Privacy policy

Privacy Policy

The data controller is:

Tandego GmbH
Arndtstrasse 12
79539 Lörrach
Germany

customer@tandego.com

Thank you for your interest in our online shop. Protecting your privacy is extremely important to us. We provide detailed information below about how we handle your data.

1. Access data and hosting

You can visit our websites without providing any personal information. Each time you visit a website, the web server simply stores a so-called server log file automatically, which contains, for example, the name of the requested file, your IP address, the date and time of the visit, the volume of data transmitted and the requesting provider (access data) and documents the visit. This access data is evaluated for the sole purpose of ensuring the smooth operation of the site and improving our offer. This is intended to safeguard our legitimate interests, overriding in the balance of interests, in presenting our products and services correctly pursuant to Art. 6(1)(1)(f) of the General Data Protection Regulation (GDPR). All access data will be deleted no later than seven days after the end of your visit to the site.

Hosting

In some instances, the website hosting and presentation services are provided by our service providers within the framework of contract processing. Unless otherwise clarified in this Privacy Policy, all access data, and all data collected on this website in the forms provided for this purpose, will be processed on their servers. If you have any questions about our service providers and the basis of our co-operation with them, please use the contact details provided in this Privacy Policy.

Our service providers have and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by resolution: Switzerland

2. Data processing for contract performance and communication

2.1 Data processing for contract performance

For the purpose of contract performance pursuant to Art. 6(1)(1)(b) GDPR, we collect personal data if you provide such details voluntarily during the course of your order. Mandatory fields are marked as such, since we require these details for performance of the contract and we cannot ship the order without them. The data that is collected can be seen from the respective forms.

Further information about the processing of your data, in particular about the forwarding of data to our service providers for the purpose of processing your order, payment and shipping, can be found in the subsequent sections of this Privacy Policy. After performance of the contract in full, your data will be restricted for further processing and will be erased following expiry of the retention periods required under tax law and commercial law pursuant to Art. 6(1)(1)(c) GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6(1)(1)(a) GDPR, or we reserve the right to make further use of said data which is legally permissible and about which we inform you in this policy.

Merchandise management system

For ordering and contract processing, we use merchandise management systems from external service providers. Our service providers work for us within the framework of contract processing. If you have any questions about our service providers and the basis of our co-operation with them, please use the contact details provided in this Privacy Policy.

Our service providers have and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by resolution: Switzerland

2.2 Customer account

If you have given your consent pursuant to Art. 6(1)(1)(a) GDPR by choosing to open a customer account, we use your data for the purpose of opening your customer account and storing your details for further future orders on our website. Deleting your customer account is possible at any time and can be done either by sending a message to the contact details set out in this Privacy Policy or via a function provided for this purpose in the customer account. Once your customer account has been deleted, your data will be erased unless you have expressly consented to further use of the same pursuant to Art. 6(1)(1)(a) GDPR, or unless we reserve the right to subsequent use of the data, which is legally permissible and about which we inform you in this policy.

2.3 Contact

During the course of customer communications, we collect personal data pursuant to Art. 6(1)(1)(b) GDPR in order to process your enquiries if you provide such details voluntarily when you contact us (for example, via the contact form, live chat tool or email). Mandatory fields are marked as such since we need these details to process your request. The data that is collected can be seen from the respective forms. After processing your request in full, your data will be erased unless you have expressly consented to further use of the same pursuant to Art. 6(1)(1)(a) GDPR, or unless we reserve the right to subsequent use of the data, which is legally permissible and about which we inform you in this policy.

3. Data processing for shipping purposes

For fulfilment of the contract pursuant to Art. 6(1)(1)(b) GDPR, we will pass your data on to the shipping service provider commissioned to perform the delivery where necessary for delivery of the goods ordered.

Data forwarding to shipping service providers for the purpose of shipping notifications

If you gave us your express consent to do so, during or after your order, we will use this, pursuant to Art. 6(1)(1)(a), as grounds to forward your email address and telephone number to the selected shipping service provider so they can contact you prior to delivery to arrange the delivery and provide shipping notifications.
Such consent can be revoked at any time by sending a message to the contact details set out in this Privacy Policy or to the shipping service provider directly at the contact address stated below. Once revoked, we will delete the data you have provided for this purpose unless you have expressly consented to further use of the same, or unless we reserve the right to subsequent use of the data, which is legally permissible and about which we inform you in this policy.

