Online Shop Privacy Policy

Thank you for your interest in our company. We take data protection very seriously.
In principle, you can use our website without providing any personal data. If a data subject wishes to make use of our company's services via our website, the processing of personal data may be required. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain the consent of the data subject.
Personal data (e.g. the name, address, email address or telephone number of a data subject) is always processed in accordance with the General Data Protection Regulation (GDPR) and in compliance with the applicable national provisions on data protection.
The following Privacy Policy aims to provide information to the public on the nature, scope and purpose of the personal data which we collect, use and process. This Privacy Policy also informs data subjects about their rights.
As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via our website. However, data transmission via the Internet is generally subject to security vulnerabilities, meaning that 100 percent protection cannot be guaranteed. For this reason, data subjects may also communicate personal data to us by other means, e.g. by telephone.

Definition of terms
This Privacy Policy is based on the definitions which have been used by the European legislator for the adoption of the GDPR (Article 4 of the GDPR). This Privacy Policy is intended to be simple to read and easy to understand. To ensure this, we would first of all like to explain the terms used. The following terms, inter alia, are used in this Privacy Policy:

• "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• "Data subject" means any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing;
• "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• "Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future;
• "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
• "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• "Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
• "Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
• "Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 
Name and contact data of the controller responsible for processing
This privacy policy applies to data processing carried out by:
Controller: Thomas Hautkappe, Wittener Landstr. 21, D-58313 Herdecke, Telephone: +49 2330 / 809 827, Fax: +49 2330 / 809 826, email: thomas.hautkappe@ath-horsecare.com
Our website is encrypted for security reasons (SSL or TLS encryption).
 
You can recognise an encrypted connection by the lock symbol in the browser address line and the character string "https://" in the browser.

Collection and storage of personal data as well as type and purpose of its use

When visiting the website
In principle, you can use our website without disclosing your identity. When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically erased:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• The website from which access is made (referrer URL)
• The browser used and, if applicable, the operating system of your computer as well as the name of your access provider

The stated data is processed by us for the following purposes:

• to ensure a smooth connection setup of the website
• to ensure comfortable use of our website
• to evaluate system security and stability and
• for other administrative purposes.

The legal basis for data processing is Art. 6 (1)(f) of the GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations in Sections 5 and 7 of this Privacy Policy.

When using our contact form
If you have any questions, we offer you the opportunity to contact us using the form provided on our website. A valid email address is required so that we know who sent the request and can respond to it. Further information can be provided voluntarily. You are free to decide whether you wish to enter this data in the contact form.
The data needed for the purpose of contacting us will be processed in accordance with Art. 6 (1)(a) of the GDPR on the basis of your voluntary consent.
The personal data collected by us for the use of the contact form will automatically be deleted after your request has been processed.

When placing orders through our website
You can place orders through our website as a guest without registering or register as a customer in our shop for future orders. Registration has the advantage that you can log in to our shop for future orders directly with your email address and password without having to re-enter your contact details.
In this respect, your personal data is entered in an input screen, transmitted to us and stored. If you place an order via our website, we initially collect the following data, both in the case of a guest order and also in the case of registration in the shop:

• Form of address, first name, last name
• A valid email address
• Postal address
• Telephone number (landline and/or mobile)

This data is collected in order to:

• be able to identify you as our customer;
• process, fulfil and transact your order;
• correspond with you;
• issue invoices;
• settle any liability claims that may be brought and to assert any claims against you;
• ensure the technical administration of our website;
• manage our customer data.

As part of the ordering process, we will obtain your consent to process this data.
The data processing is based on your order and/or registration and is in accordance with Art. 6 (1)(b) of the DSGVO for the stated purposes of the proper processing of your order and of the mutual fulfilment of obligations arising from the purchase agreement.
The personal data we collect, in order to process your order is stored until the statutory retention obligation expires and thereafter erased, unless we are obliged to retain the data for longer, in accordance with Article 6 (1)(c) of the GDPR, on the basis of our retention or documentation obligations under tax or commercial law (arising from the German Commercial Code (HGB), German Criminal Code (StGB) or German Fiscal Code (AO), or if you have consented to a longer storage period in accordance with Art. 6 (1)(a) of the GDPR.
 
