Privacy and Policy
DATA PROTECTION DECLARATION
1. INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE DATA CONTROLLER
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the processing of your personal data when using our website. Personal data includes all data that can be used to identify you personally.
1.2 The data controller for processing data on this website, within the meaning of the General Data Protection Regulation (GDPR), is Ataraa Shop. The data controller is the natural or legal person who determines the purposes and means of processing personal data, either alone or jointly with others.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser’s address bar.
2. DATA COLLECTION WHEN VISITING OUR WEBSITE
When using our website for informational purposes only, meaning without registering or providing other information, we collect only the data that your browser transmits to our server (server log files). When you visit our website, we collect the following data, which is technically necessary for displaying the site:
- Website visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (possibly anonymized)
Processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be transmitted or used otherwise. However, we reserve the right to review server log files later if there are concrete indications of illegal use.
3. COOKIES
To make your visit to our website more appealing and enable the use of certain functions, we use cookies on various pages. These are small text files stored on your device. Some of the cookies we use are deleted after you close your browser (session cookies), while others remain on your device to allow us to recognize your browser upon your next visit (persistent cookies). If cookies are installed, they collect and process specific user information, such as browser and location data and individual IP address values. Persistent cookies are automatically deleted after a specific period, which varies depending on the cookie.
Some cookies simplify the order process by saving settings (e.g., remembering the contents of a virtual shopping cart for future visits). If personal data is also processed through cookies, processing is carried out in accordance with Article 6(1)(b) GDPR for contract execution or in accordance with Article 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly, effective website experience.
We may work with advertising partners who help us make our website more interesting for you. In this case, third-party cookies may also be stored on your hard drive when you visit our website. If we cooperate with such advertising partners, you will be informed separately and in detail about the use of these cookies in the following sections.
You can configure your browser to be informed about cookie settings and individually decide whether to accept them or exclude cookies for specific cases or in general. Each browser handles cookie settings differently, which is explained in the help menu of each browser:
- Internet Explorer: https://support.microsoft.com/en-us/help/278835
- Firefox: https://support.mozilla.org/en/kb/enable-and-disable-cookies
- Chrome: https://support.google.com/chrome/answer/95647
- Safari: https://support.apple.com/en-us/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that rejecting cookies may limit the functionality of our website.
4. CONTACT
When contacting us (e.g., via contact form or email), personal data is collected. The data collected is visible in the respective contact form. This data is used exclusively to respond to your request or for necessary technical administration. The legal basis for data processing is our legitimate interest in responding to your request, in accordance with Article 6(1)(f) GDPR. If your request is related to the conclusion of a contract, an additional legal basis is Article 6(1)(b) GDPR. Your data will be deleted once your request has been fully processed, provided that there are no legal retention obligations.
5. DATA PROCESSING FOR ACCOUNT CREATION AND CONTRACT EXECUTION
Personal data is collected and processed in accordance with Article 6(1)(b) GDPR when you provide it for contract execution or account creation. The data collected is visible in the respective entry forms. You may delete your account at any time by sending a request to the data controller. After the contract has been fully executed, your data will be blocked according to legal retention periods and deleted upon their expiration, unless you have expressly consented to further use or such further use is legally permitted.
6. DATA PROCESSING FOR ORDER MANAGEMENT
6.1 The personal data we collect is transmitted to the transport company responsible for delivery, insofar as this is necessary for delivering the goods. Your payment details are transmitted to the assigned financial institution if required for payment processing. If we use payment service providers, we explicitly inform you about them below. The legal basis for data transmission is Article 6(1)(b) GDPR.
6.2 Use of Payment Service Providers
PayPal If you pay via PayPal, credit card through PayPal, direct debit via PayPal, or – if offered – "Purchase on Account" or "Instalment Payment" via PayPal, we transmit your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"), for payment processing. This transfer occurs based on Article 6(1)(b) GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to conduct credit checks for certain payment methods. In such cases, your payment data may be transmitted to credit agencies based on Article 6(1)(f) GDPR, as PayPal has a legitimate interest in verifying your creditworthiness. The results of this credit check influence PayPal’s decision to offer the respective payment method. Further details on data protection, including the credit agencies used, can be found in PayPal’s privacy policy. You can object to this data processing at any time by contacting PayPal.
