Cart

Privacy policy

Thank you for your interest in our online store. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data. As changes to the law or changes to our business processes may make it necessary to adapt this privacy policy, we ask you to read this privacy policy regularly.

You can also control your personal settings for the use of cookies on this website via the menu in the footer "Cookie settings" or directly here.

1. scope of application and controller; data protection officer

This privacy policy applies to the Internet offering of the online store "ergobag", which can be accessed under the domains "www.ergobag.com" and the various subdomains (hereinafter referred to as "our website").

The controller within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the member states as well as other data protection regulations is

FOND OF GmbH Vitalisstrasse 67 50827 Cologne E-mail: info@ergobag.de Phone: +49 (0) 221/956 73 230

You can reach our data protection officer using the following contact options:

Data Protection Officer of the FOND OF Group Vitalisstrasse 67 50827 Cologne E-mail: datenschutz@fondof.de Phone: +49 (0) 221/956 73 227

2. principles of data processing

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that we cannot link to your person (or can only do so with disproportionate effort ), e.g. by anonymizing the information, is not personal data.

The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent.

Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with. If we process your personal data for the provision of certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

3. Individual data processing operations

3.1 Provision and use of the website

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address of the requesting computer • Date and time of access • Name and URL of the retrieved file • Website from which the access is made (referrer URL) • the browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Section 25 (2) no. 2 of the Telecommunications Digital Services Data Protection Act (hereinafter: TDDDG) serves as the legal basis for the aforementioned data processing for reading stored information on your terminal device. The following processing of your personal data is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard a legitimate interest of our company.

Hosting by a third-party provider As part of processing on our behalf, our hosting service provider, "Amazon Web Services EMEA Sàrl" (38 avenue John F. Kennedy, L-1855, Luxembourg), provides us with the services for hosting and displaying the website. All data collected as part of the use of this website or in the forms provided for this purpose in the online store as described below are processed on its servers. Processing on other servers only takes place within the framework explained in this declaration.

Your data is generally stored on servers within the EU/EEA. In exceptional cases, however, the above-mentioned service provider reserves the right to transfer personal data to the USA in this context. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without suitable guarantees, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the service provider. In addition, where possible, we are in contact with the service provider to ensure the protection of your personal data with any additional measures that may be necessary.

3.2 Creation of a customer account / customer profile

We collect your data when you provide it to us as part of your order. When you place an order via an online store via one of the three brands of FOND OF GmbH (Affenzahn, ergobag, satch) a customer profile is created in our store system and further orders - regardless of which of the three online stores the order is placed via - are recorded in the customer profile. Via your personally created customer account in the respective online store, you can only view the orders placed via this online store.

Mandatory fields in the context of an order are marked as such, as in these cases we require the data to process the order and create a customer profile in our system.

You have the choice of placing your order as a guest order or via your customer account, which you can create personally and also access after completing an order. In the case of a pure guest order, only the data that is absolutely necessary for the order is recorded and processed.

To access your personal customer account, you must first register with your e-mail address and set a password that meets the requirements specified when entering (e.g. minimum length, combination of letters, numbers and special characters). Your customer account is valid for all three online stores of FOND OF GmbH of the brands Affenzahn, ergobag and satch. Please note that the same password is valid for accessing your customer account for all three brands. The password can be changed at any time and is therefore also valid for access to your customer account via the two other online stores.

The following data is collected as part of the creation of the customer account/customer profile:

• Salutation (optional) • Name (invoice and package recipient) • Address (billing and shipping address) • E-mail address • Telephone number (optional for deliveries within Europe only)

You can access your customer account directly via the website. In your customer account, you can find out about the status of your order or initiate a return or complaint (more on this below). In individual cases, you can cancel or change your order. Your data will also be saved for future orders.

We process the data provided by you as part of the guest order in accordance with Art. 6 para. 1 lit. b) GDPR for contract processing. We process the data provided as part of your customer account in accordance with Art. 6 para. 1 lit. a) to fulfill the contract and Art. 6 para. 1 lit. b) GDPR based on your express consent. The deletion of your customer account is possible at any time and can be done by sending a message to the contact option described above. The deletion of your customer account in an online store of FOND OF GmbH will also result in the deletion of all details and data relating to orders placed in other online stores of FOND OF GmbH via the e-mail address stored in the customer account.

After complete deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. We also collect your e-mail address in order to inform you about new functions and benefits within the scope of your customer account. For this purpose, we use the e-mail address you provided during registration to contact you by e-mail. In this case, the legal basis for sending you information by email is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in providing you with relevant information and news about your customer account to improve your user experience.

