Data protection declaration


Privacy Policy

In the following we inform you about the collection of personal data when using

  • our B2B online shop https://b2b.mybacs.com/

  • our social media profiles on Facebook, Instagram, Pinterest, Twitter, YouTube, LinkedIn.

Personal data is any data and information relating to an identified or identifiable natural person, such as an email address, an IP address or browser data.

Contact details and contact

The responsible party according to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is:
mybacs Vertriebs GmbH
legally represented by: Carl-Philipp von Polheim
Infanteriestraße 11a, Building E
80797 Munich
E-mail: support@mybacs.com
Phone +49 91147558163


Data protection officer

Our data protection officer is:
heyData GmbH
Kantstr. 99
10627 Berlin
www.heydata.eu
E-mail: datenschutz@heydata.eu 

Scope of data processing, processing purposes and legal bases

The scope of your data processing, processing purposes, and legal bases are explained in detail below. The following generally serve as legal bases for data processing:

  • Article 6 (1) (a) GDPR serves as the legal basis for processing operations for which we obtain your consent.

  • Article 6 (1) (b) GDPR serves as the legal basis if the processing of your personal data is necessary to fulfill a contract, e.g., if you purchase a product from us or we provide a service for you. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.

  • Article 6 (1) (c) GDPR applies if we process your personal data to comply with a legal obligation, as may be the case under tax law.

  • Article 6 (1) (f) GDPR serves as the legal basis if we can rely on legitimate interests to process your data, e.g. for cookies that are necessary for the technical operation of our website.

Storage period

Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Your rights

You have the following rights with regard to your personal data:

  • Right to information,

  • Right to rectification or erasure,

  • Right to restriction of processing,

  • Right to object to processing,

  • Right to data portability,

  • Right to withdraw consent at any time.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data.                        

Obligation to provide data

Within the scope of our business relationship, you only need to provide the personal data that is necessary for establishing, conducting, and terminating a business relationship, or that we are legally obligated to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract.

Mandatory information is marked as such.                                                                           

No automatic decision-making in individual cases

As a general rule, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and conduct our business relationship. Should we use these procedures in individual cases, we will inform you separately, provided this is required by law.

Contact us

When you contact us by email or telephone, the data you provide (e.g., email address and name) will be stored by us in order to answer your questions. The legal basis for this processing is our legitimate interest (Art. 6 (1) (f) GDPR) in answering inquiries addressed to us. We delete the data collected in this context once storage is no longer required, or restrict processing if statutory retention periods apply.

Data processing on our B2B online shop 

Collection and use of personal data

When you use the website for informational purposes, i.e., when you do not provide us with any information separately, we collect the personal data that your browser transmits to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 (1) (f) GDPR.These data are:

  • IP address

  • Date and time of the request

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (specific page)

  • Access status/HTTP status code

  • amount of data transferred

  • Website from which the request comes

  • Browser

  • Operating system and its interface

  • Language and version of the browser software.

This data is also stored in log files. It is deleted when its storage is no longer required, at the latest after 14 days.

Web host

Our website is hosted by Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, based on a data processing agreement (Art. 28 GDPR). Although the processing of personal data is not the primary responsibility of the host, it cannot be ruled out that the host may nevertheless access personal data processed via the website.

Shopify processes data exclusively on EU servers and on servers in Canada for which the EU Commission has determined an adequate level of protection, so that data transfer is lawful according to Art. 45 (3) GDPR.

Contact form

If you contact us via the contact form on our website, we will save the data requested there and the content of your message.
The legal basis for the processing is our legitimate interest (Art. 6 Para. 1 S. 1 lit. f GDPR) to answer inquiries addressed to us.
We delete the data collected in this context once storage is no longer required or restrict processing if statutory retention periods apply.
If we use the services of a third party provider as part of our contact form, you can find further information about them below under “Third-party tools”.

Newsletter

Newsletters are sent on the basis of a data processing agreement (Art. 28 GDPR) via the “Kalviyo” service of Klaviyo Inc., 125 Summer Street, Boston, MA 02110, USA (hereinafter “Klaviyo”). Klaviyo’s privacy policy can be found at https://www.klaviyo.com/legal. Data processing is therefore based on your consent (Art. 6 (1) (a) GDPR). The same applies to the storage of your IP address in order to securely document your registration for the newsletter. In addition, we measure the success of our newsletters in a personalized manner by measuring when you opened the newsletter and clicked on a link. Our interest in measuring the effectiveness of the newsletter is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
Processing will continue until you revoke your consent, e.g., by clicking the "Unsubscribe" button at the end of each newsletter. We will then delete your data. Your revocation does not affect the legality of the data processing until your revocation. 

