Privacy Policy

Access Data and Hosting
Data Processing for Contract Fulfillment and Contact 2.1 Data Processing for Contract Fulfillment 2.2 Customer Account 2.3 Contact
Data Processing for Shipping Purposes
Data Processing for Payment Processing 4.1 Data Processing for Transaction Processing 4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes
Email Advertising Email Newsletter with Registration, Newsletter Tracking with Separate Consent
Cookies and Other Technologies General Information
Use of Cookies and Other Technologies 7.1 Use of Google Services 7.2 Use of Facebook Services
Integration of the Trusted Shops Trustbadge / Other Widgets 8.1 Data Processing When Integrating the Trustbadge / Other Widgets 8.2 Data Processing After Order Completion
Contact Options and Your Rights 9.1 Your Rights 9.2 Contact Options

The data controller is:

Tobias Maiwald
Robert-Koch-Str. 18
41539 Dormagen
Germany

Email: info@gravity-shift.com
Phone: +49 151 74409847

We are pleased about your interest in our online shop. Protecting your privacy is very important to us. Below we inform you in detail about the handling of your data.

1. Access Data and Hosting You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, transferred data volume, and the requesting provider (access data) and documents the access. These access data are processed exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. This serves to protect our overriding legitimate interests in a correct presentation of our offer pursuant to Art. 6 (1) sentence 1 lit. f GDPR. All access data are processed only as long as necessary to achieve the above-mentioned processing purposes.

The hosting and presentation services of the website are partially provided by our service providers as part of order processing. Unless otherwise stated in this privacy policy, all access data and data collected in forms provided for this purpose on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has established an adequate level of data protection by decision: Israel, United Kingdom, USA (EU-US Data Privacy Framework – DPF).

For the USA, the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) has been in effect since July 2023. To the extent that the respective service provider is certified under the DPF (which is the case for the services we use), this serves as the primary basis for the transfer. You can find the list of certified companies here: https://www.dataprivacyframework.gov/list.
Additionally, we rely on Standard Contractual Clauses of the European Union (Art. 46 GDPR) as a safeguard.

Our service providers are located and/or use servers in these countries: Brazil, Mexico, India, Ukraine. No adequacy decision of the European Commission exists for these countries. Our cooperation with them is based on Standard Contractual Clauses of the European Union.

2. Data Processing for Contract Fulfillment and Contact
2.1 Data Processing for Contract Fulfillment For the purpose of contract fulfillment (including inquiries regarding and handling of any existing warranty and performance disruption claims as well as any statutory update obligations) pursuant to Art. 6 (1) sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because we need the data in these cases to fulfill the contract and cannot ship the order without them. Which data are collected can be seen from the respective input forms.

Further information on the processing of your data, in particular on the transfer to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After complete fulfillment of the contract, your data will be restricted for further processing and deleted after expiry of the tax and commercial retention periods pursuant to Art. 6 (1) sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or we reserve the right to further data use permitted by law and about which we inform you in this declaration.

2.2 Customer Account To the extent that you have given your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR by deciding to open a customer account, we use your data for the purpose of opening the customer account and storing your data for any future orders on our website. You can delete your customer account at any time, either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or we reserve the right to further data use permitted by law and about which we inform you in this declaration.

2.3 Contact In the context of customer communication, we collect personal data pursuant to Art. 6 (1) sentence 1 lit. b GDPR to process your inquiries if you voluntarily provide it to us when contacting us (e.g. via contact form, live chat tool or email). Mandatory fields are marked as such because we need the data in these cases to process your contact request. Which data are collected can be seen from the respective input forms. After complete processing of your request, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or we reserve the right to further data use permitted by law and about which we inform you in this declaration.

3. Data Processing for Shipping Purposes For the fulfillment of the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, to the extent necessary for the delivery of the ordered goods. For questions about our service providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

4. Data Processing for Payment Processing In processing payments in our online shop, we work with the following partners: technical service providers, credit institutions, payment service providers.

