Privacy policy

The security of your personal data and the protection of your privacy when using our websites are our top priority.

We would therefore like to inform you below about the collection, processing and use of personal data. If you have any further questions about data protection in relation to the use of our website, you can contact us directly at any time.

The PALOPA online shop is a website operated by LÄSSIG, based in Babenhausen (Hesse), Germany.

RESPONSIBLE BODY

1.1 Responsible

LÄSSIG GmbH

Im Riemen 32

64832 Babenhausen

Germany

Tel.: +49 (0)6073 - 74489-300

Email: service@palopa-pets.com

Management: Dr. Torge Doser, Ingo Röller

(Hereinafter referred to as ‘LÄSSIG’, “we” or ‘us’)

1.2 Data Protection Officer

The data protection officer of LÄSSIG GmbH is

ceterion AG

Frankfurter Straße 63-69

65760 Eschborn

Email: datenschutz@laessig-gmbh.de

USER RIGHTS

You have the right at any time, subject to certain conditions, to

request information about the processing of your data,

correct your data,

have your data deleted or blocked,

receive your data in a transferable format and transfer it to a third party,

revoke your consent to the processing of your data for the future; The revocation does not affect the lawfulness of the processing of your personal data until revocation. Likewise, further processing of this data on another legal basis, such as to fulfil legal obligations, remains unaffected.

To do so, please contact us using the contact details provided in section 1 above.

In addition, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. The supervisory authority responsible for LÄSSIG is:

The Hessian Commissioner for Data Protection and Freedom of Information

P.O. Box 3163

65021 Wiesbaden, Germany

Phone: +49 611 1408 – 0

Fax: +49 611 1408 – 611

STORAGE PERIOD/DELETION

Your personal data will be deleted as soon as it is no longer required for the purposes mentioned above. It may happen that personal data is stored for the period during which claims can be asserted against us (statutory limitation period of three to thirty years). In addition, personal data will be stored to the extent and for as long as we are legally obliged to do so. Corresponding documentation and retention obligations arise, among other things, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act. The storage periods are up to ten years.

CATEGORIES OF DATA RECIPIENTS

We use processors to process your data. A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.

The processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, marketing measures or file and data carrier destruction. Processors do not use the data for their own purposes, but carry out data processing exclusively for the controller and are contractually obliged to ensure appropriate technical and organisational measures for data protection.

In addition, we may transfer your personal data to entities such as postal and delivery services, payment and information services, our house bank, tax advisors/auditors or the tax authorities. Further recipients may be identified in the following information.

DATA TRANSFER TO THIRD COUNTRIES

Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. If no such adequacy decision has been made by the European Commission, personal data will only be transferred to a third country if there are appropriate safeguards in place in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

Unless otherwise stated in this privacy policy, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards.

If you consent to the transfer of personal data to third countries, the transfer is based on the legal basis of Art. 49 (1) (a) GDPR.

SSL OR TLS ENCRYPTION

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, this website uses SSL or TLS encryption.

You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The data entered during the ordering process in the web shop is transmitted in encrypted form (SSL encryption) to prevent misuse of the data by third parties.

SCOPE, PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

7.1 Basic information on data processing

We treat your personal data confidentially and in accordance with the relevant data protection regulations, taking into account the principles of data minimisation and data avoidance.

We take organisational, contractual and technical security measures in line with the state of the art to ensure that the provisions of the relevant data protection regulations are complied with and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible. For this reason, you are free to transmit personal data to us by alternative means, for example by post or telephone.

7.2 Data processing in connection with the use of our website

7.2.1 Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter: ‘Shopify’) for the purpose of hosting and displaying the online shop.

Shopify is e-commerce software for creating online shops, which can also be used to handle logistical processes related to the operation of the online shop.

When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. In addition, Shopify collects data that you provide about yourself when making a purchase in our online shop, e.g. your name, email address, delivery and billing addresses, payment details and other data related to the purchase (e.g. telephone number, amount of sales made, etc.).

