• Free shipping to UK from £ 100

  • Duty-free delivery

  • 14 days right of return

Free shipping to UK from £ 100

Duty-free delivery

14 days right of return

Privacy Policy

Welcome to the BSTN Store GmbH privacy policy

We appreciate your interest in our company. We take the protection of your personal data very seriously and so would like to inform you about the processing of your data as comprehensively as possible.

Processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always be carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to BSTN Store GmbH. Our company would like to use this privacy policy to inform the public about the nature, extent, and purpose of the personal data we collect, use, and process. We would also like to use this privacy policy to inform data subjects about their rights.

 

1. Definition of terms

The BSTN Store GmbH privacy policy is based on the terms used by the European Guidelines and Regulatory Authority when adopting the General Data Protection Regulation (GDPR). Our data policy should be easy to read and understand, both by the public and by our customers and business partners. To ensure this, we would like to begin by explaining the terms used.

In this privacy policy we use the following terms:

a) Personal data

Personal data is all information relating to an identified or identifiable natural person (hereinafter called "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person, whose personal data is processed by a data controller responsible for the processing.

c) Processing

Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

d) Restriction of processing

Restriction of processing is marking stored personal data with the aim of limiting its processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

Controller means the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by European Union law or the law of the Member States, the controller or the specific criteria for its nomination may be designated by European Union law or the law of the Member State.

h) Processor

The processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

i) Recipient

The recipient is a natural or legal person, public authority, agency, or any other body to whom personal data is disclosed, irrespective of whether it is a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with the European Union or Member State law shall not be regarded as recipients.

j) Third party

A Third-party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

The data subject’s consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and contact information of the controller

This privacy policy provides information about the processing of personal data on the website of:

Controller:

BSTN Store GmbH,
Kühler Weg 1,
82065 Baierbrunn,
Germany ,
E-mail: [email protected] ,
Phone: +49 (0) 89 543 200 73

Contact information of data protection officer:
The BSTN Store GmbH data protection officer can be contacted as follows:

BSTN Store GmbH,
Kühler Weg 1,
82065 Baierbrunn,
Germany
E-Mail: [email protected]
Phone: +49 (0) 89 543 200 73

3. Extent and purpose of the processing of personal data

3.1 Accessing the website

When you access this website: www.bstn.com, the internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file. Until the automatic erasure, the following data is stored without further input by the visitor:

- IP address of the visitor’s device,
- Date and time of visitor access,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor arrived at the website (so-called referrer URL),
- Browser and operating system of the visitor’s device, as well as the name of the access provider used by the visitor.

The processing of such personal data is in accordance with Art. 6 (1), sentence 1 lit f) of the GDPR. The company has a legitimate interest in data processing for the purpose of:

- Rapidly connecting to the website of the company,
- Enabling user-friendly use of the website,
- Identifying and ensuring the security and stability of the systems and
- Facilitating and improving the administration of the website.

3.2 Data collection during registration and payment processing

For the purposes of registration and payment processing, data such as the object of purchase, shopping basket, name, date of birth, address, email address, delivery address, payment type, and bank data is collected and processed by us, insofar as the processing is necessary for the performance of the contract or if the customer has consented to the processing.
The legal basis for the processing of personal data is Art. 6 (1), Sentence 1, lits a) and b) GDPR.

If desired by the customer, he can create a customer account for future orders (registration). In doing so, his customer data will be stored for use also for future orders in our online store, so that he does not have to enter them again. Registration also requires the provision of a user ID and password (access data) so that only he can log into his customer account. We may process the customer's data provided during registration in accordance with Art. 6 (1) b) DSGVO, provided that this is necessary for the establishment or fulfillment of a contract. Furthermore, we are allowed to process the data according to Art. 6 para. 1 f) DSGVO, as we would like to simplify future orders of the customer. Deletion of the customer account is possible at any time.
 
For this purpose, based on the customer's consent pursuant to Art. 6 (1) sentence 1 a) DSGVO, we are permitted to store the goods and products placed in the customer's shopping cart. We store and use this data to remind the customer of his selection of the product by e-mail if the purchase process is not completed. This is in the interest of the customer, as it may be that there is only a limited number of the product in the selected size.
 
In addition, according to § 7 para 3 UWG, we are allowed to use the e-mail address provided by the customer during the purchase for direct advertising for our own similar goods. If the customer no longer wishes to receive such direct advertising, he can object to its use at any time without incurring any costs other than the transmission costs according to the prime rates. The revocation can be made directly via the link provided in the advertising e-mail or by sending an e-mail to [email protected].

3.3 Contact form

Visitors can submit messages to the company via an online contact form on the website. In order to be able to receive an answer, at least a valid email address is required. All other information can be voluntarily provided to the person making the request. By sending the message via the contact form, the visitor agrees to the processing of the transmitted personal data. The data is processed exclusively for the purpose of processing and responding to requests via the contact form. This will be done on the basis of the voluntarily granted consent pursuant to Art. 6(1), sentence 1, lit a) GDPR. The personal data collected for the use of the contact form is automatically deleted once the request has been completed and there are no grounds for further storage.

3.4 Newsletter

We offer our newsletter to persons with a minimum age of 16. If he/she subscribes to the newsletter, the visitor expressly agrees to the processing of the personal data provided. We use the so-called double opt-in procedure for the subscription to our newsletter. This means that after your registration, we will send an e-mail to the specified e-mail address in which we ask you to confirm that you want to receive the newsletter. Furthermore, we will always store the IP addresses used and the time of the registration and confirmation. This serves as a means of proof of your subscription and, if applicable, to solve any potential misuse of your personal data.
Mandatory information for sending the newsletter is your e-mail address. More, separately marked data can be specified voluntarily and will only be used to address you personally. If you have consented to the receipt of our newsletter, which is adjusted to your individual interests, we particularly process your e-mail address and your name for the purpose of sending the newsletter.
With your consent, we will record your user behaviour on our website. This evaluation of user behaviour includes in particular, which areas of the applicable website you visit, and what links you activate there. This creates personalised user profiles assigned to your person and/or email address, to better align any potential advertising campaigns, particularly in the form of newsletters and on-site advertisements, with your personal interests, and to improve the web content.

The legal basis for processing the personal data of the visitor for the purpose of sending newsletters is consent pursuant to Art. 6(1), sentence 1, lit a) GDPR.

The visitor can unsubscribe from the newsletter at any time This can be done by using a special link at the end of the newsletter or by a relevant e-mail message to [email protected] (without costs other than the transmission costs according to the base rates).

We use the service of Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna for processing the newsletter. For this purpose, your e-mail address is transmitted to Emarsys. We use the Emarsys Predict analysis tool for the composition of our individual e-mail newsletter, which evaluates both your use of the newsletter and your use of our website. In order to record your usage behaviour on our website, cookies are used to recognise your browser. Your movements on our website can thus be traced, and the success of specific marketing measures can be recorded and measured. Moreover, our newsletters may contain hyperlinks (“links”) that include random, but distinct identification numbers. These identification numbers can be collected and stored when these links are accessed by your computer. We also use the information on such access to trace the use of the newsletter and our website and to measure the success of specific marketing measures. We can thus adjust our offers to your individual requirements and interests.

Emarsys can use the recipients’ data in a pseudonymous form, i.e. without allocation to a user, for optimising or improving its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletter, or for statistical purposes. However, Emarsys is not permitted to use the data to contact you itself or to pass on the data to third parties.

For this purpose, based on the customer's consent pursuant to Art. 6 (1) sentence 1 a) DSGVO, we are permitted to store the goods and products that are placed in the customer's shopping cart. We store and use this data to remind the customer of his selection of the product by e-mail if the purchase process is not completed. This is in the interest of the customer, as it may be that there is only a limited number of the product in the selected size.