4.1 Data Processing for Transaction Processing Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers or to the commissioned credit institutions or to the selected payment service provider, to the extent necessary for payment processing. This serves the fulfillment of the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for payment processing themselves, e.g. on their own website or through technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

Many of our payment service providers (e.g. PayPal, Amazon Pay, Apple Pay, Google Pay, Klarna, Skrill) are certified under the EU-US Data Privacy Framework (DPF). Depending on the selected payment method, data transfers to third countries outside the EU/EEA may occur, for which the European Commission has established an adequate level of data protection by decision (USA via DPF). To the extent that a data transfer to third countries outside the EU/EEA takes place for which the European Commission has not issued an adequacy decision, our cooperation is based on Standard Contractual Clauses of the European Commission. Details on DPF certification can be found at: https://www.dataprivacyframework.gov/list.

If you have any questions about our partners for payment processing or the basis of our cooperation with them, please contact us using the contact option mentioned in this privacy policy.

4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes If necessary, we provide the aforementioned service providers with additional data that they use together with the data necessary for payment processing for the purposes of fraud prevention and optimization of our payment processes (e.g. invoicing, handling of disputed payments, support for accounting). This serves to protect our overriding legitimate interests in protection against fraud and efficient payment management pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

5. Email Advertising Email Newsletter with Registration, Newsletter Tracking with Separate Consent If you register for our newsletter, we use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we delete your email address from the recipient list unless you have expressly consented to further use of your data pursuant to Art. 6 (1) sentence 1 lit. a GDPR or we reserve the right to further data use permitted by law and about which we inform you in this declaration.

If you have additionally given us your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR to analyze our newsletters, we also analyze your interaction with our newsletter by measuring, storing and evaluating open rates and click rates for the purpose of designing future newsletter campaigns (“Newsletter Tracking”).

For this evaluation, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following “newsletter data” in particular

the page from which the page was requested (so-called referrer URL),
the date and time of the access,
the description of the type of web browser used,
the IP address of the requesting computer,
the email address,
the date and time of registration and confirmation and the single-pixel technologies with your email address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.

Unsubscribing from newsletter tracking is possible at any time and can be done either by sending a message to the contact option described or via a link provided for this purpose in the newsletter. The information is stored for as long as you are subscribed to the newsletter.

For the USA, the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) has been in effect since July 2023. To the extent that the respective service provider is certified under the DPF (which is the case for the services we use), this serves as the primary basis for the transfer. You can find the list of certified companies here: https://www.dataprivacyframework.gov/list. Additionally, we rely on Standard Contractual Clauses of the European Union (Art. 46 GDPR) as a safeguard.

6. Cookies and Other Technologies General Information To make our website attractive and to enable the use of certain functions, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser on your next visit (persistent cookies). You can find the duration of storage in the overview in the cookie settings of your web browser.

Protection of Privacy on Terminal Devices When using our online offer, we use technologies that are strictly necessary to provide the expressly requested telemedia service. The storage of information in your terminal device or access to information already stored in your terminal device does not require consent in this respect.

For non-essential functions, the storage of information in your terminal device or access to information already stored in your terminal device requires your consent. We point out that if consent is not given, parts of the website may not be fully usable. Any consents you have given remain in effect until you adjust or reset the respective settings in your terminal device.

Subsequent Data Processing by Cookies and Other Technologies We use technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). Through these technologies, IP address, time of visit, device and browser information as well as information about your use of our website (e.g. information about the contents of the shopping cart) are collected and processed. This serves our overriding legitimate interests in an optimized presentation of our offer pursuant to Art. 6 (1) sentence 1 lit. f GDPR in the context of a balancing of interests.

We also use technologies to fulfill legal obligations to which we are subject (e.g. to prove consents to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

Cookie Settings You can find the cookie settings for your browser under the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

To the extent that you have consented to the use of the technologies pursuant to Art. 6 (1) sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.

7. Use of Cookies and Other Technologies We use the following cookies and other technologies from third-party providers on our website. Unless otherwise stated for the individual technologies, this is done on the basis of your consent pursuant to Art.

