Privacy Policy

Privacy Policy

One-to-one English translation of the German IONOS privacy policy text for transparency and legal consistency.

Complete legal scope

All sections 1–13 are translated and structured according to the source text.

Provider-by-provider clarity

Shipping, payment, analytics, maps, forms, and social-plugin processing are listed individually.

Reference preserved

IT-Recht Kanzlei copyright block and status timestamp are retained at the bottom.

Controller details

Cedric Mansius, Grundweg 3, 97816 Lohr a. Main, Germany
Tel.: +49 151 72183091
E-Mail: cedric.mansius@gmail.com

Legal framework

Processing references include Art. 6(1)(a), (b), (c), and (f) GDPR, plus rights under Arts. 15–21 and 77 GDPR.

Source status

Translated from the provided German source text with status timestamp 24.04.2026, 13:09:41.

Contents

Table of Contents

1

Introduction and Controller Contact Details

2

Data Collection When Visiting Our Website

3

Hosting and Content Delivery Network

4

Cookies

5

Contact

6

Customer Account Processing

7

Use of Customer Data for Direct Marketing

8

Data Processing for Order Handling

9

Web Analytics Services

10

Page Functionalities

11

Tools and Other

12

Rights of the Data Subject

13

Storage Duration of Personal Data

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Cedric Mansius, Grundweg 3, 97816 Lohr a. Main, Germany, Tel.: +4915172183091, E-Mail: cedric.mansius@gmail.com. The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information, we only collect data that your browser transmits to the page server (so-called “server log files”). When you access our website, we collect the following data technically required to display the website:

  • Visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (possibly anonymized)

Processing takes place according to Art. 6(1)(f) GDPR based on our legitimate interest in improving website stability and functionality. Data is not disclosed or otherwise used. However, we reserve the right to check log files retrospectively if specific indications point to unlawful use.

2.2 For security reasons and to protect transmission of personal data and other confidential content (e.g. orders or inquiries), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the “https://” string and lock icon in your browser line.

3) Hosting and Content Delivery Network

For hosting and page-content presentation we use a provider that performs services itself or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement (DPA) with the provider that protects visitor data and prohibits unauthorized disclosure to third parties.

4) Cookies

To make visiting our website attractive and to enable use of certain functions, we use cookies, i.e. small text files stored on your device. Some cookies are deleted automatically after closing the browser (session cookies), while others remain longer and allow storing page settings (persistent cookies). In the latter case, storage duration can be found in your browser cookie settings overview.

If personal data is also processed through individual cookies we use, processing occurs pursuant to Art. 6(1)(b) GDPR for contract performance, Art. 6(1)(a) GDPR in case of granted consent, or Art. 6(1)(f) GDPR to safeguard legitimate interests in best possible functionality and user-friendly, effective page design.

You can configure your browser to be informed about cookie settings and decide individually on acceptance or exclude acceptance for certain cases or generally.

Please note that rejecting cookies may limit functionality of our website.

5) Contact

5.1 WhatsApp Business
You can contact us via WhatsApp messaging service from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the “Business” version of WhatsApp.

If you contact us via WhatsApp regarding a specific transaction, we store and use your mobile number used with WhatsApp and, if provided, your first and last name according to Art. 6(1)(b) GDPR to process your request. On the same legal basis, we may ask for additional data (order number, customer number, address, email) to assign the request to a specific case.

If you use WhatsApp contact for general inquiries, we store and use your mobile number and, if provided, your name according to Art. 6(1)(f) GDPR based on our legitimate interest in efficient and timely provision of requested information.

Your data is used only to answer your WhatsApp inquiry. No disclosure to third parties occurs.

Please note that WhatsApp Business receives access to the address book of the mobile device used by us for this purpose and automatically transmits phone numbers stored in the address book to a server of parent company Meta Platforms Inc. in the USA. We use a mobile device whose address book stores only WhatsApp contact data of users who have contacted us via WhatsApp.

This ensures each person whose WhatsApp contact data is stored in our address book has already consented, by accepting WhatsApp terms upon first use, to transmission of their WhatsApp number from address books of their chat contacts according to Art. 6(1)(a) GDPR. Transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded.

For purpose, scope, and further processing by WhatsApp, and your rights/settings, see WhatsApp privacy information: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a DPA with the provider. Data transfers to Meta Platforms Inc. servers in the USA may occur. The provider is certified under the EU-US Data Privacy Framework.

5.2 When contacting us (e.g. contact form or e-mail), personal data is collected. Data collected via contact form can be seen in the form itself. Data is used exclusively to answer your request and for associated technical administration.

