Data protection

1. 1.1.We are pleased that you are visiting our website and thank you for your interest. In the following paragraphs, we will inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
   
2. 1.2.The person responsible for data processing on this website within the standard of the General Data Protection Regulation (GDPR) is expondo GmbH, , Dessauer Str. 28-29 10963 Berlin, Germany, Tel.: +49 30 209 930 530, Fax: +49 30 239 890 9, E-Mail: info@expondo.de. The handler is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
   
3. 1.3.The data handler has appointed a data protection officer, who can be contacted as follows: “Dr. Sebastian Kraska., Marienplatz 2, 80331 Munich. , +49 (0) 8918917360. , sk@iitr.de”
   
4. 1.4.This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognise an encrypted connection by the character sequence “https://” and the lock symbol in your browser bar.

In some cases, cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). Personal data is also processed by individual cookies used by us and the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, pursuant to Art. 6 para. 1 lit. a GDPR in the case of consent given or pursuant to Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies Firefox: https://www.mozilla.org/en-US/privacy/websites/#cookies Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac Opera: http://help.opera.com/Windows/10.20/en/cookies.html

Please note that if you do not accept cookies, the functionality of our website may be limited.

1. 4.1.Babelforce The Website uses the services of “Babelforce”, a customer service integration platform of babelforce GmbH, Mindspace, Friedrichstr. 68, 10117 Berlin (“babelforce”) to manage service telephone services offered.
   Ingoing and outgoing calls on the service numbers offered are recorded and documented by Babelforce, whereby information in the form of date and time of the call, duration of the call as well as the anonymous telephone number of the caller or calling party are subsequently stored in a traceable manner. If personal data is also processed in this context, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in effective customer management and the optimisation of our services. Telephone calls are only recorded using Babelforce if you give us your express consent, which can be revoked at any time, to do so at the start of the call in accordance with Art. 6 para. 1 lit. a GDPR have given. We have concluded an order processing agreement with babelforce in which we oblige babelforce to protect our customers’ data in accordance with the legal requirements. You can find more information about Babelforce’s privacy policy here: https://www.babelforce.com/privacy-cookie-policy/
2. 4.2.Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data has been collected in the event of the use of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it is clear from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

1. 6.1.Subscription to our e-mail newsletter
   If you subscribe to our e-mail newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. We use the double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link.
   By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter will be used exclusively for the purpose of advertising in the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this and is permitted by law and about which we inform you in this declaration.
2. 6.2.Newsletter dispatch via CleverReach
   Our email newsletter is sent via the technical service provider CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede (“CleverReach”), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective advertising, secure and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on CleverReach’s servers in Germany or Ireland.
   CleverReach uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the newsletters sent by e-mail contain web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on such links. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymous and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
   If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
   We have concluded an order processing contract with CleverReach, with which we oblige CleverReach to protect our customers’ data and not to pass it on to third parties.
   You can read more information about CleverReach’s data analysis here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/ You can view CleverReach’s privacy policy here: https://www.cleverreach.com/de/datenschutz/.