You can object to this contact at any time by sending a message to the contact option described above or by clicking on the link provided in every e-mail. As soon as you delete your customer account, your e-mail address will also be deleted and you will no longer receive e-mails containing information about your customer account.

3.3 Purchase of goods

3.3.1 Purchase process

On our website, we offer you the opportunity to purchase our products by providing personal data. The data required for this is entered into an input mask and transmitted to us and stored. Mandatory fields are marked as such, as in these cases we require the data to open the customer account and you will otherwise not be able to complete the account opening process. Data will only be passed on to third parties in the cases listed below.

The following data is collected during the ordering process:

• Salutation (optional) • Name (invoice and package recipient) • Address (billing and shipping address) • E-mail address • Payment information • Telephone number (optional for deliveries within Germany only)

When processing your personal data required to fulfill a purchase contract concluded with us, Art. 6 para. 1 lit. b) GDPR serves as the legal basis.

Once the contract has been completed and the purchase price has been paid in full, your data will be blocked for further use and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to the further use of your data. Further storage may take place in individual cases if this is required by law.

3.3.2 Payment in advance

On our website, we offer you the option of paying in advance. Data will only be passed on to third parties in the cases listed below.

The following data is collected as part of the payment process:

• Name of the account holder • Account number • Bank code • Invoice amount • Currency • Intended use

When processing your personal data required to fulfill a purchase contract concluded with us, i.e. in particular for payment processing, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. In some cases, we may also be legally obliged to transfer the data concerning you in accordance with the implementation of strong customer authentication under Directive EU 2015/2366 (PSD 2) or the Act Implementing the Second Payment Services Directive (Zahlungsdiensteumsetzungsgesetz - ZDUG). Insofar as we are legally obliged to transfer data, Art. 6 para. 1 lit. c) GDPR in conjunction with the corresponding provisions of Directive EU 2015/2366 (PSD 2) or the Payment Services Implementation Act (Zahlungsdiensteumsetzungsgesetz - ZDUG) is used as the legal basis.

3.3.3 Payment by credit card or PayPal

If you select the payment method (credit card or PayPal), your personal data will be forwarded to the payment service provider "PAYONE" (PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany) commissioned by us and to the credit institution or online payment service commissioned with the payment. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

The following data is transmitted to the payment service provider and credit institutions involved as part of payment processing:

• Name of the invoice recipient • Phone number • E-mail address • Billing address • Name of the parcel recipient • Shipping address • Order number • Credit card number, if applicable • Account number • Check digit of the bank card • Bank code • Invoice amount • Currency • Transaction number

If you decide to pay with "PayPal" as part of your order process, your personal data will be automatically transmitted to PayPal via the payment service provider PAYONE described above. PayPal is an offer from PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal acts as an online payment service provider and trustee and offers buyer protection services.

The personal data transmitted to PayPal is regularly first name, surname, address, e-mail address, IP address or other data required for payment processing. Personal data relating to the respective order (e.g. number of items, item number, invoice amount and taxes and other invoice information) is also required to process the purchase contract.

This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f) GDPR). In this context, we pass on the aforementioned data to PayPal insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).

PayPal also reserves the right to collect personal data from the buyer. According to PayPal, this may include the following information:

• Name • Address • Phone number • e-mail • Account number

PayPal may pass on your personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data is processed on behalf of PayPal.

The personal data transmitted by us to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal uses the result of the credit check, taking into account the statistical probability of non-payment, for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure.

You can find out which credit agencies are involved here: https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en-DE.

You have the option to revoke your consent to the processing of your personal data at any time from PayPal. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, provided that the personal data must be processed, used or transmitted for contractual payment processing.

You can access PayPal's privacy policy at https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en-DE.

3.3.4 Order processing and delivery by shipping companies

In order to process your order and thus to fulfill the contract in accordance with Art. 6 para. 1 lit. b) GDPR, we pass on your data to our logistics center (dadada GmbH, Heinrich-Barth-Straße 16, 53881 Euskirchen) to prepare the goods for dispatch and to a shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have given us your express consent for the purpose of delivery notification or coordination during or after your order, we will pass on your e-mail address and telephone number to the selected shipping service provider in accordance with Art. 6 para. 1 lit. a) GDPR so that they can contact you before delivery for the purpose of delivery notification or coordination.

Consent can be revoked at any time by sending a message to the contact option described above.

After revocation, we will delete your data provided for this purpose, unless statutory retention obligations prevent this.

