Privacy Policy

Privacy policy

1. information about the collection of personal data and contact details of the person responsible.

1.1 Thank you for visiting our website. In the following, we would like to inform you about the handling of your personal data when using our website. Personal data is basically all data with which you can be personally identified.

1.2 Responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (DSGVO) is:

Story Roads Publishing

Owner Marc Krautwedel

Klenzestr. 41

Munich Germany

Tel.:089/12555674

Fax:089/20244254

E-mail: shop@dragomar.net; contact@story-roads.com

1.3 To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) via HTTPS.

2. data collection when visiting our websites

Each time you visit our websites, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected in the process:

Our visited website

Date and time at the time of access

Amount of data sent in bytes

Source/reference from which you came to the page

Operating system used

Browser used

IP address used (if applicable: in anonymized form)

The legal basis for the processing is Art. 6 (1) lit. f DSGVO due to our legitimate interest in improving the stability and maintaining the functionality of our website. A transfer or other use of the data does not take place. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

We reserve the right to check the server log files retrospectively should concrete indications point to illegal use. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object. .

We use the EShopystem. This is operated by Ecwid, Inc.(Ecwid. Inc., 144 West D Street, Suite 103, Encinitas, California 92024, USA) with headquarters in the USA.

You can find out more information about data protection at Ecwid here:

https://www.ecwid.com/eu-privacy-policy

3. cookies

Our website uses cookies.

Cookies are text files that are stored on the user's terminal device. When a user accesses a website, a cookie may be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. For this purpose, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles. In the above-mentioned purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f) DSGVO.

In addition, our website may use cookies that enable an analysis of the user's surfing behavior (so-called third-party cookies). You can find more information on the scope, purpose, legal basis and objection options in the relevant sections of the respective chapter of this privacy policy.

You as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable, restrict or delete the transmission of cookies. If you deactivate cookies for our website, it may no longer be possible to use all functions of the website to their full extent. You can prevent the transmission of Flash cookies by changing the settings of the Flash Player.

You can find help on the settings in the respective help menu of your browser under the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

The checkout solution from Klarna (Klarna Bank AB (publ.), Sveavägen 46, 111 34 Stockholm, Sweden) used here uses cookies to provide you with a smooth experience when using Klarna's checkout.

More information about the individual cookies and an explanation of their respective purpose can be found for Germany at:http://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf and here for Austria https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_at/checkout.pdf.

4. contacting

If you contact us via contact form, the data entered in the input mask will be transmitted to us and stored. The collected data can be found in the respective input mask. If you contact us by e-mail, only the data you enter there will be transmitted to us.

The data is used exclusively for processing the conversation and your request. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and provided that there are no legal retention obligations to the contrary. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

4.1 If you have purchased goods with digital elements or a digital product from us and we owe you updates for them in accordance with the contract, we will inform you about upcoming updates via a suitable communication channel. For this purpose, we process the data you provided when placing your order (name, address, email address) for a specific purpose and only to the extent necessary. The legal basis for this processing is Art. 6 para. 1 lit. c DSGVO, namely the fulfillment of our legal obligation.

5. data processing when opening a customer account and for contract processing

If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to process your order.

In some cases, we work with external service providers to process your order. For this purpose, we must pass on the personal data required for this purpose.

If we commission transport companies with the delivery of your goods, we will pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we pass on your data to the commissioned credit institution as necessary. If we use payment service providers, you will also be informed about this below.

The legal basis for the transfer of your data is Art. 6 para. 1 lit. b DSGVO.

We use the Shopify store system.

This is provided by Shopify International Limited

Company identification number: 560279

Address:

Victoria Buildings, 2nd Floor.

1-2 Haddington Road

Dublin 4, D04 XN32, Ireland

Support:

Email: hilfe@shopify.de) is operated.

You can find out more information about Shopify's privacy policy here:

https://www.shopify.de/legal/privacy/customers

We use a so-called soft copy protection from LemonInk from Poland for digital products.

For this purpose, the personal data of the buyer is sent to the server of LemonInk and the file by an identifier, in our case order number and name of the buyer in the document visibly and invisibly inserted and the download link of his file, sent to the buyer by e-mail. LemonInk is operated by nibynic spółka cywilna Paweł Bator, Piotr Bator, registered in Poland, ul. Migdałowa 10, 30-222 Kraków, NIP 6772349740, REGON: 121360360. The privacy policy can be found at the following link: https://www.lemonink.co/privacy-policy

LemonInk operates a so-called app for the Shopif< system. You can find the app data usage notice for the Shopify system here: https://www.shopify.de/legal/privacy/app-users

6. comment function

If you use the comment function of our website, in addition to your comment content, information on the time of creation of the comment and the comment name you have chosen will be stored and published on the website. In addition, your IP address is logged and stored.