Cargocare GmbH
Spinnergasse 1
6850 Dornbirn
Austria

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
Germany

General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 – 7
DE-36286 Neuenstein
Germany

United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

4. Data processing for payment processing

We collaborate with these partners to process payments in our online shop: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the payment method selected, we will forward the data necessary to process the payment transaction to our technical service providers, who work for us within the framework of contract processing, or to the commissioned credit institutions or the selected payment service provider, where necessary to do so in order to process the payment. The purpose of this is performance of the contract pursuant to Art. 6(1)(1)(b) GDPR. Sometimes the payment service providers collect the data required to process the payment themselves, for example on their own website or by means of a technical integration within the ordering process. The respective service provider’s privacy policy will apply in this respect.
If you have any questions about our payment processing partners and the basis of our co-operation with them, please use the contact details set out in this Privacy Policy.

4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes

Where applicable, we may provide our service providers with additional data that they will use, together with the data required to process the payment, as our contract processors for the purpose of fraud prevention and optimisation of our payment processes (such as invoicing, processing of contested payments, accounting support). In accordance with Art. 6(1)(1)(f) GDPR, the purpose of this is to safeguard our legitimate interests, overriding in the balance of interests, in protecting ourselves against fraud and in efficient payment management.

5. Advertising by email

5.1 Email newsletter with registration

When you sign up for our newsletter, we use the data required for this, or provided by you separately, to send you our email newsletter on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR. You may unsubscribe from the newsletter at any time. This can be done either by sending a message to the contact details provided below or via a link provided for this purpose in the newsletter. Upon opt-out, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(1)(a) GDPR, or unless we reserve the right to subsequent use of the data, which is legally permissible and about which we inform you in this policy.

5.2 Email newsletter without registration and your right to object

If we have received your email address in connection with the sale of goods or services, and you have not objected, we reserve the right to send you regular offers for products similar to the ones you purchased from our range of products on the basis of Section 7(3) of the German Unfair Competition Act (UWG). The purpose of this is to safeguard our legitimate interests, overriding in the balance of interests, in promotional advertising to our customers.
You can object to this use of your email address at any time by sending a message to the contact details set out in this Privacy Policy, or via a link provided for this purpose in the advertising mail, without incurring any costs beyond the usual transmission costs.

5.3 Sending of newsletters

The newsletter may also be sent by our service providers as part of their contract processing on our behalf. If you have any questions about our service providers and the basis of our co-operation with them, please use the contact details provided in this Privacy Policy.

Our service providers have and/or use servers in the USA and other countries outside the EU and the EEA. There is no resolution on adequacy by the European Commission for these countries. Our co-operation with them is based on the European Commission standard data protection clauses. 

6. Cookies and other technologies

General information

To make your visit to our website attractive and to enable the use of certain features, we use technology on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted (so-called session cookies) after the end of your browser session, in other words when you close your browser. Other cookies remain on your end device and allow us to recognise your browser the next time you visit the site (persistent cookies).
We use technologies that are absolutely necessary for the use of certain features on our website (e.g. the shopping cart feature). These technologies collect and process your IP address, time of visit, device and browser information and information about your use of our website (for example, information about the contents of your shopping cart). The purpose of this is a legitimate interest, overriding in the balance of interests, in presenting our offer in an optimised fashion pursuant to Art. 6(1)(1)(f) GDPR.

We also use technologies to fulfil our legal obligations (for example, to be able to demonstrate consent to the processing of your personal data) and for web analytics and online marketing. For more information, including the respective legal basis for the data processing, please refer to the subsequent sections of this Privacy Policy.

The cookie settings for your browser can be found at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of such technologies in accordance with Art. 6(1)(1)(a) GDPR, you can revoke your consent at any time by sending a message to the contact details set out in the Privacy Policy.

7. Use of cookies and other technologies for web analytics and advertising purposes

If you have granted your consent in accordance with Art. 6(1)(1)(a) GDPR, we use the following cookies and other third-party technologies on our website. Once the purpose in question lapses, and when we cease to use the technology in question, the data collected in connection with the same will be erased. You may revoke your consent at any time with effect for the future. For more information about your opt-out options, please see the “Cookies and other technologies” section. Further information, including the basis of our co-operation with the individual providers, can be found in the individual technologies. If you have any questions about the providers and the basis of our co-operation with them, please use the contact details described in this Privacy Policy.