3.4 Photo Velcro creation

You can have individual Kletties created for your child's backpack. For the personalization and delivery of the individual Kletties, we will pass on your first and last name as well as the file used and your delivery address to our partner, beyounic GmbH, Nordstraße 27, 33181 Bad Wünnenberg, Germany.

The data transmitted for the production and dispatch of your Klettie will be transmitted to the partner commissioned by us to produce your photo Klettie and send it to you as part of the fulfillment of the contract. The legal basis for the production and dispatch is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b) GDPR.

3.5 Online warranty extension

We offer you the option of extending the warranty for your purchased items to four years via our website. Our service provider "Airtable" (Airtable Inc., 799 Market Street, 8th Floor, San Francisco, CA 94103, USA) provides this service for us, so that the service provider receives your data.

To do this, we need information about the brand, the item, the date of purchase and the proof of purchase, the name of the retailer from whom you purchased the item, your first and last name, your address and your e-mail address. You can also voluntarily provide us with your telephone number.

The online warranty extension is to be regarded as part of the fulfillment of the contract and the data processing is permitted under Art. 6 para. 1 lit. b) GDPR.

In this context, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. Due to the lack of an adequacy decision and without suitable guarantees, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the service provider. In addition, where possible, we are in contact with the service provider to ensure the protection of your personal data with any additional measures that may be necessary.

We store your data until the end of the warranty period and then delete your data, unless tax or commercial retention periods require longer storage.

3.6 Returns

You can return the items you have ordered in our online store to us within 30 days. You can access our self-service portal via a link in the order confirmation. In this portal, you have the option of initiating a return. In this case, send the items back to us and enclose the withdrawal form containing your name, customer number and information about the returned items. The processing of the return is part of the fulfillment of the contract, so the legal basis for the processing by us as the controller is Art. 6 para. 1 lit. b) GDPR.

A returns label must also be created. You can do this in our self-service portal. In particular, we process your first and last name, e-mail address and address data there, which we forward to DHL via an interface. In this context, your data will only be stored by us for the purpose of forwarding and then deleted. DHL is responsible for further data processing.

Alternatively, you can also follow the instructions on https://www.ergobag.com/en/service?section=retoure . There you will be directed to an entry page of the shipping service provider DHL, where you must enter the above-mentioned data required for shipping. DHL is responsible for this data.

Further information can be found on this page: Data protection (dhl.de)

3.7 Complaint form

You have the option of making a complaint about purchased items via our website. In order to process your complaint, we process your first and last name, your address, your e-mail address as well as information about the item you are complaining about and, if applicable, your telephone number. Our service provider "Airtable" (Airtable Inc., 799 Market Street, 8th Floor, San Francisco, CA 94103, USA) provides this service for us, so that the service provider receives your data.

This is done as part of the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR. The data transmitted for the processing of your complaint will be transmitted to a company commissioned by us to process your product complaint as part of the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).

We store your data for as long as this is necessary for the complaints process and then delete your data, unless retention periods under tax or commercial law require longer storage.

3.8 Retailer search / store finder / event finder

On our website, you can use our store finder and event finder (e.g. "school bag party") to find out from which retailer in your area you can buy our products or where certain events are taking place. We use software from the service provider Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for our finder.

You have the option of finding the nearest retailer of our goods without providing personal data. If you consent to the location search, we will show you the nearest retailer based on the location determined.

The legal basis for the location determination is your consent and thus Art. 6 para. 1 lit. a) GDPR.

Your data will be deleted as soon as it is no longer required for the purposes for which it was collected or you revoke your consent and there are no statutory retention periods to the contrary.

3.9 Competitions

We offer you the opportunity to take part in competitions via a form on our website at irregular intervals.

If you make use of the competition form, we will process the following personal data about you:

• E-mail address • Salutation (optional) • First and last name (optional)

We collect and process the personal data of competition participants only insofar as this is necessary for participation in the competition. In individual cases, depending on the competition, we may collect further personal data, about which we will inform you accordingly. You are free to decide whether to provide us with this data. However, we cannot comply with your request to participate without your e-mail address. The purpose of providing your e-mail address is to identify you as a one-time participant and to inform you if you win.

Your personal data will not be transferred to third parties.

The data processing described above for the purpose of participating in the competition is carried out in accordance with Art. 6 para. 1 lit. b) GDPR.

As soon as a competition has ended and the winners have been drawn and notified, your personal data processed via the competition form will be deleted. Relevant statutory retention periods remain unaffected by this. During the statutory retention period, your personal data will be blocked and not used for any other data processing.