SOFORT If you choose "SOFORT" as your payment method, the payment processing is carried out by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"), to which we transmit your information and order details according to Article 6(1)(b) GDPR. SOFORT GmbH is part of Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transmitted solely for payment processing purposes. Further details on data protection at SOFORT can be found here: SOFORT Privacy Policy.
7) DATA PROCESSING FOR ORDER MANAGEMENT
7.1 The personal data we collect is transmitted to the transport company responsible for delivery, to the extent necessary for delivering the goods. Your payment details are transmitted to the assigned financial institution if required for payment processing. If payment service providers are used, we explicitly inform you about them below. The legal basis for data transmission is Article 6(1)(b) GDPR.
7.2 Use of Payment Service Providers
PayPal If you pay via PayPal, credit card through PayPal, direct debit via PayPal, or—if offered—"Purchase on Invoice" or "Instalment Payment" via PayPal, we transmit your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"), for payment processing. This transfer occurs in accordance with Article 6(1)(b) GDPR and only to the extent necessary for payment processing.
PayPal reserves the right to conduct a credit check for certain payment methods. In such cases, your payment data may be transmitted to credit agencies based on Article 6(1)(f) GDPR, as PayPal has a legitimate interest in verifying your creditworthiness. The results of this credit check regarding the statistical probability of non-payment are used by PayPal to determine whether to offer the respective payment method. The credit check may contain predictive values (so-called scores). If scores are included in the credit check result, they are based on a scientifically recognized mathematical-statistical method. Address data is also taken into account in the calculation of score values. Further details on data protection, including the credit agencies used, can be found in PayPal’s Privacy Policy: Privacy PayPal. You can object to this data processing at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data to the extent necessary for contractual payment processing.
SOFORT If you select the "SOFORT" payment method, payment processing is carried out via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"), to whom we transmit your information provided during the ordering process, along with details about your order, in accordance with Article 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transmitted solely for payment processing purposes with the payment service provider SOFORT and only to the extent necessary. Further details on SOFORT’s data protection policy can be found here: Privacy SOFORT.
8) CONTACT FOR REVIEW REMINDERS
Own review reminders (not sent via a customer review system)
We use your email address to send a one-time reminder to leave a review of your order for the review system we use, provided that you have given us your explicit consent in accordance with Article 6(1)(a) GDPR during or after your order. You can revoke your consent at any time by sending a message to the data controller.
9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS
9.1 Facebook Plugin with Shariff Solution
Our website uses so-called social plugins ("plugins") from the Facebook social network, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").
To increase the protection of your data when visiting our website, these buttons are not integrated as direct plugins but only as an HTML link. This ensures that no connection is established with Facebook’s servers when you visit a page on our website containing such buttons. If you click the button, a new browser window will open, displaying Facebook’s page, where you can (if necessary, after logging in) interact with Facebook plugins.
Facebook Inc., based in the USA, is certified under the EU-US Privacy Shield, ensuring compliance with EU data protection standards.
For the purpose and scope of data collection, further processing, and use of data by Facebook, as well as your rights and settings options to protect your privacy, please refer to Facebook’s Privacy Policy: Privacy Facebook.
9.2 Google+ Plugin with Shariff Solution
Our website uses social plugins ("plugins") from the social network Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
To enhance the protection of your data when visiting our website, these buttons are not integrated as direct plugins but only as an HTML link on the page. This integration ensures that when you visit a page on our site containing such buttons, no connection is established with Google's servers. If you click the button, a new browser window will open, displaying the Google+ page where you can (if necessary, after entering your login details) interact with Google+ plugins.
Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, which guarantees compliance with EU data protection standards.