The legal basis for the processing of data after subscription to the newsletter by the user is your consent according to point (a) of Article 6(1) GDPR.

Further information on Emarsys’ Privacy Policy: https://www.emarsys.com/de/datenschutzrichtlinie/

You can revoke your consent for the newsletter at any time as described above.

3.5 WhatsApp Newsletter

If you subscribe to our WhatsApp newsletter and provide us with your personal data (mobile phone number), you will receive WhatsApp messages from us containing advertising content (see details below) to the phone number you provided. To use the newsletter, an active WhatsApp account is required. To complete the newsletter registration, you must subscribe to the newsletter in WhatsApp by sending the start message ("Start") and providing your consent there. For this purpose, we use your profile information on WhatsApp, phone number, IP address, and message history.
 
The advertising content sent as part of newsletters or other messages includes information about products, offers, trends, promotions, current campaigns, and other marketing campaign-related information, market research, and customer satisfaction surveys. We also send you advertisements tailored to your individual interests. If you are already a BSTN customer, we consider your previous purchasing behavior and other relevant information (information about the type and quantity of goods you have purchased, the purchase price, and the time of purchase, as well as data on participation in contests and redemption of vouchers, and other personal data you provide us within the contractual relationship) to tailor the advertising to your needs. The processing of your data for these purposes is automated with the aim of evaluating certain personal aspects. We use mathematical-statistical methods to align advertisements with your individual interests. The data provided during the newsletter registration will be linked to your customer information in this case. As a result, you will receive a personalized newsletter tailored to your individual interests.
 
When the newsletter is sent, your user behavior is evaluated. For this purpose, only the information already provided by WhatsApp within the service is used (mobile phone number, times of sending and receiving messages, delivery status (received, error, etc.)). Availability information is not collected. This allows us to track when you read our newsletters. This enables us to evaluate the reach of newsletters and provide information that meets your needs even more precisely.
 
For the provision of the WhatsApp newsletter, we work with MessengerPeople GmbH, Seidlstraße 8, 80335 München, as a technical service provider. Through MessengerPeople, we receive the messages you send us via WhatsApp and can send messages to you via WhatsApp.
 
Your personal data processed during the newsletter delivery will only be stored until you unsubscribe from the newsletter. You can unsubscribe by replying with "Stop" in WhatsApp, for example. If you unsubscribe, your personal data for newsletter delivery will be immediately deleted. However, please note that after unsubscribing from the newsletter, you will no longer receive vouchers and personalized offers from us.
 
For further information on the purpose and scope of data processing by WhatsApp, please visit www.whatsapp.com/legal/#privacy-policy.
 
The processing is based on Article 6(1)(a) of the GDPR.

3.6 Raffle

Furthermore, you have the option to participate in our raffles. They are offered during special promotions (e.g. sneaker release). In return for the participation, the participant agrees that BSTN Store GmbH may use the requested data disclosed by you (name, address, e-mail address, mobile number, age and date of birth, clothing and/or shoe size) for advertising purposes and for the individual presentation of our offers to you. In addition, you will subscribe to the e-mail newsletter in return (cf. item 3.3).
To prevent the unauthorised use of automated participations (e.g. via bots and other software or computer programs), we respectively store your used IP addresses and times of registration and confirmation. We can thus ensure a fair raffle to the benefit of all participants and counter any misuse. The legal basis for the processing of these personal data is point (f) of Article 6(1) GDPR.

In selecting the winner, we are supported by a service provider according to item 5.3, who receives the data from us.
The legal basis for the processing of personal data for participation in the raffle is point (b) of Article 6(1) GDPR. You may object to the use of your data at any time.

3.7 Wishlist

You have the possibility to add selected items to your individual Wishlist via your customer account while logged in. If you add an item to your Wishlist, we will notify you by email as soon as the item is reduced (price drop), only few items are available (low-in-stock) and remind you as a simple Wishlist Reminder. If the item is not yet available (Upcoming item), you will be notified by email as soon as the item is available.
 
For this purpose, we store data that you specified when creating the wishlist, when saving the items (Size, color, etc.).
 
The legal basis for the processing of the data is your consent according to Art. 6 para. 1 lit. a DSGVO or or the contractual consideration according to Art. 6 para. 1 lit. b DSGVO.a

3.8. Applications

In the case of an application, we process only the data belonging to you that we require in the context of the application. This is, for example, contact data as well as all data in connection with your application, such as your C.V., references, and qualifications.
The legal basis for saving the data is derived from Section 26 of the Federal Data Protection Act (BDSG). The data will be deleted immediately, as soon as retaining it is no longer required. If the applicant is not appointed, the data will generally be deleted six months after the conclusion of the application process at the latest.

3.9 Job applications

When you apply for a job, we only process the data that we need in the context of your application. This includes, for example, contact details and all data related to your application, such as your CV, certificates and qualifications. The legal basis for storing the data results from § 26 of the Federal Data Protection Act. The data will be deleted immediately as soon as storage is no longer necessary. If you are not hired, this is usually the case no later than six months after completion of the application process.

3.10 Print Mailings/Postal Advertising

As our customer, you will receive regular postal advertising with products and services of interest to you, within the legal requirements, provided you have not already objected in the past.

We use your postal address, provided by you during a purchase in the BSTN online store. To tailor our advertising more closely to your interests, we may assign your data collected from business transactions such as purchases or returns to different customer or interest groups (profiling).

The legal basis for postal advertising and statistical evaluations is Art. 6 (1) lit. a. and f GDPR, as well as § 7 (3) UWG.

Recipients of the data: If external processors are used to carry out postal advertising, they are contractually obligated as processors under Art. 28 GDPR.

Right to Object:

If you no longer wish to receive postal advertising from us, you can object to its use with effect for the future (without incurring any costs other than the transmission costs according to the base rates). Your contact data will then be blocked for this use. Postal advertising requires a longer lead time from selection to delivery, so there may still be a short transition period during which advertising is sent in your name. We will inform you of your right to object each time.

Retention Period:

We store your data for postal advertising as long as the advertising purpose exists or until we receive a revocation of your consent or your objection to the processing of your data for advertising purposes. Your status as a customer will not be affected by this.

4. Contacts and customers under 16

Our website and our service (e.g. raffles, newsletter, etc.) are addressed to persons who have completed the 16th year of age. Persons who have not yet completed the 16th year of age are not permitted to use our services.

5. Transfer of data

Personal data will be transferred to a third party, if pursuant to Art. 6(1), sentence 1, lit a) GDPR it has been expressly consented to by the data subject, the transfer pursuant to Art. 6(1) sentence 1, lit f) GDPR is necessary to assert, exercise, or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in non-disclosure of their data, for the transmission of data pursuant to Art. 6(1) sentence 1 lit c) GDPR, there is a legal obligation, and/or pursuant to Art. 6(1), sentence 1, lit b) GDPR, this is required for the fulfillment of a contractual relationship with the data subject.
In other cases, personal data will not be passed on to third parties.

5.1 Payment service providers

We use payment service providers as third parties in order to execute purchase contracts.
The personal data that is transferred during a payment generally includes first and family names, your address, telephone number, IP address, email address, and other information that is required for the processing of your order, including the quantity of the ordered article, the article number, the invoice amount and invoice details.

Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.

