Privacy Policy

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.

Server log files
You can visit our websites without providing any personal information.
Each time you access our website, your internet browser transmits usage data to us or our web host/IT service provider, which is then stored in log files (server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
The processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our services.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.

contact

Responsible
Please contact us if you wish. The data controller is: Melvin Mutingu, Lahnstr. 3, 41469 Neuss, Germany, +49 173 4631863, keepfitdeals.vm@gmail.com

Customer initiates contact via email
If you contact us proactively via email, we collect your personal data (name, email address, message text) only to the extent that you provide it. This data processing serves the purpose of processing and responding to your inquiry.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Data collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it. The data is processed for the purpose of contacting you.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Customer account Orders

Customer account
When you open a customer account, we collect your personal data to the extent specified there. This data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal. Your customer account will then be deleted.

Collection, processing and transfer of personal data during orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for entering into a contract. Failure to provide this data will result in the contract not being concluded. This processing is based on Article 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data will be shared with, for example, shipping companies, dropshipping and fulfillment providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to the minimum necessary.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.




Shipping service provider

Sharing of the email address with shipping companies to inform about the shipping status
We will share your email address with the shipping company as part of the order processing, provided you have expressly consented to this during the ordering process. This sharing is for the purpose of informing you about the shipping status via email. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time by notifying us or the shipping company, without affecting the lawfulness of processing based on consent before its withdrawal.

Payment service provider

Using PayPal Checkout
We use the PayPal Checkout payment service from PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of offering you the option of paying via this service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.

Cookies may be stored that allow your browser to be recognized. The resulting data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.

Credit card via PayPal, direct debit via PayPal & "Pay later" via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit reference agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values ​​(score values) calculated using scientifically recognized mathematical-statistical methods, which may incorporate address data, among other factors. Your legitimate interests are protected in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protecting against payment defaults when PayPal provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying PayPal. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.

Third-party providers
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is also based on Article 6(1)(b) GDPR. Local third-party providers may include, for example:

  • Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
  • Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)


Purchase on account via PayPal
When paying via invoice, the data required for payment processing is initially transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstrasse 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR. Ratepay may conduct a credit check using mathematical-statistical methods (probability or score values) with credit agencies, following the procedure described above. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6 Paragraph 1 Letter f GDPR, due to our overriding legitimate interest in protecting against payment defaults when Ratepay provides services in advance. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/ .

Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

Using the payment service provider Stripe
We use the payment service Stripe, provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, on our website. The data processing serves the purpose of offering you the option of payment via this service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6(1)(b) GDPR.
Stripe reserves the right to obtain a credit report, if necessary, based on mathematical-statistical methods using credit reference agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values ​​(score values) calculated using scientifically recognized mathematical-statistical methods, which incorporate, among other things, address data. Your legitimate interests are taken into account in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protection against payment default when Stripe provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying Stripe. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.
All Stripe transactions are subject to the Stripe Privacy Policy, which can be found at https://stripe.com/de/privacy 

Using Shopify Payments
We use the payment service "Shopify Payments" from Shopify International Limited (2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Payment processing is handled by the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; "Stripe"). The data processing serves the purpose of offering you payment via the Shopify Payments service. By selecting and using a corresponding "Shopify Payments" payment method, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR.
Stripe reserves the right to obtain a credit report, if necessary, based on mathematical-statistical methods using credit reference agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit reference agency and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values ​​(score values) calculated using scientifically recognized mathematical-statistical methods, which incorporate, among other things, address data. Your legitimate interests are taken into account in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protection against payment default when Stripe provides services in advance.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying Stripe. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.
Further information on data processing when using the Shopify Payments service can be found in Shopify's privacy policy at: https://www.shopify.com/de/legal/datenschutz .
Further information on data processing during payment processing via the payment service provider Stripe can be found in Stripe's privacy policy at: https://stripe.com/de/privacy .


Cookies

Our website uses cookies. Cookies are small text files that are stored in or by the internet browser on a user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is visited again.
Cookies are stored on your computer. Therefore, you have full control over their use. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that you may then not be able to fully utilize all the functions of this website.
The links below provide information on how to manage (including disable) cookies in the most common browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablassen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically necessary cookies
Unless otherwise stated in the privacy policy below, we only use these technically necessary cookies to make our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you navigate to a different page and to offer you services. Some features of our website cannot be offered without the use of cookies. For these features, it is necessary that the browser is recognized even after a page change.
The use of cookies or similar technologies is based on Section 25 Paragraph 2 of the German Telemedia Act (TDDG). The processing of your personal data is based on Article 6 Paragraph 1 Letter f of the GDPR, due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our services.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.

