Data protection

--------------------
Privacy Policy
--------------------

1) Information on the collection of personal data and contact details of the data controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.
1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is YSO Kolja Kirsch and Ole Müller GbR, Sternstraße 13, 01139 Dresden, Germany, email: info@yardshedoffice.com. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller). You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar.

2) Data collection when visiting our website
When you simply use our website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/referrer from which you accessed this page
- Browser used
- Operating system used
- IP address used (possibly in anonymized form)
The processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to subsequently review the server log files should there be concrete indications of unlawful use.

3) Hosting
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop, based on data processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services provided by Shopify, data may also be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on our behalf. In the event of data transfer to Shopify Inc. in Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA are certified under the US-EU Privacy Shield agreement, which ensures compliance with the level of data protection applicable in the EU.
Further information on Shopify's data protection policy can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify will only take place within the scope outlined below.

4) Cookies
To make your visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of your browser session, i.e., after you close your browser (session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data, as well as IP addresses, to varying degrees. Persistent cookies are automatically deleted after a predetermined period, which can vary depending on the cookie.
Some cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If any of the cookies we use also process personal data, this processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of the contract or in accordance with Article 6(1)(f) GDPR to protect our legitimate interests in ensuring the best possible website functionality and a user-friendly and effective website experience.
We may work with advertising partners who help us make our website more interesting for you. For this purpose, when you visit our website, cookies from partner companies may also be stored on your hard drive (third-party cookies). If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in the paragraphs below.
Please note that you can configure your browser to notify you when cookies are being set, allowing you to decide whether to accept them individually, or to block cookies in certain cases or entirely. Each browser manages cookie settings differently. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find this information for the respective browsers at the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Making contact
When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected via a contact form is indicated on the form itself. This data is stored and used solely for the purpose of responding to your inquiry, contacting you, and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry, pursuant to Article 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after your inquiry has been fully processed. This is the case when it is clear from the circumstances that the matter has been resolved and provided that no statutory retention obligations apply.

6) Data processing when opening a customer account and for contract processing
In accordance with Article 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The specific data collected is evident from the respective input forms. You can delete your customer account at any time by sending a message to the data controller's address provided above. We store and use the data you provide for contract processing. After complete contract fulfillment or deletion of your customer account, your data will be blocked in accordance with tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use your data as permitted by law.

7) Use of your data for direct marketing
7.1 Registration for our email newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required to send you the newsletter is your email address. Providing any further information is voluntary and is used to personalize our communications with you. We use the double opt-in procedure for sending our newsletter. This means that we will only send you an email newsletter after you have explicitly confirmed that you consent to receiving it. We will then send you a confirmation email asking you to click on a link to confirm that you wish to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 Paragraph 1 Letter a of the GDPR. When you subscribe to the newsletter, we store your IP address, which is registered by your internet service provider (ISP), as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used exclusively for sending you promotional material via the newsletter. You can unsubscribe from the newsletter at any time via the unsubscribe link provided in the newsletter or by sending a corresponding message to the data controller named above. After you unsubscribe, your email address will be immediately deleted from our newsletter mailing list, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes permitted by law, about which we inform you in this privacy policy.
7.2 Sending the email newsletter to existing customers
If you provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our product range via email. According to Section 7 Paragraph 3 of the German Unfair Competition Act (UWG), we do not need to obtain your separate consent for this. The data processing is based solely on our legitimate interest in personalized direct marketing pursuant to Article 6 Paragraph 1 Letter f of the GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You have the right to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the data controller named at the beginning of this document. You will only incur transmission costs according to the basic rates for this. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

