Phacon Logo
Warenkorb
Phacon Logo

Privacy Policy

The person(s) responsible for data processing is:

Hendrik Möckel

Robert Haase

Druckereistr. 11

04159 Leipzig

Email: office@phacon.de

Thank you for your interest in our online store. The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.

1. Access data and Hosting

You can visit our website without providing any personal data. Each time a website is accessed, the web server merely automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is analyzed exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. This serves to safeguard our legitimate interests, which predominate in the context of a weighing of interests, in a correct presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

2. Data processing for contract processing and for establishing contact

2.1 Data processing for contract processing

For the purpose of contract processing (including inquiries about and processing of any existing warranty and service disruption claims as well as any statutory updating obligations) in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we collect personal data if you voluntarily provide it to us as part of your order. Mandatory fields are marked as such, as in these cases we absolutely need the data to process the contract and we cannot send the order without it. Which data is collected can be seen from the respective input forms.

Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After completion of the contract, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.2 Customer account

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

2.3 Making contact

As part of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR if you voluntarily provide us with this data when contacting us (e.g. via contact form, live chat tool or email). Mandatory fields are marked as such, as in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. Once your request has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

3. Data processing for the purpose of shipping processing

In order to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

4. Data processing for payment processing

We work with the following partners to process payments in our online store: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
If you have any questions about our partners for payment processing and the basis of our cooperation with them, please use the contact option described in this privacy policy.

4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes

If necessary, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our processors for the purpose of fraud prevention and the optimization of our payment processes (e.g. invoicing, processing of disputed payments, accounting support). In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, this serves to safeguard our legitimate interests in our protection against fraud and efficient payment management, which predominate in the context of a balancing of interests.

5. Cookies and other technologies

5.1 General information

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).

Privacy protection for end devices

When using our online offer, we use absolutely necessary technologies in order to be able to provide the expressly requested telemedia service. The storage of information in your end device or access to information that is already stored in your end device does not require consent in this respect.

Any downstream data processing by cookies and other technologies

We use technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies collect and process the IP address, time of visit, device and browser information as well as information about your use of our website (e.g. information about the contents of the shopping cart). In the context of a balancing of interests, this serves overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

Cookie settings

You can find the cookie settings for your browser under the following links Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

5.2 Woocommerce

We collect information about you during the ordering process in our store.

What we collect and store

While you visit our website, we track

  • Products you have viewed: We use this to show you, for example, products you have recently viewed
  • Location, IP address and browser type: we use this for purposes such as estimating taxes and shipping
  • Shipping address: We ask you to enter this so we can, for example, estimate shipping costs before you place an order and send it to you!
  • We also use cookies to keep track of the contents of your shopping cart as you browse our website.

When you shop with us, we ask you for information such as your name, billing address, shipping address, e-mail address, phone number, credit card/payment information, and optional account information such as your username and password. We use this information for the following purposes, among others:

  • Send you information about your account and your order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • To fulfill our legal obligations, such as calculating taxes
  • Improve our store offering
  • Send you marketing messages if you wish to receive them
  • When you create an account, we store your name, address, email address and phone number, which are used to populate the checkout for future orders.

In general, we store your information for as long as we need it for the purposes for which we collect and use it, and we are not required by law to retain it. For example, we store order data for tax and accounting purposes for a specific, limited time. This includes your name, e-mail address, billing and shipping address.

We also save comments or ratings if you leave them.

Who in our team has access

Members of our team have access to the information you provide us with. For example, both administrators and store managers can access it:

Order information, such as what was purchased, when it was purchased, and where it should be sent, and
customer information, such as your name, email address, and billing and shipping information.
Our team members have access to this information to fulfill orders, process refunds and assist you.

What we share with others

We share information with third parties to help us provide you with our orders and store services; for example, name and shipping address.

5.3 Payments

We accept payments via PayPal. When processing payments, some of your data will be shared with PayPal, including information required to process or support the payment, such as the purchase amount and billing information.

For more information, please see PayPal’s privacy policy.

We accept payments via Stripe. When processing payments, some of your data will be shared with Stripe, including information required to process or support the payment. Examples of this are:

  • Name
  • e-mail address
  • phone number
  • Billing address (including city, state and zip code).
  • Total amount of the order.
  • Unique identifier of the payment
  • Stripe payment provider identifier

This information is shared securely and only to the extent necessary to complete the transaction. Stripe may also set cookies to facilitate payment processing and fraud prevention (e.g. “_stripe_mid”, “_stripe_sid”).

For more information on how Stripe handles your personal data, please refer to the Stripe Privacy Policy.

5.4 Google Fonts

What are Google Fonts?

We use Google Fonts on our website. These are the “Google Fonts” of Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to log in or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at exactly how the data is stored.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache license. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.

What data is stored by Google?

When you visit our website, the fonts are loaded via a Google server. This external call transmits data to the Google server. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. Incidentally, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely at Google and is therefore protected. By collecting usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to analyze and move large amounts of data.

However, it should be noted that every Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. It is not clear whether this data is also stored or whether it is clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google’s aim is to fundamentally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates font files to reduce the file size, increase language coverage and improve the design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=313021421. In this case, you can only prevent data storage if you do not visit our site.

Unlike other web fonts, Google allows us unrestricted access to all fonts. We can therefore access an unlimited number of fonts and thus get the best out of our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=313021421. Although Google addresses data protection issues there, it does not provide any really detailed information about data storage. It is relatively difficult to get really precise information from Google about stored data.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when Google Fonts is used.

We also have a legitimate interest in using Google Fonts to optimize our online service. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Google Font if you have given your consent.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can also find out which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Source: Privacy policy created with the data protection generator for Germany by AdSimple

5.5 Google Tag Manager

We use Google Tag Manager to manage and deploy marketing tags (snippets of code or tracking pixels) on our website without modifying the code directly. Google Tag Manager allows us to streamline the process of integrating and managing various analytics and marketing services.

Data Collection and Usage

Google Tag Manager itself does not collect personal data. However, it enables other tags to collect data, which may include:

  • Cookies: Google Tag Manager may facilitate the use of cookies to track user behavior and preferences.
  • User Interactions: Tags deployed through Google Tag Manager can track user interactions with our website, such as page views, clicks, and form submissions.

Data Sharing and Third-Party Services

The data collected through tags managed by Google Tag Manager may be shared with third-party services, including but not limited to Google Analytics, advertising platforms, and social media networks. These services may use the data to analyze user behavior, deliver targeted advertisements, and improve their offerings.

User Control and Opt-Out

Users can control the use of cookies and tracking technologies through their browser settings. Additionally, users can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Changes to This Section

We may update this section of our privacy policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage users to review this section periodically for the latest information on our privacy practices related to Google Tag Manager.

6. Contact options and your rights

6.1 Your rights

As a data subject, you have the following rights

  • pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
  • pursuant to Art. 16 GDPR, the right to request the immediate rectification of inaccurate or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing
    • is necessary for exercising the right of freedom of expression and information;
    • for compliance with a legal obligation;
    • for reasons of public interest or
    • for the establishment, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as
    • the accuracy of the data is disputed by you;
    • the processing is unlawful, but you refuse to delete it;
    • we no longer need the data, but you need it to assert, exercise or defend legal claims or
    • you have objected to processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
  • in accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
Right to object

Insofar as we process personal data as explained above in order to safeguard our legitimate interests, which are overriding in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.

6.2 Contact options

If you have any questions regarding the collection, processing or use of your personal data, information, correction, restriction or deletion of data as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our legal notice.