Direct mail

If you have already used services from us or purchased goods, we reserve the right to inform you from time to time by email about our similar offers, unless you have objected to this. The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). You can object to the use of your email address for advertising purposes at any time and free of charge, e.g., by contacting us using the contact details provided above. This direct advertising is permissible under the conditions of Section 7 (3) of the Unfair Competition Act (UWG).


Hive

To fulfill our contractual obligations to our B2B customers and to process the shipping of their orders, we use the services of the logistics provider Hive Technologies GmbH, Rosenstraße 16-17, 10178 Berlin, Germany (hereinafter "Hive"). By ordering our products, our customers may transmit personal data previously provided by them to Hive (e.g., name, address, email address, telephone number). This data transfer takes place exclusively for the purpose of proper delivery of the goods and is based on the fulfillment of the contract concluded between us and our customers. The legal basis is therefore Art. 6 (1) (b) GDPR. Hive is contractually obligated to process our customers' data only within the scope of our instructions and in accordance with applicable data protection laws, and to take appropriate security measures to ensure the confidentiality and security of the data.



Payment processing

To process payments we use Shopify Payments from Shopify Inc., 151 O'Connor Street, Ground Floor, Ottawa, ON K2P 2L8, Canada (Privacy Policy: https://www.shopify.com/de/legal/datenschutz) and its processing via Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (hereinafter: Stripe) as the payment processor for all our payment options, who are themselves responsible for data protection within the meaning of Art. 4 No. 7 GDPR. To the extent that Stripe receives the data and payment details you provide during the ordering process, we thereby fulfill the contract concluded with you (Art. 6 (1) (b) GDPR). (Privacy Policy: https://stripe.com/de/privacy)

These payment processors offered by us via Stripe are:

Technically necessary cookies

Our website uses cookies. Cookies are small text files that your web browser stores on your device. Cookies help make our service more user-friendly, effective, and secure. To the extent that these cookies are necessary for the operation of our website or its functions (hereinafter "technically necessary cookies"), the legal basis for the associated data processing is Art. 6 (1) (f) GDPR, as we have a legitimate interest in providing you with a functional website.
Specifically, we use technically necessary cookies for the following purpose(s):

  • Adoption of language settings,

  • shopping cart,

  • Remembering search terms,

  • Storage of log-in data,

  • Cookies from payment providers for payment processing that do not analyze user behavior

Third-party tools

Our website uses the third-party tools listed below. Some of these may use cookies, pixels, and similar technologies to give you the best possible experience on our website. Cookies are small text files that your web browser stores on your device. Cookies help make our service more user-friendly, effective, and secure. Pixels are small, usually transparent graphics placed on websites that help collect information about users' online behavior.

Further information on the various tools, e.g.You can find information about your providers, the legal basis for data processing and any data transfer to a non-EU country in the following list:

Google Analytics

If the site visitor has given his consent, we use Google Analytics, a web analysis service of Google Ireland Ltd., Gordon House, Barrow Street, D04 E5, on the basis of a contract processing agreement (Art. 28 GDPR).W5, Dublin, Ireland ("Google"). This service uses cookies. Cookies generate information about the use of the website by visitors, including pages accessed, the achievement of "website goals" (e.g. contact requests and newsletter registrations), behavior on the pages (e.g. clicks, scrolling behavior and length of stay), the approximate location (country and city), the IP address of the visitor (in abbreviated form so that no clear assignment is possible), technical information such as browser, internet provider, device and screen resolution and source of the visit (i.e. which website or advertising medium a visitor came to us from). This information is usually transferred to a Google server in the USA and stored there. The legal basis for processing is the consent of the visitor (Art. 6 (1) (a) GDPR). Visitors can revoke their consent at any time by contacting us using the contact details provided above. The revocation does not affect the legality of the processing up to the time of revocation.

Google uses this information to evaluate the use of our website by visitors, to compile reports on website activity, and to provide us with additional services related to website activity and internet usage. Pseudonymized user profiles of website visitors may be created from the data. Google does not combine the IP address transmitted by the visitor's browser with other data.

Further information on data usage by Google can be found in Google’s privacy policy (https://policies.google.com/privacy). The personal data of site visitors will be deleted or anonymized after 14 months. The security of data transfer to the USA is ensured by the standard data protection clauses adopted by the EU Commission (Article 46 (2) (c) GDPR), which we have agreed with Google.