For information on the purpose and scope of data collection, as well as the subsequent processing and use of data by Google, and your rights and settings options to protect your privacy, please refer to Google's privacy policy: Google Privacy Policy.
9.3 Instagram Plugin with Shariff Solution
Our website uses social plugins ("plugins") from the online service Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").
To enhance the protection of your data when visiting our website, these buttons are not integrated as direct plugins but only as an HTML link on the page. This integration ensures that when you visit a page on our site containing such buttons, no connection is established with Instagram's servers. If you click the button, a new browser window will open, displaying the Instagram page where you can (if necessary, after entering your login details) interact with Instagram plugins.
Instagram LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, which guarantees compliance with EU data protection standards.
For information on the purpose and scope of data collection, as well as the subsequent processing and use of data by Instagram, and your rights and settings options to protect your privacy, please refer to Instagram's privacy policy: Instagram Privacy Policy.
10) ONLINE MARKETING
10.1 Google DoubleClick
This website uses the online marketing tool DoubleClick from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").
DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, or prevent a user from seeing the same ad multiple times. Using a cookie ID, Google collects information about the ads displayed in a browser and prevents them from being shown repeatedly. Processing is carried out based on our legitimate interest in optimizing the promotion of our website in accordance with Article 6(1)(f) GDPR.
Additionally, DoubleClick may use cookie IDs to track "conversions" related to ad requests. For example, if a user views a DoubleClick ad and later visits the advertiser's website using the same browser and makes a purchase. According to Google, DoubleClick cookies do not contain personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no control over the extent and further use of the data collected by Google through this tool and therefore inform you based on our knowledge: by integrating DoubleClick, Google receives the information that you have visited a part of our website or clicked on one of our ads. If you are registered with a Google service, Google may link the visit to your account. Even if you are not registered or logged into Google, it is possible that the provider collects and stores your IP address.
If you do not wish to participate in this tracking process, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com. Please note that this setting will be deleted if you remove your cookies. Alternatively, you can learn more about the use of cookies and adjust your preferences at the Digital Advertising Alliance. Lastly, you can configure your browser to notify you about cookie settings and decide individually whether to accept them or exclude them for specific cases or in general. If you do not accept cookies, the functionality of our website may be limited.
Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, ensuring compliance with EU data protection standards.
For more information on Google's DoubleClick privacy policies, visit: Google Privacy Policy.
10.2 Use of Google AdWords Conversion Tracking
This website uses the online advertising program Google AdWords and, as part of Google AdWords, conversion tracking from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to promote our services through advertisements (Google AdWords) on external websites. Based on campaign data, we can determine the effectiveness of individual advertising campaigns. Our goal is to show you relevant advertisements, make our website more engaging, and ensure fair accounting of advertising costs.
A conversion tracking cookie is set when a user clicks on a Google AdWords advertisement. Cookies are small text files stored on your computer system. These cookies generally expire after 30 days and do not personally identify users. If the user visits specific pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie, meaning cookies cannot be tracked across AdWords customers' websites.
The information collected through the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers receive the total number of users who clicked on their advertisement and were redirected to a page containing a conversion tracking tag. However, they do not receive any information that personally identifies users.
If you do not wish to participate in tracking, you can block the use of the Google conversion tracking cookie via your internet browser settings. In this case, you will not be included in the conversion tracking statistics. We use Google AdWords based on our legitimate interest in targeted advertising, in accordance with Article 6(1)(f) GDPR.
Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, ensuring compliance with EU data protection regulations.
For more information about Google's privacy policies, please visit: Google Privacy Policy.
You can permanently disable cookies for advertising preferences by preventing their installation via your browser settings or by downloading and installing the browser plugin available at: Google Ads Settings Plugin.
Please note that some features of this website may not be available or may be limited if you disable cookies.
11) WEB ANALYTICS SERVICES
Google (Universal) Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies"—text files stored on your computer—to analyze how users interact with the website. The information generated by the cookie regarding your use of the website (including the truncated IP address) is generally transmitted to a Google server in the United States and stored there.