3.10 Embedding YouTube videos

Visitors to our website can use the options listed below to contact us. In particular, we process the personal data that you transmit to us in this context.

Within the scope of the options listed below - with the exception of the communication via telephone listed under 3.10.5 - the Ultimate AI Chatbot, from Ultimate Enterprises Oy, Address: Erottajankatu 15-17, 00130 Helsinki, Finland, is used to support customer service with regard to various customer inquiries. The Ultimate AI Chatbot produces either long or short answers. It records conversations so that they can be tracked. It also collects topics requested by customers and extracts frequently asked questions from archived conversations with the service department. This data can be used to improve the Ultimate AI Chatbot. The Ultimate AI Chatbot is integrated with the Zendesk ticket system, but also with the ERP system, so that it can also provide information on the status of the order or credit note or the processing status. The Ultimate AI Chatbot will only use the data you provide in accordance with our instructions and to improve its own service.

The legal basis for the use of the Ultimate AI Chatbot is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in fast, technical customer communication that is available at all times. If you have inquiries about your order and the Ultimate KI Chatbot responds, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing.

Further information on data processing by Ultimate.ai can be found in Ultimate.ai's privacy policy at: https://www.ultimate.ai/security-privacy.

3.11.1 WhatsApp

You have the option of contacting us via the messenger service WhatsApp. This is a service provided by "WhatsApp" (WhatsApp Ireland Limited, WhatsApp Legal Department, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). WhatsApp is part of Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA ("Meta").

Specifically, we use the WhatsApp Business API, a technical interface that is managed by our technical service provider "Zendesk" (Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA). Through this included encryption of communication, the provider of the messenger service does not gain access to the content of the communication, but only to so-called metadata (for example, about participants and time period of a communication).

We only process the information and data that you share with us during the chat conversation. This includes, for example, your first and last name, your telephone number, your Messenger ID, your profile picture and your message history with us. WhatsApp uses this data to share it within the Facebook group for unspecified purposes (for more information on data processing by WhatsApp, see https://www.whatsapp.com/legal/?eea=1#privacy-policy).

The use of our WhatsApp channel is completely voluntary for you and you can of course also contact us by other means (e.g. email or telephone).

Section 25 (2) no. 2 TDDDG serves as the legal basis for any associated storage of information on your end device and its subsequent readout. The following processing of your personal data is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at the conclusion of a purchase contract, the legal basis is Art. 6 para. 1 lit. b) GDPR.

For your own protection of your personal data, please refrain from providing us with special categories of personal data within the meaning of Art. 9 para. 1 GDPR (for example: health data).

The metadata described above may be transferred to the provider of the Messenger service in the USA. Furthermore, your personal data may be transferred outside the EU/EEA to the USA through the transfer to the technical service provider described above, Zendesk. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the service provider. In addition, where possible, we are in contact with the service provider to ensure the protection of your personal data with any additional measures that may be necessary.

The data provided and the message history with our Service Desk will be stored for follow-up questions and subsequent contact and, after the purpose of storage has ceased to apply, deleted in accordance with data protection regulations, provided that there are no statutory retention periods to the contrary.

3.11.2 Web Chat

If you wish to contact us via web chat, you must consent to the use of the cookie required for this from the provider "Zendesk" (Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA). Without this consent, we will not be able to offer you the use of the web chat. The legal basis for the associated storage of information on your end device and its subsequent readout is Section 25 (1) sentence 1 TDDDG. You can revoke this consent for the future at any time by deactivating cookies in your browser settings or in our Cookie Consent Manager. The subsequent processing of your personal data is based on your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke this consent for the future at any time by deactivating cookies in your browser settings or in our Cookie Consent Manager. The provider "Zendesk" also receives access to the personal data that you share with us via the web chat. You can find more information on this in the privacy policy of "Zendesk" [(https://www.zendesk.de/company/privacy-and-data-protection/)]((https://www.zendesk.de/company/privacy-and-data-protection/).

We then only process the information and data that you provide to us during the chat conversation. The legal basis for this processing of your personal data is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at the conclusion of a purchase contract, the legal basis is Art. 6 para. 1 lit. b) GDPR.

For your own protection of your personal data, please refrain from providing us with special categories of personal data within the meaning of Art. 9 para. 1 GDPR (for example: health data).

3.11.3 E-Mail

We offer you the opportunity to send us your request by e-mail. In addition to your e-mail address, we process the information and data that you provide to us in this way. We use the Zendesk ticket system, a customer service platform from Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102, USA, to process customer inquiries.

