Data Privacy

//Security comes first

1. General Information

1.1 What are Personal DataPersonal data are details that reveal or can reveal the identity of the user. We adhere to the principle of data avoidance. As far as possible, the collection of personal data is avoided.

1.2 Handling of Personal DataPersonal data are used solely for establishing, structuring, executing, or processing the contractual relationship (Art. 6 I S. 1 b GDPR). Furthermore, personal data are only processed if we have obtained your consent (Art. 6 I S. 1 a GDPR) or if the data processing is necessary for our legitimate interests and if the balance shows that there are no overriding interests, fundamental rights, or freedoms on your part (Art. 6 I S. 1 f GDPR). We may use processors to process your personal data, with whom we have concluded a processing contract if necessary, but personal data are generally not passed on to third parties. Data are only passed on to the shipping company commissioned with the delivery to fulfill the contract, insofar as this is necessary for the delivery of ordered goods. For payment processing, the necessary payment data are passed on to the credit institution commissioned with the payment and, if applicable, the commissioned and selected payment service provider.

The processing of your personal data takes place in the EU and in countries classified as safe or adequate by the EU. If the processing of personal data takes place in the USA, we try to ensure that the services we use are certified under the "Data Privacy Framework".

1.3 Usage DataWhen visiting the website, general technical information is collected. This includes the IP address used, time, duration of the visit, browser type, and possibly the referring page. These usage data are technically recorded in a logfile and can be used and stored for statistical evaluation of this website. There is no connection of these usage data with your other personal data.

1.4 Duration of StorageWe store your personal data after the purpose for which the data were collected has been fulfilled only as long as required by legal (especially tax law) regulations.

Specifically, the following retention periods apply:

  • Tax data: 10 years
  • Commercial or business letters (including emails and faxes) and other documents relevant for taxation: 6 years at the end of the calendar year in which the last entry in the book was made, the inventory, the opening balance, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, furthermore, the recording was made or the other documents were created.
  • Transaction and registration data: 10 years at the end of the calendar year in which the last entry in the book was made, the inventory, the opening balance, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, furthermore, the recording was made or the other documents were created.
  • Data protection consents for data processing: For the duration of the possibility of asserting rights by the data subject.
  • (Electronic) correspondence without tax relevance: As long as necessary to fulfill the task, unless the processing serves to assert, exercise, or defend legal claims.
  • Usage data according to section 1.3 of this privacy policy: max. 30 days

2. Your Rights

2.1 InformationYou can request information from us about whether we process personal data about you and, if so, you have the right to information about these personal data and the further information mentioned in Art. 15 GDPR.

2.2 Right to RectificationYou have the right to correct inaccurate personal data concerning you and can request the completion of incomplete personal data according to Art. 16 GDPR.

2.3 Right to ErasureYou have the right to request that we delete the personal data concerning you immediately. We are obliged to delete them immediately, especially if one of the following reasons applies:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based, and there is no other legal basis for the processing.
  • Your data were processed unlawfully.

The right to erasure does not exist if your personal data are necessary for the assertion, exercise, or defense of our legal claims.

2.4 Right to Restriction of ProcessingYou have the right to request the restriction of the processing of your personal data if

  • you dispute the accuracy of the data and we therefore verify the accuracy,
  • the processing is unlawful and you refuse the deletion and instead request the restriction of use
  • we no longer need the data, but you need them to assert, exercise, or defend legal claims,
  • you have objected to the processing of your data, and it is not yet clear whether our legitimate reasons outweigh your reasons.

2.5 Right to Data PortabilityYou have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit these data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by us using automated procedures.

2.6 Right of Withdrawal and ObjectionIf the processing of your personal data is based on consent (Art. 6 I S. 1 a GDPR), you have the right to withdraw this consent at any time. This does not affect the lawfulness of the processing carried out based on the consent until the withdrawal.

If the processing of your personal data is based on Art. 6 I S. 1 e GDPR or Art. 6 I S. 1 f GDPR, you have the right, according to Art. 21 GDPR, to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

2.7 General and Right to ComplainThe exercise of your above rights is generally free of charge for you. You have the right to contact the supervisory authority responsible for us, the state data protection officer, directly in case of complaints.