6 (1) sentence 1 lit. a GDPR. After the purpose has ceased and the respective technology is no longer used by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section “Cookies and Other Technologies”. Further information, including the basis of our cooperation with the individual providers, can be found with the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please contact us using the contact option described in this privacy policy.

7.1 Use of Google Services We use the technologies of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) described below. The information about your use of our website automatically collected by the Google technologies is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR for the respective technology.

For the USA, the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) has been in effect since July 2023. Google is certified under the DPF. Details on DPF certification can be found at:

https://www.dataprivacyframework.gov/list.

Further information on data processing by Google can be found in Google's privacy policy.

Google Analytics For the purpose of website analysis, data (IP address, time of visit, device and browser information as well as information about your use of our website) are automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU to derive location data and then immediately deleted before the traffic is forwarded to further Google servers for processing. Data processing is based on an order processing agreement with Google.

Google Ads For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing Cookie is set when visiting our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information about your use of our website) and using a pseudonymous cookie ID and based on the pages you have visited. Further data processing only takes place if you have activated the “personalized advertising” setting in your Google account. If you are logged in to Google while visiting our website, Google uses your data together with Google Analytics data to create and define target group lists for cross-device remarketing.

To analyze the website and track events, we measure your subsequent usage behavior via Google Ads Conversion Tracking if you reached our website via a Google Ads advertisement. Cookies may be used and data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, e.g. visit to a webpage or newsletter registration) may be collected, from which usage profiles are created using pseudonyms.

Google Fonts For uniform presentation of content on our website, data (IP address, time of visit, device and browser information) are collected by the script code “Google Fonts”, transmitted to Google and then processed by Google. We have no influence on this subsequent data processing.

7.2 Use of Facebook Services Use of Facebook Pixel We use the Facebook Pixel as part of the technologies of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”). With the Facebook Pixel, data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, e.g. visit to a webpage or newsletter registration) are automatically collected and stored, from which usage profiles are created using pseudonyms. For this purpose, a cookie is automatically set by the Facebook Pixel when visiting our website, which enables automatic recognition of your browser when visiting other websites using a pseudonymous cookie ID. Facebook (by Meta) will merge this information with other data from your Facebook account and use it to compile reports on website activities and to provide other services related to website use, in particular personalized and group-based advertising.

The information about your use of our website automatically collected by the Facebook (by Meta) technologies is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there.

For the USA, the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) has been in effect since July 2023. Meta Platforms is certified under the DPF. Details on DPF certification can be found at:

https://www.dataprivacyframework.gov/list.

Further information on data processing by Facebook can be found in the privacy policy of Facebook (by Meta).

Facebook Ads (Advertising Manager) We advertise this website on Facebook (by Meta) and other platforms via Facebook Ads. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the exact implementation, in particular the decision on the placement of ads to individual users. Unless otherwise stated for the individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Joint controllership is limited to the collection of data and its transmission to Meta Platforms Ireland. Subsequent data processing by Meta Platforms Ireland is not covered by this.

Use of Wix Statistics for Web Analysis For the purpose of website analysis, data (IP address, time of visit, device and browser information, location information as well as information about your use of our website) are automatically collected and stored with technologies of Wix Ltd., 40 Nemal St., Tel Aviv 6350671, Israel (“Wix”), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymized usage profiles are not merged with personal data about the bearer of the pseudonym without separate express consent. Wix acts on our behalf.

For the USA, the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) has been in effect since July 2023. To the extent that the respective service provider is certified under the DPF (which is the case for the services we use), this serves as the primary basis for the transfer. You can find the list of certified companies here:

https://www.dataprivacyframework.gov/list.

Additionally, we rely on Standard Contractual Clauses of the European Union.

8. Integration of the Trusted Shops Trustbadge / Other Widgets To display the Trusted Shops services (e.g. quality seal, collected reviews), Trusted Shops widgets are integrated on this website.

