Data protection

1. Scope

The protection of your personal data is significantly important to us. As the responsible party by the provisions of Articles 13 and 14 of the General Data Protection Regulation (GDPR), we hereby inform affected individuals about our handling of personal data. This notice has been valid since May 2024. Should data processing procedures change or legal or regulatory requirements evolve, it may be necessary to adjust this document. The current version is always available at https://ship-cheaper.com/policy/.

2. Responsible Party

The party responsible for data processing by the Article 4 Number 7 of the General Data Protection Regulation (GDPR) is:

Ship Cheaper

Viktor Schleicher

Kaiserstr. 19

76646 Bruchsal

Germany

The complete legal notice is available at the following link: https://ship-cheaper.com/imprint/

3. Data Protection Officer

You can reach our Data Protection Officer at the following address:

Viktor Schleicher

Kaiserstr. 19

76646 Bruchsal

Email address: datenschutz@ship-cheaper.com

4. Source of personal data.

We process personal data that has been received either from you directly or from recipients of personal data.

5. Obligation to provide data.

As part of our contractual or legal obligations, it may be necessary for you as the data subject to provide our company with personal data. This data is necessary for the establishment, implementation and termination of the contractual relationship as well as for the fulfilment of the associated contractual obligations or the fulfilment of legal requirements. Without this data, we will generally not be able to conclude the contract or continue an existing contract and may have to terminate it.

6. Storage period.

Unless otherwise specified, the following criteria apply to determine the storage period: If consent is given by Article 6 paragraph 1 letter A of the GDPR, the data will be stored until the data subject revokes their consent. For pre-contractual and contractual purposes according to Article 6 Paragraph 1 Letter B GDPR, the data will be stored until the end of the contract and beyond that until the expiry of relevant limitation periods (e.g. 3 years according to Section 195 of the German Civil Code) from the concluded contract. If our legitimate interest is predominant by Article 6 Paragraph 1 Letter F of GDPR, the data will be stored until the data subject exercises their right of objection following Article 21 Paragraph 1 GDPR. This applies unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. In the case of direct advertising by Article 6 Paragraph 1 Letter F GDPR, the data will be stored until the data subject exercises their right of objection following Article 21 Paragraph 2, 3 GDPR. If we have retention obligations, the relevant documents will be kept until the relevant legal provisions expire (e.g. 10 or 6 years by Par. 147 FC (AO-Fiscal Code of Germany) and Section 257 CC (HGB - Commercial Code of Germany). Interested party data will be stored for as long as it can be assumed that there is still interest in working together. If this data is no longer considered relevant, it will be deleted. Business partner data will be stored for as long as it can be assumed that there is still interest in working together. If this data is no longer considered relevant, it will be deleted at the earliest three years after the end of the last business relationship, unless there are statutory retention obligations. Supplier data will be stored until the supplier objects and deleted at the earliest three years after the end of the last business relationship unless there are statutory retention obligations. In general, personal data is only stored for as long as there is a legal basis for storage.

7. Processing of Personal Data via Cookies. Cookie Policy

Our website uses cookies, which are small text files stored on the storage medium of your device, such as a hard drive. Cookies transmit certain information to us as the party that placed them. They are not capable of running programs or transmitting viruses to your device. Below, we explain the types of cookies used on our website, as well as their scope and functionality. 

Persistent Cookies or Cookies Stored in Your Web Browser: These cookies are automatically deleted after a set period, which can vary depending on the cookie. You can delete these cookies at any time via your web browser settings.

The processing of personal data through these cookies aims to make the overall offer of our website more user-friendly and effective for you. Some functions of our website are not available without these cookies. In particular, some functions of our website require your web browser to be identified even after a page change. If you have an account, we use cookies to recognize you on subsequent visits, so you do not have to log in again each time. Data processed through cookies necessary for providing the functions of our website are not used to create user profiles. Cookies used for analytical purposes serve to improve the quality and user-friendliness of our website, as well as its content and functions. They enable us to understand how the website and its functions are used and how frequently. This way, we can continuously optimize our offer. Insofar as cookies are not technically necessary, we only use them with your prior consent, which you can revoke at any time (Article 6(1)(A) GDPR).

The mentioned cookies are stored on your device and transmitted to our server. You have the option to configure the processing of data and information through cookies yourself. Via your web browser settings, you can make appropriate configurations, such as rejecting third-party cookies or cookies altogether. However, please note that in this case, you may not be able to use all functions of our website properly. We also recommend regularly manually deleting cookies and your browser history.

The following Cookie Statement provides you with a clear overview of the cookies used on Ship Cheaper, which are in accordance with our privacy policy (at https://ship-cheaper.com/policy/).

You can adjust your cookie settings here.

On Ship Cheaper, cookies are divided into two categories:

A. Required or Necessary: The "Required" or "Necessary" category includes cookies that are essential for the use of our services. They ensure that Ship Cheaper's services function securely and according to your wishes. These cookies cannot be deactivated.

Required Cookies

B. Preference Cookies: Preference cookies allow a website to remember information that changes the way the website behaves or looks, such as your preferred language or your geographical region.