Payment in our shop is via the following providers:

a. Payments are processed through our partner Adyen BV, Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam. To prevent and discover cases of fraud, we transfer your IP address to our partner Adyen BV and this IP address will be saved by Adyen BV. Transfer of the IP address is on the legal basis of Art. 6 paragraph 1f GDPR. Further information on data protection by Adyen BV can be found in the Data Privacy Policy.

b. The PayPal method of payment is processed by PayPal (Europe) S.à r.l. & Cie, S.C.A., 5. Etage, 22-24 Boulevard Royal, L-2449 Luxembourg. Further information on data protection by PayPal can be found in the PayPal Data Privacy Policy.

c. If you decide to use the “Sofort Überweisung” payment option, your details will be transmitted to SOFORT GmbH, Theresienhöhe 12, 80339 Munich during the ordering process. Further information on data protection by SOFORT GmbH can be found in the Data Privacy Policy.

d. Credit card payments are processed by Paymill GmbH, St.-Martin-Strasse 63
81669 Munich. Further information on data protection by Paymill GmbH can be found in the Data Privacy Policy.

e. Payments can also be made via Apple Pay. This payment service is provided by Apple, One Apple Park Way, Cupertino, CA 95014, USA. You can find further information on Apple’s data protection provisions in its Privacy Policy [link: https://www.apple.com/de/privacy/].

f. Payments can also be made via Google Pay. This payment service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA. You can find further information on Google’s data protection provisions in its Privacy Policy [link: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de].

g. Payments can also be made via Alipay. This payment service is provided by ALIPAY SINGAPORE E-COMMERCE PRIVATE LIMITED. You can find further information on Alipay’s data protection provisions in its Privacy Policy [link: https://render.alipay.com/p/f/agreementpages/alipayglobalprivacypolicy.html].

5.2 Shipping companies

Our offered products are delivered to you with the assistance of shipping companies (DHL, UPS, and Fed-Ex). For this purpose, the shipping companies receive the following data:

Your name
Your address
Your telephone number
Your email address (if the shipping service provider should inform you in advance of the expected delivery date).
Delivery is executed by the following service providers:

DHL: DHL Paket GmbH, Strässchensweg 10; 53113 Bonn. Further information on data protection by DHL can be found in the Data Privacy Policy.

Seven Senders: Seven Senders GmbH, Dircksenstraße 4; 10179 Berlin. Further information on data protection by Seven Senders can be found in the Data Privacy Policy.

UPS: UPS Europe SPRL/BVBA, Avenue Ariane 5, 1200 Brussels, Belgium. Further information on data protection by UPS can be found in the Data Privacy Policy.

FedEx: FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach. Further information on data protection by FedEx can be found in the Data Privacy Policy.

For the shipment of goods and our return service, we employ the service provider parcelLab GmbH (Kapellenweg 6, 81373 Munich) to handle the shipment notifications to our customers and provide them with the shipping status and tracking number of their shipment. Additionally, the status of delivery or return is reported, and if applicable, a return label is generated. For this purpose, the necessary personal data for shipment information (name, address, order number, shipment status, order content, return reason if applicable, etc.) is transmitted to parcelLab. For more information, please refer to parcelLab's privacy policy at parcellab.com/en/privacy-policy.

Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.

5.3 Competitions and Raffles

We use third parties as service providers for the selection of the winners of our raffles according to item 3.6. The personal information that is transferred usually includes your first and last name, shipping address, phone number, e-mail address, and other details such as shoe size and/or clothing size. The third party is our partner Smart Industries GmbH, Augustenstrasse 43, 80333 Munich, Germany. The legal basis for the transfer of personal data to participate in the raffle is your consent in accordance. Article 6 (1) (1) (a) GDPR. You can withdraw your consent at any time.

5.4 Cloud and storage services

We use the cloud and storage services of third-party providers to store and retain your data. This means that we send or otherwise disclose your data to third parties who can be anywhere in the world, including in the USA, for the purpose of storing such data on our behalf or for other processing purposes. Such facilities may be

- Xplenty (Privacy Policies: https://www.xplenty.com/privacy/)

Or

- Amazon Web Services (Privacy Policies: https://aws.amazon.com/de/privacy/?nc1=h_ls)

Or

- Tableau (Privacy Policies: https://www.tableau.com/de-de/privacy).

They are all certified under the Privacy Shield, i.e. the companies have submitted to the Privacy Shield agreement concluded between the European Union and the USA and received the relevant certification. They thus undertake to comply with the standards and provisions of the European data protection law (further information: https://www.privacyshield.gov/welcome).

5.5 Bot Protection

In order to prevent the unauthorized use of automated tools (e.g. via bots and other software or computer programs), we store the IP addresses you use and the times of registration and confirmation. For this purpose, we assign your IP addresses to your geographical location. We use the support of a service provider to whom we pass the data. In this way, we can ensure a fair sales process for the benefit of all participants and counteract abuse. The legal basis for the processing of this personal data is Art. 6 para. 1 sentence 1 letter f) DSGVO.

5.6 A/B Testing

In order to improve our service and online services, we use third parties as service providers to perform A/B or multivariate testing. The third party is our partner AB TASTY SAS, 17 - 19 Rue Michel-le-Comte 75003, Paris, France. AB Tasty collects statistical information about visitor traffic. This user data thus obtained, including browser used, number of pages viewed/visited, order and duration of website visits, filling/emptying a shopping cart, recording the use of individual web pages (with the exception of the check-out and registration process), etc., is recorded anonymously and analyzed statistically. 
It is not possible to draw conclusions about a specific person or purchase. In addition, AB Tasty performs geolocation (regional details of your location) using your IP address when you visit the website; the IP address is deleted immediately after geolocation. Based on your interests, AB Tasty designs personalized patterns that are encrypted and do not allow any conclusions to be drawn about you. Cookies are stored for retention and recognition of website visitors and are automatically deleted after a maximum period of 13 months. Further details can be found in our Cookie Policy.
 
The legal basis for the transfer of personal data to improve our offer and the processing of this personal data is Art. 6 para. 1 sentence 1 letter a). 
If you do not wish to participate in these tests, you can disable this feature on the AB Tasty website (https://www.abtasty.com/terms-of-use/) by following the instructions found there. If you delete your browser cookies, you will need to opt out again using this link. We would like to point out that after opting out, some functions of the website will not be available at all or only to a limited extent.
More information about privacy and cookies is available on the website of AB Tasty: https://www.abtasty.com/de/nutzungsbedingungen/.

5.7 Customer Service Tool

To improve our service, we use third parties as service providers. The personal data that is transmitted usually includes your first and last name, address, telephone number, email address, current and historical order data, such as item, payment type, delivery, order status, and your contact history.
The third party is our partner Zendesk GmbH, Neue Schönhauser Str. 3-5, 10178 Berlin, Germany. The legal basis for the transfer of personal data to improve our offer and the processing of this personal data is Art. 6 para. 1 sentence 1 letter f) DSGVO, your consent pursuant to Art. 6 para. 1 sentence 1 letter a) DSGVO and Art. 6 para. 1 sentence 1 letter b) DSGVO, as it is necessary for the performance of a contractual relationship with the data subject. You can revoke your consent at any time.

6. Cookies

So-called cookies are used on the website. These are data packets exchanged between the BSTN Store GmbH server and the visitor's browser. These are stored when you visit the website by the devices used (PC, notebook, tablet, smartphone, etc.). Cookies cannot damage the devices used. In particular, they contain no viruses or other malicious software. Cookies store information that is related to the specific terminal used. BSTN Store GmbH cannot use them to obtain direct knowledge of the identity of the visitor to the website.

Cookies are largely accepted by default browser settings. The browser settings can be configured so that cookies are not accepted, either on the equipment used or with specific notice being given before a new cookie is created. It is however important to note that disabling cookies may affect the optimum functionality of the website.
Cookies help to make it easier to use the company website. Session cookies, for example, can be used to keep track of whether the visitor has already visited individual pages of the website.