The legal basis for any associated storage of information on your end device and its subsequent readout is Section 25 (2) No. 2 TDDDG. The following processing of your personal data is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at the conclusion of a purchase contract, the legal basis is Art. 6 para. 1 lit. b) GDPR. For your own protection of your personal data, please refrain from providing us with special categories of personal data within the meaning of Art. 9 para. 1 GDPR (for example: health data) without separate encryption.

Further information on data processing by Zendesk can be found in Zendesk's privacy policy at: https://www.zendesk.co.uk/trust-center/.

3.11.4 Telephone

You can contact us by telephone to clarify your request. We will process the personal data that you provide to us during the conversation. We use the Zendesk ticket system, a customer service platform from Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102, USA, to process customer inquiries.

The legal basis for any associated storage of information on your end device and its subsequent readout is Section 25 (2) No. 2 TDDDG. The subsequent processing of your personal data is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a purchase contract, the legal basis is Art. 6 para. 1 lit. b) GDPR. For your own protection of your personal data, please refrain from providing us with special categories of personal data within the meaning of Art. 9 para. 1 GDPR (for example: health data).

Further information on data processing by Zendesk can be found in Zendesk's privacy policy at: https://www.zendesk.co.uk/trust-center/.

4. data transfer

We only pass on your personal data to third parties if:

• you have given your express consent to this in accordance with Art. 6 para. 1 lit. a) GDPR • this is legally permissible and necessary for the fulfillment of a contractual relationship with you in accordance with Art. 6 para. 1 lit. b) GDPR • there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR • the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is necessary for the protection of legitimate company interests, as well as for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

You can find out which data processing this concerns in the specific case below the respective data processing described.

Furthermore, in certain cases we are obliged by law to pass on your personal data to third parties. This is the case, for example, if there is a suspicion of a criminal offense or misuse of our website. We are then obliged to pass on your data to the responsible law enforcement authorities. In addition, your data will only be stored in our database and on our servers or those of our processors.

5. Data processing for advertising purposes

5.1 (Personalised) e-mail advertising with registration for the newsletter We offer you the ergobag newsletter service. With your consent, you can subscribe to our newsletter, with which we inform you about new products, events, competitions and current offers.

How do I register?

We use the so-called double opt-in procedure for sending our newsletter, which requires registration, i.e. we will only send you a newsletter if you have previously expressly consented to us activating the newsletter service. You must also confirm that the e-mail address you have provided belongs to you. For this purpose, we will send you a notification e-mail and ask you to confirm that you are the owner of the e-mail address provided by clicking on a link contained in this e-mail.

What data is recorded and how?

When you register for a newsletter, we automatically save your IP address and the time of registration and confirmation. This enables us to prove that you have actually subscribed and to recognise any misuse of your email address.

The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. We use the resulting data exclusively for sending the requested information and offers.

In order to constantly improve your shopping experience and protect you from unnecessary advertising, we use the information you provide and automatically generate to design personalised advertising tailored to you and your interests. For example, we use confirmations of receipt and read receipts of e-mails, your order history, the date and time of your visit to the homepage or product pages that you have visited. We create a profile about you by collating all the information that you have provided to us directly or indirectly. Analysing and evaluating this information enables us to send you personalised advertising. Our aim is to make our advertising more useful and interesting for you. In this way, we want to prevent indiscriminate advertising and only send you advertising, for example in the form of newsletters or product recommendations in e-mails, which correspond to your interests.

We generally process the following personal data from you:

- Name

- Address: - Address

- E-mail address

- IP address

- Payment, purchase and transaction information (if available to us)

- Browsing information

- Information on behaviour and preferences (if this is available to us)

We use the newsletter software Mailjet, a service of Mailgun Technologies, Inc. 112 E Pecan St #1135 San Antonio, TX 782, USA, to provide, process and send the newsletter. Mailgun is prohibited from passing on your data to third parties without authorisation or using it for purposes other than sending newsletters.

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent. If you do not wish to receive personalised advertising, you can revoke your consent to the newsletter service at any time with effect for the future (see below). If your child has not reached the age of 16, we will only collect your children's personal data after you have given your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Art. 8 (1) GDPR in connection with the newsletter order for the purpose of customising the newsletter in order to send you age-appropriate information and product recommendations. You can also revoke this consent at any time with effect for the future (see below).

