Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when using our website. Personal data is all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Victoria Adam, Boneshop, Hauptstraße 48, 38690 Goslar, Germany, Phone: 053247988660, contact form: to the contact form (https://boneshop-tabletop.com/pages/contact-us). The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, meaning if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the page server (so-called “server log files”). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or otherwise used. However, we reserve the right to subsequently review the server log files should there be concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Cloudflare

For hosting our website and displaying the page content, we use the system of the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

All data collected on our website is processed on the provider’s servers.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

3.2 Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

In the event of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.3 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

3.4 Shopify

We use a content delivery network from the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data may also be transferred to:

Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

In the event of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

For data transfers to the USA, the data recipient has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted again after closing the browser (so-called “session cookies”), while others remain on your end device for longer and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.

Insofar as personal data is also processed through individual cookies used by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the event consent has been given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

5.1 Shopify Inbox

This website uses the live chat system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

The processing of personal data transmitted via the chat is carried out either in accordance with Art. 6(1)(b) GDPR because it is necessary for the initiation or performance of a contract, or in accordance with Art. 6(1)(f) GDPR due to our legitimate interest in effectively supporting our website visitors.
Your data transmitted in this way will be deleted, subject to conflicting statutory retention periods, once the matter concerned has been conclusively clarified.

In addition, further information may be collected and evaluated by means of cookies for the purpose of creating pseudonymized usage profiles, which, however, do not serve to personally identify you and are not merged with other data sets. Insofar as this information is personal in nature, processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented by appropriate browser settings. In this case, however, the functionality of our website may be restricted.
You may object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with effect for the future.

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

In the event of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

5.2 WhatsApp Business

You have the option of contacting us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “Business version” of WhatsApp.

If you contact us via WhatsApp in connection with a specific business transaction (for example, an order you have placed), we store and use the mobile phone number you use with WhatsApp as well as – if provided – your first and last name in accordance with Art. 6(1)(b) GDPR in order to process and respond to your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or email address) so that we can assign your inquiry to a specific transaction.

If you use our WhatsApp contact for general inquiries (for example regarding our range of services, availability, or our website), we store and use the mobile phone number you use with WhatsApp as well as – if provided – your first and last name in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the efficient and timely provision of the requested information.

Your data will always only be used to answer your inquiry via WhatsApp. It will not be passed on to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of its parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact data of users who have also contacted us via WhatsApp is stored.

This ensures that every person whose WhatsApp contact data is stored in our address book has already consented, when first using the app on their device by accepting the WhatsApp terms of use, to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6(1)(a) GDPR. A transfer of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For the purpose and scope of data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp’s privacy notice: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

In the context of the processing described above, data may be transferred to servers of Meta Platforms Inc. in the USA.

5.3 When you contact us (e.g. via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when the circumstances indicate that the matter in question has been conclusively clarified, provided there are no statutory retention obligations to the contrary.

6) Comment Function

Within the scope of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you selected will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is carried out for security reasons and in the event that the data subject infringes the rights of third parties or posts unlawful content through a submitted comment. We require your email address in order to contact you if a third party should object to your published content as unlawful.

The legal bases for storing your data are Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.

7) Data Processing When Opening a Customer Account

In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. Which data is required for opening an account can be seen from the input form of the respective form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention periods to the contrary, and we no longer have any legitimate interest in continuing to store the data.

8) Use of Customer Data for Direct Advertising

8.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing further data is voluntary and is used in order to address you personally. We use the so-called double opt-in procedure for sending the newsletter, which ensures that you only receive newsletters once you have expressly confirmed your consent to receive the newsletter by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. In doing so, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later time. The data collected by us when registering for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named at the beginning. After you unsubscribe, your email address will be deleted from our newsletter distribution list without delay unless you have expressly consented to a further use of your data or we reserve the right to use the data beyond this scope as permitted by law and about which we inform you in this statement.

