top of page

Privacy Policy

Controller Responsible for Data Processing

42 four paws two hands

Karoline Pätsch

c/o IP-Management #8076

Ludwig-Erhard-Str. 18

20459 Hamburg

Germany


Email: info@fourpawstwohands.com

 

We appreciate your interest in our website. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access Data and Hosting. You can visit our websites without providing any personal information. Each time a website is accessed, the web server automatically stores what is known as a server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access. These access data are evaluated solely for the purpose of ensuring the trouble-free operation of the site and improving our offer. This serves to safeguard our legitimate interests in the correct presentation of our offer, which outweigh other interests in the context of a balancing of interests, pursuant to Art. 6 (1) sentence 1 lit. f GDPR. All access data are processed only for as long as necessary to achieve the above-mentioned processing purposes.

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in the forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact the point of contact described in this privacy policy. Our service providers are based and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: Israel, United Kingdom, USA. The adequacy decision for the USA serves as the basis for third-country transfers, provided that the respective service provider is certified. Certification is present. Our service providers are based and/or use servers in these countries: Brazil, Mexico, India, Ukraine. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these safeguards: Standard Contractual Clauses of the European Union.

2. Data Processing for Contract Fulfillment and Contacting Us

2.1 Data Processing for Contract Fulfillment. We collect personal data when you voluntarily provide them to us as part of your order or when contacting us (e.g., via contact form or email). Mandatory fields are marked as such, as we require these data to process the contract or your inquiry, and without them you cannot complete the order or send the inquiry. The data collected is evident from the respective input forms.

We use the data you provide for contract processing and handling your inquiries (including inquiries regarding and processing of any existing warranty and service failure claims as well as any statutory update obligations) pursuant to Art. 6 (1) sentence 1 lit. b GDPR. Further information on the processing of your data, in particular on the disclosure to our service providers for order processing, payment, and shipping, can be found in the sections below. After the contract has been fully processed, your data will be restricted for further processing and deleted after the expiry of any tax and commercial retention periods pursuant to Art. 6 (1) sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or unless we reserve the right to further use data that is legally permitted and about which we inform you in this declaration.

2.2 Contacting Us. As part of customer communication, we collect personal data in order to process your inquiries pursuant to Art. 6 (1) sentence 1 lit. b GDPR when you voluntarily provide them to us when contacting us (e.g., via contact form, live chat tool, or email). Mandatory fields are marked as such, as we require these data to process your inquiry. The data collected is evident from the respective input forms.

After your inquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or unless we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.

3. Data Processing for Shipping.  To fulfill the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, as far as necessary for delivery of ordered goods. If you have questions about our service providers and the basis of our cooperation, please contact the point of contact described in this privacy policy.

Disclosure of Data to Shipping Providers for Delivery Notification. If you have given your express consent during or after your order, we will pass on your email address to the selected shipping provider pursuant to Art. 6 (1) sentence 1 lit. a GDPR so that they may contact you prior to delivery for the purpose of delivery notification or coordination. You may revoke the consent at any time by sending a message to the contact method described in this privacy policy or directly to the shipping provider at the contact address listed below. After revocation, we delete the data provided for this purpose unless you have expressly consented to further use or unless we reserve further use that is legally permitted and described in this declaration.

 

4. Data Processing for Payment Handling.  When processing payments in our online shop, we work with the following partners: technical service providers, credit institutions, and payment service providers.

 

4.1 Data Processing for Transaction Handling. Depending on the selected payment method, we pass the data required to process the payment transaction to our technical service providers, commissioned credit institutions, or the selected payment service provider, insofar as this is necessary for payment processing. This serves contract fulfillment pursuant to Art. 6 (1) sentence 1 lit. b GDPR. Some payment service providers collect the necessary data themselves, e.g., on their own website or via technical integration in the ordering process. In this case, the privacy policy of the respective payment provider applies. Depending on the payment method selected, data may be transferred to countries outside the EU/EEA for which the European Commission has adopted an adequacy decision. If data is transferred to countries without an adequacy decision, cooperation is based on standard contractual clauses of the European Commission.