In this context, personal data may be transferred to Mailgun in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. Due to the lack of an adequacy decision and without suitable guarantees, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the service provider. Furthermore, where possible, we liaise with the service provider to ensure the protection of your personal data with any additional measures that may be necessary.

Further information about the provider can be found here

How do I deregister?

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to info@ergobag.de or by sending a message to the contact details given in the legal notice. Your e-mail address and optional title and name will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your e-mail address and other data will be deleted. Your data will be stored for 5 years and then duly deleted, unless they are subject to statutory retention periods.

5.2 E-mail advertising without subscribing to the newsletter and your right to object

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for products similar to those already purchased from our range by e-mail on the basis of Section 7 (3) UWG.

This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in an advertising approach to our customers. The legal basis is therefore Art. 6 para. 1 lit. f) GDPR.

You can object to this use of your e-mail address at any time by sending a message to the contact option described above or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

We use the newsletter software Mailjet, a service of Mailgun Technologies, Inc. 112 E Pecan St #1135 San Antonio, TX 782, USA, for the provision, processing and dispatch of the newsletter. Mailgun is prohibited from passing on your data to third parties without authorisation or using it for purposes other than sending newsletters.

Further information about the provider can be found here

5.3 Postal advertising and your right of objection

In addition, we reserve the right to use your first name, surname and postal address for our own advertising purposes, e.g. to send you interesting offers and information about our products by post.

This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in an advertising approach to our customers in accordance with Art. 6 para. 1 lit. f) GDPR.

You can object to the storage and use of your data for these purposes at any time with effect for the future by sending a message to the contact option described above.

6. evaluation of the online shop

We offer you the opportunity to submit reviews of our online shop and your order. If we receive your e-mail address in connection with the sale of a product or service, you have submitted a review at the end of an order and have actively submitted the review to us, we reserve the right to contact you by e-mail in individual cases in order to ask follow-up questions about your review at a later date. Your rating is used for analysis and optimisation purposes.

We process your personal data on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

We only process the information and data that you provide to us via your rating. This includes, for example, your e-mail address, transaction ID and browser information. The data provided and your rating will be stored for subsequent contact and deleted in accordance with data protection regulations once the purpose of storage no longer applies, provided that there are no legal retention periods to the contrary.

7. cookies and web analytics

We use cookies on our website. Cookies are small files that are sent by us to the browser of your end device and stored there when you visit our website.

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to carry out various analyses. For example, cookies are able to recognise the browser you are using when you visit our website again and to transmit various information to us. With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, , for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programmes or contain viruses.

Various types of cookies are used on our website, the nature and function of which are explained in more detail below.

Function 1: Essential (or technically necessary) cookies

These cookies are required for technical reasons so that you can visit our website and use the functions we offer. In addition, these cookies contribute to a secure and compliant use of the website.

Function 2: Marketing Cookies

Advertising cookies (third-party provider) make it possible to show you various offers that match your interests. These cookies can be used to record the web activities of users over a longer period of time. You may recognise the cookies on different end devices you use. Furthermore, certain cookies make it possible to establish a connection to your social networks and to share content from our website within your networks.

The legal basis for the use of technically necessary cookies for the associated storage of information on your end device and its subsequent reading is § 25 para. 2 no. 2 TDDDG. The following processing of your personal data is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

We require your consent for cookies that are not technically necessary or so-called third-party cookies. If you have given us your consent to the use of a non-technically necessary cookie on the basis of a notice ("cookie banner") provided by us on the website, the legality of the associated storage of information on your end device and its subsequent reading is governed by Section 25 (1) sentence 1 TDDDG. You can revoke this consent for the future at any time by deactivating cookies in your browser settings or in our Cookie Consent Manager.

The following processing of your personal data takes place on the basis of your expressly granted consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can also revoke this consent for the future at any time by deactivating cookies in your browser settings or in our Cookie Consent Manager.

As soon as the data transmitted to us via the cookies is no longer required to fulfil the purposes described above, this information is deleted, especially if the cookies are deactivated. Further storage may take place in individual cases if this is required by law. You can manage the cookie settings using the setting options listed below or by configuring your browser settings.

Most browsers are set to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are deactivated by your browser settings on our website. You can also use your browser settings to delete cookies already stored in your browser or to display the storage period. It is also possible to set your browser to notify you before cookies are stored. As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options. If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.

Further information on the individual cookies used can be found in our Cookie Consent Manager. You can also manage consent your there.

8. hyperlinks and other linked elements to external websites

Our website contains so-called hyperlinks and other linked elements to websites of other providers. If you activate these hyperlinks, you will be forwarded directly from our website to the website of the other provider. You will recognise this by the change of URL.

