We are glad about your visit to our website shop.loup-noir.com (hereinafter also “website“) and thank you for your interest in our company and our services. Protecting your privacy while you visit and use our website is important to us.
LOUP NOIR GmbH
Tübinger Str. 12–16
(hereinafter “LOUP NOIR” or “we”)
as the controller within the meaning of data protection law and, simultaneously, the service provider, would like to inform you about the processing of your personal data as well as your rights as data subject in the context of the use of our website.
Your personal data will only be processed in accordance with the provisions of the data protection law of the European Union, in particular, the General Data Protection Regulation (hereinafter “GDPR”) and in a supplementary manner by the German Federal Data Protection Act (hereinafter “BDSG”) and other statutory data protection provisions.
The terms used in this document, such as “personal data” or their “processing”, shall have the meaning defined in Art. 4 GDPR. If you wish to take a look at the GDPR or the BDSG, you will find them online at: eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679 or www.gesetze-im-internet.de/englisch_bdsg/.
1. Data categories and sources
Generally, we process the following categories of personal data in connection with your identity:
- Master data, in particular, name, first name, form of address.
Contact data, in particular, your email address, phone number, postal address.
- Contract data, in particular, data that is collected in connection with your order.
- Invoice/payment data, in particular, information on your payment mode and other data in connection with the respective payment transaction and invoicing.
- Content data, in particular, the text you entered in plain text fields and data obtained from the correspondence between you and us.
- Usage data, in particular, the web pages of our website that you visited, access times, your IP address as well as information on cookies.
In these cases, your personal data is data that you provided voluntarily, in particular, the data you entered, your orders and use of our website.
2. Purposes and legal bases
We will process your data only for a particular purpose and only to the extent permissible under an applicable statutory provision. We will process your data for the following purposes and based on the following legal bases:
- Contract performance and/or steps prior to entering a contract (Art. 6 (1) (b) GDPR): Above all, we will process your personal data for handling and managing your orders from our Online Shop.
- Compliance with a legal obligation (Art. 6 (1) (c) GDPR): In addition, we process your personal data for meeting legal obligations, such as retention duties under commercial or tax law.
- Consent (Art. 6 (1) (a) GDPR): Furthermore, we will process certain data exclusively based on your consent that you granted before and voluntarily. In this case, the specific purposes will be set forth in the relevant consent form. You may withdraw any consent granted at any time with effect for the future (see Sec. 12 below).
- Safeguarding legitimate interests (Art. 6 (1) (f) GDPR): Furthermore, we will process certain types of data to safeguard our legitimate interests, e.g. for making this website available and for operating it.Please refer to Sec. 12, if you wish to find out how to object to such processing and under what conditions we are required to discontinue and/or to restrict the processing of your data.
For further information on the purposes and legal bases for the various types of processing in connection with our website please read the explanations in the paragraphs below.
3. Server log data
Generally, you may visit our website without disclosing any personal information. However, when you visit our website, the following access data may be stored:
- IP address of the requesting device,
- file requested,
- HTTP response status code,
- the website from which you came (referrer URL),
- date, time, and time zone of server request,
- browser type and version,
- operating system run on the requesting device,
- search term through which the website was found, e.g. via Google.
We will process this usage data based on Art. 6 (1) (f) GDPR for providing this website, to ensure its technical operation, and to safeguard the security of our IT systems. We pursue the interest of making our website available for use, of ensuring its functionality and of maintaining the same on a permanent basis. This data will be automatically processed when you access our website. You will not be able to use our website without providing this information. We will not use this data for the purpose of drawing conclusions regarding your identity.
Generally, the automatically collected data will be deleted within seven (7) days, unless we need it – in exceptional cases – for a longer period for the purposes described above. In such a case, we will delete this data promptly after the purpose ceases to be relevant.
You may not object to the capturing and storing of your server log data, because this data is technically required for a trouble-free operation of the website.