Session cookies are automatically deleted when you leave the website.

Temporary cookies are used to enhance user-friendliness. They are stored on the visitor's device for a temporary period. When you visit the website again, it automatically detects that the visitor already accessed the site at an earlier point in time and which inputs and settings were made so as not to have to repeat these.

Cookies are also used to analyse the number of times the website was accessed for statistical purposes and for the purpose of improving the content. When you next visit the website, cookies make it possible to automatically detect that the web page was previously accessed by the visitor. We use both temporary and permanent cookies on our website.

Cookies of third-party providers are used on the website that enables us to improve the quality of our offers to you during the use of our website. These cookies can collect your IP address and non-personal data of your visit. This is done anonymously and does not include your name, address, e-mail address, or other personal data. These cookies are used in addition to receiving anonymous statistical information on the use of the website. These cookies are deleted after one year.

If visitors of the website are logged in, JavaScript commands are additionally used to obtain information on the search and buying behaviour. We use these data to complete your customer profile and to support us with offering an experience customised to your requirements at all touchpoints. To end this profile enhancement, you can delete the cookies or install a JavaScript blocker.

If cookies are linked to personal data, they are deleted if and to the extent that storage is no longer required for the purpose of data collection. Cookies can be deleted by the visitor at any time.
The data processed through the use of cookies is for the above purposes of safeguarding the legitimate interests of BSTN Store GmbH justified on the basis of Art. 6 (1), sentence 1 lit f) GDPR.

7. Analysis services for websites and social plugins

7.1 Social Media

Analysis services and social plug-ins of various providers are used on our website. These allow you, in particular, to share the contents of the website with your network contacts. As a result of the integration, network providers receive information that the corresponding web page of our website was accessed from your IP address. If you are logged in to the network, the network provider may also associate your visit to our website with your network account. Our analysis services work exclusively with pseudonymised user profiles, which do not make it possible to identify the data subject.

The legal basis for the use of analysis tools and social plugins is Art. 6(1), sentence 1, lit f) GDPR. The website analysis is in the legitimate interest of our company and is used for the statistical recording of the site usage to continuously improve our website and range of services.

7.2 Pinterest

We additionally use the plug-in of the social network Pinterest (Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA) to send you advertisements that are, as far as possible, tailored to your requirements and interests. If you access a page that contains such a plug-in, your browser directly establishes a connection to Pinterest’s servers. The plug-in transmits log data to Pinterest’s server in the USA. Such log data may include your IP address, the address of the visited websites which also include Pinterest functions, browser type, and settings, date and time of the request, your way of using Pinterest as well as cookies.

You can find further information on the purpose, volume, and further processing and use of data by Pinterest as well as your corresponding rights and options for the protection of your privacy in Pinterest’s Privacy Policy:

https://policy.pinterest.com/de/privacy-policy

The legal basis is point (f) of Article 6(1) GDPR.

Consent for Pinterest Retargeting (CAPI & Marketing Tag)

This website integrates a pixel (Pinterest Tag) from Pinterest Europe Limited ("Pinterest"), Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. This pixel collects information about your use of this website (e.g., information about viewed items) under joint control by Pinterest and us and transmits it to Pinterest. Additionally, we transmit your email address stored in the customer account as a hashed value to Pinterest if we recognize you while logged in and you give your consent to this data transmission via the banner solution implemented on this website/app. Pinterest uses the hashed email address solely for the purpose of recognizing website visitors in the context of displaying personalized ads. The same applies to the transmission/use of your IP address. The further processing of data transmitted to Pinterest is the sole data protection responsibility of Pinterest.

The information transmitted to Pinterest can be associated with your person using additional information that Pinterest may have stored about you due to your ownership of an account on the social network "Pinterest." Based on the information collected through the pixel, interest-based ads for our offerings can be displayed in your Pinterest account (retargeting). Pinterest may also aggregate the information collected through the pixel and use this aggregated information for its own advertising purposes as well as for third-party advertising purposes. For example, Pinterest can infer certain interests based on your browsing behavior on this website and use this information to promote third-party offerings. Pinterest may also combine the information collected through the pixel with other information that Pinterest has collected about you from other websites and/or in connection with your use of the social network "Pinterest," so that a profile can be stored on Pinterest for advertising purposes. Insofar as Pinterest processes your data as the sole data controller, it is possible that your data may be transferred to the USA by Pinterest. The European Court of Justice has found that the USA does not provide an adequate level of data protection. In this context, there is a particular risk that your data may be processed by US institutions/authorities for monitoring and surveillance purposes, without providing sufficient legal remedies.

The legal basis for this data processing is Article 6(1)(a) GDPR.

In general, your data will be processed within the EU or EEA. A corresponding data protection agreement has been concluded with Pinterest. If personal data is transferred to countries outside the EU or EEA, this is done under the standard contractual clauses issued by the European Commission for the transfer of personal data to third countries.

Further information on data protection at Pinterest Europe Limited can be found here.

Revocation
You can revoke your consent to this data processing at any time by opting out of Pinterest (CAPI, Marketing Tag) in our Privacy Center. Here you can also edit your settings.

7.3 Use of Google Analytics and Google Tag Manager

7.3.1

This website uses Google Analytics. It is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users from the EEA and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway 49 of 55 Mountain View, CA 94043, USA, for all other users ("Google"). Google Analytics uses "cookies," i.e. text files stored on your computer that enable an analysis of your website usage. Google Ireland Limited is responsible for the processing and storage of the information generated by the cookie regarding your use of this website, including

browser type/version;
operating system used;
referrer URL (the website visited before);
the hostname of the accessing computer (IP address);
time of server request;

for users from the EEA and Switzerland, and for all other users, it is Google LLC, 1600 Amphitheatre Parkway 49 of 55 Mountain View, CA 94043. If IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage to the website operator.

7.3.2 The IP address transmitted by your browser within the framework of Google Analytics will not be amalgamated with any other data of Google.

7.3.3 You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, we would like to draw your attention to the fact that, in this case, you might not be able to use all functions of this website to the fullest extent. In addition, you can prevent the collection of the data created by the cookie and related to your use of the website (incl. your IP address) as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

7.3.4 This website uses Google Analytics with the “_anonymizeIp()” extension. In this way, IP addresses will be further processed in a shortened form, making it thus impossible to link it to a particular individual. Insofar as the data collected about you is personal, it will be immediately excluded, and the personal data will be deleted immediately.

7.3.5 We use Google Analytics to analyze and improve the use of our website. The obtained statistics allow us to enhance our offering and make it more appealing to users. For exceptional cases in which personal data is transferred to the United States, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6(1)(f) of the GDPR.

7.3.6 Information of the third-party provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Google LLC, 1600 Amphitheatre Parkway 49 of 55 Mountain View, CA 94043, USA.

Terms of Use: http://www.google.com/analytics/terms/de.html

Overview of Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html

and Privacy Policy: http://www.google.de/intl/de/policies/privacy

7.3.7 This website uses Google Analytics additionally for an overall device analysis of visitors, which is carried out via a user ID. You can deactivate the overall device analysis in your customer account under “my data”, “personal data”.

7.3.8 Use of the Google Tag Manager: Google Tag Manager is a solution by means of which marketers can manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect personal data. The tool triggers the implementation of other tags that may collect data on their part. Google Tag Manager does not access these data. In case of deactivation on domain or cookie level, it remains in effect for all tracking tags that are implemented using Google Tag Manager. http://www.google.de/tagmanager/use-policy.html

7.4 Use of Google Shopping Reviews

We use “Google Shopping Reviews” on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. Google Shopping Reviews stores and processes data on your user behaviour on our website. For this purpose, Google Shopping Reviews uses e.g. cookies, small text files that are stored locally in the cache of your terminal device’s web browser and that enable the analysis of your use of our website.