If you have questions about our payment processing partners or the basis of our cooperation with them, please contact the contact option provided in this privacy policy.

 

4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes. If applicable, we also provide the aforementioned service providers with additional data, which they use together with the data necessary for payment processing for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, handling contested payments, supporting accounting). This serves to safeguard our legitimate interests in protecting ourselves against fraud and in efficient payment management pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

5. Advertising via Email. Email Newsletter with Registration, Newsletter Tracking with Separate Consent. If you subscribe to our newsletter, we use the data required for this purpose or separately provided by you to send you our email newsletter on a regular basis based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You may unsubscribe from the newsletter at any time, either by sending a message to the contact method described below or via a dedicated link in the newsletter.

After unsubscribing, we delete your email address from the mailing list unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or unless we reserve further use of data that is legally permitted and about which we inform you in this declaration. If you have additionally given us your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR to analyze our newsletters, we will also analyze your use of our newsletter by measuring, storing, and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns (“newsletter tracking”). For this evaluation, the emails sent contain one-pixel technologies (e.g., web beacons, tracking pixels) that are stored on our website. For these evaluations, we link in particular the following “newsletter data” with your email address or your IP address and possibly an individual ID:

  • the page from which the page was requested (referrer URL),

  • the date and time of access,

  • the description of the type of web browser used,

  • the IP address of the requesting computer,

  • the email address,

  • the date and time of registration and confirmation,

and the one-pixel technologies. Links included in the newsletter may also contain this ID.

Unsubscribing from newsletter tracking is possible at any time and may be done either by sending a message to the contact method described or via a dedicated link in the newsletter. The information is stored as long as you are subscribed to the newsletter.

Our service providers are based and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: Israel, United Kingdom, USA. The adequacy decision for the USA serves as the basis for third-country transfers, provided the respective service provider is certified. Certification is present.

Our service providers are based and/or use servers in the following countries: Brazil, Mexico, India, Ukraine. For these countries, there is no adequacy decision. Our cooperation is based on EU Standard Contractual Clauses.

 

6. Cookies and Other Technologies

6.1 General Information. To make visiting our website attractive and to enable the use of certain functions, we use technologies including cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). The duration of storage can be found in your browser’s cookie settings.

Protection of Privacy on Devices. When using our online offer, we employ technologies strictly necessary to provide the explicitly requested telemedia service. The storage of information on your device or access to information already stored does not require consent. For non-essential functions, the storage of or access to information on your device requires your consent. Please note that if consent is not granted, parts of the website may not be fully usable. Any consent you have given will remain until you adjust or reset the settings on your device.

Subsequent Data Processing by Cookies and Other Technologies. We use technologies strictly required for the use of certain website features (e.g., shopping cart). Through these technologies, IP address, time of visit, device and browser information, and information about your use of our website (e.g., shopping cart content) are collected and processed. This serves our legitimate interests in the optimized presentation of our offer pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

We also use technologies to fulfill legal obligations (e.g., documenting consent for personal data processing) and for web analytics and online marketing. More detailed information including legal bases can be found in the sections below.

Additional technologies may be used that are not listed individually in this privacy policy. Details including legal bases can be found in the Usercentrics platform, accessible by clicking the fingerprint icon at the lower right or left corner of the page. 

Cookie Settings. Browser cookie settings can be found under: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™. If you consented to technologies pursuant to Art. 6 (1) sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in this privacy policy or by clicking the fingerprint icon. If cookies are not accepted, the functionality of our website may be limited.

6.2 Use of Usercentrics Consent Management Platform. We use the Usercentrics Consent Management Platform (“Usercentrics”) on our website to inform you about the cookies and other technologies we use and to obtain, manage, and document your consent where legally required. This is necessary pursuant to Art. 6 (1) sentence 1 lit. c GDPR to fulfill our legal obligation under Art. 7 (1) GDPR to be able to prove your consent. Usercentrics is provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, which processes data on our behalf. When visiting our website, the Usercentrics web server stores a server log file containing your anonymized IP address, the date and time of your visit, device and browser information, and consent settings. Your data is deleted after three years unless you have expressly consented to further use or unless we reserve legally permitted additional use. Our service providers use servers in the following countries with an EU adequacy decision: USA (provider certified; certification present).