Legal basis is our legitimate interest in answering your request according to Art. 6(1)(f) GDPR. If your contact aims at contract conclusion, additional legal basis is Art. 6(1)(b) GDPR. Data is deleted after final processing unless statutory retention obligations apply.

6) Data Processing When Opening a Customer Account

According to Art. 6(1)(b) GDPR, personal data is collected and processed to the required extent when you provide it for opening a customer account. Required account-opening data can be seen in the corresponding input form on our website.

Your customer account can be deleted at any time by message to the controller address above. After deletion, your data is deleted provided all contracts are fully processed, no statutory retention periods prevent deletion, and we no longer have a legitimate interest in continued storage.

7) Use of Customer Data for Direct Advertising

7.1 Subscription to our e-mail newsletter
If you subscribe, we regularly send information about our offers. Mandatory information is only your e-mail address. Additional data is voluntary and used for personal addressing. We use double opt-in. You receive newsletters only after explicit confirmation via confirmation link.

By activating the link, you grant consent according to Art. 6(1)(a) GDPR. We store IP address and registration date/time to trace potential misuse. Newsletter data is used exclusively for newsletter advertising. You can unsubscribe anytime via newsletter link or message to the controller. After unsubscribing, your e-mail is deleted unless further use is expressly consented or legally permitted.

7.2 Sending newsletters to existing customers
If you provided your e-mail address when purchasing goods/services, we reserve the right to regularly send offers for similar goods/services from our range by e-mail. Under Section 7(3) UWG no separate consent is required. Legal basis is Art. 6(1)(f) GDPR (legitimate interest in personalized direct advertising). If you initially objected, we do not send such e-mails.

You may object at any time with future effect. Only transmission costs at basic rates apply. After objection, use of e-mail for advertising is stopped immediately.

7.3 WhatsApp newsletter
If you subscribe to our WhatsApp newsletter, we regularly send information on offers via WhatsApp. Mandatory information is only your mobile number. For subscription, add our number and send “Start” via WhatsApp. By this message you consent under Art. 6(1)(a) GDPR for newsletter dispatch.

Collected data is processed exclusively for newsletter advertising. You can unsubscribe anytime by sending “Stop” via WhatsApp. After unsubscribing, your number is removed immediately unless further use is expressly consented or legally permitted.

WhatsApp Business accesses address books and may transfer numbers to Meta Platforms Inc. in the USA. Therefore, we use a device address book storing only WhatsApp contacts of newsletter recipients. This ensures recipients have already consented by accepting WhatsApp terms. Data of non-WhatsApp users/non-contacts is excluded.

WhatsApp privacy information: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We concluded a DPA with WhatsApp. Transfers to Meta servers in the USA may occur. Provider is certified under EU-US Data Privacy Framework.

8) Data Processing for Order Handling

8.1 To the extent required for contract processing for delivery/payment, collected personal data is transmitted according to Art. 6(1)(b) GDPR to commissioned transport companies and payment institutions.

If we owe updates for goods with digital elements or digital products under a contract, we process contact data transmitted in orders to personally inform you pursuant to legal information obligations under Art. 6(1)(c) GDPR. Contact data is strictly purpose-limited for update notices.

For order processing we also cooperate with service providers supporting us in contract performance. Personal data is transferred according to the following information.

8.2 Transfer to shipping service providers

- FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach, Germany
With express consent, we transmit e-mail/phone according to Art. 6(1)(a) GDPR for delivery scheduling/announcement. Otherwise we only transmit recipient name and delivery address according to Art. 6(1)(b) GDPR to the extent required for delivery.

- UPS (United Parcel Service Deutschland Inc. & Co. OHG), Goerlitzer Strasse 1, 41460 Neuss, Germany
With express consent, we transmit e-mail/phone according to Art. 6(1)(a) GDPR for delivery scheduling/announcement. Otherwise only name/address under Art. 6(1)(b) GDPR.