Cookies are small identifiers that our web server sends to your browser and that your device stores, if the relevant default settings are enabled. For instance, they may be used to find out whether your device has communicated with us before. In that case, they serve the purpose of making the use of our website more comfortable for you and allow us to optimize our services. Strictly necessary cookies will be processed based on Art. 6 (1) (f) GDPR, however, if you have granted your consent to the storage and use of first-party cookies and/or third-party cookies, this data processing will be based on Art. 6 (1) (a) GDPR. Personal data may only be stored in cookies, if this is technically absolutely necessary, or if you have granted your consent.
When you use our website you may grant us your consent to the use and storage of first-party cookies and/or third-party cookies on your device. Once you have granted your consent to the use and storage of cookies, you may withdraw it at any time with effect for the future by disabling the relevant cookies settings of this website for first-party cookies (Art. 4 lit. b) and/or third-party cookies (Art. 4 lit. c) described below.
Furthermore, you may (including with regard to strictly necessary cookies) disable cookies in your browser settings. Please refer to the help section of your browser for further information on the technical management and deletion of cookies via your browser settings.
Additionally, you may prevent the storage and use of any types of cookies by installing free browser add-ons, such as “Adblock Plus” (adblockplus.org/de) in combination with the “EasyPrivacy” list (easylist.to).
If you do not accept any cookies, this may result in a limited usability of our website.
A. Strictly necessary cookies
On our website, we use the following strictly necessary cookies that are required for the operation of our website, i.e., we have a legitimate interest in their storage, otherwise we would be unable to offer specific basic functionality (e.g. you would have to log in each time you navigate to another page):
|wordpress_test_cookie||cookie support check||Session|
|woocommerce_cart_hash||cart data hash||Session|
|wp_woocommerce_session||cart information||2 Days|
|__stripe_mid||session cookie for Stripe||1 year|
|__stripe_sid||session cookie for Stripe||30min|
|m / .m.stripe.com||Stripe Payment||10 Years|
|nsr / m.stripe.network||Stripe Payment||Session|
The only technical means to disable strictly necessary cookies is to disable them in your browser settings and/or browser add-ons. This may result in a restricted usability of this website.
B. First-party cookies
First-party cookies that are not strictly necessary to be able to use the website handle important tasks. They make browsing our website more comfortable, for instance, by pre-filling forms. Furthermore, this allows us to customize our offer for you. On our website, we use the following first-party cookies:
|moove_gdpr_popup||Cookie Popup||1 year|
C. Third-party cookies
5. Google Analytics
In the event that you have granted your consent to the use and storage of third-party cookies, we use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called cookies. Generally, information on your use of this website generated by this cookie will be transmitted to a Google server in the U.S. and stored on that server. This transmission is based on Art. 6 (1) (a) GDPR, since you had granted your consent to data processing. Google has been certified under the EU-U.S. Privacy Shield and, thus, guarantees its compliance with the European data protection law (see www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
On our behalf, Google will use this information to analyze your use of the website in order to compile website activity reports, and to provide other services in connection with the use of the website and the internet to us. The information processed allows the creation of pseudonymized user profiles.
We only use Google Analytics with enabled IP anonymization. This means that the users’ IP addresses are shortened by Google within any of the member states of the European Union (EU) or in any other country that is a contracting party to the Agreement on the European Economic Area (EEA). The full IP address will be transmitted to a Google server located in the U.S. and shortened afterwards in exceptional cases only. Google will not combine the IP address transmitted by your browser with other data available to Google.
This information will be deleted as soon as it is no longer needed for our recording purposes. In our case, this will usually occur within […] days/months.
In addition, you can prevent the collection of data generated by the cookie and related to your use of this website (including your IP address) by Google and the further processing of this data by Google by downloading and installing the browser plug-in available from the following link: tools.google.com/dlpage/gaoptout?hl=de.
