data protection

Blue Mountain Store, owner: Mr. Björn Kohl, Riesengasse 6, 63739 Aschaffenburg

We are very pleased about your interest in our company. Data protection is particularly important to us. In principle, our websites are used without providing any personal data.

With this data protection declaration we would like to provide information about the type, scope and purpose of the personal data we collect, use and process. We also explain the rights to which you are entitled.

Responsible within the meaning of the General Data Protection Regulation (GDPR):

Mr. Björn Kohl, Riesengasse 6, 63739 Aschaffenburg

Telephone: +49 06021 5840912
Fax: +49 06021 5840913

Email: hello@bmstore.de

Your rights:

You can contact us either in writing or by email using the contact details provided above to exercise the following rights:

- to receive information about your data stored by us,

- to receive a copy of your personal data or to request that it be transferred to another service provider,

- request the correction, deletion or restriction of processing, this also includes the right to complete incomplete or incorrect data by means of additional notification;

- to object to further processing.

You also have the right to complain to the data protection supervisory authority responsible for our company:

Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach

or the data protection supervisory authority responsible for your place of residence.

Legal basis for processing:

When using our homepage, personal data is collected, in particular on the basis of Art. 6 I lit. a., b. and f. GDPR processed. The data processed is necessary to enable the use of the website. You implicitly agree to the use of the data, as far as stated, by using the website. Furthermore, consent is given as set out below.

Deletion and blocking of personal data:

The personal data of the data subject will be processed by us and stored only for the period necessary to achieve the purpose of storage or if this has been provided for by the legislature in laws or regulations.

If the purpose of storage no longer applies, the personal data will be blocked or deleted routinely and in accordance with legal regulations, subject to statutory retention periods.

Data protection regulations for the collection of general data and information:

Every time the website is accessed, various data and information is collected from the data subject. This general data and information is stored in the server's log files. This data may include the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrer page), the sub-websites that are accessed via an accessing system on our website be controlled, the date and time of access to the website, the IP address (Internet Protocol address), the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to ensure proper delivery of the content of our website and to optimize the content of our website and advertising.

We carry out a statistical evaluation of the aforementioned data and information. This is particularly to optimize data protection and data security in our company.

The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

Cookie privacy policy:

Our websites use cookies. Cookies are text files that are stored and stored on a computer system via an Internet browser.

This unique cookie ID makes it possible to recognize and identify a specific Internet browser.

The person concerned can prevent the setting of cookies through our website at any time by means of an appropriate setting on the Internet browser used and thus permanently object to the setting of cookies. Cookies that have already been set can be deleted at any time using an internet browser or other software programs. Deactivating the setting of cookies in the Internet browser used may mean that not all functions of our website can be used.

Data protection regulations on the application and use of Google Analytics (with anonymization function):

The Google Analytics component (with anonymization function) has been integrated into our website. This is a web analysis service. This is used to collect, collect and evaluate data about the behavior of visitors to websites. Data collected includes, among other things, the website from which a data subject came to our website (so-called referrer page), which subpages of the website were accessed or how often and for what duration a subpage was visited. Web analysis is primarily used to optimize a website and to analyze the cost-benefit of Internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The person responsible uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. This shortens and anonymizes the IP address of the data subject's Internet connection from Google if access to our website is from a member state of the European Union or from another contracting state to the Agreement on the European Economic Area.

The Google Analytics component is used to analyze the flow of visitors to our website. The data and information obtained from this is used by Google, among other things, to evaluate the use of our website. This also serves as the basis for creating online reports that document the activities on our websites, as well as to provide other services related to the use of our website.

Google Analytics sets a cookie on the data subject's system. This enables Google to analyze the use of our website. Every time one of the individual pages of our website is accessed, on which a Google Analytics component has been integrated, the Internet browser on the data subject's system automatically transmits data to Google for the purpose of online analysis through the respective Google Analytics component . Here, Google gains knowledge of personal data (including the IP address of the person concerned), which it uses, among other things, to determine the origin of visitors and clicks and to calculate commissions from this.

