PERSONAL DATA PROTECTION PRINCIPLES

Privacy Policy

Introduction and Contact Details of the Controller
1. We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.
2. The controller responsible for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Christian Kellermann, Papilonia Dinkelsbühl, Dr.-Martin-Luther-Str. 2, 91550 Dinkelsbühl, Germany, Tel.: +49 178/3326470, E-Mail: dinkelsbuehlpapilonia [emailtecka] de (dinkelsbuehl[at]papilonia[dot]de). The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides the purposes and means of processing personal data.
Data Collection When Visiting Our Website
1. If you use our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary to display the website to you:
  - Our visited website
  - Date and time at the moment of access
  - The amount of data sent in bytes
  - Source/reference from which you reached the page
  - Browser used
  - Operating system used
  - IP address used (if necessary, in anonymized form)
  This data is processed according to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. This data is not disclosed or used otherwise. However, we reserve the right to review the server log files subsequently if there are concrete indications of illegal use.
2. For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or requests to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the sequence "https://" and the lock icon in your browser line.
Hosting & Content Delivery Network
1. To host our website and display its content, we use a service provider who provides its services on servers located exclusively within the European Union, either itself or through selected subcontractors.
  
  All the data collected on our website are processed on these servers.
  
  We have concluded a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prevent unauthorized disclosure to third parties.
2. jsDelivr
  We use a Content Delivery Network (CDN) from the following provider: Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom.
  
  This service enables us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. This processing is carried out to safeguard our legitimate interests in improving the stability and functionality of our website in accordance with Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prevent unauthorized disclosure to third parties.
  
  If data is transferred to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
Cookies
In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e., small text files placed on your device. Some of these cookies are deleted automatically after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and enable the saving of page settings (so-called "persistent cookies"). In the latter case, you can see the storage duration in the cookie settings of your web browser.
If personal data is processed by individual cookies set by us, this processing is carried out in accordance with Art. 6(1)(b) GDPR for the performance of the contract, in accordance with Art. 6(1)(a) GDPR if consent has been granted, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.
Contacting Us
When you contact us (e.g., via contact form or e-mail), personal data is processed — exclusively for the purpose of processing and answering your request and only to the extent necessary.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no statutory retention obligations to the contrary.
Use of Customer Data for Direct Advertising
Subscribing to Our E-Mail Newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter to ensure that you only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking a verification link sent to the specified e-mail address.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6(1)(a) GDPR. In this case, we store the IP address assigned by your Internet service provider (ISP) as well as the date and time of registration to trace any possible misuse of your e-mail address at a later date. The data collected by us when subscribing to the newsletter will be used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the above-mentioned controller. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use additional data that is legally allowed and about which we inform you in this declaration.
Data Processing for Order Handling
1. Insofar as it is necessary for contract processing for the delivery and payment purposes, the personal data collected by us are passed on to the shipping company commissioned with delivery and the credit institution commissioned with payment, in accordance with Art. 6(1)(b) GDPR.
  
  If we owe you updates for goods with digital elements or for digital products based on an appropriate contract, we process the contact data you provided during the order (name, address, email address) to personally inform you about upcoming updates within the legally stipulated period through an appropriate communication channel (e.g., by post or e-mail) in accordance with our legal information obligations under Art. 6(1)(c) GDPR. Your contact data is used strictly for notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
  
  To process your order, we also work with the following service providers who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
2. Use of Payment Service Providers (Payment Services)
  - PayPal
    One or more online payment methods from the following provider is available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
    
    If you choose a payment method from this provider where you pay in advance, the payment data you provided during the order process (including name, address, bank and credit card information, currency, and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Art. 6(1)(b) GDPR. In this case, the transmission of your data is carried out solely for the purpose of payment processing with the provider and only to the extent necessary.
    
    If you select a payment method where we pay in advance, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, where applicable, data on an alternative payment method) during the order process.
    