This serves to protect our overriding legitimate interests in optimal marketing by enabling a secure purchase pursuant to Art. 6 (1) sentence 1 lit. f GDPR. The Trustbadge and the advertised services are an offer of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”), with whom we are jointly responsible for data protection pursuant to Art. 26 GDPR. We inform you below in these privacy notices about the essential contractual contents pursuant to Art. 26 (2) GDPR.

In the context of the joint controllership between us and Trusted Shops SE, please preferably contact Trusted Shops using the contact options specified in their privacy information for data protection questions and to assert your rights. Independently of this, you can always contact the controller of your choice. Your request will then, if necessary, be forwarded to the other controller for response.

8.1 Data Processing When Integrating the Trustbadge / Other Widgets The Trustbadge is provided by a US-American CDN provider (Content Delivery Network). For the USA, the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) has been in effect since July 2023. Service providers from the USA used are generally certified under the DPF. Details on DPF certification can be found at:

https://www.dataprivacyframework.gov/list.

An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA. If used service providers are not certified under the DPF, Standard Contractual Clauses have been concluded as an appropriate safeguard.

When calling up the Trustbadge, the web server automatically stores a so-called server log file that also contains your IP address, date and time of access, transferred data volume and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to your person. The anonymized data are used in particular for statistical purposes and error analysis.

8.2 Data Processing After Order Completion After order completion, order information (order totals, order number, possibly purchased product) as well as your email address hashed by cryptographic one-way function are transmitted to Trusted Shops. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR. This serves to check whether you are already registered for services with Trusted Shops and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in providing the transactional rating services linked to the specific order pursuant to Art. 6 (1) sentence 1 lit. f GDPR. If registration exists, further processing takes place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will subsequently be given the opportunity to do so for the first time. Further processing after registration is also governed by the contractual agreement with Trusted Shops. If you are not yet registered for the services, you will subsequently be given the opportunity to give your consent to receive rating invitations. If you do not give this consent, all transmitted data will be automatically deleted by Trusted Shops and a personal reference is then no longer possible.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 (1) lit. f GDPR for the purpose of ensuring trouble-free operation. Processing in third countries (USA, United Kingdom and Israel) may take place. For the USA, the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) has been in effect since July 2023. Service providers from the USA used are generally certified under the DPF. Details on DPF certification can be found at: https://www.dataprivacyframework.gov/list. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA, here for the United Kingdom and here for Israel. If used service providers are not certified under the DPF, Standard Contractual Clauses have been concluded as an appropriate safeguard.

9. Contact Options and Your Rights 9.1 Your Rights As a data subject, you have the following rights:

• pursuant to Art. 15 GDPR, the right to obtain information about your personal data processed by us to the extent specified therein;
• pursuant to Art. 16 GDPR, the right to immediate rectification of inaccurate or completion of your personal data stored with us;
• pursuant to Art. 17 GDPR, the right to erasure of your personal data stored with us, unless further processing is necessary
• for exercising the right to freedom of expression and information;
• for compliance with a legal obligation;
• for reasons of public interest; or
• for the establishment, exercise or defense of legal claims;
• pursuant to Art. 18 GDPR, the right to restriction of processing of your personal data if
• you contest the accuracy of the data;
• the processing is unlawful but you oppose erasure;
• we no longer need the data but you require it for the establishment, exercise or defense of legal claims; or
• you have objected to processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR, the right to receive your personal data provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
• pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

Right to Object To the extent that we process personal data as explained above to protect our overriding legitimate interests, you may object to such processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If the processing is for other purposes, you have a right to object only if there are grounds arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

9.2 Contact Options If you have questions regarding the collection, processing or use of your personal data, requests for information, correction, restriction or erasure of data, revocation of consents given or objection to a specific use of data, please contact us directly using the contact details in our Imprint.

Prevailing Language Clause This Privacy Policy is provided in both German and English. In case of any discrepancies or differences in interpretation between the English translation and the German original, the German version shall prevail and be legally binding.

Privacy Policy

​