Shopify uses your customer data together with the customer data of other merchants to gain insights and use advanced features.

Shopify also analyses the number of visitors and the type and extent of use of our online shop by our customers and compiles user statistics. This information is collected using cookies that are stored in your browser. An overview of the cookies used by Shopify and their storage duration can be found here: Shopify Germany Cookie Policy

Further details on the use/processing of your data by Shopify can be found here:

https://www.shopify.com/de/legal/privacy/consumers

and also in Shopify's data protection portal at:

https://privacy.shopify.com/de

The use of Shopify is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable presentation and operation of our website. For this purpose, we have concluded a contract for order processing (AVV) with Shopify in accordance with Article 6(1)(c) GDPR in conjunction with Article 28(3) GDPR.

If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR; consent can be revoked at any time.

7.2.2 Log files

Each time you access our website, usage data is transmitted by your internet browser and stored in log files (server log files). This data includes:

IP address

Timestamp (date and time of the query)

Type of query

Browser

Client information (client type, client version)

User's operating system (device, OS version of the device)

7.2.3 Cookies

Our website uses cookies. Cookies are small text files that are stored in your internet browser or by your internet browser on your computer system. When you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when you visit the website again.

We use cookies to make our website more user-friendly, effective and secure. Cookies also enable our systems to recognise your browser even after you have changed pages and to offer you services. Some functions of our website cannot be offered without the use of cookies. We would like to point out that the use of the shopping basket function and ordering is only possible with the use of cookies.

We also use cookies on our website for the purpose of analysing the surfing behaviour of our site visitors. Furthermore, we use cookies for the purpose of subsequently addressing site visitors on other websites with targeted, interest-based advertising and for the creation of visitor statistics.

Insofar as cookies are not technically necessary, the legal basis for processing in this case is Art. 6 (1) (f) GDPR. We only use them with your prior consent, which you can revoke at any time; the legal basis for processing in this case is Art. 6 (1) (a) GDPR.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your browser, you can prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. We would like to point out that you may not be able to use all functions of this website to their full extent.

The links below provide information on how to manage (including deactivate) cookies in the most popular browsers:

Chrome browser: https://support.google.com/accounts/answer/61416?hl=de

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Opera: help.opera.com/Windows/10.20/en/cookies.html

7.2.4 Customer account

Permanent customer account

To place an order in our shop, you can create a password-protected customer account. In this case, your personal data will be stored permanently so that you do not have to re-enter your data when placing a new order. You also have the option of viewing and changing the data stored in your customer account at any time. We process the following data:

First and last name

Title

Address

Email address

Customer number

Password

In the case of an order: billing and payment data (credit card numbers, bank details) and transaction IDs related to the order

In the case of an order: order data and data for payment risk assessment (balance, turnover, dunning level, delivery blocks)

The creation of a customer account is voluntary. If you create a customer account, the data collected here will be processed on the basis of Art. 6 (1) (b) GDPR.

In addition to the data requested when placing an order, you must provide a password of your choice to create a customer account. This password, together with your email address, is used to access your customer account. Please treat your personal access data confidentially and, in particular, do not make it accessible to unauthorised third parties. You must also actively log out before leaving our website, otherwise you will remain logged in automatically.

You can delete your customer account at any time. If you do not delete your customer account yourself, it will be deleted automatically. The deletion takes place three years after your last order, with the period beginning at the end of the last day of the calendar year of the last order.

Please note, however, that deleting your customer account does not automatically lead to the deletion of the order data stored in the customer account if you have placed an order with us. In this case, data deletion is governed by section 3.