For further information on the use of data by Google, settings, and your right to object please refer to the Google websites using the following links:
6. Communication by email
If you contact us by email, the collection, processing and use of your contact data that you shared voluntarily (e.g. name, email account) will only occur for a certain purpose, i.e., for receiving and, if applicable, for responding to your inquiry and for technical administration.
Data that is transmitted in connection with an email inquiry will be processed in accordance with Art. 6 (1) (b) GDPR, if it is transmitted for the purpose of negotiating a contract, or otherwise in accordance with Art. 6 (1) (f) GDPR. In the latter case, we have a legitimate interest in processing optional inquiries.
We will delete the information you provided as soon as the purpose of data collection entirely ceases to exist, provided however, that the statutory retention periods will be complied with.
To the extent that your data is processed based on legitimate interests, you may object to the storage of your personal data at any time.
Since the communication by email will not occur via a secured data link, please do not email any confidential information such as bank or credit card details, etc. We recommend using a safer communication channel for forwarding confidential information, such as a postal service.
7. Online Shop
a) Order Processing
For the purpose of enabling you to select and order products from our Online Shop and to facilitate their payment and shipment we process your data during the purchase transactions. Data processing will serve the purpose of meeting contractual obligations in the course of our Online Shop’s business operations, of order processing, invoicing, shipment, and of providing customer services. When you place an order in the Online Shop, your personal data processed will include, but is not limited to your master data, contact data, contract data, and invoice/payment data.
Data processing will be based on Art. 6 (1) (b) GDPR (order processing) and/or Art. 6 (1) (c) GDPR, to the extent that data is stored in compliance with statutory retention periods. The information to be entered in the fields that are marked as mandatory fields is required to create and execute the contract. In the absence of this information, we will be unable to perform the contract between you and us. In addition, you may voluntarily provide further information that is not required for placing and completing your order. Optional information will be stored in accordance with Art. 6 (1) (f) GDPR, since we have a legitimate interest in processing information that you shared voluntarily. You may object to the processing of voluntarily provided information at any time, for instance by sending a message to firstname.lastname@example.org.
We will transmit this information to third parties only in connection with the order, in particular, payment processing and shipment, or in connection with statutory rights and obligations. This information will only be processed in third countries, if this is necessary for performing the contract (e.g. for shipment to a destination outside the EU/EEA).
Information that you submitted in connection with an order will be deleted upon the expiration of the applicable statutory warranty, retention, and statute of limitations periods (see Sec. 11).
b) Customer account
Optionally, you may also create your own customer account in which you can view your orders, and manage your master/contact data, and more. The information processed in connection herewith will be stored in accordance with Art. 6 (1) (f) GDPR, since we have a legitimate interest in processing information that you voluntarily shared. You may object to the processing of data that you voluntarily shared at any time by deleting the relevant information from your customer profile.
Customer accounts are not accessible to the general public and cannot be indexed by search engines. If you, our customer, request your customer account to be deleted, the information concerned will be promptly deleted and/or blocked, unless its retention is required under commercial or tax law. You may request your customer account to be deleted at any time, e.g. by sending a message to email@example.com. Furthermore, data in your customer account that is not subject to any statutory retention period will usually be deleted upon the expiration of … years, but not until we have informed you by email.
During the registration process, subsequent log-ins and while using our Online Shop we reserve the right to store the IP address and the time and date of each access. This information will be stored based on our legitimate interest in the protection from misuse and other unauthorized use of our Online Shop (Art. 6 (1) (f) GDPR). Generally, this data will only be transmitted to third parties to the extent necessary for enforcing our claims or in compliance with a statutory obligation (Art. 6 (1) (c) GDPR).