Google Ads

We use Google Ads (formerly Google AdWords) to serve ads on Google. Google places a cookie on your computer. This allows personal data to be stored and evaluated, particularly user activity (in particular, which pages were visited and which elements were clicked on), device and browser information (in particular, the IP address and operating system), data about the ads displayed (in particular, which ads were shown and whether the user clicked on them), and data from advertising partners (in particular, pseudonymized user IDs). For information about data processing in the USA by Google, please refer to the section on "Google Analytics." Further information on data processing by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=de.

We only receive information about the total number of users who responded to our ad. No information is shared that could identify you. This data is not used for tracking purposes. The legal basis for processing users' personal data is generally the user's consent in accordance with Art. 6 (1) (a) GDPR.

Site visitors have the right to revoke their consent to data protection at any time. Revoking consent does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation.

Google Marketing Platform

We use marketing and remarketing services in the Google Marketing Platform on our website based on a data processing agreement (Art. 28 GDPR). These services allow us to display advertisements more specifically in order to present site visitors with ads tailored to their interests. Remarketing shows site visitors ads and products in which an interest has been identified on other websites in the Google network. For this purpose, when our website is accessed, Google executes a code and so-called (re)marketing tags are integrated into the website. With their help, an individual cookie or similar technology is stored on the site visitor's device. The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites site visitors have visited, which content they are interested in and which offers they have clicked on. In addition, technical information about the browser and operating system, referring websites, visit time, and other information about website usage are stored. All data from site visitors is processed only as pseudonymous data. Google therefore does not store names or email addresses. All ads displayed are therefore not targeted at a specific person, but rather for the owner of the cookie. We can integrate third-party advertisements based on the Google Marketing Service DoubleClick. DoubleClick uses cookies that enable Google and its partner websites to serve ads based on site visitors' visits to this website or other websites on the Internet.

For information about data processing in the USA by Google, please refer to the section on “Google Analytics.” Further information on Google’s use of data when using Google partner sites can be found at https://policies.google.com/privacy?hl=de.

The legal basis for the use of the Google services described is your consent (Art. 6 (1) (a) GDPR). Site visitors can revoke their consent by contacting us using the contact details provided above. The revocation does not affect the legality of the processing up to the time of revocation.

Google Maps

We integrate the Google Maps service from Google. The data processed may include, in particular, users' IP addresses and location data if the device users have given their consent via a corresponding setting in their device settings. The legal basis is Art. 6 (1) (a) GDPR. Further information on the processing of data by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=de


Facebook Pixel and Custom Audiences

We use the “visitor action pixel” of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) on our website on the basis of a contract processing agreement (Art. 28 GDPR).

With the help of the visitor action pixel, we can track the behavior of page visitors after they have been redirected to our website by clicking on a Facebook ad (so-called redirection pixel)."Conversion"). We can also use this method to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, meaning we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook can link this data to your Facebook account and use it for its own advertising purposes in accordance with Facebook's data usage policy. More information can be found at https://www.facebook.com/about/privacy/.

The visitor action pixel is triggered by Facebook when our website is accessed and can save a cookie on the visitor's device. If the visitor subsequently logs into Facebook or visits Facebook while logged in, the visit to our website is recorded in their profile. The data collected about them remains anonymous to us, meaning they do not allow us to draw any conclusions about the user's identity. However, the data is stored and processed by Facebook, allowing a connection to the respective profile of the visitor to be established and used by Facebook for its own market research and advertising purposes.

The legal basis for using this service is the consent of the website visitor (Art. 6 (1) (a) GDPR). Website visitors can revoke their consent at any time by contacting us using the contact details provided above. The revocation does not affect the legality of the processing up to the time of revocation.

The security of the data is ensured because the contract with Facebook contains standard contractual clauses according to Art. 46 (2) (c) GDPR, which have been adopted by the EU Commission.

Typeform

Based on a data processing agreement (Art. 28 GDPR), we use Typeform on our website and in our communications with prospects and customers. Typeform is a questionnaire software that enables direct, real-time question-and-answer communication with visitors to the Typeform website. The developer is Typeform SL, Carrer Bac de Roda, 163, 08018 Barcelona (Spain).

The legal basis for processing this data is Art. 6 (1) (f) GDPR, because it is our legitimate interest to collect information from customers or site visitors in a particularly user-friendly manner. We delete the collected data points as soon as they are no longer required for our purposes.

Typeform’s privacy policy can be found here: https://admin.typeform.com/to/dwk6gt.