8.2 Sending the Email Newsletter to Existing Customers

If you provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for similar goods or services from our range to those already purchased. For this purpose, pursuant to Section 7(3) UWG, we do not need to obtain separate consent from you. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails.

You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning. For this, you will only incur transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your email address for advertising purposes will cease without delay.

8.3 Shopify Email

Our email newsletters are sent via this provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when subscribing to the newsletter to this provider pursuant to Art. 6(1)(f) GDPR so that it can send the newsletter on our behalf.

Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the contents of the newsletter. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data records.
You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

In the event of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

8.4 SMS Marketing

On our website, you have the option of subscribing to SMS notifications about current offers, promotions, and information relating to orders placed.

The only mandatory information required for sending SMS notifications is your mobile phone number. Providing further data is voluntary and is used in order to address you personally.

The so-called double opt-in procedure is used for sending SMS messages, which ensures that promotional SMS messages are only sent to you after you have expressly confirmed your consent to receive SMS messages by clicking a verification link sent to the mobile phone number provided.

By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. When registering for SMS dispatch, the date and time of registration are also stored in order to be able to trace possible misuse of your mobile phone number at a later time. The data collected when you register is used exclusively for advertising purposes by means of SMS messages.

You can unsubscribe from SMS dispatch at any time by sending a corresponding message to the controller named at the beginning and thereby revoke your consent with effect for the future. After you unsubscribe, your mobile phone number will be deleted from the distribution list without delay unless you have expressly consented to any further use of your data or we reserve the right to use data beyond this scope as permitted by law and about which we inform you in this statement.

8.5 WhatsApp Newsletter

If you subscribe to our WhatsApp newsletter, we will regularly send you information about our offers via WhatsApp. The only mandatory information required for sending the newsletter is your mobile phone number.

To receive the newsletter, save the mobile phone number we have provided in the address contacts of your mobile device and send us the message “Start” via WhatsApp. By sending this WhatsApp message, you grant us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR for the purpose of sending the newsletter. We will then add you to our newsletter distribution list.

The data collected by us when subscribing to the newsletter is processed exclusively for advertising purposes by means of the newsletter. You may unsubscribe from the newsletter at any time by sending us the message “Stop” via WhatsApp. After unsubscribing, your mobile phone number will be deleted from our newsletter distribution list without delay unless you have expressly consented to a further use of your data or we reserve the right to use the data beyond this scope as permitted by law and about which we inform you in this statement.

For sending our WhatsApp newsletter, we therefore use a mobile device in whose address book only the WhatsApp contact data of our newsletter recipients is stored. This ensures that every person whose WhatsApp contact data is stored in our address book has already consented, when first using the app on their device by accepting the WhatsApp terms of use, to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6(1)(a) GDPR. A transfer of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

We have concluded a data processing agreement with WhatsApp that protects the data of our newsletter recipients and prohibits disclosure to third parties.

In the context of the processing described above, data may be transferred to servers of Meta Platforms Inc. in the USA.

8.6 Email Back-in-Stock Notification

For items that are temporarily unavailable, you can sign up to receive email back-in-stock notifications. In this case, we will send you a one-time email informing you about the availability of the item you selected. The only mandatory information required for sending this notification is your email address. Providing further data is voluntary and may be used in order to address you personally. For sending the email, we use the so-called double opt-in procedure, which ensures that you only receive a notification after you have expressly confirmed your consent by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. In doing so, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later time. The data collected by us when registering for our email back-in-stock notification service is used strictly for the intended purpose.

You can unsubscribe from the back-in-stock notifications at any time by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted from our distribution list set up for this purpose without delay unless you have expressly consented to a further use of your data or we reserve the right to use the data beyond this scope as permitted by law and about which we inform you in this statement.

8.7 Shopping Cart Reminder by Email

If you abandon your purchase with us before completing the order, you have the option of receiving a one-time email reminder of the contents of your virtual shopping cart.