Guest order

If you do not wish to create a permanent customer account, you have the option of placing an order with us as a guest. To do so, simply click on ‘Proceed to checkout’ in your shopping cart, enter your order details on the page that opens, and then click on the ‘Proceed to shipping’ button. In this case, no permanent customer account will be created; your data will only be stored for the purpose of processing this specific order and will be deleted afterwards. We process the following data:

First and last name

Title

Address

Email address

Telephone number (optional)

In the case of an order: Invoice and payment details (credit card numbers, bank details) and transaction IDs related to the order

In the case of an order: Order details and data for payment risk assessment (balance, turnover, reminder level, delivery blocks)

Please note, however, that your customer data will not automatically be deleted once you have placed an order with us. In this case, data deletion is governed by section 3.

The processing of your data collected here is based on Art. 6 (1) (b) GDPR.

Returns portal

We use the service provider 8returns UG, Lohmühlenstr. 65, 12435 Berlin, for returns management. The processing of your data collected here is based on Art. 6 (1) (b) GDPR. In addition, there is a legitimate interest in the smooth processing of your return, Art. 6 (1) (b) GDPR.

7.2.5 Payment

PayPal

We offer payment via PayPal for our products. The payment service provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; ‘PayPal’).

Your payment details will be passed on in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – ‘purchase on account’ or ‘instalment payment’ via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency.

PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Further information on data protection, including the credit agencies used, can be found at the following link:

https://www.paypal.com/de/webapps/mpp/ua/creditref

You can object to the processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

All PayPal transactions are subject to the PayPal privacy policy. You can find this at

https://www.paypal.com/webapps/mpp/ua/privacy-full

Credit card, Klarna, Sofort transfer, Giropay, Shop Pay, Google Pay, Apple Pay, Maestro ATM card

In order to offer you as many payment options as possible for your purchase, we use the payment service provider Shopify International Ltd., Victoria Buildings, 2nd Floor 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The legal basis for data processing is Art. 6 (1) (b) GDPR. We use the service provider Shopify to process credit card payments and payments via Klarna, Sofort-Überweisung, Giropay, Shop Pay, Apple Pay, Google Pay and Maestro Bankomat Card.

The following data is processed and handled via Shopify:

First and last name

Title

Date of birth

Telephone number

Email address

IP address

Billing and delivery address

Country

Order information

Order date

Browser, device

Amount paid

Credit card number (truncated)

Credit card type

Credit card holder

Credit card issuer

Card expiry date

7.2.6 Newsletter

We use your e-mail address independently of the contract processing exclusively for our own advertising purposes for sending newsletters if you have expressly consented to this. The processing takes place on the basis of Art. 6 para. 1 sentence 1 a) GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the mailing list.

Your data will be passed on to a mailing service provider for email marketing as part of order processing. Your data will not be passed on to other third parties. With the cancellation of your consent, your consent to the sending of the newsletter by the mailing service provider expires at the same time. Unfortunately, it is not possible for the mailing service provider to cancel the mailing separately; in this case, the entire newsletter subscription must be cancelled.

The newsletter is sent by the mailing service providers Brevo and Klaviyo. You can view the privacy policy of the mailing service provider here:

Klaviyo: https://www.klaviyo.com/de/legal/privacy/privacy-notice

Brevo: https://www.brevo.com/de/legal/privacypolicy/

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of the mailing service provider. The mailing service provider uses this information to send and analyse the newsletter on our behalf. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links have been clicked on particularly often.

Furthermore, according to its own information, the mailing service provider can use this data to optimise or improve its own services, e.g. for the technical optimisation of mailing and for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.

Statistical survey and analyses: The newsletter contains a so-called ‘web-beacon’, i.e. a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether the newsletter was opened, when it was opened and which links were clicked.

For technical reasons, this information can be assigned to individual newsletter recipients. However, we do not endeavour to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Klaviyo

We use Klaviyo on this website. The provider is Klaviyo Inc., 125 Summer Street, Floor 6, Boston, MA 02110, USA (hereinafter “Klaviyo”).

Klaviyo is a marketing automation tool used for sending emails, SMS messages, push notifications, and collecting customer reviews for eCommerce merchants.

