Privacy Policy

1. Introduction and contact details of the controller

1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data here means all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Proceanis GmbH, Lohmühlenstraße 1, 20099 Hamburg, Germany, Tel.: 040 52474740, Email: service@arthrofill.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2. Data collection when visiting our website

2.1 For purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/referral from which you accessed the site
Used browser
Used operating system
Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser's address bar.

3. Hosting & Content Delivery Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device longer and allow saving page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.

If personal data is also processed by individual cookies used by us, processing is carried out according to Art. 6 para. 1 lit. b GDPR either for the performance of the contract, according to Art. 6 para. 1 lit. a GDPR in the case of given consent, or according to Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contact

As part of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your request according to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if the circumstances indicate that the matter concerned has been conclusively clarified and provided no statutory retention obligations oppose this.

6. Data processing when opening a customer account

According to Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. Which data is required for account opening can be found in the input mask of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the responsible party. After deletion of your customer account, your data will be deleted provided that all contracts concluded have been fully processed, no legal retention periods prevent this, and we have no legitimate interest in further storage.

7. Use of customer data for direct advertising

7.1 Registration for our email newsletter

When you sign up for our email newsletter, we regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters after you have explicitly confirmed your consent to receive the newsletter by clicking a verification link sent to the specified email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a DSGVO. In doing so, we store the IP address registered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later time. The data collected by us during newsletter registration is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the responsible party named at the beginning. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement.

7.2 Dispatch of the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email, similar to those already purchased. For this, we do not need to obtain separate consent from you according to § 7 para. 3 UWG. The data processing is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6 para. 1 lit. f GDPR. If you initially objected to the use of your email address for this purpose, no emails will be sent by us.

You have the right to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the responsible party named at the beginning. Only transmission costs according to the basic tariffs will be charged to you. After receipt of your objection, the use of your e-mail address for advertising purposes will be discontinued immediately.

7.3 Klaviyo

The sending of our email newsletters is carried out by this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when registering for the newsletter in accordance with Art. 6 para. 1 lit. f DSGVO to this provider so that they can carry out the newsletter dispatch on our behalf.

Subject to your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also conducts a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits passing it on to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

7.4 Shopping Cart Reminders by Email

In case you abandon your purchase with us before completing the order, you have the option to be reminded once by e-mail of the contents of your virtual shopping cart.

The only mandatory information for sending this reminder is your e-mail address. Providing additional data is voluntary and may be used to address you personally. For sending the mail, we use the so-called double opt-in procedure, which ensures that you only receive a notification after you have explicitly confirmed your consent by clicking a verification link sent to the specified e-mail address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR for sending a shopping cart reminder. In doing so, we store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any possible misuse of your email address at a later time. The data collected by us during registration for our email notification service is used strictly for the intended purpose.

You can unsubscribe from shopping cart reminders at any time by sending a corresponding message to the responsible party named at the beginning. After deregistration, your email address will be deleted immediately from our specially set up distribution list, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

8. Data processing for order fulfillment

8.1 If required for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If, based on a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided during the order to personally inform you within the scope of our legal information obligations according to Art. 6 para. 1 lit. c GDPR. Your contact data is used strictly for the purpose of notifications about updates owed by us and is processed by us only to the extent necessary for the respective information.

For the processing of your order, we also cooperate with the following service provider(s) who support us wholly or partly in the execution of concluded contracts. Certain personal data are transmitted to these service providers in accordance with the following information.

8.2 Transfer of personal data to shipping service providers

- DHL

As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We forward your email address and/or phone number to the provider prior to delivery for the purpose of coordinating a delivery date or delivery notification in accordance with Art. 6 para. 1 lit. a GDPR, provided you have given your explicit consent for this during the ordering process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, only the recipient's name and delivery address are forwarded to the provider. The transfer only takes place to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent can be revoked at any time with effect for the future towards the responsible party named above or towards the provider.

8.3 Use of payment service providers (payment services)

- Paypal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

When selecting a payment method from the provider where you pay in advance, your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the contents of your order are forwarded to the provider in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When selecting a payment method for which we advance payment, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable data on an alternative payment method).

In such cases, to protect our legitimate interest in determining your creditworthiness, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. The provider checks, based on the personal data you have provided as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment method you selected can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things but not exclusively, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contract-compliant payment processing.
- Shopify Payments

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

If you select a payment method from the provider where you pay in advance (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the contents of your order are passed on to the provider in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

8.4 Electronic cancellation option for ongoing obligations with consumers

Consumers who have entered into contracts for paid ongoing obligations (such as subscription contracts) on this website have the option to cancel them via an electronic button in accordance with the applicable cancellation periods.