We cannot accept any responsibility for the confidential handling of your data on third-party websites, as we have no influence on whether these companies comply with data protection regulations. This applies in particular to links to our social media channels on Instagram, Facebook, Pinterest and TikTok. Please refer directly to these websites for information on how these platforms handle your personal data.

With regard to certain processing operations, we are jointly responsible under data protection law with, in particular Facebook and Instagram, in accordance with Art. 26 GDPR.

In cases where we are jointly responsible for the processing with the operator, you can find the main content of the joint processing here: https://www.facebook.com/legal/terms/page_controller_addendum

In addition to FOND OF GmbH, the following companies are responsible for the company websites:

• Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) • Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) • Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor Fenian Street Dublin 2, Ireland) • TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland)

However, you use the platforms on your own responsibility, in particular the interactive functions (e.g. commenting, sharing, liking, videos, images). We reserve the right to delete unlawful, racist or otherwise offensive comments that are shared on our pages. This applies, for example, to illegal or hate comments, offensive comments or images/videos.

All posts published by you on our pages remain accessible within the account for an unlimited period of time, unless we delete them due to an update of the underlying topic, a violation of the law or a violation of our guidelines, or you delete the post yourself.

We have no influence on the deletion of your personal data by the platforms. The data protection provisions of the respective platform apply. In this context, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without suitable guarantees, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the service provider. The company Meta Platforms, Inc. is certified in accordance with the "EU-US Data Privacy Framework" (DPF). Furthermore, where possible, we liaise with the service provider to ensure the protection of your personal data with any additional measures that may be required.

In particular, the following personal data may be processed:

User content
Date of birth
Profile information
Profile picture
Usage data
Device information
Smartphone-related information, if applicable
First and last name
Internet service provider
IP address

We publish and share current offers, new products, competitions and current trends about ergobag on the respective accounts. We also collect data for statistical purposes in order to further develop and optimise the content and to make the ergobag offer more attractive. The data required for this is processed and made available by the respective providers. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Data processing is carried out in the interests of our communication and public relations work. We have no influence on the presentation, scope, type and purpose of data processing by the social media platform. In addition, your personal data is processed for market research, communication and advertising purposes. Based on your usage behaviour and the resulting interests, usage profiles such as your habits, personal relationships, preferences, etc. may be created. This allows, among other things, interest-based advertisements and personalised product recommendations to be displayed within and outside the platforms that presumably correspond to your interests. This is usually done with the help of cookies that are stored on your computer in order to evaluate your user behaviour. Irrespective of this, data that is not collected directly from your end devices may also be stored in your user profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and are logged in to the respective platforms. As already stated, we cannot influence the companies' web tracking methods.

If you have set up a user profile on one of the above-mentioned social networks, the means, scope and purposes of the processing of personal data on the social networks are primarily determined by the respective platforms. If you are logged into your respective account, you enable the providers to assign your surfing behaviour directly to your personal profile. In addition, the company may be able to determine your user name and possibly even your name from the transmitted data and assign this information to your personal user account with the social media service. You can prevent this by logging out of the respective account.

You can also contact us via our social media accounts. In this case, we process the data you provide to us in order to process your enquiry. For this purpose, your data may also be transmitted to the body responsible for your enquiry. This body could also be a third party. You can find more information on the options to object and the processing of your data by these platforms under the following links:

Facebook Privacy policy: https://www.facebook.com/about/privacy/ Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Instagram Privacy policy: https://help.instagram.com/519522125107875
Opt-out: http://www.networkadvertising.org/managing/opt_out.asp and http://www.youronlinechoices.com

Pinterest Privacy policy: https://policy.pinterest.com/en/privacy-policy
Opt-out: https://help.pinterest.com/en/article/personalization-and-data

TikTok Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en Opt-out: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/personalization-and-data

Meta Platforms, Inc. is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

9. personalisation through customer matching / customer matching for online target groups (Google, Pinterest, TikTok, Meta)

We use user-defined target groups ("custom audiences") as a targeting option on various platforms (Google, Pinterest, TikTok and Meta) to exclude you from personalised advertisements on these platforms. To do this, we upload encrypted email address lists of existing customers or newsletter subscribers to the platforms. The aim is to ensure that you are excluded from adverts on the respective platforms and only receive adverts that are relevant to you and in line with your interests. This improves your user experience; as a newsletter subscriber or existing customer, you will not receive any adverts that are intended for a different target group.

We upload encrypted (hashed) lists of email addresses to the providers' respective advertising systems.

