameters of data collection/transmission are jointly determined, joint controllership exists pursuant to Article 26 GDPR (core elements available from Meta).
We use the Facebook Pixel as part of the technologies described below, provided by Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta”). The Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, and information on your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter), from which user profiles may be created using pseudonyms. For this purpose, when you visit our website, the Facebook Pixel automatically sets a cookie that enables your browser to be recognised when visiting other websites by means of a pseudonymous cookie ID. Meta may combine this information with other data from your Meta account and use it to compile reports on website activities and to provide other services related to website use, in particular personalised and group-based advertising.
Any transfers to the United States are based on the EU-US Data Privacy Framework (DPF) where the recipient participates; otherwise, they are based on the EU Standard Contractual Clauses (SCCs) together with appropriate supplementary measures.
4.11.2 Facebook Ads
Only with consent: Used exclusively with consent (Section 25 TDDDG / Article 6(1)(a) GDPR); consent may be withdrawn at any time in the consent tool. Transfers to the United States: DPF or SCCs.
Joint controllership: Where the parameters of data collection/transmission are jointly determined, joint controllership exists pursuant to Article 26 GDPR (core elements available from Meta).
We advertise this website through Facebook Ads on Facebook and other platforms. We determine the parameters of the respective advertising campaign. Meta is responsible for the precise implementation, in particular the decision on placing advertisements with individual users. Unless otherwise stated for individual technologies, processing takes place under an agreement on joint controllership pursuant to Article 26 GDPR. Joint controllership is limited to collection of the data and its transmission to Meta; subsequent processing by Meta is carried out under Meta’s own responsibility.
On the basis of statistics on visitor activity on our website created using Facebook Pixel, we use Facebook Custom Audience to run group-based advertising on Facebook by determining the characteristics of the respective target group.
On the basis of the pseudonymous cookie ID set by Facebook Pixel and the data collected about your usage behaviour on our website, we use Facebook Pixel Remarketing to run personalised advertising.
Using Facebook Pixel Conversions, we measure your subsequent usage behaviour for web analytics and event tracking where you accessed our website through a Facebook Ads advertisement. To the extent that this concerns collection of event data through our website and its transmission to Meta, processing takes place under joint controllership pursuant to Article 26 GDPR and the Meta Controller Addendum. Meta is independently responsible for subsequent processing of the transmitted data.
4.12 WhatsApp Business
We offer you the option of contacting us via WhatsApp Business (provider in the European Economic Area: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service serves solely to create an additional communication channel and make it easier for you to contact us.
When you contact us via WhatsApp Business, we use your contact data and messages exclusively to process your enquiry. We do not initiate contact via WhatsApp Business unless you have previously sent us a message and thereby consented to the use of this communication channel.
Please note that WhatsApp may transfer data to and process data in third countries outside the EU/EEA, in particular in the United States. Transfers are based on appropriate safeguards, in particular EU Standard Contractual Clauses or, where the recipient participates, the EU-US Data Privacy Framework. Further information is available in WhatsApp’s privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea.
The processing of your data through WhatsApp Business is voluntary and takes place only on the basis of your consent pursuant to Article 6(1)(a) GDPR; you may withdraw it at any time with effect for the future.
4.13 Use of the “UpPromote” affiliate partner programme
We use the “UpPromote” affiliate partner programme of
Secomapp Pte. Ltd., Home City, 4th Floor, V4 Building, 177 P. Trung Kính Ward, Yên Hoà, Cầu Giấy, Hanoi, Vietnam
to manage our partner programme, provide tracking functions and record referral-related data.
Within the partner programme, personal data of affiliates are processed. This includes in particular: name, address, contact data, tracking data relating to referred purchases and, where applicable, tax information. Processing takes place for the establishment and administration of the affiliate partnership (Article 6(1)(b) GDPR) and for fraud prevention and abuse detection (Article 6(1)(f) GDPR).
Commission payments are made exclusively by us
(SensoryBoost, Albert-Einstein-Str. 4, 04600 Altenburg, Germany) on the basis of a properly issued invoice from the affiliate. UpPromote itself does not make payments; it merely provides the technical infrastructure for tracking and administration.
UpPromote processes personal data on servers in the United States. The provider is based in Vietnam. Where personal data are transferred to third countries in this context, this takes place only in compliance with the requirements of Articles 44 et seq. GDPR and on the basis of appropriate safeguards where required.
