Privacy policy

1) Introduction and Contact Information of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is BADER 4 BADER LTD, 13 Tepeleniou Str., Tepelenio Court, 2nd floor, 8010 Paphos, Cyprus, Tel.: +35795610093, Email: hello@b4b.limited. The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Used browser
- Used operating system
- Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are specific indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.

In the event of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your end device longer and allow the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the execution of the contract, according to Art. 6 (1) lit. a GDPR in the case of granted consent, or according to Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

You can set your browser to inform you about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contacting Us

As part of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been finally clarified and provided there are no statutory retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) lit. b GDPR, personal data will continue to be collected and processed to the necessary extent if you provide it to us when opening a customer account. Which data is required for the account opening can be found in the input mask of the respective form on our website.

Deleting your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the responsible party. After deleting your customer account, your data will be deleted, provided all contracts concluded through it have been fully processed, there are no statutory retention periods to the contrary, and there is no legitimate interest on our part in further storage.

7) Use of Customer Data for Direct Advertising

7.1 Newsletter Subscription

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. For the newsletter dispatch, we use the so-called double opt-in procedure, which ensures that you only receive newsletters after you have expressly confirmed your consent to receive newsletters by clicking on a verification link sent to the provided email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit. a GDPR. When registering for the newsletter, we store your IP address as entered by the Internet Service Provider (ISP) as well as the date and time of registration, in order to trace any possible misuse of your email address at a later time. The data collected by us when registering for the newsletter will be used exclusively for the purpose of addressing you in an advertising manner.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the above-mentioned responsible party. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

7.2 Brevo

Our email newsletters are sent via this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided during newsletter registration to this provider in accordance with Art. 6 (1) lit. f GDPR, so that this provider can handle the newsletter dispatch on our behalf.

Subject to your explicit consent in accordance with Art. 6 (1) lit. a GDPR, the provider also conducts statistical performance evaluations of newsletter campaigns using web beacons or tracking pixels in the sent emails, which measure open rates and specific interactions with the contents of the newsletter. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data inventories.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

8) Data Processing for Order Handling

8.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data provided by you when ordering (name, address, email address) to inform you about upcoming updates within the legally provided period via a suitable communication channel (e.g., by mail or email) within the scope of our legal information obligations in accordance with Art. 6 (1) lit. c GDPR. Your contact data will be used strictly for notifications about updates owed by us and will be processed for this purpose only to the extent necessary for the respective information.

For the processing of your order, we also work together with the following service provider(s) who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name and delivery address and, if necessary, your telephone number exclusively for the purpose of delivering goods in accordance with Art. 6 (1) lit. b GDPR to a selected shipping partner.

8.3 Amazon Fulfillment (FBA)

We use the following provider for order processing: Amazon EU S.a.r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg

Name, address, and possibly other personal data will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR solely for the purpose of processing the online order. The data will only be passed on to the extent necessary for order processing.

8.4 Billbee

We use the following provider for order processing: Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany

Name, address, and possibly other personal data will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR solely for the purpose of processing the online order. The data will only be passed on to the extent necessary for order processing.

8.5 Use of Payment Service Providers (Payment Services)

  • Apple Pay

If you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing will be carried out via the "Apple Pay" function of your iOS, watchOS, or macOS-operated device by charging a payment card stored in "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify it using the "Face ID" or "Touch ID" function of your device.

For the purpose of payment processing, the information provided by you during the order process, along with the information about your order, is transmitted in encrypted form to Apple. Apple then re-encrypts this data with a developer-specific key before transmitting the data for payment processing to the payment service provider of the payment card stored in Apple Pay. The encryption ensures that only the website from which the purchase was made can access the payment data. After the payment is made, Apple sends a confirmation of the payment success, your device account number, and a transaction-specific, dynamic security code to the originating website.

If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. By anonymizing the data, any personal reference is completely excluded. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on your Mac, the Mac and the authorization device communicate through an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."

Further information on data protection at Apple Pay can be found at the following internet address: https://support.apple.com/en-us/HT203027

  • PayPal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

When selecting a payment method from the provider where you make a prepayment, the payment data provided by you during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be transferred to the provider in accordance with Art. 6 (1) lit. b GDPR. The data transfer takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When selecting a payment method where we make a prepayment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data about an alternative payment method).

To safeguard our legitimate interest in determining your creditworthiness, this data will be forwarded by us in accordance with Art. 6 (1) lit. f GDPR for the purpose of a credit check to the provider. The provider checks based on the personal data provided by you, as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option you selected can be granted with regard to payment and/or default risks.

The credit information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit information, they are based on a scientifically recognized mathematical-statistical procedure. Address data is included, among other things, in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.

  • Stripe

This website offers one or more online payment methods from the following provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

When selecting a payment method from the provider where you make a prepayment (e.g., credit card payment), the payment data provided by you during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be transferred to the provider in accordance with Art. 6 (1) lit. b GDPR. The data transfer takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When selecting a payment method where the provider makes a prepayment (e.g., invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data about an alternative payment method).

To safeguard our legitimate interest in determining the creditworthiness of our customers, this data will be forwarded by us in accordance with Art. 6 (1) lit. f GDPR for the purpose of a credit check to the provider. The provider checks based on the personal data provided by you, as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment option you selected can be granted with regard to payment and/or default risks.

The credit information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit information, they are based on a scientifically recognized mathematical-statistical procedure. Address data is included, among other things, in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.