We use Google Shopping Reviews for marketing and optimisation purposes, particularly for analysing the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of the user behaviour, we can improve our offering and make it more interesting for you as a user. Herein also lies our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is point (f) of Article 6(1) GDPR.

You can prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in the settings of your web browser. Please note that you may not be able to fully use all functions of our website in this case. You can also prevent the collection of the aforementioned data by Google by setting an opt-out cookie on one of the following linked websites:

https://www.google.de/settings/ads

http://optout.networkadvertising.org/#!/

http://optout.aboutads.info/?c=2#!/

http://www.youronlinechoices.com/de/praferenzmanagement/

Please note that this setting will be deleted if you delete your cookies. You may object to the collection and forwarding of personal data or prevent the processing of such data by deactivating the execution of JavaScript in your browser. Moreover, you can prevent the execution of JavaScript code overall by installing a JavaScript blocker (e.g. https://noscript.net/ or https://www.ghostery.com). Please note that you may not be able to fully use all functions of our website in this case.

You can find further data protection information on the following website: https://www.google.com/intl/de/policies/

7.5 Use of Google Adwords

We use "Google AdWords" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users from the EEA and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway 49 of 55 Mountain View, CA 94043, USA, for all other users. Google AdWords is a service for Internet advertising that enables us as advertisers to place ads both in the search engine results of Google and in the Google advertising network.

If you access our website via a Google ad, a conversion cookie is set by Google on your terminal device (it is no longer valid after 30 days and is not used for identifying the data subject). Through the conversion cookie, both we and Google can track whether you accessed our website via an AdWords ad and performed or interrupted a purchase there. 

The legal basis is point (f) of Article 6(1) GDPR. 

You can prevent the setting of cookies at any time by means of a corresponding setting of the used web browser and thus permanently object to the setting of cookies (see description above). You can delete any cookie already set by Google AdWords at any time via your web browser or other software programs. In addition, you can object to Google’s interest-related advertising by clicking on the link https://adssettings.google.de/authenticated and make the desired settings. 

Further information on Google’s data protection provisions: https://www.google.de/intl/de/policies/privacy/

7.6.1. Facebook Connect

We use “Facebook Connect”, a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Instead of using the registration screen of our website, you can enter your login data for Facebook. A direct connection to the Facebook server is established, and you are forwarded to the Facebook page for registration. With the registration via your Facebook account, your user account is linked to our service. 

We do not have any influence on the extent and the further use of data that are collected by Facebook through the use of Facebook Connect. If you have a Facebook user account and if you are registered, Facebook can allocate the visit to your user account. Even if you are not registered with Facebook and/or have not logged in, it is possible that Facebook finds out and stores your IP address and possibly other identifiers. Please click the following link for further information on Facebook’s Privacy Policy. 

We use Facebook Connect to facilitate and shorten your registration and login process. The legal basis is point (f) of Article 6(1) GDPR. 

Further data protection information: https://www.facebook.com/about/privacy

7.6.2 Facebook Custom Audiences

We use “Facebook Custom Audiences”, a remarketing tool of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Facebook Custom Audiences enables us to have displayed to visitors of our website during a visit of the social network Facebook or during the visit of other websites that also use Facebook Custom Audiences interest-related advertisements, so-called “Facebook Ads”. By using “Facebook Custom Audiences”, your web browser automatically establishes a direct connection to the Facebook server. We do not have any influence on the extent and the further use of data that are collected by Facebook through the use of Facebook Custom Audiences. To our knowledge, Facebook is informed that you have accessed the corresponding part of our website or clicked on one of our ads. If you have a Facebook user account and if you are registered, Facebook can allocate the visit to your user account. Even if you are not registered with Facebook and/or have not logged in, it is possible that Facebook finds out and stores your IP address and possibly other identifiers.

We use Facebook Custom Audiences for marketing and optimisation purposes, particularly to place ads that are relevant and interesting for you and to thus improve our offer and make it more interesting for you as a user. The legal basis is point (f) of Article 6(1) GDPR.

Logged-in users can deactivate Facebook Custom Audiences at https://www.facebook.com/settings/?tab=ads#_. Please note that this setting will be deleted if you delete your cookies. Furthermore, you can deactivate cookies serving range measurement and advertising purposes via the following websites:

    http://optout.networkadvertising.org/

    http://www.aboutads.info/choices

    http://www.youronlinechoices.com/uk/your-ad-choices/

Please note that this setting will be deleted as well if you delete your cookies.

Further data protection information: https://www.facebook.com/about/privacy

Consent for Meta Retargeting (CAPI & Marketing Tag)"

Our platform uses the advertising services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin, Ireland ("Meta"). In this context, information about the use of our website/app (e.g., information about viewed products) is collected by BSTN and Meta in joint responsibility and transmitted to Meta through the use of cookies, device identifiers, or similar technologies.

This website integrates a pixel from Meta Platforms Ireland Limited (Website Custom Audience Pixel), which enables Meta to transmit tracking data. Additionally, we share information with Meta regarding your recent orders (conversions). Furthermore, we transmit the email address stored in your customer account as a hashed value to Meta, provided that you have given your consent to this data transmission via the banner solution used on this website. The hashed value of the email address is used by Meta solely for the recognition of website visitors as part of delivering personalized advertisements. The same applies to the transmission/use of your IP address.

This information can be associated with your person using additional information that Meta, for example, may have stored about you due to your ownership of an account on the social networks "Facebook" or "Instagram." Based on the information collected through the pixel, interest-based advertisements for our offers may be displayed in your Facebook or Instagram account (retargeting). The information collected may also be aggregated by Meta, and the aggregated information may be used by Meta for its own advertising purposes as well as for third-party advertising purposes. For example, Meta may infer certain interests from your browsing behavior on this website and use this information to promote third-party offers. Meta may also combine the collected information with other information that Meta has collected about you from other websites and/or in connection with the use of the social networks "Facebook" or "Instagram," so that Meta may store a profile about you. This profile may be used by Meta for advertising purposes. For the permanent storage and the described further processing of the data transmitted to Meta, Meta Platforms Ireland Limited is solely responsible. In this context, Meta Platforms Ireland Limited may transfer data about you to the USA as the sole data controller. The European Court of Justice has determined that the USA does not have an adequate level of data protection. In this context, there is a particular risk that your data may be processed by American institutions/authorities for control and monitoring purposes without providing you with adequate legal recourse. The legal basis for this data processing is Article 6(1)(a) of the GDPR (consent).

For more information on data protection at Meta Platforms Ireland Limited, please refer to their privacy policies for Facebook and Instagram. Here, you can also assert your data subject rights (e.g., right to deletion) against Meta Platforms Ireland Limited.

Revocation
You can withdraw your consent to this data processing at any time by deselecting Meta (Facebook, Instagram) (CAPI, Marketing Tag) in our Privacy Center. Here, you can also edit your settings. In general, your mobile device (phone, tablet) has a feature that allows you to opt in or out of certain types of personalized advertising when using apps.

7.6.3 Meta Custom Audiences

Consent for Meta Custom Audiences"

We also have the option to transmit the email address or phone number stored in your customer account as a hashed value (the hashed value is a transformation of your email address into another value, thus pseudonymizing your email address) to Meta, provided you have given your consent to this data transmission via the banner solution used on this website/app. The hashed value of the email address is used by Meta for the purpose of identifying you on Meta's websites (e.g., the social network "Facebook") and for displaying our personalized advertisements to you on these websites. It is also possible that this identification may result in you not being targeted with our advertisements. Meta Platforms Ireland Limited is solely responsible for the permanent storage and further processing of the hashed values. In this context, Meta Platforms Ireland Limited may store the hashed values in the USA as the sole data controller. The European Court of Justice has determined that the USA does not have an adequate level of data protection. In this context, there is a particular risk that your data may be processed by American institutions/authorities for control and monitoring purposes without providing you with adequate legal recourse.