8) Data processing for order processing
8.1 To process your order, we work with the following service providers, who support us in whole or in part in fulfilling concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
The personal data we collect will be shared with the transport company commissioned with delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will share your payment data with the commissioned bank as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Article 6 Paragraph 1 Letter b GDPR.
8.2 Use of payment service providers (payment services)
- Klarna
When you select a Klarna payment service, payment processing is handled by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable payment processing, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address) as well as data related to the order (e.g., invoice amount, items, delivery method) will be transmitted to Klarna for the purpose of identity and credit checks, provided you have expressly consented to this in accordance with Art. 6 Para. 1 lit. a GDPR during the ordering process. You can see which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values ​​(so-called score values). If score values ​​are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. Address data is among the factors, but not the only one, used in calculating the score values. Klarna uses the information obtained about the statistical probability of a payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship.
You can withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for processing payments in accordance with the contract.
Your personal data will be processed in accordance with applicable data protection regulations and as described in Klarna's privacy policy for data subjects residing in Germany: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for those residing in Austria: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.
- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal, we forward your payment data to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") for payment processing. This transfer is carried out in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transferred to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR based on PayPal's legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check regarding the statistical probability of payment default to decide whether to offer the respective payment method. The credit check may contain probability values ​​(so-called score values). If score values ​​are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data is among the data used, but not the only data, in the calculation of the score values. For further information on data protection, including the credit agencies used, please refer to PayPal's Privacy Statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via Shopify Payments, payment processing is handled by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we transfer the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data is transferred exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Shopify Payments' privacy policy can be found at the following web address: https://www.shopify.com/legal/privacy.
You can find information on data protection regarding Stripe Payments Europe Ltd. here: https://stripe.com/de/privacy
- IMMEDIATELY
When selecting the payment method "SOFORT," payment processing is handled by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we transfer the information you provided during the ordering process, along with information about your order, in accordance with Article 6 Paragraph 1 Letter b GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transferred exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose. You can find further information about SOFORT's data protection policy at the following web address: https://www.klarna.com/sofort/datenschutz.
- Stripe
If you choose a payment method offered by the payment service provider Stripe, payment processing will be handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will transfer the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Article 6(1)(b) GDPR. Your data will be transferred exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Stripe's data protection practices can be found at https://stripe.com/de/privacy#translation.

9) Use of social media: Social plugins
Instagram plugin as a Shariff solution
Our website uses so-called social plugins (“plugins”) from the online service Instagram, which is operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”).
To enhance the protection of your data when visiting our website, these buttons are not fully integrated as plugins, but rather embedded using an HTML link. This method ensures that no connection to Instagram's servers is established when you access a page on our website containing these buttons. When you click the button, a new browser window opens and takes you to the Instagram page, where you can interact with the plugins there (after entering your login details, if necessary).
Instagram LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.
For information on the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your related rights and privacy settings, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/

10) Online Marketing
Facebook Pixel for creating Custom Audiences
Within our online service, we use the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").
When a user clicks on one of our ads displayed on Facebook, Facebook Pixel adds a parameter to the URL of our linked page. If our page allows data sharing with Facebook via Pixel, this URL parameter is stored in the user's browser via a cookie set by our linked page itself. Facebook Pixel then reads this cookie and enables the data to be transmitted to Facebook.
With the help of the Facebook pixel, Facebook can identify visitors to our website as a target audience for displaying advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to show the Facebook Ads we place only to Facebook users who have shown an interest in our website or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites they visit) that we transmit to Facebook (so-called "Custom Audiences"). We also use the Facebook pixel to ensure that our Facebook Ads correspond to the potential interests of users and are not perceived as intrusive. Furthermore, we can evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The data collected is anonymous to us, meaning we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy (https://www.facebook.com/about/privacy/). This data may enable Facebook and its partners to display advertisements on and off Facebook.
The data processing associated with the use of the Facebook Pixel is carried out on the basis of our overriding legitimate interest in the evaluation, optimization and economic operation of our online services and our advertising measures in accordance with Art. 6 para. 1 lit. f GDPR.
The information generated by Facebook is generally transferred to and stored on a Facebook server; this may also involve transferring data to the servers of Facebook Inc. in the USA. Facebook Inc., headquartered in the USA, is certified under the EU-US Privacy Shield framework, which ensures compliance with the level of data protection applicable in the EU.
To object to the collection of data by the Facebook pixel and the use of your data for displaying Facebook ads altogether, you can set an opt-out cookie by clicking on the link below, which will deactivate Facebook pixel tracking:
<a href="javascript:void(0)" onclick="if (typeof fbpOptOut == 'function') { fbpOptOut(); } else { alert(atob('QUNIVFVORzogRmVobGVuZGVyIEZhY2Vib29rLVBpeGVsIE9wdE91dC1Db2RlIQ==')); }">Disable Facebook Pixel</a>
This opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you will need to click the link above again.