9) Online Marketing

9.1 Brevo Tracker

This website uses the software-based marketing service of the following provider for the provision and synchronization of various customer management services: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany

The service enables the automated processing of feed activities, the control of advertising in used marketing channels, and the success analysis of marketing measures, as well as central email marketing and contact management.

For the fulfillment of the various functions, cookies are used, i.e., small text files that are locally stored in the cache of your web browser on your end device and enable an analysis of your use of the website by us. The cookies collect certain information, such as IP address, location, and time of page access.

All the above-described processing, especially the setting of cookies for reading information on the used end device, will only be carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

Further legal bases for data processing that apply in the context of specific service functions (e.g., the necessity of explicit consent in accordance with Art. 6 (1) lit. a GDPR for sending newsletters) remain unaffected by this.

We have concluded a data processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits disclosure to third parties.

9.2 Google AdSense

This website uses Google AdSense, a web advertising service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google AdSense uses cookies, which are text files stored on your computer that enable an analysis of your use of the website. Google AdSense also uses web beacons (small invisible graphics) to collect information. By using these web beacons, simple actions such as visitor traffic on the website can be recorded, collected, and evaluated. The information generated by the cookie and/or web beacon about your use of this website is usually transmitted to a Google server and stored there. This may also involve transmission to the servers of Google LLC in the USA.

Google uses the information obtained to evaluate your usage behavior regarding AdSense ads. The IP address transmitted by your browser as part of Google AdSense will not be merged with other data from Google. The information collected by Google may be transferred to third parties if required by law and/or if third parties process this data on behalf of Google. All the above-described processing, especially reading information on the used end device via cookies and/or web beacons, will only be carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without this consent, Google AdSense will not be used during your website visit.

You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision of the European Commission.

Google's privacy policy can be found here: https://www.google.de/policies/privacy/

10) Web Analytics Services

Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your use of our website.

By default, cookies are set by Google (Universal) Analytics when you visit the website, which are small text files stored on your end device and collect certain information. This information also includes your IP address, which, however, is truncated by Google by the last digits to exclude direct personal reference.

The information is transmitted to and processed on Google's servers. This may also involve transfers to Google LLC based in the USA.

Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. The data collected as part of the use of Google (Universal) Analytics will be stored for two months and then deleted.

All the above-described processing, especially setting cookies on the used end device, will only be carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google (Universal) Analytics will not be used during your website visit. You can revoke your given consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Google that ensures the protection of the data of our website visitors and prohibits disclosure to third parties.

Further legal information about Google (Universal) Analytics can be found at https://policies.google.com/privacy?hl=en and https://policies.google.com/technologies/partner-sites

Demographic Features Google (Universal) Analytics uses the special feature "demographic features" and can create statistics about the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third parties. This allows target groups for marketing activities to be identified. The collected data cannot be assigned to a specific person and will be deleted after a storage period of two months.

Google Signals As an extension to Google (Universal) Analytics, Google Signals can be used on this website to create cross-device reports. If you have personalized ads enabled and have linked your devices to your Google account, Google can analyze your usage behavior across devices, provided you have consented to the use of Google Analytics in accordance with Art. 6 (1) lit. a GDPR, and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the "Personalized Ads" function in the settings of your Google account. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en Further information about Google Signals can be found at this link: https://support.google.com/analytics/answer/7532985?hl=en

UserIDs As an extension to Google (Universal) Analytics, the "UserIDs" feature can be used on this website. If you have consented to the use of Google (Universal) Analytics in accordance with Art. 6 (1) lit. a GDPR, set up an account on this website, and log in to that account on different devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision of the European Commission.

11) Tools and Miscellaneous

Cookie-Consent-Tool

This website uses a "cookie consent tool" to obtain effective user consent for consent-requiring cookies and cookie-based applications. The "cookie consent tool" is displayed to users when they access the site as an interactive user interface, where they can give consent for specific cookies and/or cookie-based applications by checking boxes. The tool only sets consent-requiring cookies/services when the user gives their consent by checking the corresponding box. This ensures that such cookies are only set on the user's end device if consent has been given.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.

If, in individual cases, the storage, assignment, or logging of cookie settings leads to the processing of personal data (e.g., the IP address), this processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and, thus, in the legally compliant design of our website.

Further legal basis for the processing is also Art. 6 (1) lit. c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user's consent.

If necessary, we have concluded a data processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits disclosure to third parties.

Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

12) Rights of the Data Subject

12.1 The applicable data protection law grants you the following data subject rights (information and intervention rights) vis-à-vis the responsible party regarding the processing of your personal data, whereby reference is made to the respective legal basis for the respective exercise requirements:

Right to information in accordance with Art. 15 GDPR; Right to rectification in accordance with Art. 16 GDPR; Right to erasure in accordance with Art. 17 GDPR; Right to restriction of processing in accordance with Art. 18 GDPR; Right to notification in accordance with Art. 19 GDPR; Right to data portability in accordance with Art. 20 GDPR; Right to withdraw consent given in accordance with Art. 7 (3) GDPR; Right to complain in accordance with Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES AT ANY TIME. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and, if applicable, the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on an explicit consent in accordance with Art. 6 (1) lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed in the context of legal or quasi-legal obligations based on Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for contract fulfillment or contract initiation and/or there is no legitimate interest on our part in further storage.

When processing personal data based on Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for direct marketing purposes based on Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (2) GDPR.

If nothing else is specified in the other information in this statement about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.