The feature “remember me” is intended to make your user experience as pleasant as possible. This feature enables you to use our services with no need for subsequent log-ins. However, for safety reasons you will be requested to re-enter your password, e.g. when you modify your personal data or if you wish to place a purchase order. We suggest not activating this feature, if your device is used by more than one user. We would like to draw your attention to the fact that the feature “remember me” will not be available if you use browser settings that cause the stored cookies to be deleted at the end of each session or if you disable first-party cookies (see Sec. 4 lit. b).
c) Payment transactions
We use the following payment service providers for payment transactions:
- PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg,
- Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Your payment details (name of your bank, IBAN, BIC, …) will be transmitted to the corresponding payment service provider for the purpose of payment processing. We do not store your payment data in our own systems.
Please note that the privacy and/or security policy of the relevant payment service provider will apply:
- PayPal (Europe) S.à r.l. et Cie, S.C.A., www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE,
- Stripe Payments Europe, Ltd., stripe.com/privacy.
This type of data processing is based on Art. 6 (1) (b) GDPR, since payment transaction are required for performing the contract concluded with you.
8. Additional services and third-party contents
In our website, we use third-party plug-ins in order to integrate their contents and services, such as photos or fonts (hereinafter collectively “contents”). In this regard, your data will be processed based on our legitimate interests (Art. 6 (1) (f) GDPR) in the efficient operation, optimization (above all, regarding the user experience), and the usage analysis of our website.
In each case, the third-party provider of these contents will take notice of your IP address, since otherwise they would be unable to transmit the contents to your device. The IP address is a prerequisite for displaying the contents. Furthermore, third-party providers may store cookies on your device.
a) Google Fonts
We integrate the so-called Google Fonts (typefaces) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) in our website. For further information on the use of data by Google, settings, and your right to object please refer to the Google websites using the following link: policies.google.com/privacy?hl=de.
b) Monotype Web Fonts
In addition, we have integrated web fonts by Monotype GmbH, Werner-Reimers-Straße 2–4, 61352 Bad Homburg, Germany, (“Monotype”) into our website. For further information on the use of data by Monotype, settings, and your right to object please refer to the Monotype websites using the following link: www.fonts.com/info/legal/privacy.
Furthermore, we use a plug-in of the Instagram social network. The Instagram service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”), a subsidiary of Facebook Inc.
By integrating this plug-in, Instagram will be notified of the fact that you have visited our website. If you are logged into your Instagram user account while visiting our website, Instagram can match this visit with your user account. If you interact with the plug-in, e.g. by clicking the “like” or “share” button or by leaving a comment your browser will transmit this information directly to Instagram and it will be stored there.
If you do not wish Instagram to match the visit of this website with your Instagram user account, you need to log out of your Instagram account first. Even if you are not logged into the Instagram service, websites with activated plug-ins may send data to Instagram through cookies that allow Instagram, e.g. to generate a pseudonymized user profile.
9. Recipients of personal data
We will only pass on your personal data to external recipients if this is required for handling your order, if you have granted your consent or if there is another legal basis.
External recipients may include, but are not limited to:
- Processors: These are service providers that we use in the provision of services, for instance in the areas of technical infrastructure and website maintenance. Such processors will be carefully selected by us and audited on a regular basis in order to ensure that your privacy will be safeguarded. They shall use the data exclusively for the purposes indicated by us and in accordance with our instructions. Provided that the statutory provisions set forth in Art. 28 GDPR are complied with, we have the right to retain such processors.
- Public entities: This term refers to public authorities, government institutions, and other public-law entities, e.g. supervisory authorities, courts, public prosecutors, or fiscal authorities. Personal data will be transmitted to such public entities only for compelling statutory reasons. This kind of transmission will be based on Art. 6 (1) (c) GDPR.
- Private entities: Service providers and auxiliaries (Hilfspersonen) to whom data is transmitted for handling your order, in compliance with a legal obligation, or for safeguarding legitimate interests, such as carriers, attorneys, tax advisors, or tax auditors. The disclosure will then occur based on the Art. 6 (1) (b), (c) and/or (f) GDPR.