Preference Cookies

8. Purpose of Processing Personal Data

8.1 Cookies and Consent Management

We handle the consent declarations of our website visitors using a cookie consent tool. The purpose of processing is to fulfil the legal requirements regarding consent management. Legal basis: Article 6(1)(c) GDPR. Retention period: Until the consent to store cookies is withdrawn, but no longer than the expiration of the respective cookie. The retention period of individual cookies is specified in the cookie table. For consent management, we have engaged the following service provider:

CCM19

Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, https://www.ccm19.de/

Privacy Policy of CCM19: https://www.ccm19.de/datenschutzerklaerung.html

8.2 Processing of Personal Data During Informational Visits to Our Website.

When simply visiting our website without registering or submitting information ("informational use"), we only collect the personal data that your web browser transmits to our server. The following technical data is required for the display and security of our website: IP address, date and time of access, content of the website, access status (HTTP status), data volume transferred, requesting website, web browser, operating system, language, and browser version.

Our website is hosted and provided by a hosting provider. The web server used logs the aforementioned server log files. The temporary storage of your IP address is necessary to display the website on your device and is stored only for the duration of your visit.

The storage of the mentioned data in log files ensures the functionality and optimization of our website as well as the security of our IT systems. This data is not evaluated for marketing purposes. Our legitime interest in data processing lies in the purposes mentioned. The legal basis for the collection and temporary storage of this data and log files is Art. 6 Par. 1 Clause 1 Letter F of GDPR. The data for the provision of our website is deleted when your session is over. This data collection and storage in log files is essential for the operation of our website and cannot be objected to. 

8.3 Server Log Files.

You can visit our website without providing personal information. However, each time you access our website, usage data is transmitted from your internet browser to us or our web host/IT service provider and stored in log data (so-called server log files). This data includes, for example, the name of the accessed page, the date and time of access, the IP address, the data volume transferred, and the requesting provider. This processing is carried out in accordance with Article 6 (1)(F) of the GDPR based on our legitimate interest in ensuring the trouble-free operation of our website and improving our offerings.

8.4 Contacting us

In order to enable us to carry out the process and then contact Ship Cheaper, we ask you to provide at least your email address in addition to your consent to data protection. Further information is optional and is used to address you personally and to clarify any ambiguities regarding your email address. By checking the box, you confirm that you have read the following data protection information and that you agree to the processing of your data. All personal data that you send us will be processed and used by Ship Cheaper in accordance with your consent in accordance with Art. 6 Par. 1 lit. A   GDPR to contact you and, if necessary, to clarify queries about your email address. All information you provide is voluntary. All individuals tasked with processing your data are obligated to maintain the confidentiality of your information. Ship Cheaper will not share your data with third parties unless required by law.

Legal Bases: Article 6(1)(b) GDPR for pre-contractual or contractual matters. Article 6(1)(a) GDPR for voluntary information.

Data Recipients: We use an email service provider for emails and a hosting provider for contact form inquiries.

Retention Period: After your request has been fully processed, your data will be deleted, provided it is evident from the circumstances that the matter has been conclusively clarified and there are no legal retention obligations.

For pre-contractual and contractual matters, your inquiries will be stored until the termination of the contract and subsequently restricted in processing. Once there is no legal basis for storage, the data will be deleted.

Use and Deletion: You have the option to withdraw your consent at any time via email or letter. In this case, we will no longer contact you and your data will be completely deleted by the end of the month following your withdrawal. Your right to be forgotten under Article 17 GDPR will be sustainably implemented in this case.

Involvement of Service Providers: If the involvement of service providers for the processing of personal data is required, these are companies with which Ship Cheaper has contractually agreed on data protection-compliant collection, processing, and use of data in accordance with Article 28 GDPR.

Data Security: In accordance with Article 32 GDPR, we use technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security measures are continuously adapted and improved in line with technological developments.

Right to Information, Correction, and Deletion: In accordance with Article 15(1) GDPR, you have the right to request confirmation as to whether your personal data is being processed. Please direct your request, including your full name and email address to datenschutz@ship-cheaper.com.

Withdrawal of Your Registration: You can withdraw your consent to registration at any time. In this case, your personal data will be deleted immediately, and no further contact will occur. Please send your withdrawal, including your full name and email address to datenschutz@ship-cheaper.com. Please note that individuals you name (members of your team) must withdraw their registration themselves after their own registration.

Right to Complain: In accordance with Article 77 GDPR, you have the legally guaranteed right to lodge a complaint with a supervisory authority if you believe that your personal data is being processed unlawfully. The supervisory authority's jurisdiction is generally determined by the company's headquarters according to Article 56 GDPR. In the event of a complaint, please contact the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI, https://www.datenschutz-hamburg.de).

Responsible Party: Ship Cheaper is responsible for data protection. For questions or comments on this privacy policy or the company's data protection, please contact us by email at datenschutz@ship-cheaper.com or by post:

Ship Cheaper
Viktor Schleicher
Kaiserstr. 19
76646 Bruchsal
Germany

8.5 Newsletter

We regularly inform our customers via email about news regarding our company, products, services, promotions, and offers. We use your data for direct marketing and communication with our customers.

