Privacy Policy

**PRIVACY POLICY**

**1) INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE RESPONSIBLE PARTY**

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.

1.2 The responsible party for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Carter & Blake. The person responsible for the processing of personal data is the individual or legal entity that alone or jointly with others determines the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the "https://" string and the lock symbol in your browser’s address bar.

**2) DATA COLLECTION WHEN VISITING OUR WEBSITE**

When you use our website solely for informational purposes, i.e., if you do not register or provide us with information in any other way, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website:

- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for other purposes. However, we reserve the right to check the server log files later if there are concrete indications of illegal use.

**3) COOKIES**

To make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session (i.e., after you close your browser) (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process specific user information, such as browser and location data, as well as IP address values, to varying degrees. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie.

Some cookies serve to simplify the order process (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed through individual cookies we implement, this is done in accordance with Art. 6(1)(b) GDPR either for the execution of the contract or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

We may work with advertising partners who help us make our online presence more interesting for you. For this purpose, cookies from partner companies may also be stored on your hard drive when you visit our website (third-party cookies). If we collaborate with such advertising partners, you will be informed separately about the use of such cookies and the scope of the information collected in the paragraphs below.

Please note that you can set your browser to notify you when cookies are set, allowing you to decide individually whether to accept them or exclude cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. The help menu of your browser provides explanations on how to change your cookie settings. You can find these for the respective browsers under the following links:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-disable
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that the functionality of our website may be limited if cookies are not accepted.

**4) CONTACTING US**

When contacting us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims to conclude a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once your inquiry has been fully processed, provided there are no statutory retention requirements.

**5) DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT PROCESSING**

In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deleting your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the responsible party. We store and use the data you provide for contract processing. After the complete execution of the contract or deletion of your customer account, your data will be blocked with respect to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or if legally permitted further data use has been reserved, which we will inform you of accordingly below.

**6) USE OF YOUR DATA FOR DIRECT ADVERTISING**

**6.1 Registration for our Email Newsletter**

If you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information required to send the newsletter is your email address. Any additional data you may provide is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter after you have explicitly confirmed that you agree to receive the newsletter. We will then send you a confirmation email asking you to confirm your desire to receive the newsletter by clicking on a corresponding link.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When you register for the newsletter, we store the IP address entered by your internet service provider (ISP) and the date and time of registration to track any possible misuse of your email address at a later time. The data we collect when registering for the newsletter will be used exclusively for the purpose of promoting our offers via the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the responsible party mentioned at the beginning. After you unsubscribe, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to the continued use of your data, or we reserve the right to use data in a legally permissible manner, which we inform you about in this policy.

**6.2 Sending the Email Newsletter to Existing Customers**

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. For this, we do not need to obtain your separate consent. The data processing in this regard is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you have initially objected to the use of your email address for this purpose, no emails will be sent. You are entitled to object to the use of your email address for advertising purposes at any time with effect for the future by notifying the responsible party mentioned at the beginning. You will only incur transmission costs according to the basic rates. After receiving your objection, the use of your email address for advertising purposes will cease immediately.

**7) DATA PROCESSING FOR ORDER HANDLING**

**7.1** The personal data we collect will be passed on to the transport company tasked with the delivery, as necessary for the delivery of the goods, as part of the contract processing. Your payment data will be passed on to the credit institution tasked with processing the payment, as necessary for payment handling. If we use payment service providers, you will be explicitly informed below. The legal basis for the transfer of the data is Art. 6(1)(b) GDPR.

**7.2 Use of Payment Service Providers (Payment Processors)**

- **PayPal**

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), for the payment processing. The transfer is made in accordance with Art. 6(1)(b) GDPR and only insofar as necessary for the payment process.

PayPal reserves the right to perform a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies, based on PayPal’s legitimate interest in determining your solvency in accordance with Art. 6(1)(f) GDPR. PayPal uses the result of the credit check in relation to the statistical probability of default to decide on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognized mathematical-statistical procedure. Address data is also included in the calculation of the score values, among other things. Further data protection information, including details on the credit agencies used, can be found in PayPal’s privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full.

You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if necessary for the contractual payment processing.

---

**8) CONTACT FOR REVIEW REMINDER**
Own Review Reminder (no dispatch by a customer review system)
We use your email address for a one-time reminder to submit a review of your order for the review system we use, provided that you have given us your express consent to do so during or after your order, in accordance with Article 6(1)(a) of the GDPR.
You can revoke your consent at any time by sending a message to the data controller.

**9) RIGHTS OF THE DATA SUBJECT**

13.1 Under applicable data protection law, you have comprehensive rights regarding the processing of your personal data by the controller. These rights are known as data subject rights, and they include the following:

- **Right of access (Art. 15 GDPR):** You have the right to request information about your personal data that we process. This includes details about the processing purposes, the categories of personal data involved, the recipients of the data, the duration of storage, your rights to correction, deletion, restriction of processing, objection, the right to lodge a complaint with a supervisory authority, the origin of your data (if not collected from you directly), and the existence of automated decision-making (including profiling). You are also entitled to meaningful information about the logic involved and the potential consequences of such processing for you, as well as any safeguards related to the transfer of your data to third countries (under Art. 46 GDPR).

- **Right to rectification (Art. 16 GDPR):** You can request the immediate correction of inaccurate personal data and/or the completion of incomplete personal data stored by us.

- **Right to erasure (Art. 17 GDPR):** You can request the deletion of your personal data under certain conditions (Art. 17(1) GDPR). However, this right does not apply when the processing is necessary for the right to freedom of expression, legal compliance, public interest reasons, or the establishment, exercise, or defense of legal claims.

- **Right to restriction of processing (Art. 18 GDPR):** You may request that we restrict the processing of your personal data, provided that one of the following applies:
- You contest the accuracy of the data (until verified);
- You oppose the deletion of unlawfully processed data and instead request restriction;
- We no longer need the data for its original purpose, but you require it for legal claims;
- You object to processing on the basis of your specific situation (until verification of our legitimate interests).

- **Right to notification (Art. 19 GDPR):** If you exercise your right to rectification, erasure, or restriction of processing, the controller must notify all recipients of your personal data about these changes unless it is impossible or involves disproportionate effort. You have the right to be informed about these recipients.

- **Right to data portability (Art. 20 GDPR):** You have the right to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format. You can also request that we transmit this data to another controller, where technically feasible.

- **Right to withdraw consent (Art. 7(3) GDPR):** You can withdraw your consent to the processing of your personal data at any time. This withdrawal is effective for the future and will not affect the lawfulness of any processing based on your consent before the withdrawal. Upon withdrawal, we will delete the affected data unless further processing is legally permitted without consent.

- **Right to lodge a complaint (Art. 77 GDPR):** If you believe the processing of your personal data violates the GDPR, you can file a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, workplace, or the location of the alleged violation.

**9.2 Right to Object**

If we process your personal data based on a legitimate interest, you have the right to object to the processing at any time for reasons related to your particular situation.

If you exercise this right, we will cease processing your data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing is for legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such purposes. If you object, we will cease processing your personal data for direct marketing.

**10) DURATION OF STORAGE OF PERSONAL DATA**

The duration of the storage of personal data depends on the applicable legal retention period (e.g., commercial and tax retention periods). After the retention period expires, the data is routinely deleted unless it is still needed for contract fulfillment or initiation, or if there is a legitimate interest in further storage.