Privacy Policy

General Information

This privacy policy contains detailed information about what happens to your personal data when you visit our website store.buddy-baer.com. Personal data is all data with which you can be personally identified. When processing your data, we adhere strictly to the statutory provisions, in particular the General Data Protection Regulation (“GDPR”), and attach great importance to ensuring that your visit to our website is absolutely secure.

Responsible Body

Responsible under data protection law for the collection and processing of personal data on this website is:

  • Name: Buddy Bear Berlin GmbH
  • Address: Geisbergstraße 29, 10777 Berlin, Germany
  • Email: info@buddy-bear.com
  • Telephone: +49 30 88 77 2681

Data Protection Officer

The internal data protection officer of the controller is:

  • First name, last name: Viviana Plasil
  • Address: Geisbergstraße 29, 10777 Berlin, Germany
  • Email: plasil@buddy-bear.com
  • Telephone: +49 30 88 77 2681

Access Data (Server Log Files)

The IP address currently used by your PC (possibly in anonymized form)

As a rule, it is not possible and not intended for us to identify you personally. The processing of such data is carried out in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interest in improving the stability and functionality of our website.

Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your end device. Cookies cannot execute programs or transfer viruses to your computer system.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

1.1 Google Analytics

Our website uses the web analysis service Google Analytics in the version Google Analytics 4, which is provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

a) IP anonymization

With Google Analytics, the IP anonymization function is automatically activated on the website. As a result, your IP address will be truncated by Google within member states of the EU or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. According to Google, no IP addresses are logged and stored in Google Analytics, but are only processed briefly for geo-localization and deleted immediately afterwards. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

b) Demographic characteristics with Google Analytics

Our website uses the “demographic features” function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics - as described in the section “Objection to data collection”.

c) Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

d) Storage duration

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs will be deleted after 2 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de.

e) Right of withdrawal

Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data in accordance with Art. 7 para. 3 GDPR at any time with effect for the future by calling up the cookie settings and changing your selection there.

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The storage of data for billing and accounting purposes remains unaffected by a revocation.

You can find more information on the handling of user data at Google Analytics in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

1.2 Google Tag Manager

Our website uses the Google Tag Manager. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Tag Manager is a solution that allows marketers to manage website tags via an interface.

The tool that implements the tags is a cookie-less domain and does not store any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

1.3 Google Ads and Google Conversion Tracking

Our website uses Google Ads (formerly Google AdWords). Google Ads is an online advertising program from the provider Google.

Google Ads enables us to draw attention to our offers with the help of advertising material on external websites and to determine how successful individual advertising measures are. This helps us to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

As part of Google Ads, we use what is known as conversion tracking. The advertising material is delivered by Google via so-called “AdServers”. For this purpose, we use so-called AdServer cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured.

If you click on an ad placed by Google, a cookie is set for conversion tracking.

These cookies lose their validity after 30 days and are not used to personally identify users.

If you visit certain pages of our website when the cookie has not yet expired, Google and we can recognize that you have clicked on the specific ad and have been redirected to this page.

Each Google Ads customer receives a different cookie. The cookies can therefore not be tracked via the websites of Ads customers. The following information is usually stored as analysis values for the cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed).

The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking.

Ads customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.

However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.

The aggregation of the data collected in your Google Account is based solely on your consent, which you can give or withdraw from Google (Art. 6 para. 1 lit. a GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that we have an interest in the anonymized analysis of visitors to our website for advertising purposes in order to optimize both our website and our advertising.

Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Social Media

1.1 Facebook Plugins (Like & Share Button)

Plugins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our website (“Facebook”). You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

In order to increase the protection of your data when you visit our website, the Facebook plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the Facebook servers is established when a page of our website containing such plugins is accessed. Only when you click on the Facebook button will a new browser window open and call up the Facebook page where you can click on the Like or Share button.

Information about the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights in this regard and settings options for protecting your privacy, can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.

1.2 Instagram Plugin

Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

In order to increase the protection of your data when you visit our website, the Instagram plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the Instagram servers is established when a page of our website containing such plugins is accessed. Only when you click on the Instagram button will a new browser window open and call up the Instagram page.

Information about the purpose and scope of data collection and the further processing and use of data by Instagram as well as your rights in this regard and setting options for protecting your privacy can be found in Instagram's privacy policy at: https://instagram.com/about/legal/privacy/.

1.3 LinkedIn Plugin

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”).