The dispatch is based on our legitimate interests in accordance with Article 6(1)(F) GDPR, which includes regular customer communication and the promotion of sales through direct marketing. You have the right to object to the sending of our newsletter at any time for the future. You can do this by sending an email to the above-mentioned contact address or by clicking on the corresponding link at the end of each newsletter. Your data will be stored until you object. After your objection, it will be restricted in processing and blocked for future newsletter mailings. 

8.6 Comment Function

If you wish to leave a comment on our website, you must provide the mandatory information in the comment form, which is required for the concluded user contract. Without this information, we cannot publish your comment.

We store your comments and other unpublished data until the end of the contract and then restrict processing. If there is no longer a legal basis for storage under the user contract (Art .6(1)(B) GDPR), the data will be deleted.

8.7 Customer Account / Orders 

8.7.1 Customer Account

If you open a personal customer account with us for future orders, the following policies apply: The processing serves the purpose of concluding a user contract for the personal customer account. The processing is carried out in accordance with Article 6(1)(b) GDPR within the scope of the contract. Your voluntarily provided data is subject to your consent in accordance with Article 6(1)(A) GDPR. The required information is included in the registration form. Without this data, we cannot open an account for you. The customer account is managed through our online shop, which is operated by our web host (see above). Your data in the customer account will be stored as long as the user contract with us exists. Voluntary information will be stored until you revoke it. After revocation, they will be restricted in processing and stored for up to three years to be able to legally prove previously given consent. This is based on our legitimate interests in accordance with Article 6(1)(F) GDPR to demonstrate data protection compliance. 

8.7.2 Orders

We use your data to process your order or to fulfil the resulting contract. The processing is carried out in accordance with Article 6(1)(B) GDPR within the scope of the contract. Your voluntarily provided data is subject to your consent in accordance with Article 6(1)(A) GDPR. For other processing, Article 6(1)(F) GDPR applies. The data is shared with the web host of our platform (see above), payment service providers, lawyers, debt collection companies, and business consultants. Legitimate interests include the enforcement of claims as well as measures for business management and the development of services and products.

8.8 Payment Processing 

The purpose of processing is to execute the order and process the payment.

Legal Basis: Contract according to Article 6(1)(b) GDPR.

Provision Obligation: Depending on the chosen payment method, you must provide us or the payment service provider with the necessary payment data.

Data Recipients: The following payment service providers are used: 

PayPal

Service Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Website: https://www.paypal.com/de

PayPal Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Credit Check: For payment methods such as credit card via PayPal, direct debit via PayPal, or, if available, "purchase on account" or "instalment payment" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Article 6(1)(f) GDPR to determine your creditworthiness. The result of this credit check will be used by PayPal to decide on the provision of the respective payment method. The credit report may also include probability values (so-called score values) based on a scientifically recognized mathematical-statistical procedure, which also takes address data into account. 

Direct Marketing

Purpose of Processing: Conducting direct marketing and promoting sales.
Legal Basis: Our overriding legitimate interest according to Article 6(1)(f) GDPR.
Legitimate Interests: Direct marketing and promotion of sales.
Data Recipients: Agency, lettershop.

Legal Obligation

Purpose of Processing: Fulfillment of legal obligations such as information, notification, disclosure, and retention obligations, as well as payment of taxes and duties.
Legal Bases: The respective legal regulation in conjunction with Article 6(1)(c) GDPR.
Data Recipients: Authorities, state institutions, lawyers, tax consultants, and, if applicable, data protection officers. 

8.9 Logging in via Social Media Accounts 

We use the concept of "Single Sign-On" on our website. This is a process that allows users to log in to our website using their login credentials from Single Sign-On providers (e.g., social networks). A prerequisite for Single Sign-On authentication is that the user is registered with the respective provider and enters the necessary access data into the designated online form or is already logged in with that provider and authorizes the Single-Sign-On login by confirming a button.

Single-Sign-On is offered through the following social networks:

Facebook Connect: See Facebook's data policy at https://www.facebook.com/policy

Google Sign-In: See Google's privacy policy at https://policies.google.com/privacy

When you access a page on our website that offers this login option, your browser establishes a direct connection to the servers of the social network. The content of the plugin is transmitted directly from the social network to your browser and integrated into the page. Through this integration, the social network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on that social network or are not currently logged in there. This information, including your IP address, is transmitted directly from your browser to a server of the social network and stored there.

When using "Single-Sign-On," we receive a user ID that indicates that the user is logged in under this ID with the respective Single-Sign-On provider, as well as a non-reusable ID for us ("User Handle"). Whether additional data is transmitted depends solely on the Single-Sign-On process used and the selected data released during authentication, as well as what data the user has shared in the privacy or other settings of their user account with the Single-Sign-On provider. Typically, this includes the email address and username. Additional information might include profile pictures, age, and gender. We do not receive or store the password for the social network.

 9. Webfonts 

We use Google Fonts from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website.