The legal basis for this data processing is Article 6(1)(a) of the GDPR (consent).

For more information and the possibility to assert your data subject rights against Meta Platforms Ireland Limited, please refer to the links under section 7.6.2 CAPI.

Revocation
You can withdraw your consent to this data processing at any time by deselecting Meta (Facebook, Instagram) (list upload) in our Privacy Center.

7.7 Use of Double Click

We use “DoubleClick”, an online marketing tool of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. DoubleClick uses, amongst others, cookies, small text files that are locally stored in the cache of your terminal device’s web browser. Google records via a cookie ID what ads are placed in what web browser. This can prevent that ads are displayed several times. In addition, by means of the cookie IDs, DoubleClick can record so-called conversions, which are related to ad requests. This is the case if e.g. you see a DoubleClick ad and later access the advertiser’s website with the same web browser and purchase something. According to information provided by Google, the aforementioned cookies do not contain any personal data. By using DoubleClick, your browser automatically establishes a direct connection to the Google server. We do not have any influence on the extent and the further use of data that are collected by Google through the use of DoubleClick. To our knowledge, Google is informed that you have accessed the corresponding part of our website or clicked on one of our ads. If you have a Google user account and if you are registered, Google can allocate the visit to your user account. Even if you are not registered with Google and/or have not logged in, it is possible that Google finds out and stores your IP address.

We use DoubleClick for marketing and optimisation purposes, particularly to place ads that are relevant and interesting for you, to improve campaign performance reports or to prevent that you see the same ads several times. Herein also lies our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is point (f) of Article 6(1) GDPR.

Further information: http://www.google.de/intl/de/policies/privacy and https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090

7.8 Use of Bing Ads

We use “Bing Ads”, a service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Bing Ads collects and stores data from which user profiles are created based on the use of pseudonyms. Bing Ads allows us to retrace the user activities on our website, provided that the users reached our website through Bing Ads advertisements. If you reach our website through one of these ads, a cookie will be set on your terminal device. This allows us and Microsoft to understand that a user clicked on a Bing Ads advertisement and was redirected to our website. Microsoft and we can also understand that a user has reached a previously determined landing page, the so-called conversion page. We only learn the total amount of users that have clicked on a Bing Ads advertisement and that have been redirected to the conversion page. However, no personal data of the respective user are processed. The collected information is transmitted to Microsoft servers in the USA and stored there for a maximum of 180 days. Furthermore, Microsoft may track, under certain circumstances, your user behaviour throughout various of your terminal devices thanks to the so-called cross-device tracking. This way, Microsoft can show you customised ads on Microsoft websites as well as in Microsoft apps.

We are using Bing Ads for marketing and optimisation purposes, especially in order to analyse the use of our website and to continuously improve individual features and offers, as well as the user experience. Through the statistical evaluation of the user behaviour, we can improve our offering and make it more interesting for you as a user. Herein also lies our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is point (f) of Article 6(1) GDPR.

You can prevent the evaluation by deleting existing cookies and deactivating the storage of cookies in your browser settings. Please note that you may not be able to fully use all functions of our website in this case. You can also prevent the display of customised advertisement by Microsoft by setting an Opt-Out cookie on the following website: http://choice.microsoft.com/de-de/opt-out. Please note that this setting will be deleted if you delete your cookies.

7.9 Use of Crazy Egg

We use on our website the web tracking tool Crazy Egg (Crazy Egg, Inc., 16220 Ridgeview Lane, La Mirada, CA, 90638, USA). Crazy Egg uses cookies, which enable the analysis of your use of the website. The information generated by the cookie concerning your use of this website is usually transmitted to a Crazy Egg server in the USA and stored there.

Privacy Policy: http://www.crazyegg.com/privacy

Opt-out: You can prevent the storage of the cookies by setting your browser software accordingly. Moreover, you can prevent the collection of the data created by the cookie and related to your use of the website (including your IP address) as well as the processing of such data by Crazy Egg by following the directions at the following link: http://www.crazyegg.com/opt-out

7.10 Use of Criteo

On this website, through the technology of Criteo SA, 32 Rue Blanche, 75009 Paris, France, by means of cookie text files, information on the browsing behaviour of the website visitors is collected, stored and evaluated in a pseudonymised form. Criteo analyses the browsing behaviour by means of an algorithm and can subsequently display targeted product recommendations as personalised advertising banners on other websites (publishers). The collected data can never be used to personally identify the visitor of this website. 

The legal basis for data processing is your consent according to point (a) of Article 6(1) GDPR. You can revoke your consent at any time. 

Criteo data protection provisions: http://www.criteo.com/de/privacy/

7.11 Use of Outbrain 

On our website, we use the technology of the provider Outbrain UK Ltd., by means of which you are informed about further contents within our website and about third-party websites. The further purchase recommendations integrated by Outbrain e.g. below an article are made on the basis of the previous contents read by you. For this purpose, Outbrain uses cookies that are stored on the user's computer/terminal device. The contents displayed in the Outbrain widget are automatically controlled and delivered by Outbrain as regards content and technology.

Reading recommendations are displayed by Outbrain by means of cookies on a purely pseudonymous basis, i.e. no personal data of the users are stored. Outbrain records the device source, the browser type and the anonymised IP address of yours. To anonymise the IP address, the last octet of the IP address is removed in order to guarantee comprehensive anonymisation.

Further information on data protection: http://www.outbrain.com/de/legal/privacy

You can object to the tracking for the display of interest-based recommendations at any time by clicking on the “Opt-out” field under Outbrain’s Privacy Policy.

7.12 Use of Webgains 

We use the affiliate programme Webgains of our partner ad pepper media GmbH, FrankenStraße 150C, FrankenCampus, 90461 Nuremberg. To track activities, Webgains stores cookies on terminal devices of users visiting our website or other online offers so that the success of an advertising tool on other sites can be allocated to a specific purchase in our online shop. With this method, we want to ensure that only ads you are interested in are displayed to you, that we can make our website more attractive to you and, not least, that we can calculate advertising costs in a targeted manner.

Webgains uses tracking cookies, i.e. no personal data are stored in cookies, but anonymised tracking IDs (an individual digit sequence that cannot be allocated to the individual user). 

The legal basis of data use is point (f) of Article 6(1) GDPR.

If you do not agree to the storage of cookies in your browser, you can prevent it by setting your browser accordingly. You can deactivate the storage of cookies in your browser or limit it to certain websites. However, please note that you must expect a limited display of the online offers and a limited user guidance in this case. You can delete cookies at any time. In this case, the information provided in such cookies is removed from your terminal device.

Further information on data protection by Webgains: http://www.webgains.com/public/de/datenschutzerklaerung/

7.13 Use of Instagram 

We use on our website plug-ins of the social network Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA).

If you are logged into your Instagram account, you can link the contents of our sites to your profile by clicking the button; Instagram can then allocate your visit of our website to your user account. If you do not agree, either log off from your Instagram profile prior to the use or do not activate the social plug-ins in the Instagram settings.

We do not know the exact content and the use of the data. You can find further information in this regard in Instagram’s Privacy Policy: http://instagram.com/about/legal/privacy/

7.14 Use of TikTok

We use the so-called "TikTok pixel" of the provider TikTokTechnology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, company number 635755 in Ireland.