Cookies are used to store personal data, including the access time, the location from which access was made and the frequency of visits to our website by the person concerned. Each time you visit our website, this personal data is transmitted to Google in the United States of America and stored by them in the United States of America. The personal data collected via the technical process may be passed on by Google to third parties.

The setting of cookies by our website can be prevented at any time by adjusting the appropriate settings in the Internet browser used. In this respect, reference is made to the above statements. This setting would also prevent Google from setting a cookie on the data subject's system. It is also possible at any time to delete cookies set by Google Analytics via the Internet browser or other software programs.

Furthermore, the data subject has the possibility of objecting to the collection of data generated by Google Analytics, which relates to the use of this website, as well as the processing of this data by Google and the possibility of preventing such data being collected. To do this, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that no data or information about website visits may be transferred to Google Analytics. Google considers the installation of the browser add-on to be a contradiction. If the affected person's system is deleted, formatted or reinstalled at a later date, the affected person must install the browser add-on again in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated, the browser add-on can be reinstalled or reactivated.

Further information and Google's applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. You can find a more detailed explanation of Google Analytics under this link https://www.google.com/intl/de_de/analytics/.

Data protection regulations on the application and use of Google Remarketing:

We have integrated Google Remarketing services on our website. This is a feature of Google AdWords.

With remarketing, ads are served to users who have already visited our website or used our mobile app. For example, if users leave our website without making a purchase, remarketing can help us re-engage with the user by displaying relevant ads on other devices of those previous visitors.

The operating company for the Google Remarketing services is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Google Remarketing sets a cookie on the data subject's system. This enables Google to recognize the user of our website when they subsequently access websites that are also members of the Google advertising network. Every time you visit a website on which the Google Remarketing service has been integrated, the Internet browser of the person concerned is automatically identified by Google. Here, Google gains knowledge of personal data, such as the IP address or the user's surfing behavior, which Google uses, among other things, to display interest-relevant advertising.

These cookies store personal information, such as the websites visited by the data subject. Every time you visit our website, personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. In this case, Google may pass on personal data to third parties.

As explained above, the data subject can prevent the setting of cookies at any time by making the appropriate settings in the Internet browser used and thus permanently object to the setting of cookies. This would also prevent  that Google sets a cookie on the system of the data subject. It is also possible to delete a cookie already set by Google Analytics at any time via the Internet browser or other software programs.

The data subject can also object to interest-based advertising by Google. To do this, the data subject must make the desired settings from each of the Internet browsers they use via the link www.google.de/settings/ads.

and Google's applicable data protection regulations and further information can be viewed at https://www.google.de/intl/de/policies/privacy/.

Data protection regulations for the processing of personal customer data when ordering in the online shop:

We need the personal data that the customer provides during the order (purchase process), such as first and last name, customer address, customer telephone number, email address, date of birth, credit card number and account details for the justification and implementation of contractual relationships. This is done on the basis of Article 6 Paragraph 1 Letter b. GDPR. If it is not provided, the implementation of the contract or pre-contractual measures would not be possible.

To process the purchase and ship goods, we transmit the customer's personal data to relevant service providers who process the personal customer data on behalf of the customer in compliance with data protection regulations.

Data protection regulations for PayPal as a payment method:

We have integrated PayPal components on our website.

PayPal is an operator of an online payment service that can be used to settle medium and small amounts, for example when purchasing and selling in online retail.

A PayPal account is managed via an email address. For this reason, there is no account number in the classic sense.

The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

With the selection of PayPal as a payment option in our online shop by the person concerned during the ordering process  The data of the person concerned is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data to PayPal required for payment processing.

This data usually includes first name, last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. This also includes the personal data that is related to the respective order.

The transmission of the data serves the purpose of payment processing and fraud prevention. A transmission of personal data to PayPal will be pursued in particular if there is a legitimate interest in the transmission. The personal data transmitted to PayPal may be forwarded by PayPal to credit reporting agencies. This serves the purpose of identity and creditworthiness checks.