No registration or password creation is required to use Google Fonts. No cookies are stored in your browser. The files (CSS, fonts) are requested from the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, no account data will be transmitted to Google when using Google Fonts. Google collects the usage data of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will further investigate the exact storage of this data in detail.

What are Google Fonts?

Google Fonts (formerly Google Web Fonts) is an interactive directory of over 800 fonts provided by Google LLC for free use. Many of these fonts are released under the SIL Open Font License or the Apache License, both of which are free software licenses. This allows us to use them freely without paying any license fees.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our website without having to host them on our own server. Google Fonts helps improve the quality of our website as all fonts are automatically optimized for the web. This saves data and is particularly beneficial for mobile devices. The small file size ensures fast loading times when visiting our website. Additionally, Google Fonts are known for being secure web fonts. They work reliably across different browsers and operating systems, avoiding cross-platform issues. Google Fonts support all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and work reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod).

We use Google Fonts to make the appearance of our entire online services as beautiful and consistent as possible. According to Article 6 Paragraph 1 Letter f of the GDPR, this constitutes a "legitimate interest" in processing personal data. In this case, "legitimate interest" includes legal, economic, or non-material interests recognized by the legal system.

What data does Google store?

When you visit our website, the fonts are loaded from a Google server. This transmits data to Google's servers, letting Google know that you have visited our website. The Google Fonts API is designed to reduce the collection, storage, and use of end-user data to what is necessary for the efficient provision of fonts. The API serves, among other things, as a data transmitter in the software area. Google Fonts securely and anonymously stores CSS and font requests. The collected usage data allows Google to determine the popularity of fonts. The results are published by Google on internal analytics platforms like Google Analytics. Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the Google Fonts BigQuery database, a Google web service for companies that want to move and analyze large amounts of data.

However, it should be noted that with each Google Fonts request, information such as IP address, language settings, browser screen resolution, browser version, and the name of the browser is automatically transmitted to Google's servers. Whether this data is stored is not clearly determinable and is not explicitly communicated by Google.

How long and where are the data stored?

Google stores CSS assets requests for one day on its servers, which are mainly located outside the EU. This allows us to use Google stylesheets to load fonts. A stylesheet is a template that can quickly and easily change the design or font of a website. The font files are stored at Google for one year. Google's aim is to improve website loading times. When millions of websites reference the same fonts, they are cached after the first visit and are immediately available on all other subsequently visited websites. Occasionally, Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent storage?

The data stored by Google for one day or one year cannot be easily deleted. They are automatically transmitted to Google when the website is accessed. To have this data deleted early, you need to contact Google Support. To prevent data storage, you must not visit our website.

Unlike other web fonts, Google allows us unrestricted access to all fonts. This gives us unlimited access to a variety of fonts, enabling us to achieve the best for our website. For more information on Google Fonts and frequently asked questions, please visit the official Google Fonts website: https://developers.google.com/fonts/faq. 

10. Analytics Tools, Advertising, and Conversion Tracking 

10.1 Google Tag Manager

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. The Google Tag Manager itself does not create user profiles, set cookies, or conduct any standalone analyses. Its function is solely to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6 Paragraph 1 Letter f of the GDPR. The website operator has a legitimate interest in integrating and managing various tools quickly and easily on their website. If appropriate consent has been obtained, processing is carried out exclusively in accordance with Article 6 Paragraph 1 Letter a of the GDPR and Section 25 Paragraph 1 of the TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) in accordance with the TTDSG. Consent can be revoked at any time.

Purposes of Processing: Tracking (e.g., interest/behavior-based profiling). Visitor action analysis

Interest-based and behavior-based marketing. Profiling (creating user profiles). Conversion measurement (measuring the effectiveness of marketing measures). Reach measurement (e.g., access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company. As far as we know, Google also uses the data collected (anonymized) for its own purposes. In this regard, we refer to Google’s privacy policy.

Legal Basis and Legitimate Interests: For the integration of Google Tag Manager on our website, this processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes. The use of the various tags is then carried out in accordance with the separately described sections with the express consent of the user.

Storage Duration: Regarding the storage duration by Google, we refer to their privacy policy.

Data Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Google Privacy Policy: https://policies.google.com/privacy

Data Transfer to Third Countries: To the extent that non-anonymized data is transferred to Google LLC, data processing is carried out in the USA.

Adequacy Decision of the Commission: Regarding data transfers to Google LLC, we rely on the decision of 10.07.2023 for the EU-US Data Privacy Framework under Article 45 of the GDPR. The list of companies participating in the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/.

10.2 Google Analytics

This website uses features of the web analytics service Google Analytics, provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the operator of this website to analyze the behavior of visitors. The website operator receives various usage data, such as page views, duration of visits, operating systems used, and the origin of the user. This data is assigned to the user's respective device but is not linked to an individual user ID.

Additionally, with Google Analytics, we can record mouse and scroll movements as well as clicks. Google Analytics uses various modeling approaches to supplement the collected data and employs machine learning technologies for data analysis.