    To protect our legitimate interest in determining your solvency in such cases, this data will be forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider checks based on your personal data and other data (such as the shopping cart, the invoice amount, order history, payment experience) whether the payment option you have chosen can be granted in view of payment and/or bad debt risks.
    
    The credit report may contain probability values (so-called score values). Score values are based on a scientifically recognized mathematical-statistical procedure. Address data are part of the calculation of these score values, among other factors.
    
    You can object to the processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
Web Analytics Services
1. Google Analytics 4
  This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows for an analysis of your usage of our website.
  
  By default, Google Analytics 4 uses cookies that are stored on your device and enable an analysis of your website usage. The collected information generally includes your IP address, which is truncated by Google to exclude direct personal references.
  
  This information is transmitted to Google's servers and processed there. It is also possible that data may be transferred to Google LLC in the USA.
  
  Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website usage and internet usage. The IP address transmitted by your browser as part of Google Analytics 4 is not merged with other Google data. Data collected through the use of Google Analytics 4 is stored for two months and then deleted.
  
  All processing described above, especially the setting of cookies on your device, will only be carried out if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. Without your consent, the use of Google Analytics 4 will not take place during your visit. You can revoke your granted consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service using the "cookie-consent tool" provided on the website.
  
  We have concluded a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
  
  Further legal information on Google Analytics 4 can be found under:
  https://business.safety.google/privacy/
  https://policies.google.com/privacy?hl=en&gl=en
  and at https://policies.google.com/technologies/partner-sites.
  
  Demographic Features
  Google Analytics 4 uses the special "demographic features" function and can create statistics that make statements about the age, gender, and interests of website visitors. This is achieved through the analysis of advertising and third-party information. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.
  
  Google Signals
  As an extension of Google Analytics 4, this website may use Google Signals to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google Account, subject to your consent to use Google Analytics in accordance with Art. 6(1)(a) GDPR, Google can analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics.
  If you wish to stop cross-device analysis, you can disable the "Personalized advertising" function in your Google Account settings. Follow the instructions on this page:
  https://support.google.com/ads/answer/2662922?hl=en.
  Further information on Google Signals can be found here:
  https://support.google.com/analytics/answer/7532985?hl=en.
  
  UserIDs
  As an extension of Google Analytics 4, this website may use the "UserIDs" feature. If you have consented to the use of Google Analytics 4 in accordance with Art. 6(1)(a) GDPR, created an account on this website, and log in with this account across different devices, your activities, including conversions, can be analyzed across devices.
  
  For data transfers to the USA, the provider has submitted to the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
2. Google Tag Manager
  This website uses the "Google Tag Manager", a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").
  
  The Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and for calibrating, controlling, and linking them through a unified user interface. The Google Tag Manager itself does not store or read any information on user devices, nor does it perform any independent data analysis. However, by using the Google Tag Manager, your IP address may be transmitted to Google and stored there when you access the site. Data may also be transferred to Google LLC servers in the USA.
  
  Such processing will only occur if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. Without this consent, the use of Google Tag Manager will be omitted during your visit. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service in the "Cookie-Consent Tool" provided on our website.
  
  We have concluded a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.
  
  For data transfers to the USA, the provider has submitted to the EU-U.S. Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision of the European Commission.
  
  Further legal information on Google Tag Manager can be found at:
  https://business.safety.google/privacy/ and
  https://policies.google.com/privacy?hl=en&gl=en.
Retargeting/Remarketing and Conversion Tracking
Google Ads Conversion Tracking Without Cookies

This website uses the online advertising program "Google Ads" and, as part of Google Ads, the conversion tracking service by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising materials (so-called Google Ads). In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We aim to show you advertising that is of interest to you, to make our website more interesting to you, and to achieve a fair calculation of advertising costs.

This website uses Google Ads Conversion Tracking exclusively without the use of cookies, meaning no cookies are set on your device at any time by the service.

Instead, the local storage of your browser is used to store a unique ID assigned by Google, which allows the analysis of your website usage. To do this, certain user information is processed using the ID.