How to use the Shopify Consent tool (Shopify Privacy & Compliance)
We use the “Shopify Privacy & Compliance” consent tool from Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website. Shopify is a company affiliated with Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
This tool allows you to grant consent for data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw previously granted consent. The data processing serves the purpose of obtaining and documenting necessary consents for data processing and thus complying with legal obligations. Cookies may be used for this purpose. User information, including your IP address, is collected and transmitted to Shopify.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.
Further information on data protection at Shopify can be found at https://www.shopify.com/de/legal/datenschutz .


Ad tracking analysis


Using Shopify statistics
We use the statistics and analytics functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of order processing. Shopify is a company affiliated with Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and made available in reports, analyses, and statistics. This includes the collection and processing of the following device information: information about the web browser, IP address, time zone, and some of the cookies installed on your device. When you navigate the website, information about the web pages or products visited, the referrer URL (the website from which you accessed our website), and information about how you interact with the website are also collected. Technologies such as cookies, web beacons, tags, and pixels (electronic files used to collect information about how you navigate the website) are used for this purpose.
Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telemedia Act (TDDG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find more information about data protection at Shopify at https://www.shopify.com/de/legal/datenschutz , information about the data processing agreement at https://www.shopify.com/de/legal/dpa and information about the cookies used at https://www.shopify.com/de/legal/cookies .

Use of the Meta Pixel
We use the Meta Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website.
Meta and we are jointly responsible for the collection of your data and its transfer to Meta when you use this service. This is based on an agreement between us and Meta regarding the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://de-de.facebook.com/legal/terms/businesstools . Specifically, we are responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Articles 33 and 34 of the GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling the data subject rights in accordance with Articles 15-20 GDPR, complying with the security requirements of Article 32 GDPR with regard to the security of the service, and fulfilling the obligations under Articles 33 and 34 GDPR, insofar as a personal data breach affects Meta's obligations under the joint processing agreement.
The purpose of this application is to target website visitors with interest-based advertising on the social networks Facebook and Instagram. For this purpose, the Meta remarketing tag has been implemented on the website. This tag establishes a direct connection to the Meta servers when you visit the website. This transmits information to the Meta server about which of our pages you have visited. Meta then associates this information with your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads.
The application also serves the purpose of generating conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, as well as what actions they took after being redirected to that website. However, we do not receive any information that can personally identify users.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and has therefore committed to complying with European data protection principles.
Your personal data is processed with your consent on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can deactivate the "Custom Audiences" remarketing feature here. Further information about the collection and use of data by Meta, your related rights, and options for protecting your privacy can be found in Meta's privacy policy at https://www.facebook.com/about/privacy/ .


Use of TikTok Pixel
We use the TikTok Pixel on our website, provided by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”). Both companies are joint controllers for data processing (hereinafter “TikTok”).
The data processing serves the purpose of identifying and analyzing our customers' website visits, improving customer targeting through the placement of targeted advertisements, and evaluating the effectiveness of advertisements on TikTok. TikTok uses technologies such as cookies and pixels to recognize your browser. The following information, among other things, may be collected and transmitted to TikTok: date and time of visit, information about your browser and device type, screen resolution, and IP address. TikTok can associate this information with your personal TikTok user account. Usage profiles can be created from the data collected in this way using pseudonyms. However, personal identification of users is not possible through this process.
Your data may be transferred to third countries, such as the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. Data transfers to the USA and to third countries without an adequacy decision are based, among other things, on standard contractual clauses as suitable safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de .
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telemedia Act (TDDG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data protection can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de and https://ads.tiktok.com/i18n/official/policy/controller-to-controller .

Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of ensuring consistent font display on our website. To load the fonts, a connection to Google's servers is established when the page is accessed. Cookies may be used in this process. Among other things, your IP address and information about the browser you are using are processed and transmitted to Google. This data is not linked to your Google account.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telemedia Act (TDDG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq .

Data subject rights and storage period

Storage duration
After complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the data subject
Provided the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
Furthermore, pursuant to Article 21 Paragraph 1 GDPR, you have the right to object to processing based on Article 6 Paragraph 1 f GDPR, as well as to processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority
According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Tel.: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de

Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.
After an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

Last updated: October 22, 2024