8.3 Use of payment service providers
The following payment providers can be available depending on selected method. In each case, data transfer is based on Art. 6(1)(b) GDPR for payment processing, and for deferred-payment credit checks additionally Art. 6(1)(f) GDPR where applicable:

  • Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands
  • Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg
  • Apple Pay (Apple Distribution International, Hollyhill Industrial Estate, Cork, Ireland) with device security measures Face ID/Touch ID and tokenized transaction handling
  • Cash Payment Solutions GmbH (“Barzahlen”), Dircksenstr. 40, 10178 Berlin; involved bank NordFinanz Bank AG, Martinistrasse 48, 28195 Bremen
  • BillSAFE / PayPal (Europe) S.a.r.l. et Cie, S.C.A., Luxembourg, including possible credit checks
  • Coinbase Commerce (Toshi Holdings Pte. Ltd., Singapore) for cryptocurrency payments; SCCs for third-country transfer where applicable
  • Crypto.com Pay (Foris DAX MT Limited, Malta)
  • datatrans AG, Kreuzbuehlstrasse 26, CH-8008 Zurich, Switzerland
  • Google Pay (Google Ireland Limited, Dublin, Ireland)
  • Klarna Bank AB, Sveavaegen 46, 111 34 Stockholm, Sweden
  • Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands
  • PayPal (Europe) S.a.r.l. et Cie, S.C.A., Luxembourg
  • Shopify Payments (Shopify International Limited, Dublin, Ireland)
  • Sofortueberweisung via Klarna (Klarna Bank AB, Stockholm, Sweden)
  • Stripe Payments Europe Ltd., Dublin, Ireland
  • Thrivecart (WebActix Ltd., Tauranga, New Zealand)
  • Wallee customweb GmbH, Zurich, Switzerland

For providers with deferred-payment options (invoice/installments/direct debit), additional personal data may be requested and credit checks can include score values and bureau data (e.g. SCHUFA, CRIF, Creditreform Boniversum, infoscore/arvato, etc.) according to provider process descriptions. You may object; provider may still process data if required for contractual payment processing.

8.4 Electronic cancellation option for continuing obligations
Consumers who concluded paid continuing-obligation contracts electronically (e.g. subscriptions) can terminate them via electronic button according to applicable notice periods. Data collection/transmission for termination handling is based on Art. 6(1)(b) GDPR; legal obligation basis for providing this option is Art. 6(1)(c) GDPR.

9) Web Analytics Services

9.1 Google Analytics 4
Provider: Google Ireland Limited, Dublin, Ireland. GA4 enables analysis of website usage. Cookies are generally set by default; IP is shortened by Google. Data can be transferred to Google LLC (USA). Processing takes place only with consent under Art. 6(1)(a) GDPR and can be revoked via cookie consent tool. DPA with Google is in place. Retention in source: 2 months. Additional GA4 features in source include Demographics, Google Signals, and UserID analysis where applicable. Provider certified under EU-US Data Privacy Framework.

9.2 1&1 IONOS WebAnalytics
Provider: 1&1 IONOS Internet SE, Montabaur, Germany. Uses cookies/comparable technologies (pixel/web beacon/browser/device signals) for pseudonymized usage analysis including heatmaps. Processing only with consent under Art. 6(1)(a) GDPR. DPA concluded.

9.3 Google Tag Manager
Provider: Google Ireland Limited, Dublin, Ireland. GTM itself does not store/read user-end-device data or perform independent analyses, but may transfer IP address to Google and possibly Google LLC (USA). Processing only with consent under Art. 6(1)(a) GDPR and revocable via consent tool. DPA concluded. Provider certified under EU-US Data Privacy Framework.

10) Page Functionalities

10.1 Facebook Plugins
Provider: Meta Platforms Ireland Ltd., Dublin, Ireland. 2-click/Shariff integration is used so no immediate provider connection occurs on page load. Connection and data transfer (including IP) happen only after activation with consent under Art. 6(1)(a) GDPR. Transfers to Meta Platforms Inc. (USA) may occur. DPA concluded. Provider certified under EU-US Data Privacy Framework.

10.2 Instagram Plugins
Provider: Meta Platforms Ireland Ltd., Dublin, Ireland. Same 2-click/Shariff consent logic and transfer conditions as above; possible transfer to Meta Platforms Inc. (USA); DPA concluded; EU-US DPF participation.

10.3 LinkedIn Plugins
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Same consent activation model; possible transfer to LinkedIn Inc. (USA). Provider relies on EU Commission standard contractual clauses.

10.4 X Plugins
Provider: Twitter International Unlimited Company (X), Dublin, Ireland. Same consent activation model; possible transfer to X Corp. (USA). Provider relies on EU Commission standard contractual clauses.

10.5 YouTube
Provider: Google Ireland Limited, Dublin, Ireland; possible transfer to Google LLC (USA). Embedded videos establish provider connection and may set cookies for usage/replay statistics. Processing only with consent under Art. 6(1)(a) GDPR. Provider certified under EU-US Data Privacy Framework.

10.6 Apple Maps
Provider: Apple Distribution International, Cork, Ireland. Online map usage can transfer usage info/IP to provider servers. Processing based on Art. 6(1)(f) GDPR (legitimate interest in user-friendly map display) or, where legally required, Art. 6(1)(a) GDPR consent. U.S. transfer may rely on SCCs.