The ID is set when a user clicks on an advertisement placed by Google Ads. If the user visits certain pages on this website, Google and we can recognize that the user clicked on the ad and was redirected to that page.
Each Google Ads customer receives a different cookie. Thus, cookies cannot be tracked across the websites of various Google Ads customers. The information obtained in this way is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are informed about the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.

However, no information is received that personally identifies users. As part of the use of Google Ads, personal data may be transferred to the servers of Google LLC in the USA.
Details on the processing triggered by Google Ads Conversion Tracking and on how Google handles data from websites can be found here:
https://policies.google.com/technologies/partner-sites.

To the extent that the information collected has a personal reference, it is processed in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical evaluation of the success of our advertising campaigns.
Google's privacy policy can be viewed here:
https://business.safety.google/privacy/ and
https://policies.google.com/privacy/.

For data transfers to the USA, the provider has joined the EU-U.S. Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision by the European Commission.
Page Functions
1. Adobe Fonts (Typekit)
  This page uses so-called web fonts from the following provider to ensure a uniform display of fonts: Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA.
  
  When you access a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly, establishing a direct connection to the provider's servers. In this process, certain browser information, including your IP address, is transmitted to the provider.
  
  The processing of personal data during the connection to the font provider is only carried out if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. You can revoke the consent you have given at any time with effect for the future by disabling this service using the "Cookie-Consent Tool" provided on our website.
  If your browser does not support web fonts, a default font from your computer is used.
  
  For data transfers to the USA, the provider has joined the EU-U.S. Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision by the European Commission.
2. Google Web Fonts
  This page uses so-called web fonts from the following provider to ensure a uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
  
  When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly, establishing a direct connection to the provider's servers. In this process, certain browser information, including your IP address, is transmitted to the provider.
  
  Data can also be transmitted to: Google LLC, USA.
  
  The processing of personal data in the context of the connection to the font provider will only be performed if you have given us your express consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by disabling this service using the "Cookie-Consent Tool" provided on our website.
  If your browser does not support web fonts, a default font from your computer is used.
  
  For data transmissions to the USA, the provider has joined the EU-U.S. Data Privacy Framework, ensuring compliance with the European data protection level based on an adequacy decision by the European Commission.
  
  Further information about Google's data protection can be found here:
  https://business.safety.google/privacy/.
Rights of the Data Subject
1. Under the applicable data protection law, you have the following rights against the controller regarding the processing of your personal data (rights of information and intervention), whereby reference is made to the specified legal basis for the respective exercise conditions:
  - Right to information according to Art. 15 GDPR
  - Right to rectification according to Art. 16 GDPR
  - Right to erasure according to Art. 17 GDPR
  - Right to restriction of processing according to Art. 18 GDPR
  - Right to notification according to Art. 19 GDPR
  - Right to data portability according to Art. 20 GDPR
  - Right to revoke granted consent according to Art. 7(3) GDPR
  - Right to complain according to Art. 77 GDPR
2. Right to object
  If we process your personal data within the scope of a balancing of interests based on our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future for reasons arising from your particular situation.
  
  If you exercise your right to object, we will stop processing the data concerned. Further processing is reserved if we can prove compelling reasons worthy of protection for the processing that outweigh your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
  
  If we process your personal data for direct advertising purposes, you have the right to object at any time to the processing of the personal data concerned for such advertising. You can exercise the right to object as described above.
  
  If you exercise your right to object, we will stop processing the data concerned for direct advertising purposes.
Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – if relevant – also by the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on an explicit consent in accordance with Art. 6(1)(a) GDPR, this data is stored until you revoke your consent.

If there are statutory retention periods for data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of the contract and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right of objection according to Art. 21(1) GDPR, unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or the processing serves the assertion, exercise, or defense of legal claims.

When processing personal data for the purpose of direct advertising based on Art. 6(1)(f) GDPR, this data will be stored until you exercise your right of objection according to Art. 21(2) GDPR.

Unless otherwise stated in the other information contained in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.