For this purpose, Klaviyo stores consent for email marketing. In particular, the following data may be processed: name, telephone number, email address, address data, IP address, device identifiers, usage data (such as interactions between a user and Klaviyo’s online system, website, or email), browser used, operating system used, and referrer URL.

The use of Klaviyo is based on Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG. Consent may be revoked at any time.

Further details can be found in the provider’s privacy policy at: https://www.klaviyo.com/de/legal/privacy/privacy-notice

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000012uf9AAA&status=Active

The provider uses standard contractual clauses for the transfer of personal data to third countries. Details can be found here: https://www.klaviyo.com/de/legal/data-processing-agreement.

7.2.7 Contact options

Contact form

You have the option of contacting us on our website under the heading ‘Contact’ or the heading ‘Returns/customer service form’. For this purpose, the following personal data is collected in the contact form, which is integrated on the website

Name (optional)

Email address

Comment (content of the enquiry)

Date and time of the enquiry

The IP address of the accessing computer is also collected.

The data collected will not be passed on to third parties in the course of making contact.

We use the data to clarify your enquiry as quickly as possible and to contact you. IP addresses are collected to protect against misuse of the contact form. The IP addresses collected are anonymised.

By sending your message, you consent to the processing of the transmitted data. The processing takes place on the basis of Art. 6 para. 1 sentence 1 a) GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your personal data will then be deleted. If you wish to withdraw your consent, please use the contact details provided in section 1 above.

When using the contact form, we only collect personal data to the extent provided by you. We only use your e-mail address to process your enquiry. Your data will then be deleted unless you have consented to further processing and use.

E-mail notification of item availability

In the PALOPA Shop, we offer the option of informing you by e-mail about the time of availability for selected items that are temporarily unavailable. To do this, you must register for our e-mail notification service for item availability. If you register, we will send you a one-off e-mail about the availability of the item you have selected. The only mandatory information for sending this notification is your e-mail address. The processing takes place on the basis of Art. 6 para. 1 sentence 1 a) GDPR with your consent.

When you register for our e-mail notification service for article availability, we store the date and time of registration entered by the Internet Service Provider (ISP) in order to be able to trace any possible misuse of your e-mail address at a later date.

The data collected by us when you register for our e-mail notification service for item availability is used exclusively for the purpose of informing you about the availability of a specific item in our PALOPA Online Shop. You can unsubscribe or delete the e-mail notification service for item availability at any time by sending a corresponding message to service@palopa-pets.com. After cancellation, your e-mail address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2.8 Comment function

As a customer, you have the opportunity to leave comments on our website. In this case, we process the personal data that you voluntarily enter as a user in the context of the comment. In principle, you are free to publish the content on our website under a pseudonym and/or your name.

We need your e-mail address in order to contact you if necessary about events relating to your contribution.

The legal basis for data processing is your consent, Art. 6 para. 1 sentence a) GDPR. You can withdraw your consent at any time by notifying us without affecting the lawfulness of processing based on consent before its withdrawal. Your personal data will then be deleted. If you wish to withdraw your consent, please use the contact details provided in section 1 above.

7.2.9 Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to analyse user access to our website. The data collected by Google Tag Manager is not analysed.

Google Tag Manager is used on the basis of our legitimate interests, i.e. interest in optimising our services in accordance with Art. 6 (1) (1) (f) GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google. Further information can be found in Google's privacy policy at: https://policies.google.com/privacy.

7.2.10 Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).

Google uses cookies. The information generated by the cookie about your use of the online offer is usually transmitted to a Google server in the USA and stored there. Please also read our information above under point 5

Google will use this information on our behalf to analyse your use of our online offer, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet.

We only use Google Analytics with activated IP anonymisation. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

The Google service is used on the basis of Art. 6 para. 1 a) GDPR with your consent.

You can find more information on terms of use and data protection at

https://www.google.com/analytics/terms/de.html or at

https://www.google.de/intl/de/policies/.