This is a code which we have implemented on our site. With the help of this code, in case of your explicit consent, when you visit our website, a connection is established with the TikTok servers in order to track your behavior on our website. For example, when you purchase a product on our website, the TikTok pixel is triggered and stores your actions on our website in one or more cookies.

To do this, personal information, such as your IP address and email address, as well as other information such as device ID, device type and operating system, is transferred to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account.

The legal basis of the data use is Art. 6 para. 1 lit. a DSGVO. You have the option to revoke your consent at any time with effect for the future. There are no costs for this other than the costs of the basic rates.

TikTok uses this data to display targeted and personalized advertising to its users and to create interest-based user profiles. The collected data is anonymous and not visible to us and is only used for us in the context of measuring the effectiveness of ad placements.

In principle, your data will be processed within the EU or the EEA. For this purpose, a corresponding data protection agreement has been concluded with TikTok. If personal data is transferred to countries outside the EU or EEA, this is done within the framework of the Commission's model contracts for the transfer of personal data to third countries (i.e. standard contractual clauses).

TikTok's privacy policy can be found at: https://www.tiktok.com/legal/new-privacy-policy

7.14.1 TikTok CAPI

Consent for TikTok Retargeting (CAPI & Marketing Tag)"

This website integrates a pixel from TikTok Information Technologies UK Limited, One London Wall, London EC2Y 5EB, UK. This pixel collects information about the use of this website (e.g., information about viewed products) in joint responsibility by TikTok Information Technologies UK Limited and us and transmits it to TikTok Information Technologies UK Limited. We also transmit the email address stored in your customer account as a hashed value to TikTok Information Technologies UK Limited, provided we recognize you in a logged-in state and you have given your consent to this data transmission via the banner solution used on this website/app. The hashed value of the email address is used by TikTok Information Technologies UK Limited solely for the recognition of website visitors as part of delivering personalized advertisements. The same applies to the transmission/use of your IP address. The further processing of the data transmitted to TikTok Information Technologies UK Limited is the sole responsibility of TikTok Information Technologies UK Limited. The information transmitted to TikTok can be associated with your person using additional information that TikTok may have stored about you due to your ownership of an account on the social network "TikTok." Based on the collected information, interest-based advertisements for our offers may be displayed in your TikTok account (retargeting). The information collected may also be aggregated by TikTok, and the aggregated information may be used by TikTok for its own advertising purposes as well as for third-party advertising purposes. For example, TikTok may infer certain interests from your browsing behavior on this website and use this information to promote third-party offers. TikTok may also combine the collected information with other information that TikTok has collected about you from other websites and/or in connection with the use of the social network "TikTok," so that TikTok may store a profile about you. This profile may be used for advertising purposes. If TikTok Information Technologies UK Limited processes your data as the sole data controller, there is a possibility that your data may be transferred by TikTok Information Technologies UK Limited to the USA. The European Court of Justice has determined that the USA does not have an adequate level of data protection. In this context, there is a particular risk that your data may be processed by American institutions/authorities for control and monitoring purposes without providing you with adequate legal recourse.

The legal basis for this data processing is Article 6(1)(a) of the GDPR (consent). For more information on data protection at TikTok, please refer to their privacy policy. Here, you can also assert your data subject rights (e.g., right to deletion) with regard to the data that TikTok Information Technologies UK Limited processes about you as the sole data controller.

In principle, your data will be processed within the EU or the EEA. A corresponding data protection agreement has been concluded with TikTok for this purpose. If personal data is transferred to countries outside the EU or the EEA, this is done within the framework of the Commission's standard contractual clauses for the transfer of personal data to third countries.

Revocation
You can withdraw your consent to this data processing at any time by deselecting TikTok in our Privacy Center. Here, you can also edit your settings.

In general, your mobile device (phone, tablet) has a feature that allows you to opt in or out of certain types of personalized advertising when using apps, and thus also withdraw your consent.

7.14.2 TikTok Pixel

Consent for TikTok Pixel

This website uses the so-called "TikTok Pixel" of the social network TikTok (see section 7.14.1). This is a code that we have implemented on our website. With the help of this code, a connection with TikTok's servers is established when you visit our website to track and evaluate your behavior on our website, enabling the display of interest-based and personalized product recommendations on TikTok. The information collected and pseudonymized includes device ID, device type, timestamp, operating system used, and IP address. The information can be associated with the user by using additional information that TikTok, for example, may have stored about the user due to their ownership of an account on the social network "TikTok." TikTok may also combine the information collected through the pixel with other information that TikTok has collected from other websites and/or in connection with the use of the social network "TikTok," creating pseudonymized user profiles. In no case can the collected information be used to personally identify visitors to this website.

The TikTok Pixel also enables us to track the effectiveness of advertisements on TikTok. If the user is redirected from an ad on TikTok to pages on this website and the cookies have not yet expired, the pixel tracks certain predefined user actions and can trace them (e.g., completed transactions, leads, searches on the website, product page views). When such an action is performed, your browser sends an HTTP request via the TikTok Pixel from the cookie to TikTok's server, transmitting certain information about the action. Through this transmission, TikTok can create statistics about the usage behavior on our website after being redirected from a TikTok ad, which we can use to optimize our offerings.

Additionally, we have activated the so-called Advanced Matching. Advanced Matching allows us to send customer information (such as email addresses, phone numbers, and customer IDs) along with our TikTok Pixel events to TikTok, to better match website events with people on TikTok. This way, we can attribute more conversions, reach more users, and ultimately optimize our TikTok campaigns. To protect your data, this information is encrypted in your browser with an industry-standard hashing algorithm before being transmitted to TikTok's servers.

The storage of and access to information on the end user's device is based on informed consent according to § 25 para. 1 TTDSG. The legal basis for the further processing of your personal data is your voluntary and informed consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. You provide the corresponding consents via the consent banner.

Information regarding the transfer of your data to third countries can be found under section 7.14.1. TikTok CAPI.

Revocation
You can withdraw your consent to this data processing at any time by deselecting TikTok in our Privacy Center. Here, you can also review your settings.

In general, your mobile device (phone, tablet) has a feature that allows you to opt in or out of certain types of personalized advertising when using apps, and thus also withdraw your consent.

7.15 Use of Monetate

We also utilize the analysis and personalization service Monetate, provided by Monetate Inc (951 Hector St, Conshohocken, PA 19428, United States), to display personalized content to you, for example, in the email newsletter as well as in transactional mailings. Monetate utilizes cookies, which are stored on your device and enable us to analyze the usage patterns of our website and enhance its performance. The data generated by the cookies regarding your interaction with our website is transferred to a Monetate server in the USA, where it is securely stored and processed on our behalf. Prior to any further processing, your IP address is anonymized and substituted with a generic, non-identifiable IP address. This ensures that direct personal identification is not possible.

The following data is collected:

IP address (anonymized)

Usage-related information such as time of use, length of stay, place of origin

Device-related data such as device type, model, operating system, browser type and version.

We have not received information regarding the storage duration by Monetate. Data is transferred to the USA. Safeguards under Art. 44ff GDPR are ensured through Monetate's adherence to the Privacy Shield framework. The legal basis for processing personal data via marketing cookies is Art. 6 para. 1 sentence 1 letter a GDPR. Our legitimate interest lies in usage analysis and the continual enhancement of our website.

The legal basis for processing personal data via marketing cookies is Art. 6 para. 1 sentence 1 letter a GDPR. Our legitimate interest lies in usage analysis and the continual enhancement of our website.