Clicking the button leads to a confirmation page where the consumer can provide further details about the cancellation, clearly identify themselves, and then electronically declare their cancellation.

The collection of personal data and its transmission to us is carried out in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for the proper processing of the cancellation. Also based on Art. 6 para. 1 lit. b GDPR, the provided personal data is used to confirm the receipt of the cancellation declaration and the cancellation date electronically in text form. Another legal basis for processing is Art. 6 para. 1 lit. c GDPR. We are legally obliged to provide an electronic cancellation option for consumer contracts concluded by electronic commerce for paid continuous obligations.

9. Web Analytics Services

Google Analytics 4

This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, cookies are set by Google Analytics 4 when visiting the website, which are stored as small text files on your device and collect certain information. This information also includes your IP address, which is shortened by Google by the last digits to exclude direct personal identification.

The information is transmitted to Google servers and further processed there. This may also include transfers to Google LLC based in the USA.

Google uses the collected information on our behalf to analyze your use of the website, compile reports on website activities for us, and to provide other services related to website and internet usage. The truncated IP address transmitted by your browser within Google Analytics is not merged with other Google data. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted.

All the processing described above, especially the setting of cookies on the device used, only takes place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a DSGVO.
Without your consent, the use of Google Analytics 4 during your site visit will not take place. You can revoke your given consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the "Cookie-Consent-Tool" provided on the website.

We have concluded a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information about Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic Characteristics
Google Analytics 4 uses the special feature "demographic characteristics" and can create statistics that provide information about the age, gender, and interests of site visitors. This is done by analyzing advertising and information from third parties. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to any specific person and is deleted after being stored for a period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics according to Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the "Personalized Ads" feature in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de More information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to the use of Google Analytics 4 according to Art. 6 para. 1 lit. a GDPR, have set up an account on this website, and log in on different devices with this account, your activities, including conversions, can be analyzed across devices.

10. Retargeting/Remarketing and Conversion Tracking

Meta Pixel with enhanced data matching

Within our online offering, we use the "Meta Pixel" service from the following provider in the mode of enhanced data matching: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta")

When a user clicks on an advertisement we have placed on Facebook or Instagram, the URL of our linked page is extended by a parameter using "Meta Pixel". This URL parameter is then entered into the user's browser after redirection via a cookie set by our linked page itself. In addition, this cookie collects specific customer data such as the email address, which we collect on our website linked to the Facebook or Instagram ad during processes like purchases, account logins, or registrations (enhanced data matching). The cookie is then read and enables the transmission of data including the specific customer data to Meta.

We use "Meta Pixel" with advanced data matching to make our advertisements (so-called "Ads") on Facebook and/or Instagram more effective and to ensure that they correspond to users' interests or have certain characteristics (e.g., interests in specific topics or products determined by the visited websites), which we transmit to Meta (so-called "Custom Audiences").

In addition, we analyze the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an ad (conversion). Compared to the standard version of "Meta Pixel", the advanced data matching feature helps us better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.

All transmitted data is stored and processed by Meta, allowing for assignment to the respective user profile, and Meta uses the data for its own advertising purposes in accordance with Meta's data usage policies (https://www.facebook.com/about/privacy/) can be used. The data may enable Meta and its partners to display ads on and off Facebook.

All processing described above, especially setting cookies to read information on the device used, is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the "Cookie-Consent-Tool" provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

The information generated by Meta is usually transmitted to a server of Meta and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA.

11. Rights of the data subject

11.1 The applicable data protection law grants you the following data subject rights (information and intervention rights) against the controller regarding the processing of your personal data, whereby the respective legal basis for exercising these rights is referred to:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 DSGVO;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 DSGVO;
Right to information pursuant to Art. 19 DSGVO;
Right to data portability pursuant to Art. 20 DSGVO;
Right to withdraw given consents pursuant to Art. 7 para. 3 GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS WITHIN THE SCOPE OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

12. Duration of the storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the processing purpose, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data based on an explicit consent according to Art. 6 para. 1 lit. a GDPR, the affected data will be stored as long as you revoke your consent.

If there are statutory retention periods for data processed in the context of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the expiration of the retention periods, provided they are no longer required for contract fulfillment or initiation and/or we no longer have a legitimate interest in further storage.

When processing personal data based on Art. 6 para. 1 lit. f GDPR, these data will be stored as long as you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

When processing personal data for the purpose of direct advertising based on Art. 6 para. 1 lit. f GDPR, these data will be stored as long as you exercise your right to object under Art. 21 para. 2 GDPR.

Unless otherwise specified by the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.