Your data are stored only for as long as necessary for contract performance and while statutory retention periods apply. Data are disclosed to further third parties only where necessary for contract performance or where we are legally obliged to do so.
Data subject rights: You have the right at any time to obtain information about the data stored about you, have inaccurate data rectified, request erasure or restriction of processing, receive your data in a structured, commonly used and machine-readable format (data portability), and object to the processing of your personal data. You may withdraw consent granted at any time with effect for the future. You also have the right to lodge a complaint with a competent data protection supervisory authority.
4.13.1 Data processing by SensoryBoost
If you participate in our programme as an affiliate partner, we collect certain personal data about you. This includes in particular:
Contact information: such as your email address and, where applicable, your first and last name.
Payment information: such as account details or information about your preferred payment methods.
Marketing information: such as data about your social networks or websites on which you place our affiliate link.
These data are required to enable your participation in the affiliate programme, ensure the payment of commissions and contact you in the event of questions or concerns.
These data are processed in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR).
4.13.2 Data processing by UpPromote
Where you access our website via an affiliate link, we and UpPromote may, provided that you have consented to the “Targeting” category, process online identifiers, cookie information and referral-related data. This may include the affiliate ID, referrer or landing-page information, cart and order data, order amount, ordered items, order ID and timestamps. Processing serves to attribute affiliate transactions, correctly settle commissions and prevent misuse.
The storage of information on your device or access to such information for cookie-based affiliate attribution takes place exclusively after your consent to the “Targeting” category pursuant to Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future through the cookie settings.
Further information on processing by UpPromote, including information on its processing activities and data-storage locations, is available at: https://docs.uppromote.com/privacy-policy/privacy-policy
4.13.3 Disclosure of information
Disclosure of data to third parties
We transfer personal data to third parties only where this is necessary for contract performance or where you have given consent. Data are transferred to:
Payment service providers: (e.g. PayPal, Klarna, Google Pay, Apple Pay) for payment processing.
Shipping service providers: (e.g. DHL, Deutsche Post, UPS) for delivery of your orders.
Hosting providers and IT service providers: for operation of the website.
Accounting and tax advisers: for fulfilment of tax obligations.
Your data are transferred further only where you have consented or where we are legally obliged to do so.
Important: We do not sell or rent personal data to third parties.
4.13.4 Your rights as a data subject
You have the right to access, rectification, erasure, restriction of processing and portability of your personal data. If you wish to exercise these rights, please contact us at support@sensoryboost.de. We reserve the right to request proof of identity in order to process your request.
Affiliate partners should contact us directly to exercise their rights, as we act as the controller within the meaning of the GDPR in this context.
4.13.5 Changes to the Privacy Policy
We reserve the right to amend this Privacy Policy to take account of changes in our privacy practices or legal requirements. In the event of material changes, we will inform you of the updated Privacy Policy. By continuing to use the affiliate programme, you agree to the revised Privacy Policy.
4.13.6 Contact information
If you have questions about this Privacy Policy or the processing of your personal data, you can contact us at Support@SensoryBoost.de.
4.14 Fast Bundle – bundle and offer functions
We use the Shopify app “Fast Bundle” of VConvert (“Fast Bundle”) to provide and technically process product bundles, quantity discounts, add-ons, cross-sells and other offer and discount functions in our online store.
When using pages on which Fast Bundle is integrated, the following data in particular may be processed: product, variant, bundle and discount data; cart, order, transaction and, where necessary for the relevant function, customer and order data. Technical usage and interaction data may also be processed, such as IP address, device and browser information, operating system, language and time-zone settings, referrer URL, pages viewed, clicks, page views, online identifiers and cookie or comparable identifiers.
Processing takes place, where necessary to provide selected bundle, discount or offer functions and to carry out pre-contractual or contractual measures, on the basis of Article 6(1)(b) GDPR. Where processing serves technical stability, error analysis, security or prevention of misuse, it takes place on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR.
Where Fast Bundle uses non-essential cookies, comparable technologies or additional analytics, personalisation or marketing functions, these are used exclusively with your consent via our consent tool pursuant to Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future through the cookie settings.