Disclosure of data
A transfer of your personal data (name, delivery address) from us to third parties will be made exclusively to the service partners involved in the execution of the contract, such as the logistics company commissioned with the delivery and the credit institution responsible for payment matters, as far as this is required for the delivery of the goods or for payment processing. The legal basis for the disclosure of personal data is Art. 6 (1)(b) of the GDPR.
 
Disclosure of the email address and/or telephone number to forwarders
- e.g. DHL, DPD, GLS, Hermes, UPS
If you have given your express consent to the disclosure of your email address and/or telephone number to the forwarder as part of the ordering process, we disclose this personal data to the respective forwarder on the basis of Art. 6 (1)(a) of the GDPR, so that the forwarder can clarify all details for the delivery (e.g. delivery date, place of delivery) with you.
 
You can withdraw your consent at any time with future effect by notifying the data controller named above or by notifying the respective forwarder.
 
- PayPal
For payment via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we will transfer your payment data to Paypal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter "PayPal"). PayPal reserves the right to carry out a credit check for payment via credit card via PayPal, direct debit via PayPal or "purchase on account" or "payment by instalments" via PayPal. In this respect, your payment data may be submitted to credit agencies by PayPal on the basis of Art. 6 (1)(f) of the GDPR.
 
The result of the credit check with respect to the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information could contain probability values (score values). If score values are included in the results of the credit rating, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of score values includes address data. Please refer to PayPal’s Privacy Statement for further information: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

You can object to the processing of your data at any time by notifying PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

- SOFORT Überweisung
If you select the payment method "SOFORT Überweisung", the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, D-80339 Munich (hereafter "SOFORT"). We disclose your name, address and other personal data, should this be required, to SOFORT on the basis of Art. 6 (1)(b) of the GDPR exclusively for payment processing. Your data will only be disclosed to the extent necessary for order processing. You will find further information on data protection in the privacy policy of SOFORT (https://www.klarna.com/uk/privacy-policy/).
 
- Klarna
When selecting the payment method “Klarna Purchase on Account“ or (if available) the payment method ”Klarna Payment by instalments“, payment shall be processed by Klarna AB
(publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden
(hereinafter: ”Klarna“). During processing of your order, we will obtain your express consent for passing on your personal data in accordance with art. 6 para. 1 lit. a DSGVO. For the purpose of processing your payment, your personal data and your order details will be forwarded to Klarna for identity and credit checks. Credit rating agencies to which your data may be made available are listed at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit information could contain probability values (score values). If score values are included in the results of the credit rating, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of score values includes address data. Klarna will use the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to establish, implement or terminate a contractual relationship with you.
 
You can object to this processing of your data at any time by notifying the data controller or Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
 
Your personal data shall be processed in accordance with applicable data protection regulations and as specified in Klarna’s own data protection regulations for customers residing in Germany https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf or for customers residing in Austria https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf.
 
Your personal data shall not be conveyed to third parties for purposes other than those stated above.
We shall also only pass on your personal data to third parties where:

• you have expressly given your consent to this in accordance with art. 6 para. 1 p. 1 lit. a DSGVO,
• this has to be passed on according to art. 6 para. 1 p. 1 lit. f DSGVO in order to enforce, exercise or defend legal claims and where there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your personal data,
• there is a legal obligation to pass on your personal data in accordance with art. 6 para. 1 p. 1 lit. c DSGVO and
• this is legally permitted and required for entering into a contractual relationship with you in accordance with art. 6 para. 1 p. 1 lit. b DSGVO

During the order process we will request your consent for passing on your personal data to third parties.  
 
Credit check
- Paymorrow GmbH
If we supply in advance (e.g. purchase on account), we reserve the right to carry out a credit check on the basis of mathematical and statistical processes, in order to safeguard our legitimate interest in determining the solvency of our customers. We will forward the personal data required for a credit check to Paymorrow GmbH, Alstertor 9, D-20095 Hamburg on the basis of Art. 6 (1)(f) of the GDPR. The credit information could contain probability values (score values). If score values are included in the results of the credit rating, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of score values includes address data. We use the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to establish, implement or terminate a contractual relationship with you. You can object to this processing of your data at any time by notifying the data controller or Paymorrow GmbH. However, we may still be entitled to process your personal data if this is necessary for contractual payment processing.
 
