Privacy policy

The controller responsible for data processing is:
Spring Studio GmbH
Marleen Mühl
Sven Junglas-Mühl
Sredzkistraße 56
10405 Berlin
Germany
hi@spring.studio

Thank you for your interest in our online store. The protection of your privacy is very important to us. Below you will find detailed information on how we handle your data.

1. access data and hosting

You can visit our website without providing any personal information. Each time a website is accessed, the web server automatically saves only a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is analyzed exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. This serves to safeguard our legitimate interests, which predominate in the context of a weighing of interests, in a correct presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. All access data will be deleted no later than seven days after the end of your visit to our website.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in the forms provided on this website will be processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

2. data processing for contract processing, establishing contact and when opening a customer account

We collect personal data if you voluntarily provide it to us as part of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as in these cases we need the data to process the contract or to process your contact and you cannot send the order or contact without providing it. Which data is collected can be seen from the respective input forms. We use the data provided by you for contract processing and processing your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
If you have given your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account. Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. You can delete your customer account at any time, either by sending a message to the contact option described in this privacy policy or by using a function provided for this purpose in the customer account.

We use merchandise management systems from external service providers to process orders and contracts. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

3. data processing for the purpose of dispatch processing

In order to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service providers commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they handle shipping for us (drop shipping). These are considered shipping service providers within the meaning of this privacy policy.

Data transfer to shipping service providers for the purpose of shipping notification

If you have given us your express consent to this during or after your order, we will pass on your name, address and e-mail address to the selected shipping preparers and shipping service providers in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR so that they can contact you before delivery for the purpose of delivery notification or coordination.
You can revoke your consent at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service providers at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

General Logistics Systems Germany GmbH & Co. OHG
GLS Germany-Straße 1 - 7
DE-36286 Neuenstein
Germany

DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
Germany

United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany

MACH DEINS DRAUS GmbH
("shipping preparer")
Joachim-Friedrich-Straße 24
10711 Berlin
Germany

Hermes Germany GmbH
Essener Straße 89
D-22419 Hamburg
Germany

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

4. data processing for payment processing

We work with the following partners to process payments in our online store: technical service providers, payment service providers

4.1 Data processing for transaction processing

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers who work for us as part of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via a technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies. If you have any questions about our partners for payment processing and the basis of our cooperation with them, please use the contact option described in this privacy policy.

Our payment service providers are located in these countries: USA
There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on these guarantees: Standard data protection clauses of the European Commission

4.2 Data processing for the purpose of fraud prevention and optimization of our payment processes

If necessary, we provide our service providers with further data, which they use together with the data necessary for processing the payment as our processors for the purpose of fraud prevention and the optimization of our payment processes (e.g. invoicing, processing of disputed payments, accounting support). In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, this serves to safeguard our legitimate interests in our protection against fraud and efficient payment management, which predominate in the context of a balancing of interests.

5. advertising by e-mail

5.1 E-mail newsletter with registration

If you subscribe to our newsletter, we will use the data required for this or separately provided by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the recipient list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

5.2 Newsletter dispatch

The newsletter may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

5.3 Sending evaluation requests by e-mail

If you have given us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to ask you to rate your order via the rating system we use. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the evaluation request.

The evaluation requests may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

6. cookies and other technologies

6.1 General information

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies).
We use technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies collect and process the IP address, time of visit, device and browser information as well as information about your use of our website (e.g. information about the contents of the shopping cart). In the context of a balancing of interests, this serves overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

We also use technologies to fulfill the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

We may also use technologies that are not listed individually in this privacy policy. You can find more information on these technologies, including the respective legal basis for data processing, on the Usercentrics platform.

You can access this by clicking on the fingerprint button in the bottom right or left-hand corner of the page.

You can find the cookie settings for your browser under the following links Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of the technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy or by clicking on the fingerprint button in the lower right or left corner of the page. If you do not accept cookies, the functionality of our website may be limited.

6.2 Use of the Usercentrics Consent Management Platform to manage consents

We use the Usercentrics Consent Management Platform ("Usercentrics") on our website to inform you about the cookies and other technologies we use on our website and to obtain, manage and document your consent to the processing of your personal data by these technologies, where required by law. This is necessary pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR to fulfill our legal obligation pursuant to Art. 7 para. 1 GDPR in order to be able to prove your consent to the processing of your personal data to which we are subject. Usercentrics is a service provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, which processes your data on our behalf. When you visit our website, the Usersentrics web server stores a so-called server log file, which also contains your anonymized IP address, the date and time of your visit, device and browser information and information about your consent behavior. Your data will be deleted after three years, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7. use of cookies and other technologies for web analysis and advertising purposes

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use the following cookies and other third-party technologies on our website. The data collected in this context will be deleted after the purpose has ceased to apply and we have stopped using the respective technology. You can withdraw your consent at any time with effect for the future. You can find further information on your revocation options in the section "Cookies and other technologies". Further information, including the basis of our cooperation with the individual providers, can be found under the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

7.1 Use of Google services & SQUARESPACE

We use the following technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your use of our website is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will not be merged with other Google data. Data processing is carried out on the basis of an agreement on order processing by Google.

In order to optimize the marketing of our website, we have activated the data sharing settings for "Google products and services" . This allows Google to access the data collected and processed by Google Analytics and then use it to improve Google services. The release of data to Google as part of these data release settings is based on an additional agreement between the responsible parties. We have no influence on the subsequent data processing by Google.

Google Ads

For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information and information about your use of our website) and by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing will only take place if you have activated the "personalized advertising" setting in your Google account. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.