To analyze user behavior, Google Analytics uses technologies such as cookies or device fingerprinting, which enable the recognition of users. The information collected by Google Analytics about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR and Section 25 Paragraph 1 of the TTDSG. This consent can be revoked at any time.

Data transfers to the USA are based on the European Commission’s Standard Contractual Clauses. Further details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Purposes of Processing: Tracking (e.g., interest/behavior-based profiling), Visitor action analysis, Interest-based and behavior-based marketing, Profiling (creating user profiles), Conversion measurement (measuring the effectiveness of marketing measures), Reach measurement (e.g., access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company.

Legal Basis and Legitimate Interests: The use of Google Analytics may be based on your consent under Article 6 Paragraph 1 Letter a of the GDPR, which you can revoke at any time with future effect by undoing the selection for "Marketing" or "Google Analytics 4" in the cookie settings on our site. Without your consent, we use Google Analytics 4 with so-called "Pings" based on our overriding legitimate interest (Article 6 Paragraph 1 Letter f of the GDPR) to achieve the purposes of processing (see above).

Storage Duration: We store the anonymized data collected for a maximum period of 14 months. After this period, the data is automatically deleted. Regarding the storage duration by Google, we refer to their privacy policy. Data collected through the "demographic characteristics" feature is retained for two months and then deleted.

Objection / Opt-Out: You can prevent the collection of your data by installing a browser add-on to disable Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en. You can also specify which data Google may use here: https://g.co/privacytools. Additionally, you can disable personalized advertising directly with Google: https://www.google.com/settings/ads/onweb/. For more information from Google on how to block specific ads and disable cross-device analysis related to Google Signals, visit: https://support.google.com/ads/answer/2662922?hl=en.

Inter-provider preferences for online advertising can be set here: https://www.youronlinechoices.com/. Alternatively, you can use the management page of the Network Advertising Initiative: http://www.networkadvertising.org/consumer/opt_out.asp.

Data Recipient / Processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Google Privacy Policy: https://policies.google.com/privacy

Google Privacy Information for Google Analytics: https://support.google.com/analytics/answer/6004245

Google Privacy Information for Google Signals: https://support.google.com/analytics/answer/7532985?hl=en

Data Transfer to Third Countries: To the extent that non-anonymized data is transferred to Google LLC, data processing also takes place in the USA.

Adequacy Decision of the Commission: Regarding data transfers to Google LLC, we rely on the decision of 10.07.2023 for the EU-US Data Privacy Framework under Article 45 of the GDPR. The list of companies participating in the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/.

10.3 Google Optimize

We use "Google Optimize" on our website, a product of Google Ireland Ltd. ("Google"). This web analysis and optimization service is used to improve the attractiveness, content, and functionality of our website by showing new features and content to a percentage of our users and statistically evaluating usage patterns. Google Optimize is closely linked to Google Analytics (see section Google Analytics).

Google Optimize uses cookies to optimize and analyze the use of our website. We enable IP anonymization, so your IP address is shortened by Google within the member states of the European Union or in other contracting states of the European Economic Area before being transmitted to a server in the USA, except in exceptional cases where the full IP address is transmitted to a Google server in the USA and shortened there. Google uses the collected information to analyze the use of our website, create reports on optimization tests and related website activities, and provide us with other services related to the use of our website. 

The purposes of data processing include tracking, visitor action evaluation, interest-based and behavior-based marketing, profiling, conversion measurement, and reach measurement. These purposes apply to both us and Google and its parent company.

The legal basis for using Google Optimize is your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR, which you can revoke at any time by undoing the selection for "Marketing" in the cookie settings on our website.

We store the anonymized data collected by Google Optimize for a maximum of 14 months before it is automatically deleted. Regarding the storage duration by Google, we refer to their privacy policy.

You can object to the collection of your data by installing a browser add-on to disable Google Analytics. Additionally, you can disable personalized advertising directly with Google or set your preferences regarding online advertising across providers. Further information can be found in the provided links.

Data Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Google Privacy Policy: https://policies.google.com/privacy

Data Transfer to Third Countries: To the extent that non-anonymized data is transferred to Google LLC, data processing takes place in the USA.

Adequacy Decision of the Commission: Regarding data transfers to Google LLC, we rely on the decision of 10.07.2023 for the EU-US Data Privacy Framework under Article 45 of the GDPR. The list of companies participating in the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/.

10.4 Google AdSense

Our website uses Google AdSense, a service provided by Google Ireland Ltd. ("Google"), to place ads in the Google advertising network. These ads are shown to users who are presumably interested in the advertised products or services, such as in search results, videos, or on other websites. Additionally, we measure the conversion of the ads, where we only receive anonymous aggregate numbers of users who clicked on the ads and subsequently visited a page tagged with a conversion tracking tag. We do not receive identifiable information about individual users. Conversion measurement is solely for analyzing the success of our marketing campaigns.

The IP addresses of users are anonymized in Google AdSense by shortening them within the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to Google. Only in exceptional cases is the full IP address transmitted to Google's parent company in the USA and shortened there.

We are responsible for the integration of Google software products and the evaluations to the extent that we have access to them. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and the parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are responsible for their own data processing, over which we have no control.