Use of cookies
We use cookies on our site. These are small files which your browser automatically creates and which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, nor do they contain viruses, Trojans or other malicious software.
Information is stored in the cookie which is generated in connection with the specific device used in each case. However, this does not mean that we directly become aware of your identity.
On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to detect that you have already visited certain pages of our website. These will be deleted automatically after you leave our site.
In addition, we use temporary cookies which are stored on your device for a specified period of time to optimise user-friendliness. If you revisit our website to use our services, it will automatically recognise that you have already visited us and remember the inputs and settings which you made, so that you do not have to re-enter them.
On the other hand, we use cookies to statistically record the use of our website and to evaluate these cookies for the purpose of optimising our offer for you (see Section 7). When you return to our site, these cookies enable us to automatically recognise that you have already visited us. These cookies are automatically deleted after a defined period of time.
The data processed by cookies is necessary for the purposes mentioned, in order to safeguard our legitimate interests and those of third parties pursuant to Art. 6 (1)(f) of the GDPR.
Most browsers automatically accept cookies. However, you can configure your browser, so that no cookies are stored on your computer or a message always appears before a new cookie is created. Having said this, disabling cookies completely may mean that you cannot use all the functions of our website.

Links to websites of third parties
The links published on our website are researched and compiled by us with the greatest possible care. However, we have no influence on the current and future design and content of the linked pages. We are not responsible for the content of the linked pages and expressly do not adopt the content of these pages as our own. The provider of the website to which reference is made is solely liable for illegal, incorrect or incomplete contents as well as for damage arising from the use or non-use of the information. The liability of the party who merely refers to the publication through a link is excluded. We are only responsible for external references if we have positive knowledge of them, i.e. also of any illegal or criminal content, and if it is technically possible and reasonable for us to prevent their use.

Use of social media
- YouTube videos
Our website uses the YouTube embedding function to display and play back videos of the provider "YouTube" (belonging to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
 
The extended data protection mode is used which, according to the provider, only initiates the storage of user information when a YouTube video is played. When playback of embedded YouTube videos is started, YouTube uses cookies to collect information on user behaviour. It is understood that YouTube uses this information to improve the user interface. If you are logged in to your Google account, your data will be directly assigned to your Google account when you start a YouTube video. If you do not wish to be associated with your profile when using YouTube, you must first log out of Google. Your data is stored by Google as usage profiles and used for analysis. The legal basis for this is Art. 6 (1)(f) of the GDPR based on the legitimate interests of Google e.g. in the display of personalised advertisements. You can object to the creation of these user profiles by contacting YouTube. For more information on data protection at YouTube, see the privacy policy of the provider (available at: https://policies.google.com/privacy?hl=en).
 
Analysis and tracking tools
The tracking measures listed below and used by us are implemented on the basis of Art. 6 (1)(f) of the GDPR. We use the tracking measures to ensure that our website is designed to meet user requirements and is continually optimised. On the other hand, we use tracking measures to statistically record the use of our website and for the purpose of optimising our offer for you. These interests are deemed to be justified within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Google Analytics¹
For the purpose of customising and continually optimising our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://about.google/intl/en/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereafter "Google"). In this respect, pseudonymised usage profiles are created and cookies (see Section 5) are used. The information generated by the cookie about your use of this website such as

• Browser type/version;
• Operating system used;
• Referrer URL (the previously visited page);
• Host name of the accessing computer (IP address);
• Time of the server request;

will be transmitted to and stored by Google on a server in the USA. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage for the purposes of market research and user-oriented customisation of these Internet pages. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymised, so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of our website.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking the link above. In doing so, an opt-out cookie will be set which prevents the future collection of your data when visiting our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
For more information about privacy relating to Google Analytics, see Google Analytics Help under the following link: https://support.google.com/analytics/answer/6004245?hl=en.