This website uses Google Analytics exclusively with the "anonymizeIp()" extension, which ensures that IP addresses are anonymized by truncation and prevents direct personal identification. With this extension, Google shortens your IP address within EU member states or in other contracting states of the Agreement on the European Economic Area (EEA). Only in exceptional cases is the full IP address transmitted to a Google server in the U.S. and shortened there. In such cases, processing is based on Article 6(1)(f) GDPR, with our legitimate interest in analyzing user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser within Google Analytics is not merged with other Google data.
You can prevent cookies from being stored by adjusting your browser settings; however, please note that this may limit certain website functionalities. Additionally, you can prevent the collection and processing of data generated by cookies related to your website usage (including IP address) by downloading and installing the following browser plugin: Google Opt-Out Plugin.
Alternatively, you can disable Google Analytics for future data collection by clicking the following link: Disable Google Analytics. This sets an opt-out cookie that prevents the collection of data when visiting this website in the future (this opt-out cookie works only in this browser and only for this domain; if you delete your cookies, you must click this link again).
Google LLC, based in the USA, is certified under the EU-U.S. Privacy Shield, ensuring compliance with EU data protection standards.
This website also uses Google Analytics for cross-device visitor analysis via a unique user ID. Upon first accessing a page, a unique, permanent, anonymized ID is assigned to the user, allowing cross-device tracking. This does not contain personal data and is not transmitted to Google.
You can object to data collection and storage at any time by disabling Google Analytics across all devices. You can do this via the Google browser plugin: Google Analytics Opt-Out.
For further details on Google Universal Analytics, visit: Google Support.
12) RETARGETING / REMARKETING / PERSONALIZED ADVERTISING
Facebook Custom Audience via Pixel
This website uses the Facebook Pixel of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). With your explicit consent, this tool tracks user behavior after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and helps optimize future advertising campaigns.
The data collected is anonymous to us and does not allow us to identify users. However, Facebook stores and processes this data, enabling a link to the user’s profile, which Facebook may use for its own advertising purposes, in accordance with its Data Policy: Facebook Privacy Policy.
Facebook and its partners may display advertisements on and off Facebook. A cookie may be stored on your computer for these purposes. These processes are carried out only with your explicit consent, in accordance with Article 6(1)(a) GDPR.
Consent for the use of Facebook Pixel can only be given by users over the age of 13. If you are younger, please ask your parents or guardians for permission.
Facebook Inc., based in the USA, is certified under the EU-U.S. Privacy Shield, ensuring compliance with EU data protection standards.
You can disable cookies for advertising on your computer by configuring your browser settings to block cookies or delete existing cookies. However, disabling cookies may affect the functionality of some features on our website.
To opt out of third-party cookies (including Facebook) for advertising purposes, visit: Digital Advertising Alliance.
13) DATA SUBJECT RIGHTS
13.1 Your Rights
Under applicable data protection laws, you have the following rights regarding your personal data:
- Right to access (Article 15 GDPR): You can request information on the personal data we process and other relevant details.
- Right to rectification (Article 16 GDPR): You can request the correction of inaccurate or incomplete personal data.
- Right to erasure ("right to be forgotten") (Article 17 GDPR): You can request deletion of your personal data under certain conditions.
- Right to restriction of processing (Article 18 GDPR): You can request limited processing of your data under certain circumstances.
- Right to data portability (Article 20 GDPR): You can request a copy of your data in a structured, machine-readable format.
- Right to withdraw consent (Article 7(3) GDPR): You can withdraw consent to data processing at any time.
- Right to lodge a complaint (Article 77 GDPR): You can file a complaint with a supervisory authority if you believe your data protection rights have been violated.
14) RETENTION PERIOD FOR PERSONAL DATA
The retention period for personal data depends on the applicable legal retention requirements (e.g., commercial and tax retention periods). Once this period expires, the relevant data is systematically deleted, unless it is still required for the performance or conclusion of a contract and/or if we have a legitimate interest in retaining it for a longer period.