Privacy Policy

Controller Responsible for Data Processing

Klein AG
Neumann Reichardt Str. 27–33
Hamburg, Germany
Email: info@kleinundmore.de
Phone: +49 40 6568410

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below you will find detailed information about how we handle your data. Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and, for Austria, in compliance with Section 165(3) of the Austrian Telecommunications Act (TKG).

1. Access Data and Hosting

You can visit our websites without providing personal information. Each time you access a page, the web server automatically stores a so-called server log file, which may include:

  • The name of the requested file

  • Your IP address

  • Date and time of the request

  • Amount of data transferred

  • The requesting provider

These access data are evaluated solely to ensure trouble-free operation of the site and to improve our services. This is in accordance with our legitimate interest in the proper presentation of our services (Article 6(1)(f) GDPR). All access data are deleted no later than 30 days after your visit.

Hosting
Hosting and display services for our website are partly provided by service providers who process data on our behalf. Unless otherwise stated in this privacy policy, all access data and any data entered in forms on this website are processed on their servers.

Our service providers are located and/or use servers in the following countries, which have been recognized by the European Commission as having an adequate level of data protection: United Kingdom, USA. For the USA, the adequacy decision applies if the provider is certified under the EU-U.S. Data Privacy Framework; otherwise, transfers are based on the European Commission’s Standard Contractual Clauses (SCCs).

We also use providers in Canada, New Zealand, Japan, United Kingdom, USA — all recognized as adequate by the European Commission.
Some providers are located in Australia, India, Singapore, which have no adequacy decision; transfers are based on SCCs.

2. Data Processing for Contract Fulfilment and Contact

2.1 Contract Fulfilment

We process personal data you provide when placing an order for the purpose of fulfilling the contract (including any warranty claims, service requests, and legal update obligations) in accordance with Article 6(1)(b) GDPR. Required fields are marked as such; without this information, we cannot process your order. Which data are collected can be seen in the input forms.

More information about how we share data with service providers for order processing, payment, and shipping can be found in later sections. Once the contract is fully processed, your data will be restricted from further processing and deleted after the statutory retention periods, unless you have consented to further use or we are legally permitted to retain them.

Inventory Management System
For order and contract processing, we use inventory management systems from external service providers who process data on our behalf.

2.2 Customer Account

If you create a customer account (with your consent under Article 6(1)(a) GDPR), we use your data to set up and maintain the account and to store your order history for future purchases. You may delete your account at any time by contacting us or using the account deletion function. After deletion, your data will also be removed unless you have consented to further use or legal retention applies.

2.3 Contact

When you contact us (e.g., via contact form, live chat, or email), we process your data to handle your inquiry (Article 6(1)(b) GDPR). Required fields are marked; without them, we cannot respond. After your inquiry has been processed, your data will be deleted unless you consent to further use or we are legally permitted to retain them.

3. Data Processing for Shipping

To fulfil your order (Article 6(1)(b) GDPR), we pass your details to the shipping company responsible for delivery, where necessary.

Advance Shipment Notification
If you give your consent (Article 6(1)(a) GDPR), we will pass your email address and phone number to the shipping company so they can notify you before delivery. You may revoke your consent at any time.

4. Data Processing for Payment

We work with technical service providers, banks, and payment providers to process transactions.

4.1 Transaction Processing

Depending on the payment method, necessary data are passed to technical service providers, banks, or payment providers. In some cases, providers collect the data directly on their own websites.

4.2 Fraud Prevention & Payment Optimization

We may share additional data with our providers to prevent fraud and optimize payment processes, based on our legitimate interest in secure and efficient payment handling (Article 6(1)(f) GDPR).

4.3 Identity & Credit Checks (Klarna)

If you choose Klarna payment services, you consent (Article 6(1)(a) GDPR) to us sending necessary payment and identity data to Klarna Bank AB for credit checks. Klarna uses this to decide whether to approve a transaction.

4.4 Identity & Credit Checks (PayPal & Ratepay)

For “purchase on account” via PayPal and Ratepay, you consent to necessary data being sent to Ratepay GmbH for credit checks.

5. Email Marketing

5.1 Newsletter with Tracking

When you sign up for our newsletter, we send it based on your consent (Article 6(1)(a) GDPR). You may unsubscribe at any time. We track email open and click rates to improve our campaigns.

5.2 Newsletter Dispatch

Our newsletters may be sent by service providers on our behalf, using servers in countries with an adequate EU decision or based on SCCs.

5.3 Review Requests

With your consent, we may email you after purchase asking for a product review.

6. Cookies and Other Technologies

6.1 General

We use cookies to make our website attractive and to enable certain functions. Some cookies are essential; others require your consent.

6.2 Consent Management

We use the Usercentrics Consent Management Platform to inform you about cookies and obtain/manage/document consent.

7. Use of Third-Party Services

We use services from Adobe, Google, Facebook (Meta), Vimeo, and others for analytics, marketing, and content delivery. Depending on the service, data may be transferred to third countries under adequacy decisions or SCCs.

8. Trusted Shops Integration

With your consent, Trusted Shops widgets (e.g., trust badge, reviews) may be displayed. Data processing here is carried out under joint controllership (Article 26 GDPR).

9. Social Media

9.1 Social Buttons

Our website contains social media links (Facebook, Instagram, Pinterest, Xing) implemented as HTML links so no data are transmitted unless clicked.

9.2 Our Social Media Profiles

When visiting our social profiles, your data may be collected for marketing and analytics purposes by the platform operators under their own privacy policies.

10. Your Rights

You have the right to:

  • Access your personal data (Article 15 GDPR)

  • Correct inaccurate data (Article 16 GDPR)

  • Delete your data (Article 17 GDPR)

  • Restrict processing (Article 18 GDPR)

  • Data portability (Article 20 GDPR)

  • Lodge a complaint with a supervisory authority (Article 77 GDPR)

Right to Object
Where we process your data based on legitimate interest, you may object at any time. If processing is for direct marketing, you may object without providing reasons.

Data Protection Officer:
Stefan Mönnich
Ballindamm 39
20095 Hamburg, Germany
Phone: +49 40 99999 3430
Email: stefan.moennich@email.de