The only mandatory information required for sending this reminder is your email address. Providing further data is voluntary and may be used in order to address you personally. For sending the email, we use the so-called double opt-in procedure, which ensures that you only receive a notification after you have expressly confirmed your consent by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR for sending a shopping cart reminder. In doing so, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later time. The data collected by us when registering for our email notification service is used strictly for the intended purpose.

You can unsubscribe from the shopping cart reminders at any time by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted from our distribution list set up for this purpose without delay unless you have expressly consented to a further use of your data or we reserve the right to use the data beyond this scope as permitted by law and about which we inform you in this statement.

9) Data Processing for Order Handling

9.1 Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us is passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provide when placing the order in order to inform you personally within the scope of our statutory information obligations in accordance with Art. 6(1)(c) GDPR. Your contact data is used strictly for communications concerning updates owed by us and is only processed by us to the extent necessary for the respective information.

For the processing of your order, we also work with the following service provider(s), who support us wholly or partly in carrying out concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

9.2 Transfer of Personal Data to Shipping Service Providers

- Deutsche Post

We use the following provider as transport service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

We pass on your email address and/or telephone number to the provider prior to delivery of the goods for the purpose of coordinating a delivery date or delivery notification in accordance with Art. 6(1)(a) GDPR, provided that you have given your express consent to this in the ordering process. Otherwise, for the purpose of delivery, we only pass on the name of the recipient and the delivery address to the provider in accordance with Art. 6(1)(b) GDPR. The transfer takes place only insofar as this is necessary for the delivery of goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL

We use the following provider as transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.
- DHL Express

We use the following provider as transport service provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany

You can revoke your consent at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the provider.

9.3 Electronic Cancellation Option for Ongoing Obligations with Consumers

Consumers who have entered into contracts on this website for paid continuing obligations (such as subscription contracts) have the option of terminating these contracts via an electronic button in accordance with the applicable notice periods.

Clicking the button leads to a confirmation page on which the consumer can provide further details of the termination, clearly identify themselves, and then submit their termination electronically.

The collection of personal data and its transmission to us is carried out in accordance with Art. 6(1)(b) GDPR only insofar as it is necessary for the proper processing of the termination. Also on the basis of Art. 6(1)(b) GDPR, the personal data provided is used to confirm receipt of the termination notice and the time of termination electronically in text form. A further legal basis for processing is Art. 6(1)(c) GDPR. We are legally obliged to provide an electronic termination option for consumer contracts for paid continuing obligations concluded by electronic commerce.

10) Online Marketing

Google AdSense

This website uses Google AdSense, a web advertising service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses so-called cookies, i.e. text files that are stored on your computer and that enable an analysis of your use of the website. In addition, Google AdSense also uses so-called “web beacons” (small invisible graphics) to collect information, through which simple actions such as visitor traffic on the website can be recorded, collected, and analyzed. The information generated by the cookie and/or web beacon about your use of this website (including your IP address) is usually transferred to a Google server and stored there. In this context, data may also be transferred to servers of Google LLC in the USA.

Google uses the information obtained in this way to evaluate your usage behavior with regard to the AdSense ads. The IP address transmitted by your browser within the scope of Google AdSense is not merged with other Google data. The information collected by Google may be transferred to third parties if required by law and/or insofar as third parties process this data on behalf of Google.
All processing described above, in particular the reading of information on the end device used via cookies and/or web beacons, is only carried out if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. Without this consent, Google AdSense will not be used during your visit to the site.

You may revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11) Web Analysis Services

11.1 Shopify Analytics

This website uses the web analytics service of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

Using cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information on the device used such as IP address and browser information, in order to evaluate it for statistical analyses of user behavior on our website and to create pseudonymized user profiles. Among other things, this enables the analysis of movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g. text entries, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally excludes direct personal reference. No merging with clear personal data collected in any other way takes place.