The legal basis for the storage of your data is Art. 6 para. 1 lit.b and f DSGVO. The IP address is stored for security reasons and in the event that the data subject violates the rights of third parties or publishes illegal content through a submitted comment. Your e-mail address is required in order to contact you in the event that a third party objects to your published content as being illegal. We reserve the right to delete comments if they are objected to by third parties as unlawful.

7. use of your data for direct advertising

7.1 Newsletter

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask will be transmitted to us. Mandatory information is only your email address. If you make further voluntary entries, these will only be used for the personal address.

The legal basis for the processing of your data after registration for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. We obtain this by sending you a confirmation email after you have registered for the newsletter, in which there is a confirmation link. When you click on this link, you also give your consent to receive the newsletter.

When you send the registration for the newsletter, we store your IP address and the date and time of registration. This storage serves to be able to trace a possible misuse of your e-mail address.

We use the data we collect when you register for the newsletter exclusively for the purpose of sending the newsletter.

You can cancel your subscription to the newsletter at any time. For this purpose, you will find a corresponding link in each newsletter. This also allows you to revoke your consent to the storage of personal data collected during the registration process.

7.2 Sendinblue

We send our newsletters via Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter referred to as "Sendinblue").

We pass on the data entered by you when registering for the newsletter to Sendinblue in accordance with Art. 6 (1) lit. f DSGVO in order to protect our legitimate interest in using a newsletter system that is effective in advertising, secure and user-friendly.

The data entered when ordering the newsletter (e.g. e-mail address) is stored on Sendinblue's servers in Germany. Your data will be used by Sendinblue to send and statistically evaluate the newsletters on our behalf. For this purpose, the newsletter emails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. In this way, we can track whether a newsletter email has been opened and which links have been clicked on. With the help of this conversion tracking, it is also possible to track whether an action (such as the purchase of an item from our store) was performed after opening a link from the newsletter. In addition, technical information is also collected (e.g. the time of the retrieval, your IP address, browser type and/or operating system). This data is collected exclusively pseudonymously and is not linked to your other personal data. If you do not wish to receive the data analysis described here, you must unsubscribe from the newsletter. There is an order processing agreement with Sendinblue.

Details on Sendinblue's data protection can be found at:

https://de.sendinblue.com/legal/privacypolicy/

7.3 Advertising by mail

If you have left your first and last name, your postal address and, if applicable, other personal data on the basis of an order with us, we reserve the right to store this data and send you our offers by mail in order to protect our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) lit. f DSGVO.

You can object to the storage and use of your data for this purpose at any time by sending a message to the person responsible.

7.4 Newsletter dispatch via rapidmail

We send our newsletters via rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg (hereinafter referred to as "rapidmail ").

We pass on the data entered by you when registering for the newsletter to rapidmail in accordance with Art. 6 Para. 1 lit. f DSGVO in order to protect our legitimate interest in using a newsletter system that is effective in advertising, secure and user-friendly.

The data entered when ordering the newsletter (e.g. e-mail address) is stored on rapidmail's servers in Germany. Your data will be used by rapidmail to send and statistically evaluate the newsletters on our behalf. For this purpose, the newsletter emails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. In this way, we can track whether a newsletter email has been opened and which links have been clicked on. With the help of this conversion tracking, it is also possible to track whether an action (such as the purchase of an item from our store) was performed after opening a link from the newsletter. In addition, technical information is also collected (e.g. the time of the retrieval, your IP address, browser type and/or operating system). This data is collected exclusively pseudonymously and is not linked to your other personal data. If you do not wish to receive the data analysis described here, you must unsubscribe from the newsletter. There is an order processing agreement with rapidmail.

Details on the data protection of rapidmail can be found at:

https://www.rapidmail.de/datenschutz

8. data processing for order processing

- DPD

If the delivery of the goods to you is carried out by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery and within the scope of necessity in accordance with Art. 6 Para. 1 lit. b DSGVO. Only if you have given your express consent in the ordering process, we will pass on your e-mail address to DPD in accordance with Art. 6 para. 1 lit. a DSGVO before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider DPD.

- DHL

If the delivery of the goods to you is carried out by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery and within the scope of necessity in accordance with Art. 6 (1) lit. b DSGVO. Only if you have given your express consent in the ordering process, we will pass on your e-mail address to DHL in accordance with Art. 6 para. 1 lit. a DSGVO before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider DHL.