7.2.11 Google Analytics advertising functions

In addition to the standard functions on our website, we also use the extended functions of Google Analytics (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’)).

The Google Analytics advertising functions implemented on this website include

Reports on impressions in the Google Display Network;

Google Analytics reports on performance according to demographic characteristics and interests

Create remarketing target groups based on data on behaviour, demographic characteristics and interests and share these lists with Google Ads

Integrated services for which data is collected in Google Analytics for advertising purposes, including the collection of data via cookies for

ad preferences and anonymous identifiers

For this purpose, in addition to the data collected by the Google Analytics analysis tool, further data is collected via Google cookies for ad preferences and anonymous identifiers for accesses. We use this information to improve our website.

The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there. Please also read our information above under point 5.

You can permanently deactivate the use of cookies by Google by following the link below and downloading and installing the plug-in provided there:

https://support.google.com/ads/answer/7395996?hl=de

Alternatively, you can deactivate the use of cookies by third-party providers by visiting the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/ and implementing the further information on opting out mentioned there.

The use of this Google service is based on Art. 6 para. 1 sentence 1 a) GDPR with your consent.

7.2.12 Google Ads Remarketing / Double Click

We use the remarketing function within the Google Ads service on our website. These are services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the remarketing function/double click, we can present users of our website with adverts based on their interests on other websites within the Google advertising network. For this purpose, your interaction on our website is analysed, e.g. which offers you were interested in, in order to be able to show you targeted advertising on other sites even after you have visited our website. For this purpose, Google stores cookies on your end device that visit certain Google services or websites in the Google Display Network. These cookies are used to record your visits. The cookies are used to uniquely identify a web browser on a specific end device and not to identify a person.

You can find more information on the use of data for marketing purposes by Google on the overview page:

https://www.google.com/policies/technologies/ads

Google's privacy policy is available at

https://www.google.com/policies/privacy

If you wish to object to the collection by Google Ads remarketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences

The information generated by the cookie about your use of the online offer is usually transmitted to a Google server in the USA and stored there. Please also read our information above under point 5.

The use of this Google service is based on Art. 6 para. 1 sentence 1 a) GDPR with your consent.

7.2.13 Google reCAPTCHA

We use the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; ‘Google’) on our website. The query serves the purpose of distinguishing whether the input is made by a human or by automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. However, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. Your data may also be transmitted to the USA. Please also read our information above under point 5.

You can find more information about Google reCAPTCHA and the associated privacy policy at: https://www.google.com/privacy/ads/

The use of this Google service is based on Art. 6 para. 1 sentence 1 a) GDPR with your consent.

7.2.14 Google Fonts

External fonts, so-called Google Fonts, are used on our website. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 f) GDPR.

If the browser does not support web fonts or prevents access, content will be displayed in a standard font. You can find more information in Google's privacy policy, which you can access here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/

This provider may transfer, store or process your personal data outside the EEA/EU. These countries may not have the same level of data protection and the enforcement of your rights may be restricted or not possible. Please also read our information above under point 5.

7.2.15 Meta Pixel, Meta Remarketing and Conversion API

On our website, we use the so-called ‘Meta Pixel (formerly: Facebook Pixel)’ of the social network Facebook, which is operated by Meta Platforms Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland.

With the help of the Meta Pixel, Meta is able to identify visitors to our online offering as a target group for the display of advertisements, known as ‘Meta Ads’. We use the Meta Pixel to display the Meta Ads we place to Facebook users who have shown an interest in our internet offering. The Meta pixel is integrated directly by Meta when you visit our websites and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile.

The data collected about you is anonymous to us, so it does not allow us to draw any conclusions about the identity of users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible.

In addition, we use Meta's ‘Conversions API’. The Conversions API is an interface that sends event data from our servers directly to Meta. The functionality and processing of data within the Conversions API is similar to the functionality and processing within the Meta Pixel. This allows us to analyse page usage and the success of advertisements even better. If you do not yet have a Facebook account, your website visit will not be linked to a Facebook account.