All processing described above, in particular the reading or storage of information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

In the event of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

11.2 Shopify Network Intelligence

This website uses the “Shopify Network Intelligence” function of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Using the function, certain customer data (order and search histories, location information, and transaction details), insofar as collected, is automatically transmitted to Shopify in pseudonymized form, prepared by Shopify, and then processed for statistical and analysis purposes.

The analysis results may also include pseudonymized data from customers of other Shopify merchants, but a merchant does not gain individual access to these third-party data sets outside its own customer base.

Within the scope of processing, Shopify does not gain access to clear personal data, but instead automatically encrypts the information by means of a special algorithm during the transmission process.

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical evaluation of the reach of our shop and the acceptance of our offer for optimization purposes.

As part of the above-mentioned processing, data may also be transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

In the event of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

Further details on the above-mentioned processing can be found in Shopify’s privacy policy: https://www.shopify.com/de/legal/privacy/consumers?country=de&lang=de

12) Retargeting / Remarketing and Conversion Tracking

Meta Pixel

Within our online offering, we use the service “Meta Pixel” of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”)

If a user clicks on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter with the help of “Meta Pixel”. This URL parameter is then entered into the user’s browser after redirection by means of a cookie set by our linked page itself.

This enables Meta, on the one hand, to determine the visitors to our online offering as a target group for the display of ads. Accordingly, we use the service to display the Facebook and/or Instagram ads placed by us only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) which we transmit to Meta (so-called “custom audiences”).

On the other hand, “Meta Pixel” can be used to track whether users were redirected to our website after clicking on an advertisement and what execution actions they perform there (so-called “conversion tracking”).

The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.

All processing described above, in particular the setting of cookies for reading information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transferred to a Meta server and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA.

13) Site Functionalities

13.1 Facebook Connect

On our website, we provide a single sign-on function of the following provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

In addition to data being transferred to the above-mentioned provider location, data may also be transferred to: Meta Platforms Inc., USA

If you have an account with the provider, you can use these account details to log in to create a user account or register on our website.

When you visit this page, this login function may establish a direct connection between your browser and the provider’s servers, even if you do not have an account with the provider or are not logged into such an account. The provider thereby receives the information that you have visited our page. The information collected in this respect (if applicable including your IP address) is transmitted directly by your browser to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties.

These data processing operations are carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in a user-friendly and interactive design of our online presence.

If you click the login button to register on our website with the data from your account with the provider, the provider transmits to us only on the basis of your express consent pursuant to Art. 6(1)(a) GDPR the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender).

We store and use the data transmitted by the provider to set up a user account with the necessary data (salutation, first name, last name, address data, country, email address, date of birth), provided that you have released this data to the provider. Conversely, on the basis of your consent, data (e.g. information about your surfing or purchasing behavior) may be transferred by us to your account with the provider.

You may revoke the consent granted at any time with effect for the future vis-à-vis us.

13.2 Google Sign-In

On our website, we provide a single sign-on function of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In addition to data being transferred to the above-mentioned provider location, data may also be transferred to: Google LLC, USA

If you have an account with the provider, you can use these account details to log in to create a user account or register on our website.

These data processing operations are carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in a user-friendly and interactive design of our online presence.

You may revoke the consent granted at any time with effect for the future vis-à-vis us.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

13.3 - hCaptcha

On this website, we use the CAPTCHA service of the following provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA

The service checks whether an input is made by a natural person or abusively through machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. In order to ensure that an action is carried out by a human being and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits these to the provider’s servers for evaluation.

The legal basis is our legitimate interest in determining individual personal responsibility on the Internet and in preventing misuse and spam in accordance with Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

13.4 Google Customer Reviews (formerly Google Certified Shops Program)

We work with Google as part of the “Google Customer Reviews” program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program gives us the opportunity to obtain customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to participate in an email survey from Google.