Use of Wix Analytics for Web Analysis. For website analytics, data (IP address, time of visit, device and browser information, location data, and usage information) are automatically collected and stored using technologies from Wix Ltd., 40 Nemal St., Tel Aviv 6350671, Israel (“Wix”), from which pseudonymized usage profiles are created. Cookies may be used for this. The pseudonymized profiles are not merged with personal data without separate explicit consent. Wix acts as a processor on our behalf. Service providers may use servers in: Israel, United Kingdom, USA (adequacy decision present; USA providers certified). Service providers may also use servers in: Brazil, Mexico, India, Ukraine (no adequacy decision; cooperation based on EU Standard Contractual Clauses).

7. Social Media. Our Online Presence on Facebook (by Meta), Instagram (by Meta), Pinterest. If you have given your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the above-mentioned social networks. Using pseudonyms, usage profiles are created from this data. These profiles can be used, for example, to display advertisements inside and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. Detailed information regarding the processing and use of data by the respective social media operator, as well as contact options and your rights and settings to protect your privacy, can be found in the privacy notices of the respective providers linked below. If you need assistance with this, you may contact us.

Facebook (by Meta). Facebook (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland about your use of our Facebook presence is typically transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. The data processing in connection with a visit to a Facebook fan page is based on a joint-controller agreement pursuant to Art. 26 GDPR. More information (including information on Insights data) can be found here.Our service providers are based and/or use servers in the following countries with an EU adequacy decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. The adequacy decision for the USA applies as long as the provider is certified. Certification is present. Our service providers are based and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, no adequacy decision exists. Our cooperation is based on EU Standard Contractual Clauses.

Instagram (by Meta). Instagram (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The automatically collected information about your use of our Instagram presence is typically transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there.

The data processing in connection with a visit to an Instagram fan page is based on a joint-controller agreement pursuant to Art. 26 GDPR. More information (Insights data) can be found here. Adequacy-decision countries: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina (certification for USA is present). Other server locations: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico (no adequacy decision; cooperation via EU Standard Contractual Clauses).

Pinterest. Pinterest is provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). Automatically collected information about your use of our Pinterest presence is typically transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, and stored there. Our service providers may be located and/or use servers in countries outside the EU and EEA for which an EU adequacy decision exists. They may also use servers in countries for which no adequacy decision exists. In that case, cooperation is based on EU Standard Contractual Clauses.

8. Contact Options and Your Rights

8.1 Your Rights

As a data subject, you have the following rights:

  • Art. 15 GDPR – Right of access: to obtain information about your personal data processed by us.

  • Art. 16 GDPR – Right to rectification: to request the correction or completion of your stored personal data.

  • Art. 17 GDPR – Right to erasure: to request deletion of your stored personal data unless further processing is required

    • for exercising the right to freedom of expression and information,

    • for compliance with a legal obligation,

    • for reasons of public interest, or

    • for the establishment, exercise, or defense of legal claims.

  • Art. 18 GDPR – Right to restriction of processing if

    • you contest the accuracy of the data,

    • the processing is unlawful but you oppose erasure,

    • we no longer need the data but you require them for legal claims, or

    • you have objected pursuant to Art. 21 GDPR.

  • Art. 20 GDPR – Right to data portability.

  • Art. 77 GDPR – Right to lodge a complaint with a supervisory authority, usually at your habitual residence, workplace, or our company headquarters.

Right to Object.  Where we process personal data based on our overriding legitimate interests as explained above, you may object to such processing with future effect.If processing is for direct marketing purposes, you may object at any time. If processing is for other purposes, you may object only if there are grounds relating to your particular situation.

After exercising your right to object, we will stop processing your data for these purposes unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing serves legal claims.
For direct marketing, we will stop processing immediately.

8.2 Contact Options. For questions about the collection, processing, or use of your personal data, or for access, rectification, restriction, or deletion of data, or for revoking consent or objecting to specific data use, please contact us directly using the contact details in our legal notice.

 

bottom of page