Typekit (Adobe Fonts)

This website uses so-called web fonts provided by Adobe Typekit for the consistent display of fonts. This is a service of Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. When you visit a page, your browser loads the required web fonts into the browser cache to display text and fonts correctly.

For this purpose, the browser you use must connect to the Adobe Typekit servers.This gives Adobe access to the following information:

  • provided fonts

  • ID of the web project

  • JavaScript version of the web project (string)

  • Type of web project (string “configurable” or “dynamic”)

  • Embed type (whether to use JavaScript or CSS embed code)

  • Account ID (identifies the customer from whom the web project originates)

  • Service that provides the fonts (e.g. Adobe Fonts)

  • Server that provides the fonts (e.g., Adobe Fonts server or corporate CDN)

  • Hostname of the page where the fonts are loaded

  • The time it takes the web browser to download the fonts

  • The time from downloading the fonts with the web browser to applying the fonts

  • Whether an ad blocker is installed to determine if the ad blocker interferes with the correct tracking of page views

  • Operating system and browser version

  • IP address

We use Adobe Typekit Web Fonts to ensure a consistent and appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

For more information about Adobe Typekit Web Fonts, see https://typekit.com/ and in the Adobe Typekit privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html

Pinterest Pixel

Our website uses the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which enables us to show our website visitors who have already shown an interest in our website and our content/offers and are Pinterest members, relevant advertising and offers on Pinterest. For this purpose, a so-called Pinterest conversion tracking pixel is integrated into our web pages, which tells Pinterest when you visit our website that you have visited our website and which parts of our offering you are interested in. For example, if you have shown an interest in our subscriptions on our website, you may be shown an ad about our subscriptions on Pinterest.

The legal basis for using this service is the consent of the website visitor (Art. 6 (1) (a) GDPR). Website visitors can revoke their consent at any time by contacting us using the contact details provided above. The revocation does not affect the legality of the processing up to the time of revocation.

 

Trustpilot

Based on a data processing agreement, we participate in the rating process of Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark. Trustpilot offers users the opportunity to rate our services.

A review invitation is generated for each first-time order. For this purpose, your first name, last name, email address, and a reference number (order number for unique identification) are transmitted to Trustpilot.A review of mybacs can be found at https://de.trustpilot.com/review/mybacs.com The review is verified using the reference number (order number) via a specially generated link. Submitting a review is voluntary. It is our legitimate interest to obtain our customers' opinions on our products, so the legal basis for data processing is Art. 6 (1) (f) GDPR.

For more information, see Trustpilot’s privacy policy at https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.


Data processing in social media

We are represented on the social networks listed below to present our company and our services. The operators of these networks regularly process your data for advertising purposes. Among other things, they create user profiles from your online behavior which are used, for example, to show you advertising on the network pages and elsewhere on the Internet that matches your interests. To do this, the network operators store information about your usage behavior in cookies on your computer. It cannot be ruled out that the operators will combine this information with other data. This is especially the case if you have an account on the network and are logged into it. Further information and instructions on how you can object to the processing of your data by the site operators can be found in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, meaning that they process your data there. This can result in risks for users because it could, for example, make it more difficult to enforce users' rights.

If you contact us via our company profiles, we will process the data you provide to answer your inquiries. This is our legitimate interest, so the legal basis is Art. 6 (1) (f) GDPR.

We are represented on the following social media pages:

  • Facebook (Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Based on an agreement with Facebook pursuant to Art. 26 GDPR, we are jointly responsible for the processing of your data when you visit our fan page. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_dataYou can exercise your rights both against us and against Facebook. However, according to our agreement with Facebook, we are obligated to forward your requests to Facebook so that you receive a faster response if you contact Facebook directly.

  • Instagram (Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Privacy Policy: https://help.instagram.com/519522125107875)

  • LinkedIn (Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Privacy Policy: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE; Possibility of objection: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out)

  • Twitter (Operator: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy; Possibility to change the personalization of the displayed publication: https://twitter.com/personalization)

  • YouTube (Operator: Google Ireland Limited Gordon House, Barrow Street Dublin 4.Ireland; Privacy Policy: https://policies.google.com/privacy?hl=de)

  • Pinterest (Operator: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; Privacy Policy: https://policy.pinterest.com/de/privacy-policy)

Changes to this privacy policy      
We reserve the right to change this privacy policy at any time with future effect. A current version will always be available here.

contact

If you have any questions or comments regarding this privacy policy, please contact us using the contact details provided above.


Last updated: June 19, 2024