Privacy policy
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when you use our website. Personal data is all data that can be used to personally identify you.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Larissa Reuter, HETTI., Reuterstraße 62, 12047 Berlin, Germany, Tel.: +49 (0) 176 22522577, Email: mail@hettiberlin.com. The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
2) Data collection when visiting our website
2.1 When you use our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
The website you visited
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the site
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to subsequently review the server log files if there are concrete indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
3.1 Shopify
We use the system of the following provider to host our website and display the page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
When data is transferred to Canada, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.
3.2 Cloudflare
We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 (1) (f) GDPR. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.
4) Cookies
To make visiting our website more attractive and enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"); others remain on your device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find out the storage period from the overview of your web browser's cookie settings.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either to execute the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent given or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests.
11.3 Judge.me
Our website incorporates graphic elements from the following provider to display external customer reviews and/or an externally awarded quality seal: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom.
When you access a page on our website that contains such graphic elements, your browser establishes a direct connection to the provider's servers to load the elements correctly. Certain browser information, including your IP address, is transmitted to the provider.
If personal data is also processed in the process, this is done in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in the optimal marketing of our offerings and the attractive design of our website.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
When data is transferred to the provider's location, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.
11.4 Google Maps
This website uses an online map service from the following provider: Google Maps (API) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. Using this service will show you our location and make it easier to find your way there.
When you access the subpages that include the Google Maps map, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there. This may also involve transmission to Google LLC servers in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be assigned to your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them.
The collection, storage, and evaluation are carried out in accordance with Art. 6 (1) (f) GDPR based on Google's legitimate interest in displaying personalized advertising, market research, and/or tailoring Google websites to meet your needs. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by disabling the JavaScript application in your browser. Google Maps, and thus also the map display on this website, cannot then be used.
To the extent legally required, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect. To exercise your right of revocation, please follow the option to object described above.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.
Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/
12) Tools and Other
12.1 Cookie Consent Tool
This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies requiring consent and cookie-based applications. The "Cookie Consent Tool" is displayed to users when they visit the site in the form of an interactive user interface, where they can give consent for specific cookies and/or cookie-based applications by checking the appropriate boxes. Using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by checking the appropriate boxes. This ensures that such cookies are only placed on the user's device if consent has been given.
The tool uses technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.
12.2 Judge.me
To verify and publish customer reviews, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom.
If you submit a review on our website, your first and last name, email address, order date and number, name, and international references (GTIN/ISDNF) will be collected, transmitted to the provider, and evaluated there to determine the legitimacy of a customer review for a specific order. This processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in ensuring the authenticity of customer reviews by ensuring transaction-relatedness and preventing review misuse. After the review review and approval have been completed, the data will be deleted by the provider.
When data is transferred to the provider's location, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.
13) Rights of the Data Subject
13.1 Applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data. Reference is made to the legal basis listed for the respective conditions for exercising these rights:
Right to information pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.
13.2 RIGHT OF OBJECTION
IF, AS PART OF A BALANCE OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA IN QUESTION. However, we reserve the right to further process your data if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise your right of objection as described above.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
14) Duration of storage of personal data
The duration of storage of personal data is determined by the respective legal basis, the purpose of the processing, and – where applicable – also by the respective statutory retention period (e.g., retention periods under commercial and tax law).
When personal data is processed on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data in question will be stored until you revoke your consent.
If statutory retention periods exist for data processed within the framework of legal transactions or quasi-legal obligations based on Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in continuing to store it.
When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right of objection under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
When processing personal data for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right of objection under Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this statement on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.