PayPal will pass on the data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of the customer.

The data subject can revoke their consent to the handling of personal data at any time from PayPal. A revocation has no effect on personal data that must be processed for (contractual) payment processing.

PayPal's applicable data protection regulations are available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Data protection regulations for Klarna as a payment method:

If you decide to use Klarna's payment services, we ask for your consent that we may transmit to Klarna the data necessary to process the payment and carry out an identity and creditworthiness check. In Germany, the credit reporting agencies mentioned in Klarna's data protection declaration can be used for identity and creditworthiness checks.

You can revoke your consent to this use of personal data to Klarna at any time.

Data protection regulations for the contact form:

When a data subject contacts us via email or the contact form, the personal data provided by the data subject is automatically stored. This personal data is transmitted to us voluntarily by a data subject.

This personal data is stored and is used for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.

Data protection regulations for subscribing to our newsletter:

On our website we have given users the opportunity to subscribe to our company's newsletter. The personal data initially results from the input mask used for this purpose.

With this newsletter we inform you about offers from our company. Receiving the newsletter requires that the person concerned has a valid email address and that the person concerned has registered to receive the newsletter. If a data subject enters an email address into the input mask for the first time, a confirmation email will be sent using the double opt-in procedure for legal reasons. This confirmation email is used to check whether the owner of the email address actually registered for the newsletter.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration as well as the date and time of registration. This serves the purpose of being able to trace any possible misuse of the email address of a data subject at a later date and thus of our legal protection.

Subject to the following statements, the personal data will be used to send our newsletter. In addition, it is possible for subscribers to the newsletter to receive information by email if this is necessary for the operation of the newsletter service or a related registration.

We use MailChimp as a service for sending emails. The operator is The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA.

The Rocket Science Group, guaranteed by EU-US Privacy Shield certification

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

that the EU data protection regulations are also adhered to when processing data in the USA.

Further data protection information from The Rocket Science Group is available at http://mailchimp.com/legal/privacy/ .

When you register for our newsletter, the data requested during the registration process, such as your email address and, optionally, your name and address, will be processed by The Rocket Science Group. In addition, your IP address and the date of your registration and time are stored.

The newsletter sent via The Rocket Science Group also contains a so-called tracking pixel, also known as a web beacon. This tracking pixel enables us to evaluate whether and when you read our newsletter and whether you followed the links contained in the newsletter. In addition to other technical data, such as the data of your computer system and your IP address, the data processed is stored. This serves the purpose of optimizing our newsletter offer.

The data subject can cancel the subscription to our newsletter at any time in accordance with Art. 7 Para. 3 GDPR. Furthermore, the data subject can revoke their consent to the storage of personal data, which was given to us for sending the newsletter, at any time. Every newsletter contains a corresponding link for this purpose. It is also possible to unsubscribe from the newsletter at any time directly on our website or to inform us of this in another way.

The legal basis for sending the newsletter and the analysis is Art. 6 Para. 1 lit. a.) GDPR.

Integration of the Trusted Shop Trustbadge

The Trusted Shops trust badge is integrated on this website to display our Trusted Shops seal of approval and any reviews collected, as well as to offer Trusted Shops products to buyers after an order.

This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The trust badge is made available as part of order processing by a CDN provider (content delivery network). Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on data protection at Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz

When you access the trust badge, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. Individual access data is stored in a security database for the analysis of security issues. The log files are automatically deleted no later than 90 days after creation.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered to use the product is automatically checked using a neutral parameter, the email address hashed using a cryptological one-way function. Before transmission, the email address is converted into this hash value, which cannot be decrypted by Trusted Shops. After checking for a match, the parameter is automatically deleted.

This is necessary to fulfill our and Trusted Shops' overriding legitimate interests in providing the buyer protection and transactional evaluation services linked to the specific order in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Further details, including how to object, can be found in the Trusted Shops data protection declaration linked above and in the Trustbadge.

As of June 10, 2019