You can find Monetate's privacy policy at: https://monetate.com/platform-privacy-policy

7.16. Consent for RTB House

To conduct personalized advertising campaigns, we process certain data about users' online activities on this website. This data may include: online identifiers (e.g., cookie ID/mobile advertising ID), information about specific pages visited, products viewed or added to the cart along with timestamps and purchased, as well as technical device and search engine details. We engage RTB House GmbH, an advertising technology company, as a third-party subcontractor to conduct advertising campaigns based on this data and to display personalized ads to users. If this data constitutes "personal data" under the GDPR, we act as the data controller, and RTB House GmbH acts as the data processor.

The legal basis for data processing is your consent under Article 6(1)(a) of the EU GDPR. You can withdraw your consent at any time.

Further information about RTB House's retargeting technology can be found at: https://www.rtbhouse.com/privacy-center.

 

7.17. Use of Mention Me


BSTN Store GmbH uses the referral marketing program of Mention Me Ltd, Kennington Park, 1-3 Brixton Rd, London, SW9 6DE, United Kingdom. With this program, you can recommend BSTN to your friends and acquaintances. If the person you referred also becomes a customer at BSTN, both you as the referrer and the referred friend will be rewarded by BSTN.

For this purpose, your name and email address as the referrer will be transmitted to Mention Me in accordance with the GDPR, so that this company can operate the service on behalf of BSTN. Once you make a purchase on this website, you will see a notice from Mention Me. You also have the option to start the referral process via a special landing page. This allows you to decide calmly whether you want to recommend someone. If you choose to do so, you can send a personalized link via email, Facebook, SMS, or WhatsApp to your friend. If the referred person then makes an order on this website, both you and your referred friend will receive a reward.

BSTN will transmit your personal data (name, email address, and order details) to Mention Me in an encrypted, pseudonymized form so that you can participate in the referral program. This way, it can be determined who the referrer of a new customer is and who will receive the reward. For this purpose, your email address, name, and IP address will be processed. The email address and IP address of the referred friend will also be processed, but only if they enter their data in the ""Referred by a friend"" field at checkout. In both cases, the data transfer will only occur in pseudonymized form.

The legal basis for this data processing is Article 6(1)(a) GDPR.

In principle, your data is processed within the EU or EEA. For this purpose, a corresponding data protection agreement has been concluded with Mention Me. If personal data is transferred to countries outside the EU or EEA, this is done within the framework of the standard contractual clauses of the Commission for the transfer of personal data to third countries (i.e., standard contractual clauses).

For more information on data protection at Mention Me, please visit https://mention-me.com/help/privacy_policy_s#referrers.

Withdrawal
You can withdraw your consent to this data processing at any time by opting out of Mention Me in our Privacy Center. Here you can also edit your settings.

 

8. Your rights as a data subject

Insofar as your personal data will be processed during a visit to our website, as a "data subject" within the meaning of the GDPR, you have the following rights:

8.1 Right to confirmation

Each data subject shall have the right granted by the European directives and regulators to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. If a data subject wishes to avail himself or herself of this right of confirmation, he or she may, at any time, contact an employee of the controller.

8.2 Information

You can request information from us about whether your personal data is processed by us. The right to information is excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or is stored exclusively for the purpose of data backup or data protection control, provided that the exchange of information would incur disproportionately high costs and processing for other purposes by suitable technical and organisational measures is ruled out. If in your case the right of access to information is not excluded and your personal data is processed by us, you can request disclosure from us about the following information:
Purposes of the processing,
Categories of the personal data about you that is processed,
Recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations,
Where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that storage period,
The existence of the right of rectification or erasure or restriction on processing of your personal data or a right to object to such processing,
The existence of the right to lodge a complaint with a supervisory authority,
If the personal data was not collected from you as the data subject, the available information on the origin of the data,
Or where applicable, the existence of automated decision-making, including profiling and meaningful information about the logic involved and also the scope and desired impact of the automated decision-making,
Where applicable, in case of the transmission to recipients in third countries, provided that there is no decision of the EU Commission regarding the adequacy of the level of protection according to Art. 45(3) of the GDPR, information about which appropriate guarantees pursuant to Art. 46(2) GDPR have been provided for the protection of personal data.

8.3 Rectification and completion

If you determine that we may hold inaccurate personal data about you, you can request immediate correction of this incorrect data. In the case of incomplete personal data, you may request completion.

8.4 Erasure

You have a right to erasure ("Right to be forgotten"), insofar as the processing is not required to exercise the right to freedom of expression, the right to information or for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest, and one of the following reasons applies:
The personal data is no longer necessary for the purposes for which it was processed.
The basis of the justification for the processing was exclusively your consent, which you have withdrawn.
You have objected to the processing of your personal data, which we have made publicly available.
You have objected to the processing of personal data not made publicly available by us and there are no overriding legitimate grounds for the processing.
Your personal data has been processed unlawfully.
The erasure of the personal data is required to comply with a legal obligation, to which we are subject.
No claim for erasure exists if, in the event of legitimate non-automated data processing, due to the specific nature of the storage, it is not possible or only with disproportionately high expense and your interest in the erasure is minimal. In this case, limitation of processing shall replace erasure.

8.5 Limitation of processing

You can request limitation of processing from us, if one of the following reasons applies:
You dispute the accuracy of the personal data. In this case, the limitation may be required for the time needed for us to check the accuracy of the data.
The processing is unlawful and, instead of deletion, you demand limitation of the use of your personal data.
Your personal data is no longer needed by us for the purposes of processing, but is still required by you for the assertion, exercise or defence of legal claims.
You have presented an objection according to Art. 21(1) of the GDPR. The limitation of processing may be extended for as long as it remains to be decided whether our legitimate reasons outweigh your reasons.
Limitation of processing means the personal data may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on the grounds of an important public interest. We have a duty to inform you before we remove the limitation.

8.6 Data portability

You have a right to data portability provided that the processing is based on your consent (Art. 6(1), sentence 1, lit a) or Art. 9(2) lit a) GDPR) or is based on an agreement of which you are a contracting party and the processing is performed using automated procedures. The right to data portability in this case includes the following rights, provided this does not affect the rights and freedoms of others: You can ask us to keep the personal data you have provided to us, in a structured, consistent and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. As far as is technically feasible, you can demand from us that we transfer your personal data directly to another controller.

8.7 Objection

If the processing is pursuant to Art. 6(1), sentence 1 lit e) of the GDPR (performance of a task carried out in the public interest) or Art. 6(1), sentence 1 lit f) of the GDPR (legitimate interests pursued by the controller or by a third party), you have the right for reasons related to your specific situation to object at any time to the processing of personal data concerning you. This also applies to profiling pursuant to Art. 6(1), sentence 1 lit e) or lit f) of the GDPR. After you exercise the right of objection, we will stop processing your personal data, unless we can prove there are compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or that the processing serves the purpose of asserting, exercising or defending legal claims.
You can object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling in connection with such direct marketing. Once this right is exercised, we will no longer use the relevant personal data for direct marketing purposes.
You have the option of communicating your objection informally by phone, email or to our company postal address listed at the beginning of this privacy policy.

8.8 Withdrawal of consent

You have the right to withdraw, with future effect, your consent at any time. The withdrawal of consent can be communicated informally by phone, email or to our postal address. The legality of the data processing performed on the basis of consent up to the receipt of the revocation shall not be affected by the withdrawal. Upon receipt of the withdrawal, the data processing, which is based exclusively on your consent, is discontinued.

8.9 Complaint

If you believe the processing of personal data concerning you is illegal, you can file a complaint with a supervisory authority for data protection responsible for your place of residence or workplace or the location of the alleged infringement.

9. Version and updates to this Privacy Policy

This Privacy Policy was last updated in July 2024. We reserve the right to update the privacy policy at the appropriate time, to improve the protection of data and/or adapt to changes in practice or jurisdiction.