For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent usage behavior if you have reached our website via a Google Ads advertisement. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) may be collected, from which user profiles are created using pseudonyms.

Google reCAPTCHA

For the purpose of protection against misuse of our web forms and against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information and information about your use of our website) and uses a so-called JavaScript and cookies to analyze your use of our website. In addition, other cookies stored in your browser by Google services are analyzed. No personal data is read or saved from the input fields of the respective form.

SQUARESPACE Analytics

This website collects personal data that serves as the basis for our website analytics. This includes

  • Information about your browser, your network and your device

  • Websites that you accessed before visiting this website

  • Your IP address

This information may also include details about your use of this website, including:

  • Clicks

  • Internal links

  • Visited pages

  • Scroll

  • Search processes

  • Timestamp

We share this information with Squarespace, our website analytics provider, to learn more about the traffic and activity on this website.

7.2 Use of Facebook services

Use of Facebook Pixel

We use the Facebook Pixel as part of the technologies of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") described below. Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter), from which usage profiles are created using pseudonyms. For this purpose, a cookie is automatically set by the Facebook pixel when you visit our website, which automatically enables your browser to be recognized by means of a pseudonymous cookie ID when you visit other websites. Facebook will merge this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website activity, in particular personalized and group-based advertising. We have no influence on the data processing by Facebook and only receive statistics generated on the basis of Facebook Pixel.
The information automatically collected by Facebook technologies about your use of our website is usually transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Facebook can be found in Facebook's privacy policy.

8. integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any collected reviews as well as to offer Trusted Shops products to buyers after an order.

This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided by a CDN provider (Content Delivery Network) as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. You can find further information on data protection at Trusted Shops GmbH here.

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. Individual access data is stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after creation.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. The contractual agreement concluded between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, the e-mail address hashed using a cryptological one-way function. The email address is converted into this hash value, which cannot be decrypted by Trusted Shops, before transmission. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Further details, including on the objection, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.

9. social media

Our online presence on Facebook, Instagram, YouTube, Pinterest

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your rights in this regard and setting options to protect your privacy, please refer to the providers' data protection notices linked below. If you still need help in this regard, you can contact us.

Facebook is an offer of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Facebook is usually transmitted to a server of Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to a Facebook fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.

Instagram is an offer of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") The information automatically collected by Facebook Ireland about your use of our online presence on Instagram is usually transmitted to a server of Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. Data processing in the context of visiting an Instagram fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.

YouTube is a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

Pinterest is a service provided by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transferred to a server of Pinterest, Inc, 505 Brannan St., San Francisco, CA 94107, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

ShareThis

We use ShareThis functions from ShareThis (4005 Miranda Ave, Suite 100, Palo Alto, 94304 California, USA) on this website to enable visitors to share content from this website.

Services from ShareThis

By using the social plugins from ShareThis, visitors are able to share content from this website on various social networks such as Facebook, Twitter, Google+ and many more.

What data does ShareThis process?

If visitors share content with ShareThis in services where they have an account and are logged in, the visit and sharing can be assigned to the user.
ShareThis uses cookies, pixel tags, HTTP headers and browser identifiers to collect information about visitor behavior and shares this information with third parties after pseudonymization.
Here is a list of the data that may be processed:

  • Unique ID of a cookie placed in the web browser

  • General click behavior

  • Addresses of the websites visited

  • Search queries from which a visitor reached the page with ShareThis

  • Navigation from website to website if ShareThis services have expired

  • Dwell time on a website

  • Which elements were clicked on or highlighted

  • The IP address of the computer or mobile device

  • Mobile advertising IDs (Apple IDFA or Google AAID)

  • Information contained in HTTP headers or other transmission protocols used

  • Which program was used on the computer (browser) or which operating system was used (iOS)

Cookies from ShareThis

ShareThis uses cookies, examples of which are listed below. You can find out more about ShareThis cookies at https://www.sharethis.com/privacy/.

  • __unam

    • Expiry time: 9 months

    • Usage: Counts clicks and shares on a website

    • Beispielhafter Wert: 8961a7f179d1d017ac27lw87qq69V69211062556

Disclosure of data to third parties by ShareThis

ShareThis shares collected information with third parties after pseudonymization.

Storage duration with ShareThis

ShareThis retains collected data for a period of up to 14 months from the date of data collection. ShareThis cookies expire 13 months after the last update.

ShareThis opt-out

If you no longer wish to see advertising based on data collected by ShareThis, you can use the opt-out button at https://www.sharethis.com/privacy/. This will set an opt-out cookie which you must not delete in order to retain this setting.

You can also set your preferences for usage-based online advertising via http://www.youronlinechoices.com/at/ in preference management.

If you would like to know more about the processing of your data by ShareThis, you can find all the information at https://www.sharethis.com/privacy/.

10. contact options and your rights

As a data subject, you have the following rights:

  • in accordance with Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;

  • in accordance with Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personal data stored by us;

  • in accordance with Art. 17 GDPR, the right to demand the deletion of your personal data stored by us, unless further processing is necessary.

    • to exercise the right to freedom of expression and information;

    • to fulfill a legal obligation;

    • for reasons of public interest or

    • is necessary for the establishment, exercise or defense of legal claims;

  • in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as

    • the accuracy of the data is disputed by you;

    • the processing is unlawful, but you refuse to delete it;

    • we no longer need the data, but you need it to assert, exercise or defend legal claims, or

    • you have objected to the processing pursuant to Art. 21 GDPR;

  • in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller;

  • in accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, information, correction, restriction or deletion of data as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our legal notice.

Right to object
If we process personal data as explained above in order to safeguard our legitimate interests, which outweigh your interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.