Purposes of Data Processing: Tracking (e.g., interest or behavior-based profiling), Visitor action analysis, Interest-based and behavior-based marketing, Profiling (creating user profiles), Conversion measurement (measuring the effectiveness of marketing measures), Reach measurement (e.g., access statistics, recognition of returning visitors)

The legal basis for the use of cookies for Google AdSense is your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR, which you can revoke at any time. Our overriding legitimate interest is to promote our products and services.

Storage Duration: The storage duration is based on the information in Google's privacy policy.

Opt-Out: You have the option to disable personalized advertising directly with Google. Further information can be found at the following links: https://www.google.com/settings/ads/onweb/

https://support.google.com/ads/answer/2662922?hl=en

You can also set your preferences for online advertising across providers at the following link:

https://www.youronlinechoices.com/

Alternatively, you can use the management page of the Network Advertising Initiative: 

http://www.networkadvertising.org/consumer/opt_out.asp

For more information on privacy at Google, please refer to Google's privacy policy: https://policies.google.com/privacy

Data Transfer to Third Countries: To the extent that data is transferred to Google LLC, data processing takes place in the USA. We rely on the European Commission's adequacy decision for the EU-US Data Privacy Framework under Article 45 of the GDPR. The list of companies participating in the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/.

10.5 Google Ads Conversion

Our website uses the conversion tracking tool "Google Ads Conversion" from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. This tool helps us measure the effectiveness of our advertising campaigns on Google Ads.

When you click on one of our ads on Google Ads, a cookie is set on your computer. These cookies expire after a certain period and do not contain any personal data. These cookies allow Google and us to recognize that you clicked on our ad and were redirected to our website.

The information obtained through conversion tracking is used to create conversion statistics and measure the effectiveness of our advertising campaigns. However, we do not receive any information that could personally identify you.

The use of Google Ads Conversion is based on your consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR. You can revoke your consent at any time with future effect by adjusting your browser settings and disabling the cookies from Google Ads Conversion.

For more information on data processing by Google Ads Conversion and privacy at Google, please refer to Google's privacy policy: https://policies.google.com/privacy

Please note that Google may transfer data to the USA and relies on the European Commission's adequacy decision. For more information, please refer to Google's privacy policy.

10.6 Microsoft Advertising

Our website uses the remarketing feature "Bing Ads" by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA), also known as "Microsoft Advertising". When you arrive at our website through a Bing ad, Microsoft Bing Ads places a cookie on your computer. This allows Microsoft Bing and us to recognize that a user has clicked on an ad, was redirected to our website, and has reached a specific target page (conversion page). We only receive the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is transmitted.

If you do not want Microsoft to use information about your behavior as described above, you can refuse the setting of a cookie by selecting the appropriate browser settings that generally disable the automatic setting of cookies. Additionally, you can prevent the collection of data generated by the cookie and the processing of this data by Microsoft by opting out at the following link: http://choice.microsoft.com/de-DE/opt-out.

For more information about privacy and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement.

10.7 LinkedIn

Our website uses the conversion tool "LinkedIn Insight Tag" provided by LinkedIn Ireland Unlimited Company. This tool sets a cookie in your web browser to collect various data, including your IP address, device and browser characteristics, and page events such as page views. This data is encrypted, anonymized within seven days, and deleted within 90 days. LinkedIn does not share any personal data with Ship Cheaper but provides anonymized reports about the website audience and ad performance. Additionally, LinkedIn’s Insight Tag enables retargeting, allowing Ship Cheaper to display targeted advertising outside of its website without identifying you as a website visitor. For more information on LinkedIn’s privacy practices, please refer to LinkedIn’s privacy policy.

For these functions to work correctly, various cookies must be stored or read on the user’s device. 

Purposes of Processing: Tracking, Visitor action analysis, Interest-based and behavior-based marketing, Profiling, Conversion and reach measurement. These purposes apply to both us and LinkedIn.

The use of LinkedIn Insight Tag with cookies is based on your consent under Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR, which you can revoke at any time with future effect by undoing the selection for "Marketing" or "LinkedIn" in the cookie settings on our website.

Data Recipient: LinkedIn Ireland Unlimited Company, Dublin, Ireland

The direct identifiers of LinkedIn members are deleted after seven days, while the remaining pseudonymized data is deleted within 180 days.

You can opt out of LinkedIn’s analysis of your usage behavior and targeted advertising at the following link: LinkedIn Opt-Out. Additionally, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

We have entered into a Data Processing Agreement (DPA) with LinkedIn, which includes the EU Standard Contractual Clauses and thus serves as appropriate safeguards under Article 46 (2) c of the GDPR for the transfer of data outside the EU, the EEA, or a country approved by the European Commission.

10.8 Meta Conversions API (formerly Facebook Conversion)

With your consent, we also use the Meta Conversions API, formerly known as Facebook Conversion. This API enables a connection between the advertiser's marketing data and Meta's systems, allowing us to optimize ad targeting and measure results. This is done through a secure connection between our server and Meta's systems. In addition to the Meta Pixel, server events are synchronized to measure, report, and optimize our offerings.