If you give your consent in accordance with Art. 6(1)(a) GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchasing experience on our website. The rating you submit will then be combined with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. In addition, your rating will be used for Google Seller Ratings. In connection with the use of Google Customer Reviews, personal data may also be transferred to servers of Google LLC in the USA.

You may revoke your consent at any time by sending a message to the controller responsible for data processing or to Google.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

13.5 Shopsync for Shopify

This website uses the Shopify app “Shopsync” by ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the “Mailchimp” newsletter service is synchronized with our Shopify account so that, on the one hand, updates in Mailchimp email lists (for example, a successful opt-out by a newsletter recipient) are automatically also stored in Shopify and, on the other hand, new contact data generated via contract conclusions on Shopify are automatically transferred to Mailchimp’s email lists.

In the first case, data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the effective and system-wide maintenance of advertising address files and the efficient observance of legally significant status changes.

In the second case, solely on the basis of the user’s express consent pursuant to Art. 6(1)(a) GDPR, after a contract is concluded on Shopify, the user’s first and last name, address, and email address together with transaction-related information (purchase amount, time, and date of purchase) are transferred by ShopSync to Mailchimp for inclusion in the Mailchimp list.

Data transferred in this way is not stored or retained by ShopSync after synchronization. All information synchronized between Shopify and Mailchimp is transmitted using SSL technology (Secure Socket Layer), and all transmitted information remains encrypted during the synchronization process.

The synchronization process requires the transmission of information over a secure connection to servers hosted by Amazon Web Services in the USA.

Further data protection information on ShopSync can be found here: https://www.shop-sync.com/privacy-policy

14) Tools and Miscellaneous

14.1 - DATEV

For bookkeeping, we use the cloud-based accounting software service of the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany

The provider processes incoming and outgoing invoices as well as, where applicable, our company’s bank transactions in order to automatically record invoices, match them to transactions, and create financial accounting in a partially automated process.

Insofar as personal data is also processed in this context, processing is carried out on the basis of our legitimate interest in the efficient organization and documentation of our business processes in accordance with Art. 6(1)(f) GDPR.
- Taxdoo

For bookkeeping, we use the cloud-based accounting software service of the following provider: Taxdoo GmbH, Alter Wandrahm 13, 20457 Hamburg, Germany

14.2 Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies requiring consent and cookie-based applications. The “cookie consent tool” is displayed to users when they access the website in the form of an interactive user interface on which consent can be given for certain cookies and/or cookie-based applications by ticking boxes. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives corresponding consent by ticking the relevant box. In this way, it is ensured that such cookies are only set on the user’s end device if consent has been given.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is nevertheless processed for the purpose of storing, assigning, or logging cookie settings, this is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

A further legal basis for processing is Art. 6(1)(c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the user’s consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

15) Rights of the Data Subject

15.1 Applicable data protection law grants you the following rights of data subjects (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis stated for the respective requirements for exercising these rights:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to be informed pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to revoke consents granted pursuant to Art. 7(3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

15.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. FURTHER PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

16) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data concerned is stored until you revoke your consent.

If statutory retention periods exist for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data is routinely deleted after expiry of the retention periods, provided that it is no longer required for contract performance or contract initiation and/or we no longer have any legitimate interest in continuing to store it.

When personal data is processed on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.

When personal data is processed for the purpose of direct advertising on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this statement regarding specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Version dated: 08/04/2026, 14:51:05

Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Controller

2) Data Collection When Visiting Our Website

3) Hosting & Content Delivery Network

4) Cookies

5) Contacting Us

6) Comment Function

7) Data Processing When Opening a Customer Account

8) Use of Customer Data for Direct Advertising

9) Data Processing for Order Handling

10) Online Marketing

11) Web Analysis Services

12) Retargeting / Remarketing and Conversion Tracking

13) Site Functionalities

14) Tools and Miscellaneous

15) Rights of the Data Subject

16) Duration of Storage of Personal Data

Boneshop Tabletop

Get in touch

We accept