7.1 Use of Google services for web analytics and advertising purposes

We use the technologies described below from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information about your use of our website collected automatically by the Google technologies is generally transferred to and stored on a server belonging to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. There is no resolution on adequacy by the European Commission for the USA. Our co-operation with such partners is based on the European Commission standard data protection clauses.  If your IP address is collected through Google technologies, it will be shortened by enabling IP anonymisation before it is stored on Google servers. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise specified for the individual technologies, data processing takes place on the basis of an agreement concluded between joint controllers for the respective technology in accordance with Art. 26 GDPR. More information about data processing by Google can be found in Google’s Privacy Policy.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website) from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will never be merged with other data held by Google. Data processing takes place on the basis of an agreement on contract processing by Google.

For the purpose of improving the marketing of our website, we have enabled the data sharing settings for “Google products and services“. This allows Google to access the data collected and processed by Google Analytics and then use it to improve Google services. Data sharing with Google within the framework of these data sharing settings is based on an additional agreement between controllers. We have no influence over the subsequent data processing by Google.

YouTube video plugin

To integrate content from third parties, data (IP address, time of visit, device and browser information) is collected and transmitted to Google via the YouTube video plugin in the enhanced data protection mode used by us, and then processed by Google only if you play a video.

7.2 Use of Facebook services for web analytics and advertising purposes
Use of Facebook Pixel

We use Facebook Pixel as part of the following technologies by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). Using Facebook Pixel, data (IP address, time of visit, device and browser information and information about your use of our website based on events such as visiting a website or newsletter registration) is automatically collected and stored. This data is then used to create user profiles using pseudonyms. In addition, as part of the so-called extended comparison of data, information that can be used to identify individuals (e.g. names, email addresses and telephone numbers) is also hashed, collected and stored for comparison purposes. For this purpose, when you visit our website, Facebook Pixel automatically sets a cookie that enables the recognition of your browser automatically when you visit other websites by means of a pseudonymous cookie ID. Facebook will merge this information with other data from your Facebook account and use it to compile reports about website activity and to provide other website-related services, in particular personalised and group-based advertising.
The information about your use of our website collected automatically by Facebook technologies is usually transmitted to and stored on a server belonging to Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. There is no resolution on adequacy by the European Commission for the USA. Where we are responsible for the transmission of data to the USA, our co-operation is based on the European Commission standard data protection clauses. More information about data processing by Facebook can be found in the Facebook Privacy Policy.

Facebook Analytics

In Facebook Analytics, statistics about visitor activities on our website are generated from the data collected with the Facebook Pixel about your use of our website. Data processing takes place on the basis of an agreement on contract processing by Facebook. The purpose of such analysis is to optimally present and market our website.

7.3 Other providers of web analytics and online marketing services
Use of Vimeo video plugin to integrate third-party content

To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin from Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”) and is transmitted to Vimeo and then processed by Vimeo. The data processing is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Google Analytics is integrated automatically in the Vimeo video plugin. For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visits, device and browser information, and information about your use of our website) from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is a product by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information about your use of our website collected automatically by Google is usually transmitted to and stored on a server belonging to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Your IP address will be shortened by enabling IP anonymisation before it is stored on Google servers. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We have no influence over or access to the data processing by Vimeo, including the Google Analytics configuration and results. There is no resolution on adequacy by the European Commission for the USA. Our co-operation with such partners is based on the European Commission standard data protection clauses.  

8. Integration of Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops quality label and to offer buyers Trusted Shops products after placing an order.

The purpose of this is to safeguard our legitimate interests, overriding in the balance of interests, in optimal marketing by enabling secure purchasing, in accordance with Art. 6(1)(1)(f) GDPR. The Trustbadge and the services thus promoted are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is provided within the framework of contract processing by a CDN (Content Delivery Network) provider. Trusted Shops GmbH also uses service providers from the USA. An adequate level of data protection is ensured. Further information about data protection by Trusted Shops GmbH can be found here.

When accessing the Trustbadge, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of your visit, the volume of data transmitted and the requesting provider (access data) and documents the visit. Individual access data is stored in a security database for the analysis of security breaches. The log files are automatically deleted no later than 90 days after creation.