10.7 Google Maps
Provider: Google Ireland Limited, Dublin, Ireland; possible transfer to Google LLC (USA). Usage info/IP may be transferred and profile assignment may occur when logged into Google. Processing is either based on legitimate interests under Art. 6(1)(f) GDPR and/or consent under Art. 6(1)(a) GDPR where required. Provider certified under EU-US Data Privacy Framework.

10.8 Google reCAPTCHA
Provider: Google Ireland Limited, Dublin, Ireland; possible transfer to Google LLC (USA). Used for bot/spam defense with processing of IP/device/browser and visit timing information; cookies may be used. Cookie-based processing requires consent under Art. 6(1)(a) GDPR; non-cookie processing can rely on Art. 6(1)(f) GDPR. DPA concluded. Provider certified under EU-US Data Privacy Framework.

10.9 Google Translate
Provider: Google Ireland Limited, Dublin, Ireland. Browser connects to Google servers for translation display; browser info including IP can be transferred. Cookies may be used for language settings. Cookie-based processing requires consent under Art. 6(1)(a) GDPR; otherwise processing may be based on Art. 6(1)(f) GDPR (legitimate interests in reach/marketability). Provider certified under EU-US Data Privacy Framework.

10.10 Google Forms
Provider: Google Ireland Ltd., Dublin, Ireland; possible transfer to Google LLC (USA). For surveys/online forms; form entries plus technical metadata (OS, browser, date/time, referrer URL, IP) can be processed. Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract) and/or Art. 6(1)(a) GDPR (consent). DPA concluded. Provider certified under EU-US Data Privacy Framework.

10.11 Microsoft Forms
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA, USA. Similar survey/form processing including technical metadata. Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(a) GDPR. DPA concluded. Provider certified under EU-US Data Privacy Framework.

11) Tools and Other

Cookie Consent Tool
This website uses a cookie consent tool to obtain valid user consent for consent-required cookies/cookie-based applications. The tool appears as interactive interface where users can grant consent via checkbox selection. Consent-required services are loaded only after consent is granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed.

If in individual cases personal data (e.g. IP address) is processed for storage/assignment/protocol of settings, processing is based on Art. 6(1)(f) GDPR (legitimate interest in legally compliant, user-specific and user-friendly consent management) and additionally Art. 6(1)(c) GDPR where required by legal obligation to obtain consent for non-essential cookies.

If required, we concluded a DPA with the provider. More information on operator and settings is available directly in the consent interface.

12) Rights of the Data Subject

12.1 Applicable data protection law grants you the following rights against the controller regarding processing of your personal data:

  • Right of access according to Art. 15 GDPR
  • Right to rectification according to Art. 16 GDPR
  • Right to erasure according to Art. 17 GDPR
  • Right to restriction of processing according to Art. 18 GDPR
  • Right to notification according to Art. 19 GDPR
  • Right to data portability according to Art. 20 GDPR
  • Right to withdraw granted consent according to Art. 7(3) GDPR
  • Right to lodge a complaint according to Art. 77 GDPR

12.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OVERRIDING LEGITIMATE INTERESTS FOLLOWING A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF PROCESSING SERVES ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING FOR SUCH MARKETING PURPOSES. IF YOU OBJECT, WE WILL STOP PROCESSING FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data

Storage duration is determined by legal basis, processing purpose, and if applicable statutory retention periods (e.g. commercial/tax retention obligations).

For processing based on consent under Art. 6(1)(a) GDPR, data is stored until consent is withdrawn.

If statutory retention periods exist for data processed on basis of Art. 6(1)(b) GDPR (contractual/quasi-contractual obligations), such data is routinely deleted after expiry of retention periods unless still required for contract fulfillment/initiation or a legitimate interest in further storage exists.

For processing based on Art. 6(1)(f) GDPR, data is stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds overriding your interests/rights/freedoms, or processing serves legal claims.

For direct-marketing processing based on Art. 6(1)(f) GDPR, data is stored until you exercise your right to object under Art. 21(2) GDPR.

Unless otherwise stated for specific processing situations, stored personal data is deleted when no longer necessary for purposes for which it was collected or otherwise processed.

Copyright IT-Recht Kanzlei Copyright IT-Recht Kanzlei
Status: 24.04.2026, 13:09:41

Translation notice: This page is a one-to-one English translation of the German original "Datenschutzerklaerung". In case of discrepancies, the German original version prevails.