11) Tools and other items
11.1 Borlabs
This website uses the Borlabs cookie preference management system from the provider Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg ("Borlabs"), which sets two technically necessary cookies ("borlabsCookie" and "borlabsCookieUnblockContent") to store your cookie preferences. The aforementioned processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in providing cookie preference management for website visitors.
The "Borlabs Cookie" does not process any personal data. The "borlabsCookie" stores your selected preference, which you chose when entering the website. The "borlabsCookieUnblockContent" cookie stores which (external) media/content you have chosen to always unblock automatically. If you wish to revoke these settings, simply delete the cookies in your browser. When you revisit/reload the website, you will be asked for your cookie preference again.
11.2 Google Customer Reviews (formerly Google Certified Shops)
We work with Google as part of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program allows us to collect customer reviews from users of our website. After making a purchase on our website, you will be asked if you would like to participate in an email survey from Google. If you give your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. Your rating will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your rating will also be used for Google Seller Ratings. As part of using Google Customer Reviews, personal data may also be transferred to the servers of Google LLC in the USA.
You can withdraw your consent at any time by sending a message to the data controller or to Google.
In the event that personal data is transferred to Google LLC, which is based in the USA, Google LLC has certified itself under the EU-US Privacy Shield Framework, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information on Google's data protection practices in connection with the Google Customer Reviews program can be found at the following link: https://support.google.com/merchants/answer/7188525?hl=de
Further information on Google Seller Ratings privacy policy can be found at this link: https://support.google.com/google-ads/answer/2375474

12) Rights of the data subject
12.1 The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:
- Right of access pursuant to Article 15 GDPR: You have, in particular, the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, lodging a complaint with a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the significance and the envisaged consequences of such processing for you, as well as your right to be informed of the safeguards pursuant to Article 46 GDPR relating to the transfer of your data to third countries;
- Right to rectification pursuant to Art. 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of incomplete data stored by us;
- Right to erasure pursuant to Article 17 GDPR: You have the right to request the erasure of your personal data if the conditions of Article 17(1) GDPR are met. However, this right does not exist, in particular, if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
- Right to restriction of processing pursuant to Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you have contested, is being verified; if you object to the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you need your data for the establishment, exercise or defence of legal claims after we no longer need this data for the purposes for which it was collected; or if you have objected to processing on grounds relating to your particular situation, pending the verification whether our legitimate grounds override yours;
- Right to information pursuant to Article 19 GDPR: If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification, erasure, or restriction of processing to all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller, insofar as this is technically feasible;
- Right to withdraw consent pursuant to Article 7(3) GDPR: You have the right to withdraw your consent to the processing of your data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately, unless further processing is permitted by another legal basis that does not require consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint pursuant to Article 77 GDPR: If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
12.2 Right of objection
If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time, on grounds relating to your particular situation, with effect for the future.
If you exercise your right to object, we will cease processing the data in question. However, further processing remains possible if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the purpose of establishing, exercising or defending legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. You can exercise your right to object as described above.
If you exercise your right to object, we will cease processing the data in question for direct marketing purposes.

13) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, this data will be stored until the data subject withdraws his or her consent.
If statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the expiry of the retention periods, provided that it is no longer required for the performance of a contract or for initiating a contract and/or we no longer have a legitimate interest in its continued storage.
When processing personal data on the basis of Article 6(1)(f) GDPR, this data will be stored until the data subject exercises their right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims.
When processing personal data for direct marketing purposes on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises his or her right to object pursuant to Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.