We also use advanced matching as part of our use of Meta functions. This function enables us to send hashed information such as email address, name, gender, etc. to Meta/Facebook as additional information, provided you have made this data available to us. This use enables us to tailor advertising campaigns on Facebook even more precisely to those interested in our products.

The information generated by the cookie about your use of our online offering and the data transmitted via the Conversions API may be or will be transferred to a META server in the USA and stored there.
The data collected as part of the extended comparison for the purpose of forming target groups (hashed information) will be deleted after the comparison has been completed.

The use of the Meta functions listed above and the transmission of your personal data will only take place with your consent in accordance with Art. 6 (1) (a) GDPR.

7.2.16 Pinterest

On our website, we use the “Pin it” button plugin from Pinterest, which allows you to “pin” and share or share interesting website content and images. In addition, we use the Pinterest tag to analyze and optimize our online offerings and to tailor our Pinterest campaigns to your needs. These are services provided by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you visit our website, a direct connection is established between your browser and the Pinterest server via the Pinterest plugin. Pinterest receives the information that you have visited our website with your IP address. If you click on the “Pin it” button while you are logged into Pinterest with your Pinterest user account, you can share content on this website in the Pinterest network. This allows Pinterest to associate your visit to our pages with your user account. The data is usually transferred to a Pinterest server in the USA and stored there.

In the case of the Pinterest tag, when a Pinterest user clicks on the ad, further actions and target groups are created that have shown interest; this is tracked. Using the Pinterest tag, we can ensure that the Pinterest ads are only displayed to Pinterest users who have already shown an interest in our offer and that they correspond to the potential interest of the user. The data helps us to measure the conversion of the respective campaign and to optimize our campaigns

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Pinterest.

You can find information on data protection at Pinterest at

https://policy.pinterest.com/de/privacy-policy

The Pinterest plugin and the Pinterest tag are only used with your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR.

7.2.17 Cookie consent tool - GDPR legal cookie

On our website, we use the cookie consent tool "Consentmo GDPR Compliance App by iSenseLabs" from iSenseLabs, address: Sofia, Bulgaria, professor Georgie Bradistilov street number 4, Contact email: support@consentmo.com

By integrating a corresponding JavaScript code, a banner is displayed when you access the page in which you can give your consent for certain cookies and/or cookie-based applications by ticking the box. The tool blocks the setting of all cookies requiring consent until you give your consent by ticking the appropriate box. This ensures that such cookies are only set on your end device if you have given your consent.

So that the cookie consent tool can clearly assign page views to individual users and individually record, log and store the consent settings made by the user for the duration of a session, certain user information (including the IP address) is collected by the cookie consent tool when our website is accessed, transmitted to iSenseLabs servers and stored there.

This data processing is carried out in accordance with Art. 6 para. 1 sentence 1 f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Another legal basis for the data processing described is Art. 6 para. 1 sentence 1 c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

You can find further information on the use of data by iSenseLabs at https://www.consentmo.com/privacy-policy-terms-of-service/en

7.2.18 podigee podcast

We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.

The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our podcast offer in accordance with Art.6 para.1 f) GDPR.

Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as the number of downloads. This data is anonymized or pseudonymized before being stored in Podigee's database, unless it is necessary for the provision of the podcasts.

Further information and objection options can be found in Podigee's privacy policy: https://www.podigee.com/de/about/privacy/.

7.2.19 Review.io

You have the option of writing reviews on our website. For this we use “Review.io”, a service of REVIEWS.io 2020 GMBH, Stralauer Allee 6, 10245 Berlin, Germany. Review.io allows us to collect customer reviews and publish them on our website.

In order for you to write a review, Review.io needs your name or a pseudonym and your e-mail address (will not be published). As soon as you write a review via Review.io, the service automatically creates an account for you.

The processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you withdraw your consent, we will delete or anonymize the review.

Reviews can be submitted in such a way that it is not possible for other website users to identify you. It is up to you to decide whether you wish to provide information about yourself in addition to the mandatory information. Please note that when choosing your pseudonym and within the free text fields and when uploading photos, it is also possible to provide information that allows you to be identified. We recommend that you write your review text without providing personal data and design photos accordingly. We reserve the right not to publish or (partially) anonymize reviews that contain personal data.

Review.io also carries out the following processing for us as part of the review:

- Identifying you as a reviewer when you log in to our website and visit the website again

- Verifying the authenticity of your reviews Answering your questions and providing appropriate customer service

- Forwarding our messages when we have responded to your review

We have concluded an order processing contract with Review.io in accordance with the requirements of Art. 28 GDPR, in which we oblige it to protect our customers' data and not to pass it on to third parties.

For more information about the type of data collected by Review.io, please refer to Review.io's Terms of Use and Privacy Policy: https://www.reviews.io/front/data-protection.

7.2.20 Klar!

Klar! Insights - Core
We use the services of Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany, a SaaS provider of business intelligence solutions for e-commerce companies, to support our business accounting and analyse the profitability of our marketing measures.
In this context and on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR, we transfer the following personal data to Klar Insights GmbH in accordance with our internal structure:

Customer number

Order number, order ID

The processing of this data enables us to evaluate the effectiveness of our marketing activities and optimise our business processes accordingly. The data is used exclusively for internal analysis purposes and is neither used for advertising purposes nor passed on to third parties without authorisation.
Information on data protection and data use by Klar can be found on the following website: https://app.getklar.com/legal/data-protection
You have the right to object to this processing at any time for reasons arising from your particular situation. Further information on your rights as a data subject can be found in this privacy policy.

Klar! Insights - Attribution
We use the services of Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany, a SaaS provider of business intelligence solutions for e-commerce companies. Klar Insights GmbH collects, processes and stores data (user and session IDs, email addresses, IP addresses, online identifiers (cookie ID, device ID)) on this website and its subpages for reach measurement and statistical analysis on our behalf. We have concluded a data processing agreement with Klar Insights GmbH for this purpose.
The collection of personal data is based on the legal basis of consent in accordance with Art. 6(1)(a) GDPR.
If consent is given by the user, the data to be processed is collected on a user-specific basis in accordance with Section 25(1) sentence 1 TDDDG.
The following cookies are used for the aforementioned different types of collection in order to ensure the respective type of collection.

september_id

september_has_consent

september_do_not_track (in case of objection)

Cookie - Objection
To object to the use of Klar! Insights in principle, please use this link. This will set a cookie named ‘september_do_not_track’ from the domain ‘https://www.palopa-pets.com/’. Please do not delete this, as otherwise we cannot guarantee that you will not be tracked by Klar.
Information on data protection and data use by Klar can be found on the following website: https://app.getklar.com/legal/data-protection

7.2.21 Social networks and other providers

Our online offering also includes content from third-party providers. This includes, for example, so-called “social plugins” from the social network Facebook. Such plugins are important for the distribution of content. LÄSSIG also integrates functionalities and content from other networks (e.g. Instagram and YouTube) and uses these services from other providers to offer you content in the best possible form.

When you use LÄSSIG's online services, your IP address and other device-related information collected for technical reasons, such as screen resolution, browser used and operating system used, are registered on servers. The provider of the plugin or code also receives this data. The provider cannot draw any conclusions about your person from this data, but they do know, for example, where you are (geographically) located. In addition, the providers can place so-called cookies on your device, with which they can log your surfing behavior and recognize the device you are using while surfing. If you are logged in to a social network while accessing an online offer from LÄSSIG, the provider can also assign your surfing behavior to your profile stored there. LÄSSIG itself does not receive any information about how you use the social plugins and what content you share or comment on. In this case, the data exchange takes place solely between you and the social networks or the providers.