1. 7.1.In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, provided this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, provided this is necessary for payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.
2. 7.2.In order to fulfil our contractual obligations towards our customers, we work together with external shipping partners. We will only provide your name and delivery address and, where required for delivery, your telephone number, for the purposes of the delivery of goods Art. 6 para. 1 lit. b GDPR to a shipping partner selected by us.
3. 7.3.Use of special service providers for order processing and handling – Linnworks The order is processed by the service provider “Linnworks” (Linn Systems Ltd, Suite 3, 2-4 Southgate, Chichester, West Sussex, PO19 8DJ, United Kingdom). Name, address and, if applicable, other personal data are processed in accordance with Art. 6 para. 1 lit. b GDPR exclusively for the processing of the online order to Linnworks. Your data will only be passed on provided this is actually necessary for the processing of the order. Details of Linnworks’ privacy policy and the privacy statement of Linn Systems Ltd can be viewed on the Linnworks website at https://www.linnworks.com/linn-systems-privacy-policy.
   – Parcel Perform To enable customers to track their shipment after placing an order, we use the services of Parcel Perform Pte Ltd, 38 Dakota Crescent, #16-09, Singapore 399938 (“Parcel Perform”). Embedded directly on our website, Parcel Perfom allows customers to check the shipping status by entering the tracking number for orders placed with us, without having to submit it directly to the carrier. On our behalf, Parcel Perform will also send dispatch notification and delivery status updates at your request. For this purpose, we provide, in principle in accordance with Art. 6 (1) lit f GDPR, on the basis of our legitimate interest in effective and informative customer communication as well as in transparent and reliable shipment processing, which is also in the customer’s interest, we forward certain customer data (e-mail address, first and last name as well as address) together with the shipment number to Parcel Perform. If legally required, this disclosure will instead only be made on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can revoke at any time with effect for the future by notifying the controller accordingly.
   Your data will not be passed on to third parties by Parcel Perform and will only be processed for the above-mentioned purpose. Once dispatch is complete, the data is deleted from Parcel Perform.
   We have entered into an order processing agreement with Parcel Perform whereby we require Parcel Perform to protect our customers’ data in accordance with legal requirements.
   You can view the details of Parcel Perform’s data protection policy at https://www.parcelperform.com/privacy
   – SendIT We use the “SendIT” service of ProLogis Automatisierung und Identifikation GmbH, Hagsdorfer Straße 3, D-85368 Sixthaselbach for shipping. According to Art. 6 para. 1 lit. b GDPR, we pass on your data exclusively for the purpose of processing your online order to SendIT, which takes over the printing of shipping labels and the transmission of shipment data to the commissioned transport company on our behalf. The data will only be passed on to the extent that this is actually necessary for processing. On our behalf, SendIT continues to send dispatch notification and delivery status updates. For this purpose, we give the following information in accordance with Art. In accordance with Article 6 (1) (f) of the German Data Protection Act (DSGVO), we forward certain customer data (e-mail address, first and last name and address) together with the consignment number to SendIT on the basis of our legitimate interest in effective and informative customer communication and in transparent and reliable dispatch processing, which is also in the customer’s interest.
   The data will not be passed on to third parties by SendIT and will be processed exclusively for the above-mentioned purpose. After completed dispatch, the data will be deleted by SendIT.
   We have concluded an order processing agreement with ProLogis Automatisierung und Identifikation GmbH as the developer of the “SendIT” service, obliging them to protect our customers’ data in accordance with legal requirements.
   – Trusted Returns For the efficient processing of returns, we use “Trusted Returns”, a service of Trusted Returns GmbH, Peter-Joseph-Lenné-Str. 5, D-51377 Leverkusen.
   By integrating the service, customers have the option of initiating a returns process directly on our website. For this purpose, certain customer data is collected via the form provided for processing the return in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to Trusted Returns on the basis of our legitimate interest in efficient returns management. Based on the entries made and using the software provided by Trusted Returns, we check the returns authorisation and work out the optimum return solution for the customer.
   Once the returns process is complete, the data provided will be deleted by Trusted Returns. We have entered into an order processing agreement with Trusted Returns in which we oblige Trusted Returns to protect our customers’ data in accordance with the legal requirements.
   Details of Trusted Returns’ privacy policy can be found here: https://trustedreturns.com/de
4. 7.4.Transfer of personal data to shipping service providers – DHL If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will disclose your e-mail address in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification to DHL, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery, we will give the following information in accordance with Art. 6 para. 1 lit. b GDPR only passes on the name of the recipient and the delivery address to DHL. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or notification of delivery is not possible.
   Consent may be revoked at any time with effect for the future from the responsible person named above or via the transport service provider DHL.
   – DPD If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany), we will disclose your e-mail address and telephone number before delivering the goods in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification to DPD, provided you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery, we will give the following information in accordance with Art. 6 para. 1 lit. b GDPR only passes on the name of the recipient and the delivery address to DPD. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DPD or notification of delivery is not possible.
   Consent may be revoked at any time with effect for the future from the responsible person named above or via the transport service provider DPD.
   – GLS If the goods are delivered by the transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein), we will disclose your e-mail address in accordance with Art. 6 para. 1 lit. a GDPR to GLS prior to the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this in the ordering process.- Otherwise, we will pass on your data to GLS for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR only passes on the name of the recipient and the delivery address to GLS. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with GLS or the transmission of status information of the shipment delivery is not possible.