Both methods, the Meta Pixel and the Conversions API, can result in personal data being transmitted to Meta Platforms, Inc., One Hacker Way, Menlo Park, CA 94025, USA. By giving your consent, you also agree to this transfer. There is a risk that US authorities may process your data without your knowledge and without the possibility of legal redress.

For "event data" collected on our website, such as visits, app installations, and purchases, we and Meta are jointly responsible under the General Data Protection Regulation (Art. 26 GDPR). Our joint responsibility includes the collection and sharing of data with Meta. To exercise your data protection rights under paragraph 1 of these data protection regulations, you can contact either us or Meta Platforms.

For the aggregated "analytics data" provided to us by Meta, Ship Cheaper is responsible. Meta processes this data on our behalf.

Personal data collected through Meta services will be deleted at your request. For information on the retention period by Meta Platforms Ltd., please refer to their privacy policies or contact the company directly.

You can withdraw your consent to Meta Platforms' services for the future by resetting your selection in our consent management system. You can also direct your withdrawal to us using the contact information provided in this document.

For more information on data processing by Meta and privacy practices, please refer to Meta's privacy policy: https://www.facebook.com/privacy/explanation

10.9 Meta Pixel (formerly Facebook Pixel)

Our website uses the visitor action pixel from Facebook for conversion measurement. The service is provided by Facebook Ireland Limited, based in Dublin, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

The visitor action pixel allows the behavior of site visitors who arrived at the provider's website by clicking on a Facebook advertisement to be tracked. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and to optimize future advertising measures.

The data collected by us as the operator of this website is anonymous, so we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, which can connect it to the respective user profile. Facebook may also use this data for its own advertising purposes in accordance with its data policy, enabling the display of advertisements on Facebook pages and outside of Facebook. This use of the data is beyond our control as the site operator.

The use of the Facebook pixel is based on Art. 6 Paragraph 1 Letter f of the GDPR, as we have a legitimate interest in effective advertising measures, including the use of social media. If consent (e.g., for the storage of cookies) has been requested, processing is carried out in accordance with Art. 6 Paragraph 1 Letter a of the GDPR; this consent can be revoked at any time.

For more information on protecting your privacy, please refer to Facebook's privacy policy: https://de-de.facebook.com/about/privacy/

You also have the option to disable the remarketing function "Custom Audiences" in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this. If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

10.10 Mixpanel

We use the Mixpanel tool on our website, provided by Mixpanel Inc., to conduct product analyses.

Mixpanel uses cookies to collect information such as your browser type, operating system, language settings, and IP address, which are transmitted to a Mixpanel server. Your IP address is anonymized to protect your privacy.

Purposes of Data Processing: Tracking, Visitor action analysis, Interest-based marketing, Profiling

Conversion measurement, Reach measurement, These purposes apply to both us and Mixpanel.

Data Recipient / Processor: Mixpanel, Inc., One Front Street, Floor 28, San Francisco, CA 94111, USA

The legal basis for processing is marketing and optimization purposes, improving the user experience, and statistical evaluations of internet users.

The storage duration of the data by Mixpanel is specified in their privacy policy.

For more information on Mixpanel's privacy practices and GDPR compliance, please visit the following links:

Mixpanel Privacy Policy: https://mixpanel.com/legal/privacy-policy

Mixpanel GDPR Compliance: https://mixpanel.com/legal/mixpanel-gdpr

For data transfers to Mixpanel, Inc., we rely on the European Commission's adequacy decision for the EU-US Data Privacy Framework of 10.07.2023 under Article 45 of the GDPR. A list of companies participating in the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/.

10.11 Smartlook

We integrate functionalities of the product analysis tool Smartlook, provided by Smartsupp.com, s.r.o., Lidicka 2030/20, 602 00 Brno, Czech Republic.

Smartlook offers insights into web products, event tracking, and the creation of heatmaps and analyses. Cookies from Smartlook are stored on your device. The following personal data is processed by Smartlook: Visited pages on the website and subsequent URLs, Date and time of the website visit,

Mouse movements and clicks, Screen resolution, Operating system, Browser type, Device type, Geolocation data (country and city), IP address, First name, Last name, Email address. For more information on how Smartlook processes your data, please visit https://www.smartlook.com/help/privacy-statement/.

The processing of personal data is based on your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR. Your personal information will be stored as long as it is necessary for the purposes described in this privacy policy or as required by law, such as for tax and accounting purposes. You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You can prevent the collection and processing of your personal data by Smartlook by blocking the storage of third-party cookies on your computer, using the "Do Not Track" feature of a supporting browser, or disabling the execution of script code in your browser. Alternatively, you can install a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com/) in your browser.

For more information on how to object and remove data processing by Smartlook, please visit: https://www.smartlook.com/help/privacy-statement/.

10.12 Segment

We use a marketing tool from Segment, provided by Segment.io Inc. ("Segment"), on our website. This tool analyzes user behavior on our website, creating usage profiles using pseudonyms.