In order to increase the protection of your data when you visit our website, the LinkedIn plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the LinkedIn servers is established when a page of our website containing such plugins is accessed. Only when you click on the LinkedIn button will a new browser window open and call up the LinkedIn page.

For information on the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as your rights in this regard and settings options for protecting your privacy, please refer to LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

1.4 YouTube Plugin

Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”).

In order to increase the protection of your data when you visit our website, the YouTube plugins are not integrated into the page without restrictions, but only using an HTML link (so-called “Shariff” solution from c't). This integration ensures that no connection to the YouTube servers is established when a page of our website containing such plugins is accessed. Only when you click on the YouTube button will a new browser window open and call up the YouTube page on which you can click the Like button.

For information on the purpose and scope of data collection and the further processing and use of data by YouTube, as well as your rights in this regard and settings options to protect your privacy, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

Newsletter

If you have expressly consented, we will regularly send our newsletter to your e-mail address. To receive our newsletter, you must provide us with your e-mail address and then verify it. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.

The data provided when registering for the newsletter will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. To withdraw your consent, simply send us an informal email or unsubscribe via the “Unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

Data entered to set up the subscription will be deleted if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

Contact Form

If you contact us by e-mail or via a contact form, the data transmitted, including your contact details, will be stored in order to process your request or to be available for follow-up questions. This data will not be passed on without your consent.

The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage or there is no longer any need to store the data. Mandatory statutory provisions - in particular retention periods - remain unaffected.

Customer Account

When you open a customer account, you consent to the storage of your inventory data such as name, address, e-mail address and bank details as well as your usage data (user name, password). This enables you to place orders with us using your e-mail address and your personal password.

Online Payments

1. Credit Card Payment

If you order goods or services in our online store and choose to pay by credit card, we use the provider Mollie. By choosing this payment method, your personal data will be transmitted to the named provider. The processing of your data takes place on the legal basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

Mollie collects the following data:

  • Credit card holder
  • Credit card number
  • Validity of the credit card
  • Verification number of the card

You can find detailed information about Mollie's privacy policy at: https://www.mollie.com/de/privacy

2. PayPal

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg is responsible for the European area.

Data processing is essentially carried out by PayPal. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It is also possible that this data may be linked to data from other PayPal services with which you have a user account.

You can find out more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Storage Period

Personal data provided to us via our website will only be stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to 10 years.

Rights of Data Subjects

As a data subject, you have the following rights vis-à-vis the controller with regard to the personal data concerning you in accordance with the statutory provisions:

3.1 Right of Withdrawal

Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to withdraw your consent to the processing of data in accordance with Art. 7 (3) GDPR at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The storage of data for billing and accounting purposes remains unaffected by a revocation.

3.2 Right to Information

In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data concerning you. If such processing is taking place, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries.

3.3 Right to Rectification

In accordance with Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data concerning you and/or the completion of your incomplete data at any time.

3.4 Right to Erasure

You have the right to request the erasure of your personal data in accordance with Art. 17 GDPR if one of the following reasons applies:

  • (a) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • (b) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
  • (c) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • (d) The personal data was processed unlawfully.
  • (e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member State to which we are subject.
  • (f) The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

3.5 Right to Restriction of Processing

You have the right to request the restriction of processing (blocking) of your personal data in accordance with Art. 18 GDPR. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

  • (a) If you dispute the accuracy of your personal data stored by us, we generally need time to check this. You have the right to request the restriction of the processing of your personal data for the duration of the review.
  • (b) If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
  • (c) If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
  • (d) If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

3.6 Right to Data Portability

If the processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and is carried out using automated procedures, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transmit it to another person responsible or to request that it be transmitted to another person responsible, insofar as this is technically feasible, in accordance with Art. 20 GDPR.

3.7 Right to Object

Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this privacy policy. If you lodge an objection, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).

3.8 Right to Lodge a Complaint with the Competent Supervisory Authority pursuant to Art. 77 GDPR

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Validity and Amendment of This Privacy Policy

This privacy policy is valid from November 13, 2024. We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations. This may be necessary, for example, to comply with new legal provisions or to take account of changes to our website or new services on our website. The version available at the time of your visit applies.

If this Privacy Policy is amended, we intend to post changes to our Privacy Policy on this page so that you are fully informed about what personal information we collect, how we process it and under what circumstances it may be disclosed.

©2002-2024 LEGAL DOCUMENTS (Sequiter Inc.)