   Consent may be revoked at any time with effect for the future from the responsible person named above or via the transport service provider GLS.
   – UPS If the goods are delivered by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will disclose your e-mail address before delivering the goods in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of coordinating a delivery date or for delivery notification to UPS, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR will only pass on the name of the recipient and the delivery address to UPS. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with UPS or the transmission of shipment delivery status information is not possible.
   Consent may be revoked at any time with effect for the future from the responsible person named above or via the transport service provider UPS.
5. 7.5.Use of payment service providers (payment services) – Amazon Pay If you select the payment method “Amazon Pay”, the payment will be processed via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: “Amazon Payments”), to whom we will forward your information provided during the ordering process, together with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Amazon Payments and only provided it is necessary for this purpose. You can obtain further information about the data protection provisions of Amazon Payments at the following Internet address: https://pay.amazon.com/de/help/201751600 – giropay When paying via “giropay”, the payment is processed via giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to which we pass on the information you provided during the ordering process together with the information about your order. The transfer of your data takes place in accordance with Art. 6 para. 1 lit. b GDPR exclusively for the purpose of payment processing and only provided it is necessary for this purpose. You can obtain further information on the data protection provisions of giropay GmbH at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung – Klarna If you select a Klarna payment service, the payment will be processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable the processing of the payment, your personal data (first name and surname, street, house number, postcode, town, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be passed on to Klarna for the purpose of checking your identity and creditworthiness, provided that you have consented to this in accordance with Art. 6 para. 1 lit. a GDPR expressly consented to in the context of the ordering process. You can find out which credit agencies your data may be forwarded to here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies The credit report may contain probability values (so-called score values). Provided that score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship.
   You can withdraw your consent at any time by sending a message to the data handler or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary to process the payment in accordance with the contract.
   Your personal data will be treated in accordance with the applicable data protection regulations and as specified in Klarna’s data protection policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy and https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy for data subjects based in Austria.
   – Paypal When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. as part of the payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only provided this is necessary for payment processing.
   PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (score values). Provided that score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection, including information on the credit agencies used, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to the processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
   – RatePay If you have chosen the payment service RatePay Invoice or RatePay SEPA Direct Debit or RatePay Instalment Purchase as your payment option, you will be asked to provide your personal details (first and last name, street, house number, postcode, town, date of birth, e-mail address, telephone number and, in the case of SEPA Direct Debit, the account details provided) during the ordering process. In order to safeguard our legitimate interest in determining the solvency of our customers, this data is processed by us in accordance with Art. 6 para. 1 lit. f GDPR to RatePay GmbH, Franklinstraße 28-29, 10587 Berlin (“RatePay”) for the purpose of a credit check. RatePay checks whether the payment option you have selected can be granted with regard to payment and/or bad debt risks on the basis of the personal data you have provided and other data (such as shopping basket, invoice amount, order history, payment experience). In addition to RatePay’s internal criteria, the decision in the context of the application review may be based on Art. 6 para. 1 lit. f GDPR, identity and creditworthy information from the following credit agencies may also be included: – Creditreform Boniversum GmbH, Hellersbergstraße 11, D-41460 Neuss, Tel.+49 (0)2131-109-501, Fax: -557 – infoscore Consumer Data GmbH (arvato), Rheinstraße 99, D-76532 Baden-Baden, Phone: +49 (0)7221-5040-1000, Fax: -1001 – CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Phone.: +49 (0)40-89803-0, Fax: -419 – SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Tel.: +49 (0)611-9278-0, Fax: -109 – CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Tel.+49 (0)89 508073-0, Fax: – 31 The credit report may contain probability values (so-called score values). Provided that score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can obtain further information about RatePay’s data protection policy at the following Internet address: http://www.ratepay.com/zusaetzliche-geschaeftsbedingungen-und-datenschutzhinweis/ You can object to this processing of your data at any time by sending a message to the data handler or to RatePay. However, RatePay may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
   – SOFORT If you select the payment method “SOFORT”, the payment will be processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as “SOFORT”), to whom we will forward your information provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT and only provided it is necessary for this purpose. You can obtain further information about SOFORT’s data protection policy at the following Internet address: https://www.klarna.com/sofort/datenschutz.Stripe

   If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we transfer your information provided during the ordering process, together with information about your order (name, address, account number, bank code, credit card number, if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. For more information on Stripe’s privacy policy, please visit the URL https://stripe.com/de/privacy#translation.

   Stripe reserves the right to carry out a credit check on the basis of mathematical-statistical procedures, u