Purposes of Data Processing: Tracking (e.g., interest/behavior-based profiling), Visitor action analysis

Interest-based and behavior-based marketing, Profiling (creating user profiles), Conversion measurement (measuring the effectiveness of marketing measures), Reach measurement (e.g., access statistics, recognition of returning visitors). These purposes apply to both us and Segment.

The legal basis for using cookies for Segment is your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR. You can revoke this consent at any time with future effect by undoing the selection for "Marketing" or "Segment" in the cookie settings on our website. Our overriding legitimate interest under Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR lies in promoting our products and services.

Data Recipient: Segment.io, Inc., 100 California Street, Suite 700, San Francisco, CA 94111, USA

For more information on the data retention period, please refer to Segment's privacy policy.

For data transfers to Segment in the USA, we rely on the decision of 10.07.2023 for the EU-US Data Privacy Framework under Article 45 of the GDPR. A list of companies participating in the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/.

Our website integrates the embedding function of YouTube, which belongs to Google Ireland Ltd. When you visit a page with an embedded YouTube video, a connection to YouTube's servers is established. YouTube is informed about which pages you visit. If you are logged into your YouTube account, YouTube can associate your browsing behavior with you personally. You can prevent this by logging out of your YouTube account beforehand. When a YouTube video is started, Google sets cookies to collect information about user behavior. For more information about the purpose and scope of data collection and processing by YouTube, please refer to Google's privacy policy.

Purposes of Processing: Providing a comprehensive and professional online offering, including videos, User-friendly video playback without leaving the website, Fast video playback.

Legal Basis: Your use of YouTube may require consent under Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR, which you can revoke at any time with future effect by undoing the selection for "External Media" or "YouTube" in the cookie settings on our website. Google's evaluation is based on Article 6 Paragraph 1 Letter f of the GDPR, based on Google's legitimate interests in displaying personalized advertising, market research, and/or the demand-based design of its website. You have the right to object to the creation of these user profiles, for which you must contact YouTube to exercise this right.

Storage Duration: The anonymized data we collect is stored for a maximum of 14 months and then automatically deleted. For Google's storage duration, we refer to their privacy policy.

Data Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Google Privacy Policy: https://policies.google.com/privacy

Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Data Transfer to Third Countries: To the extent that non-anonymized data is transferred to Google LLC, data processing takes place in the USA.

Adequacy Decision of the Commission: For data transfers to Google LLC, we rely on the adequacy decision of 10.07.2023 for the EU-US Data Privacy Framework under Article 45 of the GDPR. A list of companies participating in the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/.

12. Your Data Protection Rights

Confirmation of Data Processing: You have the right to request confirmation from us as to whether we are processing your personal data. The relevant conditions are set out in Article 15 of the General Data Protection Regulation (GDPR).

Access: You have the right to request information about the personal data we process. The relevant conditions are outlined in Article 15 of the GDPR.

Rectification: You have the right to request the immediate correction of incorrect personal data concerning you. The relevant conditions are specified in Article 16 of the GDPR.

Deletion: You have the right to request the immediate deletion of your personal data. The relevant conditions are set out in Article 17 of the GDPR.

Restriction of Processing: You have the right to request the restriction of processing of your personal data. The relevant conditions are outlined in Article 18 of the GDPR.

Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller. The relevant conditions are set out in Article 20 of the GDPR.

Withdrawal of Consent: You have the right to withdraw your consent at any time, provided the processing is based on Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR. The data processing up to the withdrawal remains lawful. The withdrawal is only effective for the future. The relevant conditions are outlined in Article 7 Paragraph 3 of the GDPR.

Complaint: You have the right to lodge a complaint with a supervisory authority, without prejudice to other administrative or judicial remedies, if you believe that the processing of your personal data violates the GDPR. The relevant conditions are set out in Article 77 of the GDPR. You can contact the supervisory authority responsible for the controller or the competent authority in your country or state. A list of all supervisory authorities can be found here: List of Supervisory Authorities.

Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that we process based on our overriding legitimate interest (Article 6 Paragraph 1 Letter e or f of the GDPR), including profiling based on these provisions according to Article 4 Number 4 of the GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Direct Marketing: We collect and process your personal data to engage in direct marketing. You have the right to object at any time to the processing of your personal data for such direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

Occasionally, we process and use your personal data to send you evaluation requests and/or product recommendations via email that are exclusively related to your purchases, completions, and/or other analogous transactions. We may also use your email and/or postal address to send you product recommendations via email and/or postal mail for similar goods and/or services offered by us. You will receive these evaluation requests and product recommendations regardless of whether you have subscribed to a newsletter.

Exercise of the Right to Object: You can object to data processing for direct marketing purposes at any time by sending us a letter to: 

Ship Cheaper,
Viktor Schleicher,
Kaiserstr. 19,
76646 Bruchsal,

or by sending an email to support@ship-cheaper.com. Alternatively, you can object with future effect at the end of each marketing email without incurring any costs other than the transmission costs according to the base rates. Your right to object automatically includes any profiling associated with such direct marketing.

If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes from that point onwards.