10. Data processing in third countries
Generally, we will not process your data outside the European Union (EU) or the European Economic Area (EEA). In the event that we should transmit your data to third countries outside the EU and/or the EEA in an individual case (e.g. for handling an order from a third country), we will ensure prior to passing on your data that this is either a legally permissible exception, that the recipient offers a reasonable level of data protection, or that you grant your consent to this data transmission. For example, a reasonable level of data protection is warranted by the recipient’s certification under the EU-U.S. Privacy Shield, the acceptance of EU Standard Contractual Clauses, or the existence of Binding Corporate Rules (BCR). Please contact us at firstname.lastname@example.org, if you wish to receive a copy of the specific guarantees regarding the transmission of your data to third countries.
11. Storage period
We will store your personal data only as long as required for meeting the purposes or – if a consent was granted – as long as you do not withdraw your consent. In particular, the necessity to store your data may exist, if this data is still needed to meet contractual obligations, to examine warranty claims, and to satisfy or dismiss them.
In the event of a withdrawal, we will no longer process your personal data, unless their continued processing is permitted in accordance with the applicable statutory provisions, or even compellingly required (e.g. due to retention periods under commercial or tax law).
12. Your rights
As a data subject, you have numerous rights. In detail:
- Right of access (Art. 15 GDPR, Section 34 BDSG): You have the right to obtain access to the personal data stored about you.
- Right to rectification and right to erasure (Art. 16 and Art. 17 GDPR, Section 35 BDSG): You have the right to demand the rectification of inaccurate data and – if the statutory requirements are met – the erasure of your data.
- Right to restriction of processing (Art. 18 GDPR): In the event that the statutory requirements are met, you may request that we restrict the processing of your data (e.g. by means of blocking).
- Right to data portability (Art. 20 GDPR): If you have provided data to us under a contract or based on a consent and if the statutory requirements are met, you may demand to receive the information submitted by you in a structured, commonly used and machine-readable format, or that we transmit this information to another controller.
- Right to object to data processing based on legitimate interests (Art. 21 GDPR): If reasons exist that are based on grounds relating to your particular situation, you may object at any time to the processing of personal data by us, to the extent that this is based on legitimate interests within the meaning of Art. 6 (1) (f) GDPR. If you should exercise your right to object, we will discontinue the processing of your data, unless we are able to show that there are compelling reasons that permit the continued data processing and override your rights, or if data processing serves the purpose of enforcing, exercising or defending legal claims.
- Withdrawal of consent (Art. 7 GDPR): If you have granted your consent to the processing of your data you may withdraw this consent at any time with effect for the future without giving any reasons. The legitimacy of the processing of your data until the date of your withdrawal remains unaffected.
- Right to lodge complaints with the supervisory authority (Art. 77 GDPR): Furthermore, you have the right to lodge a complaint with the competent supervisory authority, if you consider that the processing of your personal data violates the applicable statutory provisions, rules, and regulations. In particular, you may contact the data protection authority at your habitual residence, your place of work, or the place of the alleged infringement. The following data protection authority has competence over us: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit in Baden-Württemberg (LfDI), postal address: Königstr. 10a, 70173 Stuttgart, Germany, phone: +49 711 615541-0, fax: +49 711 615541-15, email: email@example.com, internet: www.baden-wuerttemberg.datenschutz.de.
If you should have any questions regarding the processing of your personal data and your rights as a data subject, please do not hesitate to contact us at firstname.lastname@example.org or via any of the other communication channels indicated at the beginning of this document.
We use technical and organizational safeguards to protect your personal data against coincidental or willful manipulation, loss, destruction, or access by unauthorized parties. These measures will be continuously adapted to the then-current state of the art.
We transmit personal data that is transmitted during your use of this website safely by using data encryption. We use the encryption protocol Transport Layer Security (TLS), more commonly known by the name of its precursor Secure Sockets Layer (SSL).
Our employees are committed to confidentiality.