Further personal data will be transmitted to Trusted Shops GmbH if you choose to use Trusted Shops products after completion of an order or have already registered to use the same. The contractual agreement between you and Trusted Shops will apply. For this purpose, personal data is collected from the order data automatically. Whether you are already registered as a buyer to use a product is automatically checked by means of a neutral parameter, the email address, using a one-way cryptographic hashing function. The email address is converted to the hash value, which does not need to be decrypted for Trusted Shops, before being transmitted. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfilment of our, and Trusted Shops’, overriding legitimate interests in providing purchaser protection linked to the specific order and the transaction rating services in accordance with Art. 6(1)(1)(f) GDPR. Further details, including how to object, can be found in the Trusted Shops Privacy Policy linked to in the Trustbadge and above.

9. Social Media

9.1 Facebook and Instagram social plugins

Social buttons for social networks are used on our website. These are only integrated into the page as HTML links, so that no connection is made to the servers of the respective provider when accessing our website. Clicking one of the buttons opens the website of the respective social network in a new window of your browser where you can click the Like or Share button, for example.

9.2 Our online presence on Facebook, Twitter, Instagram, YouTube, LinkedIn

Where you have granted the respective social media operator consent to do so in accordance with Art. 6(1)(1)(a) GDPR, when you visit our websites on the social media channels specified above, your data will be automatically collected and stored for market research and advertising purposes. It will be used to create user profiles using pseudonyms. These can be used, for example, to place advertisements on and outside the platforms that are likely to match your interests. Cookies are generally used for this purpose. For detailed information about the processing and use of the data by the respective social media operator, and your contact options and rights in this respect plus possible settings to protect your privacy, please see the privacy policies of the providers linked below. If you still need help in this respect, you are welcome to contact us.

Facebook is a product of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). The information collected automatically by Facebook Ireland about your use of our online presence on Facebook is usually transmitted to and stored on a server belonging to Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. There is no resolution on adequacy by the European Commission for the USA. Our co-operation with such partners is based on the European Commission standard data protection clauses.  Data processing while visiting a Facebook fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. You can find out more (information about Insights data) here.

Twitter is a product by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). The information collected automatically by Twitter about your use of our online presence on Twitter is usually transmitted to and stored on a server belonging to Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. There is no resolution on adequacy by the European Commission for the USA. Our co-operation with such partners is based on the European Commission standard data protection clauses. 

Instagram is a product by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). The information collected automatically by Facebook Ireland about your use of our online presence on Instagram is usually transmitted to and stored on a server belonging to Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. There is no resolution on adequacy by the European Commission for the USA. Our co-operation with such partners is based on the European Commission standard data protection clauses.  Data processing while visiting an Instagram fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. You can find out more (information about Insights data) here.

YouTube is a product by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information about your use of our online presence on YouTube collected automatically by Google is usually transmitted to and stored on a server belonging to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. There is no resolution on adequacy by the European Commission for the USA. Our co-operation with such partners is based on the European Commission standard data protection clauses.

10. Contact options and your rights

10.1 Your rights

As a data subject, you have the following rights:

  • In accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein.
  • In accordance with Art. 16 GDPR, the right to request the immediate rectification of incorrect data or completion of your personal data stored by us.
  • In accordance with Art. 17 GDPR, the right to request the erasure of your personal data stored by us, except where further processing is necessary
    • to exercise the right to freedom of expression and information;
    • to comply with a legal obligation;
    • for reasons of public interest; or
    • to establish, exercise or defend legal claims.
  • In accordance with Art. 18 GDPR, the right to request the restriction of the processing of your personal data where:
    • the accuracy of the data is contested by you;
    • the processing is unlawful but you oppose erasure of the data;
    • we no longer need the data but you need it to assert, exercise or defend legal claims, or
    • you have objected to the processing pursuant to Art. 21 GDPR.
  • In accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer of the same to another controller.
  • In accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. To do this, you can usually contact the supervisory authority in your usual place of residence or place of work or our registered office.
Right to object

Where we process personal data to safeguard our legitimate interests, which are overriding in a balance of interests, as outlined above, you may object to such processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If the processing takes place for other purposes, you have the right to object only on grounds relating to your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the purpose of asserting, exercising or defending legal claims.

This does not apply if the processing is carried out for direct marketing purposes. We will no longer process your personal data for this purpose.

10.2 Contact options

If you have any questions about the collection, processing or use of your personal data, or wish to request information, rectification, restriction or the erasure of data, or revoke any consent granted or object to a particular data usage, please contact us directly using the contact details in our Legal Notice.