The providers compare these hash values with the email addresses of their registered users in order to identify matches. If there is a match, the user is included in a target group (custom audience) and can receive targeted advertising from us or - as in the function we have selected - be excluded from advertising.

As soon as the matching process is complete, the providers delete the transmitted hash values immediately.

The services we use are:

Google Customer Match Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data processing at Google can be found here: https://support.google.com/google-ads/answer/6379332?hl=en. You can find Google's terms of use here: https://support.google.com/google-ads/answer/9805516?hl=en&sjid=10303074791185544685-EU
Pinterest Customer List Targeting Provider: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Further information on data processing at Pinterest can be found here: https://policy.pinterest.com/en/privacy-policy. The terms of use for advertising data can be found at the following link https://policy.pinterest.com/en/ad-data-terms
TikTok Custom Audiences Provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Further information on data processing at TikTok can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/en. The terms of use can be found at https://ads.tiktok.com/i18n/official/policy/custom-audience-terms
Facebook Custom Audiences Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information on data processing by Facebook in connection with Costum Audience can be found here: https://www.facebook.com/legal/terms/data_security_terms. The terms of use of Costum Audience can be found at the following link: https://www.facebook.com/legal/terms/customaudience Facebook's general data processing conditions can be found at https://www.facebook.com/legal/terms/dataprocessing and at https://www.facebook.com/privacy/policy.

Your email address is processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to increase the efficiency of our advertising measures and to provide you with suitable advertising.

In this context, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without suitable guarantees, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the service provider.

The company Meta Platforms, Inc. is certified according to the "EU-US Data Privacy Framework" (DPF). Furthermore, where possible, we liaise with the service provider to ensure the protection of your personal data with any additional measures that may be required.

10. management of social media channels

The data provided to us by the social media network operators is processed by the social media management software "Hootsuite", Hootsuite Media Inc, 111 East 5th Avenue, Vancouver, BC V5T4L1, Canada.

Hootsuite helps us to manage our business accounts on social media channels (Instagram and Facebook). The following data is processed by you:

Profile name and profile picture of users
Personal data that you share with us through comments or messages

The legal basis for the processing of your personal data is rt. 6 para. 1 lit. f) GDPR. Hootsuite is used to manage our various social media business accounts. Posts can be planned, created, published, checked, liked and shared. At the same time, our social media channels can also be tracked within Hootsuite and the performance of our posts can be analysed in order to plan further content on the social media channels and optimise our social media strategy on the basis of this analysis. We can also use it to manage customer conversations.

In this context, personal data is transferred to countries outside the EU/EEA, in particular to Canada. Canada is a so-called third country. Third countries generally do not fulfil the data protection level of the EU standards. When data is transferred to a third country, suitable guarantees are required to ensure an adequate level of data protection with regard to the personal data. In order to be able to guarantee an adequate level of protection for your personal data in the event of the transfer of personal data to Canada, the European Commission has issued an adequacy decision with regard to Canada in accordance with Art. 45 GDPR, which determines that Canada offers an adequate level of protection for personal data. The adequacy decision can be viewed at the following link: EUR-Lex - 32002D0002 - EN - EUR-Lex (europa.eu). Furthermore, where possible, we liaise with the service provider to ensure the protection of your personal data with additional measures where necessary.

Further information on data processing and the privacy policy of "Hootsuite" can be found under the following links:

11. value vouchers

We use the data provided when ordering vouchers to check and process the order and to send and redeem the voucher. This also includes the documentation and processing of the data associated with the voucher redemption.

The following data is processed as part of the ordering of vouchers and payment processing using a voucher:

Date of issue
Voucher value
Voucher code
Name of the invoice recipient
Billing address
Time of voucher redemption

12. your rights

As the data subject, you have the following rights:

• in accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein; • in accordance with Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personal data stored by us; • in accordance with Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is necessary o to exercise the right to freedom of expression and information; o for the fulfilment of a legal obligation; o for reasons of public interest; or o is necessary for the establishment, exercise or defence of legal claims; • in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as o the accuracy of the data is contested by you; o the processing is unlawful, but you oppose the erasure of the data; o we no longer need the data, but you need it for the establishment, exercise or defence of legal claims; or o you have objected to the processing pursuant to Art. 21 GDPR; • in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller; • in accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of any consent given or objection to a specific use of data, please contact our data protection officer mentioned above.

Right to object
If we process personal data as described above in order to safeguard our legitimate interests, which are overriding in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation. After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims. This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.