3. Data Security

3.1 Data SecurityAll data on our website are secured by technical and organizational measures against loss, destruction, access, alteration, and distribution.

3.2 Sessions and Cookies

This website uses cookies. We use cookies to personalize content and ads, provide social media features, and analyze our website traffic. We also share information about your use of our website with our social media, advertising, and analytics partners. Our partners may combine this information with other data you have provided to them or that they have collected as part of your use of the services.

Cookies are small text files used by websites to make the user experience more efficient. According to the law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

4. Third-Party Services

4.1 Webflow

We have created and host our website with the external service provider Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA ("Webflow"). When you visit our website, Webflow may collect the following (personal) data:

  • IP addresses,
  • Contact details,
  • Contract data,
  • Website accesses.
  • Date and time of the request.
  • Time zone difference to Greenwich Mean Time.
  • Content of the request,
  • HTTP status code,
  • Transferred data volume,
  • Website from which the request comes,
  • Information about browser and operating system,
  • Other data generated by a website.

The use of the host is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 I S. 1 b GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 I S. 1 f GDPR). The aforementioned third-party provider will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding these data.

The use of Webflow is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 I S. 1 b GDPR), in the interest of a secure, fast, and efficient provision of our online offer by a professional provider, and based on our legitimate interest in the most reliable presentation of our website. Here, no user interests are affected that outweigh this technical necessity of integrating the service (Art. 6 I S. 1 f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 I S. 1 a GDPR or § 25 I TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG.

You can view Webflow's privacy policy here: https://webflow.com/legal/eu-privacy-policy/

4.2 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies." These are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offer and its advertising. IP anonymization We have activated the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Browser Plugin You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can view Google's privacy notices at https://www.google.de/intl/de/policies/privacy/

Further information on the terms of use can be found at https://www.google.com/analytics/terms/de.html.

4.3 Google Tag Manager

This website also uses the Google Tag Manager (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). This tool implements tags and allows these website tags to be managed via an interface. No cookies are used in this process. However, your IP address may be transmitted to the Google Tag Manager. The Google Tag Manager triggers other tags that may also collect other data. However, the Google Tag Manager does not access these data. If a deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags, insofar as these are implemented with the Google Tag Manager. The use of the service is only with your consent (Art. 6 I S. 1 a GDPR).

You can view Google's privacy policy here: https://www.google.de/intl/de/policies/privacy/

4.4 Use of WhatsApp Business

We may use WhatsApp Business to communicate with you. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2. The data you enter for communication purposes (first name, last name, and mobile number) are stored by us and on the servers of WhatsApp Ireland Limited or WhatsApp Inc. (1601 Willow Road, Menlo Park, California 94025, USA) within and outside the EU (e.g., USA). WhatsApp Ireland Limited or WhatsApp Inc. store and process personal data and pass them on to other companies within and outside the Meta group of companies (Meta Platforms Inc., 1601 S. California Ave, Palo Alto, California 94304, USA). Further information can be found in WhatsApp's privacy policy (https://www.whatsapp.com/legal/#privacy-policy). We have neither precise knowledge nor influence on the data processing by WhatsApp Ireland Limited or WhatsApp Inc. The data processing is based on your consent (Art. 6 I S.1 a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

4.5 Amazon CloudFront – Content Delivery Network (CDN)

We use Amazon CloudFront (operated by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg) to properly provide the content of our website. This is a service that functions as a Content Delivery Network (CDN) on our website. A CDN helps to provide content from our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access these contents, you establish a connection to servers of Amazon CloudFront, whereby your IP address and possibly browser data such as your user agent are transmitted. These data are processed solely for the purposes mentioned above and to maintain security and functionality. The use of the CDN is based on our legitimate interest in a secure and efficient provision and optimization of our online offer. Here, no user interests are affected that outweigh this technical necessity of integrating the service (Art. 6 I S. 1 f GDPR).

You can view Amazon CloudFront's privacy policy here: https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html

5. Contact

For contact regarding data protection, you are welcome to contact us using the following contact options. Responsible in the sense of the GDPR:

Bern GmbH

Dipl. Kfm. Wolfgang Bern, Managing Director

Grelckstrasse 19a,

22529 Hamburg

Email: wolfgang@bern.de

Date: 26.03.2026