Social media plugins
On the basis of Article 6 (1)(f) of the GDPR, we use social plugins of social networks (e.g. Facebook, Twitter, Google+) on our website, in order to make our company better known. The underlying advertising purpose is deemed to be a legitimate interest as defined by the GDPR. Responsibility for privacy-compliant operation lies with the respective provider. We integrate these plugins by means of the so-called two-click method, in order to protect visitors to our website as far as possible.

Facebook
Social media plugins from Facebook are used on our website to help personalise its use. We use the "LIKE" or "SHARE" button for this. This is an offer from Facebook.
If you visit a page of our website which contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated in the website by the browser.
By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are currently not logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the US and stored there.
If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and be visible to your Facebook friends and third parties.
Facebook may use this information for the purpose of advertising, market research and tailor-made Facebook pages. For this purpose, Facebook uses user, interest and relationship profiles, e.g. to evaluate your use of our website in relation to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook.
If you do not wish Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.
For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for the protection of your privacy, please refer to the privacy policy, especially the data policy, of Facebook, which you can find under the following link: (https://www.facebook.com/about/privacy/).

Instagram
Functions of the Instagram service are integrated in our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the content of our webpages to your Instagram profile by clicking the Instagram button. As a result, Instagram can assign your visit to our webpages to your user account. As the provider of our website, we have no knowledge of the content of the data transmitted to Instagram or how it is used by Instagram. More information can be found in the data policy of Instagram at: https://help.instagram.com/519522125107875
 
Google Customer Reviews
We work with Google LLC as part of the "Google Customer Reviews" program. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The program gives us the opportunity to obtain customer reviews from users of our website. After you made a purchase on our website, you will be asked if you would like to participate in a Google email survey. If you give your consent on the basis of Art. 6 (1)(a) of the GDPR, we will forward your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. The rating you submit will then be aggregated with our other ratings and displayed in our Google Customer Reviews badge and on our Merchant Center dashboard, as well as being used for Google seller ratings.
You can withdraw your consent at any time by notifying the data controller or Google.
Google LLC is based in the United States and is certified for the EU-US Data Protection Convention "Privacy Shield", which ensures compliance with the data protection standards in force in the EU.
You will find more information on Google's privacy policy relating to the Google Customer Reviews program under the following link: https://support.google.com/merchants/answer/7188525?hl=en
You will find more information on Google's privacy policy relating to seller ratings here: https://support.google.com/adwords/answer/2375474

Rights of the data subject
You have the right:

• to request information about your personal data processed by us pursuant to Article 15 of the GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data insofar as it has not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
• to request the rectification without undue delay of incorrect or incomplete personal data stored by us pursuant to Article 16 of the GDPR;
• to request the erasure of your personal data stored by us pursuant to Article 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
• to demand the restriction of processing of your personal data pursuant to Article 18 of the GDPR, if you dispute the accuracy of the data, if the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise or defence of legal claims, or if you have filed an objection to the processing pursuant to Article 21 of the GDPR;
• to receive the personal data concerning you which you have provided us in a structured, commonly used and machine-readable format or to request the transmission to another controller pursuant to Article 20 of the GDPR;
• to revoke your consent to us at any time pursuant to Article 7(3) of the GDPR. As a result, we are no longer allowed to continue processing any data based on this consent in the future and
• to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your habitual place of residence or work place or of our registered office.

Right to object
If your personal data is processed on the basis of legitimate interests, pursuant to Article 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 of the GDPR provided that there are reasons for this which arise from your particular situation or the objection is aimed against direct marketing. In the latter case, you have a general right to object, which we will implement without the need to specify a particular situation.
If you wish to exercise your right to object, simply send an email to the email address of the data controller named above.

Data security
We use the widely used SSL (Secure Socket Layer) method within the site visit in conjunction with the highest level of encryption supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can recognise whether an individual page of our website is encrypted by a closed padlock or key icon in the lower status bar of your browser.
We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

__________________
¹ Data protection authorities require the conclusion of an order data processing agreement for the permissible use of Google Analytics. A template is available from Google at http://www.google.com/analytics/terms/de.pdf.