8.1 Transfer of your personal data to shipping service providers

- DHL Fulfilment

Order processing is carried out by DHL Home Delivery GmbH, Sträßchensweg 10, 53113 Bonn, Germany, within the framework of the "Shipping by DHL Fulfilment" option. We pass on your personal data to DHL Fulfilment exclusively for the purpose of processing your order and only as necessary in accordance with Art. 6 Para. 1 lit. b DSGVO.

- Amazon Fulfilment (FBA)

Order processing is carried out via the service provider "Amazon" (Amazon EU S.à r.l., 5, Rue Plaetis 2338, Luxembourg) as part of the "Shipping by Amazon" option (= Fulfilment by Amazon). We transmit your personal data to Amazon exclusively for the purpose of processing your order. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and is limited to the data required for order processing. Details on data protection at Amazon and Amazon's privacy policy can be found at the following link: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401

8.2 External service providers for order processing and order handling

8.3 If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. We process the data you provide to process your order.

In some cases, we work with external service providers to process your order. For this purpose, we must pass on the personal data required for this purpose.

If we commission transport companies with the delivery of your goods, we will pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we pass on your data to the commissioned credit institution as necessary. If we use payment service providers, you will also be informed about this below.

The legal basis for the transfer of your data is Art. 6 para. 1 lit. b DSGVO.

8.4 In order to fulfill our contractual obligations, we work with external shipping partners. We will pass on your name as well as your delivery address (if necessary also further data) to a shipping partner selected by us exclusively for the purpose of delivering the ordered goods in accordance with Art. 6 para. 1 lit. b DSGVO.

- Use of payment service providers

- Paypal

If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, the payment processing is carried out via PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

We pass on your personal data to PayPal in accordance with Art. 6 Para. 1 lit. b DSGVO within the scope of necessity. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal.

For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f DSGVO due to PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method.

The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

What other data is collected by PayPal, can be found in the respective privacy policy of PayPal. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

- Stripe

If you select a payment method from the payment service provider Stripe, the payment will be processed via Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (hereinafter referred to as "stripe").

We pass on your personal data together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) to stripe in accordance with Art. 6 para. 1 lit. b DSGVO exclusively for the purpose of payment processing and only within the scope of what is necessary.

9. tools and other

Google reCAPTCHA

We use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") in accordance with Art. 6 (1) lit. f DSGVO due to our legitimate interest in preventing abuse and spam.

reCAPTCHA is a function designed to ensure that an input is made by a natural person.

The service sends your IP address and possibly other data required by Google for the reCAPTCHA service to Google.

The use of Google reCAPTCHA may also result in the transmission of your personal data to the servers of Google LLC. in the USA.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. as well as in Google's privacy policy:https://www.google.com/policies/privacy/

10. rights of the data subject

10.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:

- Right to information pursuant to Art. 15 DSGVO:

You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have a right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and about the existence of further rights such as correction of the data or the existence of a right of complaint to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, if applicable. meaningful information about the logic involved and the scope and intended effects of such processing that concern you, as well as your right to be informed about what guarantees exist in accordance with Art. 46 DSGVO when your data is transferred to third countries;

- Right to rectification pursuant to Art. 16 DSGVO:

You have the right to have the inaccurate data relating to you corrected without delay and/or to have the incomplete data we hold about you completed; the correction or completion must take place without delay.

- Right to restriction of processing pursuant to Art. 18 DSGVO:

You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data disputed by you is verified, if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved or if you have objected on the grounds of your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;

If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.

- Right to erasure pursuant to Art. 17 DSGVO:

You have the right to request the immediate erasure of your personal data if the conditions of Art. 17 (1) DSGVO are met. However, this right to erasure does not exist in particular - not conclusively - if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims

- Right to information pursuant to Article 19 of the GDPR:

If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this is impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

- Right to data portability pursuant to Art. 20 DSGVO:

You have the right to receive your personal data disclosed to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically possible;

- Right of revocation pursuant to Art. 7 (3) DSGVO:

You have the right to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions.

You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

- Right to lodge a complaint pursuant to Art. 77 DSGVO:

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

10.2 Right to object

You have the right to object to the processing of your data at any time with effect for the future if we process your data on the basis of our overriding legitimate interest after weighing up the interests.

If you exercise this right of objection, we will terminate the processing of your data if there are no demonstrably overriding compelling reasons worthy of protection against the termination or if the further processing serves the exercise or defense of legal claims.

11 Duration of the storage of personal data

The duration of the storage of personal data depends in each case on statutory retention periods. After their expiry, we routinely delete the data if they are no longer required for the fulfillment or initiation of the contract and/or there is no continued legitimate interest for us to continue storing them.

2022

DE

GERMAN

…

x