Details on individual providers:

Under the following links, you can find out about the respective data protection notices of the providers, how they collect your data and how they handle your data.

Meta

For the privacy policy of the Meta service, please click here: http://de-de.facebook.com/policy.php

You can find an overview of the Meta plugins here:

http://developers.facebook.com/docs/plugins/.

If you do not want Meta to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Instagram

For the privacy policy of the Instagram service, please click here: https://privacycenter.instagram.com/policy/?section_id=0-WhatIsThePrivacy

Pinterest

Further information on Pinterest can be found above in the privacy policy under section 7.2.16.

YOUTUBE

We use the YouTube service, whose provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to embed videos.

The videos are embedded in extended data protection mode. However, like most websites, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these to collect video statistics, prevent fraud and improve user-friendliness, among other things. This also leads to a connection being established with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no influence on this.

You can find more information about data protection at YouTube in the privacy policy of the YouTube service at:

http://www.youtube.com/t/privacy_at_youtube

We would also like to point out that you can adjust your advertising settings yourself in your user account. To do this, please click on the following link and log in: https://adssettings.google.com/authenticated

8.1 General - Data processing by social media platforms

We operate publicly accessible profiles in social networks (“social media platform”). The individual social media platforms we use are listed below.

Social media platforms such as Instagram, Facebook, Pinterest etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media profile and visit our social media presence, the operator of the social media platform can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media platform. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media platforms can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media platform. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and data protection provisions of the respective social media platforms.

8.2 Legal basis

The operation of our social media profiles, including the processing of users' personal data, is based on our legitimate interest in a timely and supportive information and interaction opportunity for and with our users and visitors in accordance with Art. 6 para. 1 sentence 1 f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 sentence 1 a) GDPR).

8.3 Controller and assertion of rights

If you visit one of our social media profiles (e.g. Instagram), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us (see also section 2 above) and against the operator of the respective social media platform (e.g. Instagram).

Please note that despite the joint responsibility with the operators of the social media platforms, we do not have full influence on the data processing operations of the social media platform. Only the operator of the respective social media platform has full access to and overview of the user data.

8.4 Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Legal provisions/retention periods remain unaffected - see also section 3 above.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see above).

8.5 Social media platforms in detail

We use the following social media platforms

Facebook

We use the Facebook service. The provider is Meta Platforms Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland.

You can adjust your Facebook privacy settings yourself in your user account. To do this, click on the following link and log in:

https://www.facebook.com/settings?tab=privacy

Instagram

We use the Instagram service. The provider is Meta Platforms Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland.

You can adjust your Instagram privacy settings yourself in your user account. To do this, click on the following link and log in:

https://www.instagram.com/accounts/privacy_and_security/

Details can be found in the Instagram privacy policy:

https://help.instagram.com/519522125107875

Pinterest

We have a profile on Pinterest. The provider is Pinterest Inc, 651 Brannan Street, San Francisco, CA 94107, USA. Responsible for data processing in the EEA is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Details on how Pinterest handles your personal data can be found in Pinterest's privacy policy:

https://policy.pinterest.com/de/privacy-policy

Twitter

We use the Twitter service. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Details on how Twitter handles your personal data can be found in Twitter's privacy policy:

https://twitter.com/de/privacy

You can also adjust your Twitter privacy settings yourself in your user account. To do this, please click on the following link and log in:

https://twitter.com/personalization

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how YouTube handles your personal data can be found in YouTube's privacy policy:

https://policies.google.com/privacy?hl=de

UNSOLICITED ADVERTISING

We hereby expressly prohibit the use of contact data published within the scope of the imprint obligation by third parties for sending unsolicited advertising and information material. The operator of the site expressly reserves the right to take legal action in the event of the unsolicited sending of advertising information, such as SPAM mails.

STATUS OF THE DATA PROTECTION DECLARATION

Status: 23.03.2023