According to its own information, Fast Bundle also processes data on servers in the United States. Where personal data are transferred to a third country in this context, this takes place only in compliance with the requirements of Articles 44 et seq. GDPR and on the basis of appropriate safeguards where required. Further information on processing by Fast Bundle is available at: https://fastbundle.co/privacypolicy/
5. Social media
5.1 Plugins from Facebook, Instagram, Pinterest and LinkedIn
Our website uses social buttons from social networks. They are integrated into the page only as HTML links, so no connection to the servers of the respective provider is established merely by accessing our website. If you click one of the buttons, the website of the respective social network opens in a new browser window. There you can, for example, use the Like or Share button.
Unless otherwise stated in this Privacy Policy, we process users’ data where they communicate with us within social networks and platforms, e.g. by posting on our online presences or sending us messages.
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to provide them with information about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
5.2 Online presences on social media
5.2.1 Our online presence on Facebook, Instagram and YouTube
Where you have given the relevant social media operator your consent pursuant to Article 6(1), sentence 1, point (a) GDPR, your data are automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which user profiles are created using pseudonyms. These may be used, for example, to display advertisements within and outside the platforms that are presumed to match your interests. Cookies are generally used for this purpose. Please refer to the providers’ privacy notices linked below for detailed information on the processing and use of data by the respective social media operator, as well as contact options, your related rights and settings options for protecting your privacy. If you still need help in this respect, you can contact us.
Facebook is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). Information automatically collected by Facebook Ireland about your use of our online presence on Facebook is generally transferred to and stored on a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Where transfers to the United States take place, they are based on the EU-US Data Privacy Framework (DPF) where the respective provider participates; otherwise, they are based on SCCs together with appropriate supplementary measures. Data processing in connection with visiting a Facebook fan page is based on an agreement between joint controllers pursuant to Article 26 GDPR. Further information (information on Insights data) is available here.
Instagram is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). Information automatically collected by Facebook Ireland about your use of our online presence on Instagram is generally transferred to and stored on a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Where transfers to the United States take place, they are based on the EU-US Data Privacy Framework (DPF) where the respective provider participates; otherwise, they are based on SCCs together with appropriate supplementary measures. Data processing in connection with visiting an Instagram fan page is based on an agreement between joint controllers pursuant to Article 26 GDPR. Further information (information on Insights data) is available here.
YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Information automatically collected by Google about your use of our online presence on YouTube is generally transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Where transfers to the United States take place, they are based on the EU-US Data Privacy Framework (DPF) where the respective provider participates; otherwise, they are based on SCCs together with appropriate supplementary measures.
Pinterest is a service of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). Information automatically collected by Pinterest about your use of our online presence on Pinterest is generally transferred to and stored on a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA. Where transfers to the United States take place, they are based on the EU-US Data Privacy Framework (DPF) where the respective provider participates; otherwise, they are based on SCCs together with appropriate supplementary measures.
LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Information automatically collected by LinkedIn about your use of our online presence on LinkedIn is generally transferred to and stored on a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Where transfers to the United States take place, they are based on the EU-US Data Privacy Framework (DPF) where the respective provider participates; otherwise, they are based on SCCs together with appropriate supplementary measures.
Xing is a service of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
6. Contact options and your rights
6.1 Rights of data subjects
Right to object pursuant to Article 21 GDPR
You have the right to object at any time to the processing of your personal data where processing is based on Article 6(1)(e) or (f) GDPR.
If you wish to object to the processing of your data for advertising purposes, please send us an email at Support@SensoryBoost.de or use the cookie settings to disable personalised advertising.
– You have the right to request confirmation as to whether data concerning you are being processed and to obtain access to these data, further information and a copy of the data in accordance with Article 15 GDPR.
– Pursuant to Article 16 GDPR, you have the right to request completion of data concerning you or rectification of inaccurate data concerning you.
– Pursuant to Article 17 GDPR, you have the right to request that data concerning you be erased without undue delay or, alternatively, pursuant to Article 18 GDPR, to request restriction of processing of the data.
– You have the right to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to request transmission of those data to other controllers.
– Pursuant to Article 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.
6.2 Contact
For questions concerning the collection, processing or use of your personal data, as well as withdrawal of any consent granted or objection to a specific use of data, please contact our data protection contact.
Benjamin Zeising | SensoryBoost – support@SensoryBoost.de – Subject: Data Protection
We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in this Privacy Policy, for example when introducing new services. The new Privacy Policy will then apply to your next visit.
7. Changes to our Privacy Policy
21 June 2026




